www.forbes.com
Open in
urlscan Pro
151.101.130.49
Public Scan
Submitted URL: https://info.safe.security/e3t/Btc/I7+113/d2lml804/VVZ4-G35mL8yW8WBKZf3YDz7pW7vv0b_4FCz-zN3hBC6X3lLCfV1-WJV7CgZ8fN2qRN8CClD...
Effective URL: https://www.forbes.com/sites/forbestechcouncil/2021/09/13/how-likely-is-your-employee-to-cause-a-data-breach/?_hsenc=p2...
Submission: On February 16 via api from US — Scanned from DE
Effective URL: https://www.forbes.com/sites/forbestechcouncil/2021/09/13/how-likely-is-your-employee-to-cause-a-data-breach/?_hsenc=p2...
Submission: On February 16 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="search-modal__form"><input class="search-modal__input" type="text" placeholder="Search" autofocus=""><button class="search-modal__submit" role="button" tabindex="0" title="Submit"><svg class="fs-icon fs-icon--arrow-right"
xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
<path transform="rotate(-180 8.964 11)" d="M1 10h16v2H1z"></path>
<path transform="rotate(134.999 14.965 13.124)" d="M11 12.1h8v2h-8z"></path>
<path transform="rotate(-134.999 14.965 8.877)" d="M11 7.9h8v2h-8z"></path>
</svg></button></form>Text Content
Explore
* Billionaires
* All Billionaires
* World's Billionaires
* Forbes 400
* America's Richest Self-Made Women
* China's Richest
* India's Richest
* Indonesia's Richest
* Korea's Richest
* Thailand's Richest
* Japan's Richest
* Australia's Richest
* Taiwan's Richest
* Singapore's Richest
* Philippines' Richest
* Hong Kong's Richest
* Malaysia's Richest
* Money & Politics
* 2020 Money
* Innovation
* All Innovation
* 5G
* AI
* Big Data
* Cloud
* Cloud 100
* COP26
* Cognizant BrandVoice | Paid Program
* Consumer Tech
* Cybersecurity
* Enterprise Tech
* Future Of Work
* Games
* Google Cloud BrandVoice | Paid Program
* Healthcare
* Innovation Rules
* Japan BrandVoice | Paid Program
* SAP BrandVoice | Paid Program
* Science
* ServiceNow BrandVoice | Paid Program
* Social Media
* Splunk BrandVoice | Paid Program
* Sustainability
* Venture Capital
* Wind River BrandVoice | Paid Program
* Leadership
* All Leadership
* Careers
* CEO Network
* CFO Network
* CHRO Network
* CIO Network
* CMO Network
* Crowe BrandVoice | Paid Program
* CxO
* Dell Technologies BrandVoice | Paid Program
* Deloitte BrandVoice | Paid Program
* Diversity, Equity & Inclusion
* Education
* Forbes EQ | Paid Program
* Forbes The Culture
* ForbesWomen
* Leadership Strategy
* Scale Up
* Under 30
* Working Remote
* Over 50
* Money
* All Money
* Banking & Insurance
* Crypto & Blockchain
* ETFs & Mutual Funds
* Fintech
* Forbes Digital Assets
* Hedge Funds & Private Equity
* Investing
* Investing Basics | Q.ai
* Markets
* Personal Finance
* Premium Investing Newsletters
* Retirement
* Scale Up
* Taxes
* Top Advisor | SHOOK
* Vanguard BrandVoice | Paid Program
* Wealth Management
* Business
* All Business
* Aerospace & Defense
* Energy
* Food & Drink
* Hollywood & Entertainment
* Manufacturing
* Media
* Policy
* Retail
* Scale Up
* SportsMoney
* Transportation
* Small Business
* All Small Business
* Entrepreneurs
* Franchises
* Small Business Strategy
* Scale Up
* Lifestyle
* All Lifestyle
* Arts
* Boats & Planes
* Cars & Bikes
* Dining
* ForbesLife
* Forbes Travel Guide
* Spirits
* Style & Beauty
* Travel
* Vices
* Watches
* Real Estate
* All Real Estate
* Commercial Real Estate
* Forbes Global Properties
* Residential Real Estate
* Store
* All Store
* Vetted
* All Vetted
* Gear
* Health & Wellness
* Home & Kitchen
* Style
* Tech & Electronics
* Coupons
* All Coupons
* Purple
* Squarespace
* Verizon
* Lululemon
* AT&T
* Lowe's
* Brooks Brothers
* Tory Burch
* Dr Martens
* Dell
* Chewy
* Advisor
* All Advisor
* The Best Credit Cards Of 2022
* Best Balance Transfer Credit Cards
* Best Cash Back Credit Cards
* Best 0% APR Credit Cards
* Best Travel Credit Cards
* Best Business Credit Cards
* Best Life Insurance Companies
* Best Travel Insurance Companies
* Covid-19 Travel Insurance
* Best Car Insurance Companies
* Best Pet Insurance
* Best Mortgage Lenders
* Mortgage Calculator
* Today's Mortgage Rates
* Best Personal Loans
* Best Student Loans
* Best Student Loan Refinance
* Best Business Insurance
* Forbes Health
* Forbes Advisor UK
* Forbes Advisor India
* Wheels
* All Wheels
* Best Sedans
* Best Luxury SUVs
* Best SUVs
* Best Pickups
* Best Performance Cars
* Best Family Cars
* Best SUVs & Crossovers
* Best Electric Cars
