Below is an excerpt from ISS-Corporate’s recently released paper “People Problems: The Human Element of Cyber Risk”. The full paper is available for download from the ISS-Corporate online library.
The recent high-profile cyberattacks on MGM Resorts International and Caesars Entertainment – both enabled by social engineering – serve to underscore the role of human failure in exposing a company’s IT systems to bad actors. Recent research shows that about three quarters of cyber incidents involve some sort of human misstep. In this report, ISS-Corporate explores the connections between human skills, staffing, and cyber outcomes, and how monitoring data influenced by these factors can help organizations measure and assess their cyber breach risk.
KEY TAKEAWAYS:
- Recent breach incidents provide strong anecdotal evidence of the crucial role that people play in maintaining cyber security.
- Academic research shows a strong connection between cyber management skills and behaviors and successful security outcomes.
- Current analyses of information regarding network configuration and website construction underscore the strong connection between inferred staffing skill levels, resourcing levels, management awareness, and security outcomes.
- Analyzing incidence statistics (rates, ratios, and recurrence) of routine cyber security issues over time can help predict the likelihood of a future breach.
By: Douglas Clare, Managing Director, Cyber Strategy, ISS-Corporate
