CISObyte 05-01-2020
CISOs are developing and using employee risk scores to determine where more user training and better automated defense is needed.
“Humans still remain the most consistently vulnerable element of any business. And malicious actors will stop at nothing to prey on their fallibility.”
“Theoretically, if an employee clicks a malicious link in a phishing email, there was a failure of the automated defense tool somewhere in the chain.” But your automated system cant stop everything. Your greatest risk remains your people, and getting them the training and tools they need to be successful and secure becomes more necessary daily. How to determine where best to allocate a limited spend? “While not a new concept, employee risk scorecarding is growing ever more advanced, thanks to better analytics, policies and workflows that make assessments more actionable.”
“Despite its virtues, the employee risk and scorecarding process must continue to be refined. To understand why, one need only look at the scourge of COVID-19 phishing campaigns that have oozed out of the shadows since the start of the coronavirus pandemic, preying on the fears of an anxious public looking for answers in an uncertain time.”
- Risk Management
- Risk Scoring
- Governance
- Security Analysis
