Employees remain the biggest source of corporate cyber risk. According to the “IBM X-Force 2016 Cyber Security Intelligence Index,” staff members are responsible for 60 percent of all digital attacks endured by enterprises. In most cases, there’s no malicious intent. Employees may subvert network security by opening infected email attachments, falling for well-crafted phishing attacks, accessing compromised third-party apps or accidentally posting confidential information on social media sites.
The accepted method to mitigate these risks is employee education — training staff to recognize the risks of specific behaviors and taking steps to avoid potential compromise. Still, the problem persists, with insider issues ranking as the top threat month after month and year after year. How much security advice are employees really hearing and taking to heart? Can companies convince them to care about network security?