* Best Sports Cars
* Used Cars For Sale Near Me
* New Cars For Sale Near Me
* Lists
* All Lists
* Video
* All Video
* Newsletters
* Crypto Confidential
* Editorial Newsletters
* Investing Digest
* Premium Investing Newsletters
* Forbes Magazine
* All Forbes Magazine
* Forbes Asia
* Free Issue of Forbes
* Latest
* Coronavirus Coverage
* Daily Cover Stories
* Dark Capital
* Editors' Picks
* Election 2020
* Visual Web Stories
* Scale Up
* Featured
* 5 Steps To Jump Start Savings Early In Your Career
* 30 Under 30 2022
* America's Top Women Wealth Advisors 2022
* Best-In-State Women Wealth Advisors 2022
* Dell Technologies Connoisseur | Paid Program
* Dell Technologies Connoisseur | Paid Program
* Dell Technologies Connoisseur | Paid Program
* DNA of Success
* How Leaders Can Demonstrate Empathy And Build Stronger Teams | Paid
Program
* Kyndryl BrandVoice | Paid Program
* Smartsheet BrandVoice | Paid Program
* The Investment Guide: Your Life Your Priorities 2022
* Advertise with Forbes
* Report a Security Issue
* Site Feedback
* Contact Us
* Careers at Forbes
* Tips
* Corrections
* Privacy
* Do Not Sell My Personal Information
* Terms
* AdChoices
* Reprints & Permissions
© 2022 Forbes Media LLC. All Rights Reserved
Subscribe
Sign In
BETA
This is a BETA experience. You may opt-out by clicking here
MORE FROM FORBES
Feb 16, 2022,10:00am EST
Stop Admiring Your Data And Use It
Feb 16, 2022,09:45am EST
Data Is Key, But API Troubles Are Ahead
Feb 16, 2022,09:30am EST
Rise Of The Chief Anticipation Officer
Feb 16, 2022,09:30am EST
Forget The Metaverse — The Roboverse Is Already Here
Feb 16, 2022,09:15am EST
Coining The Term AI-SecOps: Why Your Business Should Consider AIOps For
Cybersecurity
Feb 16, 2022,09:00am EST
The Accuracy Limits Of Data-Driven Healthcare
Feb 16, 2022,09:00am EST
Stripe Leads $75 Million Investment Round Into Payroll Infrastructure Startup
Check
Edit Story
Sep 13, 2021,07:45am EDT|1,109 views
HOW LIKELY IS YOUR EMPLOYEE TO CAUSE A DATA BREACH?
Saket Modi
Forbes Councils Member
Forbes Technology Council
COUNCIL POST
Expertise from Forbes Councils members, operated under license. Opinions
expressed are those of the author.
| Membership (fee-based)
Innovation
* Share to Facebook
* Share to Twitter
* Share to Linkedin
Saket Modi is the co-founder and CEO of Safe Security, a Palo Alto-based
cybersecurity and digital business risk quantification company.
getty
“There are decades where nothing happens, and there are weeks where decades
happen.” — Vladimir Lenin
“A big change or improvement … in the way that people do a particular activity”
— that is how Cambridge Dictionary defines a revolution. What the pandemic has
brought about is undoubtedly a revolution in the context of the “traditional”
workplace. Subsequently, employees, their digital presence and the devices they
use have become the new edge in information security and re-created the
perimeter organizations have to protect. People are at the center of all
cybersecurity conversations today, but are organizations prepared to adopt
cybersecurity models with their employees at their center?
Recognizing that 85% of data breaches have a human aspect, according to the
recently published Verizon Data Breach Investigations Report, organizations need
to measure and understand the impact of employee risk on their overall risk
posture and mitigate those risks proactively. Social engineering has cost
businesses $4.47 million, according to IBM’s 2021 Cost of a Data Breach report.
Another study states that 60% of employees who failed a cybersecurity quiz
actually feel safe from cyber threats, and incredibly, 74% of respondents who
answered every single question incorrectly also felt protected.
We must understand why trained employees perform only marginally better than
untrained employees on simulated and actual cybersecurity tests. The scientific
logic behind the near-failure of the current training models can be found in
already published research:
• The Ebbinghaus forgetting curve shows that humans forget approximately 50% of
all new information within an hour of learning it.
MORE FOR YOU
GOOGLE ISSUES WARNING FOR 2 BILLION CHROME USERS
FORGET THE MACBOOK PRO, APPLE HAS BIGGER PLANS
GOOGLE DISCOUNTS PIXEL 6, NEST & PIXEL BUDS IN LIMITED-TIME SALE EVENT
• The human brain can assimilate only six to nine data points at once before a
severe drop in memory and attention.
