TSC’s sister organisation, the Security Awareness Special Interest Group (SASIG) connects cybersecurity professionals from all areas. We invite SASIG Supporters to share their cybersecurity insights in The Insider. In this piece, we review a report from machine learning email security company Tessian, delving into human error, the reasons why it happens and how to minimise it.
If you’ve recently deployed the latest and greatest cybersecurity solution, congratulations, you’re one step closer to having control and visibility over your organisation's threat landscape. But the reality is that whatever systems you put in place they do not address the most serious threat — human error.
While every employee should be considered a vital part of the information security team, it is a hard and frustrating fact that not all employees have the same level of security awareness and training as a CISO, nor do all employees display safe information security behaviour 100% of the time.
Consider this: 88% of UK data breaches are caused by human error, not cyber attacks (source: Verdict)
Arguably, this is never truer than when it comes to emails. Email remains the number one channel of communication in the enterprise, and as a result, the primary way data is lost and systems are compromised. From phishing in all its guises, through data exfiltration to incorrectly addressed communications, email starkly exposes an organisation’s human weak spot.
Enter SASIG Supporter Tessian, experts in human layer security, focussed on protecting all human-digital interactions in the enterprise. They have developed a range of machine-intelligent filters to protect people using email.
They have also produced a report – Why do people make mistakes? – which, as the title suggests, examines the causes and triggers of human error.
It explores:
With analysis from academics at the University of Central Lancaster and Lancaster University, Tessian looks to switch the narrative from ‘we all know humans are the weakest security link’ to focussing on finding solutions that protect people and reinforce safe email practices.
Have a read and re-appraise your approach to email security and human error.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51
