You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

The security gap: knowledge or behavior?

There’s something missing in cyber security today.

Security tends to be reactionary - an attacker first exposes a vulnerability; the security community subsequently develops a protective measure. Firewalls are a prime example of this process. Ten years ago, a company’s systems could be compromised simply by scanning exposed ports. The broad adoption of firewalls all but closed off this attack vector.

Fast forward to today: 9 out of 10 attacks are the result of a human making a mistake, opening the door to compromise.

To counter this, nearly every large organization has implemented security awareness training, designed to teach users how to spot a social engineering attack.

Problem solved! Right??

Quick reality check: Cyber attacks targeting human exploits are not declining. In fact, breach severity is increasing - specifically via email phishing, the most common form of social engineering. Phishing now accounts for 94% of malware delivery (2019 Verizon DBIR).

Attackers exploit human behavior, and this persistent problem needs a new solution. That solution requires developing safe online habits.

Behavior over knowledge

In the physical world, we teach kids to look both ways before crossing the road. You don’t send little Johnny out with a calculator to quickly determine the stopping distance of each oncoming car - that would be nuts. Instead, you instill easily repeatable behavior to keep him safe. As an adult, the behavior sticks. Why? Because it works! Oh, and it’s really simple.

Today’s security awareness programs focus on imparting knowledge for defense. To be secure, knowledge training requires every employee has to become a cyber sleuth. These providers instruct your people to look through every single hyperlink or email sender, crossing their fingers in hopes that busy/stressed/overwhelmed employees don’t make a mistake. It’s like teaching kids to play frogger with a really great calculator in hand. There’s a better approach to both.

INFIMA breaks the cycle of attacks by instilling safe behaviors. With frequent testing, we identify behavior vulnerabilities across your team. From there, we deliver targeted remediation to your most at-risk users.

With our incredible MSP Partners, we are solving the human problem in cyber security.

Ready to learn more? Connect with us here!

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.