• Researchers have discovered that it takes 18 to 254 days to form a habit.
PLAY Forbes Innovation Video Settings Full Screen About Connatix V150819 Read
More Read More Read More Read More Read More Read More Immigration Policies At
USCIS Lead To DenialsOf L‑1B Petitions 1/1 Skip Ad Continue watching after the
ad Visit Advertiser websiteGO TO PAGE
Feedback Is The Breakfast Of Champions
Feedback is a compelling influence on learner achievement. This critical aspect
is missing from most cybersecurity awareness training platforms. Unless
employees are made acutely aware of the risk they pose to their organization
(quantified in the form of a dollar impact), the feedback loop of learning
remains incomplete.
Similarly, a decreased risk as a result of their efforts — cyber awareness
courses attended, phishing simulations passed, remediation of exposed passwords,
correctly configured devices, among others — will encourage employees to
maintain high standards of cyber vigilance. For this to be possible,
cybersecurity needs to be where the user is. Micro-learning via mobile devices
increases knowledge retention further, as employees can engage at their own pace
and convenience. Furthermore, cyber awareness platforms should be:
• Contextual - Cyber-awareness training pertains specifically to the business
and its requirements. It must consider the geography, industry, revenue and the
type of data managed by the organization while educating employees.
• Personalized - The content should be limited to security awareness training
and include topics more relevant to employees and their everyday internet
behavior, such as social media websites or digital payment applications.
• Dynamic and engaging - There should be micro-learning modules that are no more
than two to five minutes long, with bite-sized, focused learning material
regularly updated, based on the most recent threats.
How Risk Quantification Can Help
Despite investments in sophisticated security awareness platforms and well-run
programs, CISOs continue to face challenges in proving impact and ROI to the
board. Their main goal is to showcase a reduction in per-employee risk due to
their investment in these platforms. It is time for person-breach likelihood,
monitoring and management to become the primary goal, with security awareness
training as just one arm of the platform. This will enable an employee’s cyber
risk to be quantified, holistic and incorporate several other technical
controls.
An overall per-employee risk management platform:
• Helps explain the urgency and allows for differential training of employees in
different risk buckets.
• Facilitates decision-making. An organization can make a minimum risk score a
prerequisite to access specific confidential and sensitive data and systems.
• Helps measure training effectiveness and influences training frequency.
• Allows risk scores to roll up to department levels and reveal the overall
people-risk of the company. This type of gamification can help departments
compete against each other to increase their scores.
In a 2017 article, Arun Vishwanath wrote, “Ignoring the end-user is akin to
putting better locks on a safe, while forgetting all the many people who have
its keys.” He claimed that the most significant vulnerability in the whole
ecosystem is the user, but it can also be its most powerful protector.
Risk quantification aligns employees and security teams by providing a shared
understanding and metric of risk and its movement resulting from good/poor
security behaviors. Why not cultivate employees to be your early warning system
when it can have a great return on investment? The ball is in our court to go on
the offensive. We must embrace the changes in workplace culture and reflect it
with cybersecurity — by bringing people back to its epicenter.
--------------------------------------------------------------------------------
Forbes Technology Council is an invitation-only community for world-class CIOs,
CTOs and technology executives. Do I qualify?
--------------------------------------------------------------------------------
Follow me on Twitter or LinkedIn. Check out my website.
Saket Modi
Saket Modi is the co-founder and CEO of Safe Security, a Palo Alto-based
cybersecurity and digital business risk quantification company. Read Saket
Modi's full executive profile here.
* Print
* Reprints & Permissions
Solar Energy Could Power 40% Of U.S. By 2035, Report Says
Cookies on Forbes
YOUR CHOICES REGARDING COOKIES ON THIS SITE
Please choose whether this site may use cookies or related technologies such as
web beacons, pixel tags, and Flash objects ("Cookies") as described below. You
can learn more about how this site uses cookies and related technologies by
reading our privacy policy linked to below. Your choices on this site will be
applied globally. This means that your settings will be available on other sites
that set your choices globally. You can change your mind and revisit your
preferences at any time by accessing the "Cookie on Forbes" button on the left
side of this site.
While we need to use required cookies to make our site work, we won't set
optional cookies unless you enable them.
WE AND OUR PARTNERS
We and our partners: process personal data such as IP Address, Unique ID,
browsing data for: Informationen auf einem Gerät speichern und/oder abrufen |
Personalisierte Anzeigen, Anzeigenmessung und Erkenntnisse über Zielgruppen |
Personalisierte Inhalte und Inhaltemessung | Produkte entwickeln und verbessern
| Genaue Standortdaten verwenden | Geräteeigenschaften zur Identifikation aktiv
abfragen.
Some partners do not ask for your consent to process your data, instead, they
rely on their legitimate business interest. View our list of partners to see the
purposes they believe they have a legitimate interest for and how you can object
to it.
Accept All Choose Cookies
Privacy Statement
Powered by: