Security Pros: People Are the Biggest Problem

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
People are the biggest challenge in cybersecurity, according to over 80% of IT security professionals.

The Institute of Information Security Professionals (IISP) polled over 300 of its members and found the “people problem” (81%) by far outweighed challenges associated with technology (8%) and process (11%).

By “people” the IISP respondents were pointing not only to regular employees making mistakes such as falling for BEC or phishing scams, or sending data to the wrong recipient, but also the challenges surrounding cybersecurity skills.

This has become an increasingly critical issue for the industry, with certifications body (ISC)² claiming in February that the UK is heading for a “cliff edge” as older practitioners retire with no younger professionals coming through to take their place.

This report also noted the changing workforce dynamic, with the volume of respondents reporting skills shortages doubling from last year to 16%. Accordingly, around three-quarters of respondents reported positive career prospects, and 87% said they think these are at least as good (51%), if not better (36%), than a year ago.

IISP predicted that in the future it could be the hands-on tecchie roles that are hardest hit, as these are the ones where young professionals typically find themselves.

Interestingly, despite the dearth of qualified professionals coming into the industry, a plurality of respondents (46%) claimed they’re doing “better” or “much better” at defending systems, versus 39% who stayed neutral and 13% who claimed “worse”.

Report author Piers Wilson said this might not last as attacks grow in volume and sophistication.

“We've not seen any let-up in technology advances on both the good and bad side of the equation. The skills crisis is very real; defense teams might be getting better but so are attackers. There is also a scalability challenge. If you are talking about 10% more attacks than this time last year you can probably cope with that; if you are talking about 50% more attacks, even by improving you might only cope with a portion of that increase,” he told InfosecurityMagazine.

“Ten years ago, not many organizations were really defending against nation state-sponsored hackers or organized crime, so basic cyber-hygiene might have been all they aimed for. But now everybody is faced with that level of sophisticated, highly organized threat actor and is aware of it. So even though cyber defenses have moved beyond the level of basic hygiene, we still find data breaches, ransomware and zero-day attacks happening.”
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
People will always be the biggest problem. No matter how much you train them. They still fall for the simplest phishing emails that look too good to their eyes.
True, also in business environment a company can spend thousands of dollars to teach its employees but always someone of them will open an infected attachment, or will fall into a phishing game.
As we know the human factor is the weak link in the chain.
 

Nuno

Level 2
Verified
Feb 26, 2016
98
Reminded me of a very funny TED speech called "This is what happens when you reply to spam email", by James Veitch.
People are, indeed, the problem, more specifically, their ignorance or naiveness. Unfortunately it's way easier to find a cure to fight an incoming malware than it is to change a whole mentality of so many people.
 
  • Like
Reactions: Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Reminded me of a very funny TED speech called "This is what happens when you reply to spam email", by James Veitch.
People are, indeed, the problem, more specifically, their ignorance or naiveness. Unfortunately it's way easier to find a cure to fight an incoming malware than it is to change a whole mentality of so many people.
Yeah, when you are heavily infected, scammed, or you see all your files encrypted. ... then maybe you change your mind.
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
People are the biggest challenge in cybersecurity, according to over 80% of IT security professionals.

The Institute of Information Security Professionals (IISP) polled over 300 of its members and found the “people problem” (81%) by far outweighed challenges associated with technology (8%) and process (11%).

By “people” the IISP respondents were pointing not only to regular employees making mistakes such as falling for BEC or phishing scams, or sending data to the wrong recipient, but also the challenges surrounding cybersecurity skills.
I agree, a little knowledge is dangerous, need a helping of wisdom to accompany it and that helps.
Some are too eager to want to be seen or preceived as something more, in order to do this we understand we have to project the correct images to support that. Rather than taking the time and effort to validate this with hard work and experience.
This plays in hand with many instances of a situation being manageable if the person just says "I don't know, I need help"
but in doing this they fear that this will be a sign of weakness, when it won't and it would serve to deescalate the situation
or current incident. Assuming or doing the wrong thing will actually serve to escalate and do more damage.
Don't ya just love the human ego ;)
Cool share Exterminator :)
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
I agree, a little knowledge is dangerous, need a helping of wisdom to accompany it and that helps.
Some are too eager to want to be seen or preceived as something more, in order to do this we understand we have to project the correct images to support that. Rather than taking the time and effort to validate this with hard work and experience.
This plays in hand with many instances of a situation being manageable if the person just says "I don't know, I need help"
but in doing this they fear that this will be a sign of weakness, when it won't and it would serve to deescalate the situation
or current incident. Assuming or doing the wrong thing will actually serve to escalate and do more damage.
Don't ya just love the human ego ;)
Cool share Exterminator :)
+1 ;)
 

In2an3_PpG

Level 18
Verified
Top Poster
Content Creator
Well-known
Nov 15, 2016
867
True, also in business environment a company can spend thousands of dollars to teach its employees but always someone of them will open an infected attachment, or will fall into a phishing game.
As we know the human factor is the weak link in the chain.

We (try to) train our co-workers with fake phishing emails from KnowBe4 but we still see about 3% of them still clicking and opening the attachment. Same people too. Over and over again. Whats scary is sometimes its a VP clicking the attachments. As Mikko Hypponen from F-Secure would say "People doing stupid stuff". :D

 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
We (try to) train our co-workers with fake phishing emails from KnowBe4 but we still see about 3% of them still clicking and opening the attachment. Same people too. Over and over again. Whats scary is sometimes its a VP clicking the attachments. As Mikko Hypponen from F-Secure would say "People doing stupid stuff". :D


Great share buddy ;)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top