Linked: Employees’ email still drives most of the data loss at organizations
|

Linked: Employees’ email still drives most of the data loss at organizations

A good chunk of these breaches are not someone actually trying to steal data, but just someone trying to either make something more easily accessible outside of the office or taking information when they leave related to things like contact information, maybe some documents they’ve written themselves that they want to keep, etc.

It’s likely that these folks aren’t actively trying to commit some sort of corporate espionage, they just aren’t really thinking about what they do. It might just be that the once-per-year required video just isn’t enough to make it top of mind every day.

Linked: Cybersecurity Mistakes Are Costing More Jobs Than Ever
|

Linked: Cybersecurity Mistakes Are Costing More Jobs Than Ever

On the one hand, I have argued before that we need to hold people accountable because, without a stick, our people will not have as much of a reason to care in the first place. On the other hand, a couple of the stats from the report that Doug pulled out tell me something different:

Shared Links (weekly) Jan. 30, 2022

Shared Links (weekly) Jan. 30, 2022

Linked: Large-scale phishing study shows who bites the bait more often
|

Linked: Large-scale phishing study shows who bites the bait more often

They had some interesting findings on gender (doesn’t matter) and age (young and older employees seemed more likely), but this is one that I think impacts a lot of what we do when it comes to protecting against phishing:

“An interesting finding in the ETH study is that employees who are continuously exposed to phishing eventually fall for it, as 32.1% of the study participants clicked on at least one dangerous link or attachment.”

Linked: You know how to identify phishing emails – a cybersecurity researcher explains how to trust your instincts to foil the attacks
|

Linked: You know how to identify phishing emails – a cybersecurity researcher explains how to trust your instincts to foil the attacks

And so, I wonder if those yearly, semi-annual, quarterly, video training would be a lot more effective if we also shared specific examples of people who got phished, and how they fell for it?

Like most things in life, it’s one thing to hypothetically know that something could happen, but it’s quite another to know that it did happen to someone we know. Someone just like us. That makes it so much more real in our minds, and it appears to make a huge difference in how users might approach phishing attempts.