BRANDON LEIKER, PRINCIPAL SOLUTIONS ARCHITECT AT 11:11 SYSTEMS

he primary cybersecurity risk facing

Attackers exploit trust and leverage natural human tendencies with tactics such as a convincing phishing email or a persuasive voice scam to create a false sense of urgency. These simple triggers can bypass elaborate network defences when targeted at the right employee in the right way.

Human error plays a critical role in these breaches, clicking on suspicious links, and neglecting multifactor authentication( MFA), invite disaster. Even techsavvy employees can fall victim to social engineering.

These actions leave firms vulnerable to attacks, even when technological defences are in place. Moreover, the rise of AI tools like chatbots and Generative AI further increases the sophistication of these attacks, allowing cybercriminals to automate scams and develop new methods of evading detection. Tactics like spear phishing, a highly targeted variant of phishing, leverages detailed personal information to craft targeted emails posing as bosses, colleagues or other trusted entities.

The risk of human error is compounded by‘ security fatigue’, where excessive alerts and overly complex password requirements lead to employees bypassing these prompts to complete their tasks. Employees struggling to access their accounts often use weak passwords, reuse passwords or take dangerous workarounds. Therefore, the human factor emerges as the most significant vulnerability in an organisation’ s cybersecurity posture.

Beyond education, organisations should leverage principles of behavioural economics to help‘ nudge’ employees toward safer practices. To encourage adherence to security measures without overwhelming employees, it’ s essential to make these measures user-friendly and seamlessly integrate them into daily tasks. Additionally, implementing single sign-on( SSO) can greatly simplify access for users by reducing the number of usernames and passwords they need to manage, thereby lessening their overall burden.

Secure behaviours may be cultivated through incentives, fostering an environment where security is viewed as a shared responsibility and a culture of transparent communication throughout the organisation. Regular training, feedback loops, and open discussions about policies and threats ensure that employees remain vigilant and engaged. Security should not be seen as solely the domain of the IT department; instead, every employee should be an active participant in safeguarding the organisation’ s assets.

Ultimately, ignoring the human element plays into the hands of attackers. By investing in humanfocused defence strategies, organisations can turn their employees from liabilities into strong assets in the fight against cyberthreats.

A combination of education, clear policies, and a culture of security can significantly reduce humanrelated risks, strengthening the organisation’ s overall cybersecurity resilience.

30 WWW. INTELLIGENTCISO. COM