Security Pros: People Are the Biggest Problem

[Exterminator]

People are the biggest challenge in cybersecurity, according to over 80% of IT security professionals.

The Institute of Information Security Professionals (IISP) polled over 300 of its members and found the “people problem” (81%) by far outweighed challenges associated with technology (8%) and process (11%).

By “people” the IISP respondents were pointing not only to regular employees making mistakes such as falling for BEC or phishing scams, or sending data to the wrong recipient, but also the challenges surrounding cybersecurity skills.

This has become an increasingly critical issue for the industry, with certifications body (ISC)² claiming in February that the UK is heading for a “cliff edge” as older practitioners retire with no younger professionals coming through to take their place.

This report also noted the changing workforce dynamic, with the volume of respondents reporting skills shortages doubling from last year to 16%. Accordingly, around three-quarters of respondents reported positive career prospects, and 87% said they think these are at least as good (51%), if not better (36%), than a year ago.

IISP predicted that in the future it could be the hands-on tecchie roles that are hardest hit, as these are the ones where young professionals typically find themselves.

Interestingly, despite the dearth of qualified professionals coming into the industry, a plurality of respondents (46%) claimed they’re doing “better” or “much better” at defending systems, versus 39% who stayed neutral and 13% who claimed “worse”.

Report author Piers Wilson said this might not last as attacks grow in volume and sophistication.

“We've not seen any let-up in technology advances on both the good and bad side of the equation. The skills crisis is very real; defense teams might be getting better but so are attackers. There is also a scalability challenge. If you are talking about 10% more attacks than this time last year you can probably cope with that; if you are talking about 50% more attacks, even by improving you might only cope with a portion of that increase,” he told InfosecurityMagazine.

“Ten years ago, not many organizations were really defending against nation state-sponsored hackers or organized crime, so basic cyber-hygiene might have been all they aimed for. But now everybody is faced with that level of sophisticated, highly organized threat actor and is aware of it. So even though cyber defenses have moved beyond the level of basic hygiene, we still find data breaches, ransomware and zero-day attacks happening.”

 

[In2an3_PpG]

People will always be the biggest problem. No matter how much you train them. They still fall for the simplest phishing emails that look too good to their eyes.

 

[Winter Soldier]

People will always be the biggest problem. No matter how much you train them. They still fall for the simplest phishing emails that look too good to their eyes.

True, also in business environment a company can spend thousands of dollars to teach its employees but always someone of them will open an infected attachment, or will fall into a phishing game.
As we know the human factor is the weak link in the chain.

 

[Nuno]

Reminded me of a very funny TED speech called "This is what happens when you reply to spam email", by James Veitch.
People are, indeed, the problem, more specifically, their ignorance or naiveness. Unfortunately it's way easier to find a cure to fight an incoming malware than it is to change a whole mentality of so many people.

 

[Winter Soldier]

Reminded me of a very funny TED speech called "This is what happens when you reply to spam email", by James Veitch.
People are, indeed, the problem, more specifically, their ignorance or naiveness. Unfortunately it's way easier to find a cure to fight an incoming malware than it is to change a whole mentality of so many people.

Yeah, when you are heavily infected, scammed, or you see all your files encrypted. ... then maybe you change your mind.

 

[_CyberGhosT_]

People are the biggest challenge in cybersecurity, according to over 80% of IT security professionals.

The Institute of Information Security Professionals (IISP) polled over 300 of its members and found the “people problem” (81%) by far outweighed challenges associated with technology (8%) and process (11%).

By “people” the IISP respondents were pointing not only to regular employees making mistakes such as falling for BEC or phishing scams, or sending data to the wrong recipient, but also the challenges surrounding cybersecurity skills.

I agree, a little knowledge is dangerous, need a helping of wisdom to accompany it and that helps.
Some are too eager to want to be seen or preceived as something more, in order to do this we understand we have to project the correct images to support that. Rather than taking the time and effort to validate this with hard work and experience.
This plays in hand with many instances of a situation being manageable if the person just says "I don't know, I need help"
but in doing this they fear that this will be a sign of weakness, when it won't and it would serve to deescalate the situation
or current incident. Assuming or doing the wrong thing will actually serve to escalate and do more damage.
Don't ya just love the human ego
Cool share Exterminator

 

[Winter Soldier]

I agree, a little knowledge is dangerous, need a helping of wisdom to accompany it and that helps.
Some are too eager to want to be seen or preceived as something more, in order to do this we understand we have to project the correct images to support that. Rather than taking the time and effort to validate this with hard work and experience.
This plays in hand with many instances of a situation being manageable if the person just says "I don't know, I need help"
but in doing this they fear that this will be a sign of weakness, when it won't and it would serve to deescalate the situation
or current incident. Assuming or doing the wrong thing will actually serve to escalate and do more damage.
Don't ya just love the human ego
Cool share Exterminator

+1

 

[In2an3_PpG]

True, also in business environment a company can spend thousands of dollars to teach its employees but always someone of them will open an infected attachment, or will fall into a phishing game.
As we know the human factor is the weak link in the chain.

We (try to) train our co-workers with fake phishing emails from KnowBe4 but we still see about 3% of them still clicking and opening the attachment. Same people too. Over and over again. Whats scary is sometimes its a VP clicking the attachments. As Mikko Hypponen from F-Secure would say "People doing stupid stuff".

 

[Ink]

People are the Problem. The solution is easy, but I don't have a meteorite on Speed Dial.

 

[Winter Soldier]

We (try to) train our co-workers with fake phishing emails from KnowBe4 but we still see about 3% of them still clicking and opening the attachment. Same people too. Over and over again. Whats scary is sometimes its a VP clicking the attachments. As Mikko Hypponen from F-Secure would say "People doing stupid stuff".

Great share buddy

 

[BugCode]

Yes, but my country mate Mikko is people too , D@mn i am smart as yesterday and today and for sure tomorrow .

 

[_CyberGhosT_]

People are the Problem. The solution is easy, but I don't have a meteorite on Speed Dial.

If the US keeps going in the direction it's going, you won't need one sadly Spawn

 

[katharn]

People are the Problem. The solution is easy, but I don't have a meteorite on Speed Dial.

i have one but its expensive. and it needs me to sacrifice a few life stock to actually get it orbiting