www.forbes.com
Open in
urlscan Pro
151.101.130.49
Public Scan
Submitted URL: https://info.safe.security/e3t/Btc/I7+113/d2lml804/VVZ4-G35mL8yW8WBKZf3YDz7pW7vv0b_4FCz-zN3hBC6X3lLCfV1-WJV7CgZ8fN2qRN8CClD...
Effective URL: https://www.forbes.com/sites/forbestechcouncil/2021/09/13/how-likely-is-your-employee-to-cause-a-data-breach/?_hsenc=p2...
Submission: On February 16 via api from US — Scanned from DE
Effective URL: https://www.forbes.com/sites/forbestechcouncil/2021/09/13/how-likely-is-your-employee-to-cause-a-data-breach/?_hsenc=p2...
Submission: On February 16 via api from US — Scanned from DE
Form analysis
1 forms found in the DOM<form class="search-modal__form"><input class="search-modal__input" type="text" placeholder="Search" autofocus=""><button class="search-modal__submit" role="button" tabindex="0" title="Submit"><svg class="fs-icon fs-icon--arrow-right"
xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
<path transform="rotate(-180 8.964 11)" d="M1 10h16v2H1z"></path>
<path transform="rotate(134.999 14.965 13.124)" d="M11 12.1h8v2h-8z"></path>
<path transform="rotate(-134.999 14.965 8.877)" d="M11 7.9h8v2h-8z"></path>
</svg></button></form>
Text Content
Explore * Billionaires * All Billionaires * World's Billionaires * Forbes 400 * America's Richest Self-Made Women * China's Richest * India's Richest * Indonesia's Richest * Korea's Richest * Thailand's Richest * Japan's Richest * Australia's Richest * Taiwan's Richest * Singapore's Richest * Philippines' Richest * Hong Kong's Richest * Malaysia's Richest * Money & Politics * 2020 Money * Innovation * All Innovation * 5G * AI * Big Data * Cloud * Cloud 100 * COP26 * Cognizant BrandVoice | Paid Program * Consumer Tech * Cybersecurity * Enterprise Tech * Future Of Work * Games * Google Cloud BrandVoice | Paid Program * Healthcare * Innovation Rules * Japan BrandVoice | Paid Program * SAP BrandVoice | Paid Program * Science * ServiceNow BrandVoice | Paid Program * Social Media * Splunk BrandVoice | Paid Program * Sustainability * Venture Capital * Wind River BrandVoice | Paid Program * Leadership * All Leadership * Careers * CEO Network * CFO Network * CHRO Network * CIO Network * CMO Network * Crowe BrandVoice | Paid Program * CxO * Dell Technologies BrandVoice | Paid Program * Deloitte BrandVoice | Paid Program * Diversity, Equity & Inclusion * Education * Forbes EQ | Paid Program * Forbes The Culture * ForbesWomen * Leadership Strategy * Scale Up * Under 30 * Working Remote * Over 50 * Money * All Money * Banking & Insurance * Crypto & Blockchain * ETFs & Mutual Funds * Fintech * Forbes Digital Assets * Hedge Funds & Private Equity * Investing * Investing Basics | Q.ai * Markets * Personal Finance * Premium Investing Newsletters * Retirement * Scale Up * Taxes * Top Advisor | SHOOK * Vanguard BrandVoice | Paid Program * Wealth Management * Business * All Business * Aerospace & Defense * Energy * Food & Drink * Hollywood & Entertainment * Manufacturing * Media * Policy * Retail * Scale Up * SportsMoney * Transportation * Small Business * All Small Business * Entrepreneurs * Franchises * Small Business Strategy * Scale Up * Lifestyle * All Lifestyle * Arts * Boats & Planes * Cars & Bikes * Dining * ForbesLife * Forbes Travel Guide * Spirits * Style & Beauty * Travel * Vices * Watches * Real Estate * All Real Estate * Commercial Real Estate * Forbes Global Properties * Residential Real Estate * Store * All Store * Vetted * All Vetted * Gear * Health & Wellness * Home & Kitchen * Style * Tech & Electronics * Coupons * All Coupons * Purple * Squarespace * Verizon * Lululemon * AT&T * Lowe's * Brooks Brothers * Tory Burch * Dr Martens * Dell * Chewy * Advisor * All Advisor * The Best Credit Cards Of 2022 * Best Balance Transfer Credit Cards * Best Cash Back Credit Cards * Best 0% APR Credit Cards * Best Travel Credit Cards * Best Business Credit Cards * Best Life Insurance Companies * Best Travel Insurance Companies * Covid-19 Travel Insurance * Best Car Insurance Companies * Best Pet Insurance * Best Mortgage Lenders * Mortgage Calculator * Today's Mortgage Rates * Best Personal Loans * Best Student Loans * Best Student Loan Refinance * Best Business Insurance * Forbes Health * Forbes Advisor UK * Forbes Advisor India * Wheels * All Wheels * Best Sedans * Best Luxury SUVs * Best SUVs * Best Pickups * Best Performance Cars * Best Family Cars * Best SUVs & Crossovers * Best Electric Cars * Best Sports Cars * Used Cars For Sale Near Me * New Cars For Sale Near Me * Lists * All Lists * Video * All Video * Newsletters * Crypto Confidential * Editorial Newsletters * Investing Digest * Premium Investing Newsletters * Forbes Magazine * All Forbes Magazine * Forbes Asia * Free Issue of Forbes * Latest * Coronavirus Coverage * Daily Cover Stories * Dark Capital * Editors' Picks * Election 2020 * Visual Web Stories * Scale Up * Featured * 5 Steps To Jump Start Savings Early In Your Career * 30 Under 30 2022 * America's Top Women Wealth Advisors 2022 * Best-In-State Women Wealth Advisors 2022 * Dell Technologies Connoisseur | Paid Program * Dell Technologies Connoisseur | Paid Program * Dell Technologies Connoisseur | Paid Program * DNA of Success * How Leaders Can Demonstrate Empathy And Build Stronger Teams | Paid Program * Kyndryl BrandVoice | Paid Program * Smartsheet BrandVoice | Paid Program * The Investment Guide: Your Life Your Priorities 2022 * Advertise with Forbes * Report a Security Issue * Site Feedback * Contact Us * Careers at Forbes * Tips * Corrections * Privacy * Do Not Sell My Personal Information * Terms * AdChoices * Reprints & Permissions © 2022 Forbes Media LLC. All Rights Reserved Subscribe Sign In BETA This is a BETA experience. You may opt-out by clicking here MORE FROM FORBES Feb 16, 2022,10:00am EST Stop Admiring Your Data And Use It Feb 16, 2022,09:45am EST Data Is Key, But API Troubles Are Ahead Feb 16, 2022,09:30am EST Rise Of The Chief Anticipation Officer Feb 16, 2022,09:30am EST Forget The Metaverse — The Roboverse Is Already Here Feb 16, 2022,09:15am EST Coining The Term AI-SecOps: Why Your Business Should Consider AIOps For Cybersecurity Feb 16, 2022,09:00am EST The Accuracy Limits Of Data-Driven Healthcare Feb 16, 2022,09:00am EST Stripe Leads $75 Million Investment Round Into Payroll Infrastructure Startup Check Edit Story Sep 13, 2021,07:45am EDT|1,109 views HOW LIKELY IS YOUR EMPLOYEE TO CAUSE A DATA BREACH? Saket Modi Forbes Councils Member Forbes Technology Council COUNCIL POST Expertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based) Innovation * Share to Facebook * Share to Twitter * Share to Linkedin Saket Modi is the co-founder and CEO of Safe Security, a Palo Alto-based cybersecurity and digital business risk quantification company. getty “There are decades where nothing happens, and there are weeks where decades happen.” — Vladimir Lenin “A big change or improvement … in the way that people do a particular activity” — that is how Cambridge Dictionary defines a revolution. What the pandemic has brought about is undoubtedly a revolution in the context of the “traditional” workplace. Subsequently, employees, their digital presence and the devices they use have become the new edge in information security and re-created the perimeter organizations have to protect. People are at the center of all cybersecurity conversations today, but are organizations prepared to adopt cybersecurity models with their employees at their center? Recognizing that 85% of data breaches have a human aspect, according to the recently published Verizon Data Breach Investigations Report, organizations need to measure and understand the impact of employee risk on their overall risk posture and mitigate those risks proactively. Social engineering has cost businesses $4.47 million, according to IBM’s 2021 Cost of a Data Breach report. Another study states that 60% of employees who failed a cybersecurity quiz actually feel safe from cyber threats, and incredibly, 74% of respondents who answered every single question incorrectly also felt protected. We must understand why trained employees perform only marginally better than