Sam Joseph, Co-Founder and CEO
Hakimo
Originally published on Forbes.com
Behavioral science has long debated — and self-help books have long profited from — what it takes to change behavior and create a new habit. Some argue it takes 18 days, some 30. Psychologist Brian King believes there is no set timeline for change because too many variables are involved. The bottom line? If businesses rely on human employees to change their behaviors to match the ever-evolving security landscape, this unpredictability can be a problem.
Findings from IBM’s Cost of a Data Breach Report 2021 show that a single data breach can cost companies an average of $4.24 million, with 2021’s average data breach costing the highest in 17 years. Cybersecurity spending was also estimated to be up 12.4% to over $150 billion in 2021, according to Gartner analysts. Yet, although corporations recognize the challenge of protecting their data and the imminent costs of any breach, there’s more the industry can do to help employees understand their role in corporate security.
Ransomware attacks dominate the news because data held hostage is now a common and costly occurrence. The cultural representation of complicated code, computer keystrokes and email scams dominates our understanding of how hacks happen. The average consumer gets alerts about suspicious emails and is regularly prompted to draft increasingly complicated passwords.
The dominance of this security narrative, however, offers a false sense of engagement for employees. For corporate workers, a complicated password, a lengthy sign-on to a VPN and a work computer all feel like appropriate — and complete — safeguards to security issues beyond their control.
For that reason, other social engineering tactics that go beyond emails and passwords are often ignored. The classic example is an employee holding the door open for someone else, popularly known as “tailgating” or “piggybacking.” This behavior comes naturally to most people, as we’re taught from an early age to hold the door for others.
Although generally a good thing, in most corporate environments, it can lead to big security risks. Hackers can easily use this “nice” gesture to gain access to a secure facility. Once inside, they have access to all network ports, devices and equipment, not to mention passwords written on sticky notes. The amount of damage that someone can cause in that scenario is endless.
Subscribe to receive the latest news, resources, and announcements. We won’t bug you with unnecessary emails, just the ones that help shape the future of physical security.
