A CYENTIA INSTITUTE STUDY BASED ON DATA FROM ELEVATE SECURITY
EXECUTIVE SUMMARY
It’s a horror story that many organizations are familiar with – an employee clicks a link or visits a website, and chaos ensues. At best, it’s just a minor disruption. At worst, business continuity is broken, and an organization’s critical infrastructure is at risk. Regardless of the outcome, managing human risk is a major part of business today. In this report, we dive into what makes workers high risk, where those high risk
users spend their time, what are their riskiest behaviors, and what that might mean for your organization’s security.
Introduction
You’ll be hard-pressed to find a security professional that hasn’t heard the cliche, “people are the weakest link in the chain.” And there is a good reason for that. In the process of doing their daily work,, knowingly or not, people can make decisions that negatively impact their organization. For decades, enterprise information security programs have tried to mitigate “human risk” by implementing various types of training and checkpoints. But do these types of processes actually work?
According to the 2022 Verizon Data Breach Investigations Report (DBIR), 82% of all data breaches involve human interaction. This report might lead us to believe that all human interactions are inherently dangerous. However, the findings in our last report offer some solace – most users are not risky, but a tiny percentage carry a high risk. We previously found that 76% of users have never clicked a phishing link in an email in contrast to the 4% of users that are responsible for 80% of phishing incidents. Along those same lines, while 93% of users have never had a malware incident, 3% are responsible for 92% of all malware events.
So, while most users aren’t inherently risky, a tiny percentage of users can be considered “high risk.” For this report, the Cyentia Institute analyzed almost eight years’ worth of data from Elevate Security – from June 2014 – July 2022. Using what we have learned about users from the previous report, we’ll be taking a deeper look into what a high risk user is, where they work in your organization, and how they impact organizations like yours.
What is a High Risk User?
“THE CALL IS COMING FROM INSIDE THE HOUSE” Let’s kick off by defining what makes a user high risk. Using what we know from our past analysis, a high risk user has a history of engaging in risky behavior at a higher rate. The vast majority of an organization’s users do not fall under this definition, but a small yet impactful group of users do.
Download & read the complete document below 👇👇👇
Views: 0
