Conversation

Notices

Embed this notice
Patrick C Miller :donor: (patrickcmiller@infosec.exchange)'s status on Monday, 27-Nov-2023 05:12:02 JST Patrick C Miller :donor:

Employee Policy Violations Cause 26% of Cyber Incidents https://www.infosecurity-magazine.com/news/employee-violations-cause-26-cyber/
In conversation about a year ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: assets.infosecurity-magazine.com
  
  Employee Policy Violations Cause 26% of Cyber Incidents
  
  from https://www.infosecurity-magazine.com/profile/alessandro-mascellino/
  
  Kaspersky said the figure closely rivals the 20% attributed to external hacking attempts
- Embed this notice
  caffinepwrd ☕ (caffinepwrd@infosec.exchange)'s status on Monday, 27-Nov-2023 05:17:17 JST caffinepwrd ☕
  in reply to
  
  @patrickcmiller this should be "Controls designed to support policy and standard failed in 26% of incidents" further I find when someone intentionally bypasses a control, it's because the security program isn't supporting the business properly.
  
  In conversation about a year ago permalink
- Embed this notice
  Dave Wilburn :donor: (davemwilburn@infosec.exchange)'s status on Monday, 27-Nov-2023 05:35:40 JST Dave Wilburn :donor:
  in reply to
  
  @patrickcmiller "caused" should probably be "contributed to." Also, for a study that claims to be about "human factors", there's a remarkable lack of introspection about the actual underlying human factors beyond "blame the human operator." No serious industry portraying itself as safety/security-focused would ever accept a double-digit percentage of human error resulting in significant negative consequences without a deeper examination and direct addressing of the underlying causes. We collectively need to stop blaming our users.
  
  In conversation about a year ago permalink

Public

Notices

Feeds