By Benjamin Leitch, our CXO Cyber Connections and Digital Content Manager

In this column, we’ ll be discussing key issues for CISOs and their teams – from AI to wellbeing and from Zero Trust to communication. If you’ d like to get in touch, email ben. leitch @ lynchpinmedia. com

Despite the sophistication of modern cybersecurity defences, the most common cause of breaches is not the failure of technology; it’ s the failure of people, as human behaviour continues to be the weakest link in a company’ s cybersecurity chain.

Phishing attacks remain one of the most prevalent methods used by cybercriminals to exploit human trust. No matter how full proof your cybersecurity systems are, attackers entirely bypass these technical defences by capitalising on human naivety. Even with awareness of these techniques on the rise, the ingenuity of scams and advancements in AI technology is fast outpacing the awareness of the average employee.

This can be seen in the evolution of social engineering tactics to manipulate individuals into compromising security protocols. Deepfakes are becoming increasingly more common and harder to detect, with the assistance of AI. Hackers often pose as IT staff to extract passwords or gain unauthorised access, relying on human cooperation rather than brute force.

However, human behaviour isn’ t just exploited through schemes which rely on trickery and trust – there are various ways cybercriminals can utilise oversights and mistakes made by employees at work.

Weak passwords are a common issue. Despite repeated warnings, employees often reuse simple passwords across multiple accounts or write them down in easily accessible locations, creating a loweffort entry point for attackers.

Insider threats, whether intentional or accidental, also pose a significant risk. Employees may mishandle data, grant too much access, or forget to delete old accounts. Unlike external threats, these incidents are harder to detect and prevent because they stem from trusted individuals within the organisation.

The increasing prevalence of remote work has further widened the attack surface. Employees now access company systems from personal devices and unsecured networks, increasing exposure to threats.

Daryl Flack, Partner at Avella Security suggests five key steps that every employee should follow to reduce the cyber risk across their organisation:

1. Think before you click: Be wary of links or attachments from unknown or unexpected sources. If in doubt, check with IT or your security team.

2. Verify unusual requests: Verify via a separate communications channel, urgent or unusual requests even if they appear from a valid source, especially those involving payments, passwords, or confidential information.

3. Watch for red flags: Look out for unusual tone or grammar, unfamiliar senders and mismatched email addresses.

4. Install updates promptly: Always update your devices, software, apps and browsers as soon as notified, ensuring that you restart if requested to do so.

5. Report suspicious activity immediately: If something doesn’ t feel right, report it straight away to your IT or security team.

Ultimately, no system is entirely secure if the people using it are not vigilant. As fallible beings, we are the weakest link. Recognising and addressing human error is a necessary step toward building a resilient and secure digital environment.

Employees now access company systems from personal devices and unsecured networks, increasing exposure to threats.

WWW. INTELLIGENTCISO. COM 19