untrained employees on simulated and actual cybersecurity tests. The scientific logic behind the near-failure of the current training models can be found in already published research: • The Ebbinghaus forgetting curve shows that humans forget approximately 50% of all new information within an hour of learning it. MORE FOR YOU GOOGLE ISSUES WARNING FOR 2 BILLION CHROME USERS FORGET THE MACBOOK PRO, APPLE HAS BIGGER PLANS GOOGLE DISCOUNTS PIXEL 6, NEST & PIXEL BUDS IN LIMITED-TIME SALE EVENT • The human brain can assimilate only six to nine data points at once before a severe drop in memory and attention. • Researchers have discovered that it takes 18 to 254 days to form a habit. PLAY Forbes Innovation Video Settings Full Screen About Connatix V150819 Read More Read More Read More Read More Read More Read More Immigration Policies At USCIS Lead To DenialsOf L‑1B Petitions 1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE Feedback Is The Breakfast Of Champions Feedback is a compelling influence on learner achievement. This critical aspect is missing from most cybersecurity awareness training platforms. Unless employees are made acutely aware of the risk they pose to their organization (quantified in the form of a dollar impact), the feedback loop of learning remains incomplete. Similarly, a decreased risk as a result of their efforts — cyber awareness courses attended, phishing simulations passed, remediation of exposed passwords, correctly configured devices, among others — will encourage employees to maintain high standards of cyber vigilance. For this to be possible, cybersecurity needs to be where the user is. Micro-learning via mobile devices increases knowledge retention further, as employees can engage at their own pace and convenience. Furthermore, cyber awareness platforms should be: • Contextual - Cyber-awareness training pertains specifically to the business and its requirements. It must consider the geography, industry, revenue and the type of data managed by the organization while educating employees. • Personalized - The content should be limited to security awareness training and include topics more relevant to employees and their everyday internet behavior, such as social media websites or digital payment applications. • Dynamic and engaging - There should be micro-learning modules that are no more than two to five minutes long, with bite-sized, focused learning material regularly updated, based on the most recent threats. How Risk Quantification Can Help Despite investments in sophisticated security awareness platforms and well-run programs, CISOs continue to face challenges in proving impact and ROI to the board. Their main goal is to showcase a reduction in per-employee risk due to their investment in these platforms. It is time for person-breach likelihood, monitoring and management to become the primary goal, with security awareness training as just one arm of the platform. This will enable an employee’s cyber risk to be quantified, holistic and incorporate several other technical controls. An overall per-employee risk management platform: • Helps explain the urgency and allows for differential training of employees in different risk buckets. • Facilitates decision-making. An organization can make a minimum risk score a prerequisite to access specific confidential and sensitive data and systems. • Helps measure training effectiveness and influences training frequency. • Allows risk scores to roll up to department levels and reveal the overall people-risk of the company. This type of gamification can help departments compete against each other to increase their scores. In a 2017 article, Arun Vishwanath wrote, “Ignoring the end-user is akin to putting better locks on a safe, while forgetting all the many people who have its keys.” He claimed that the most significant vulnerability in the whole ecosystem is the user, but it can also be its most powerful protector. Risk quantification aligns employees and security teams by providing a shared understanding and metric of risk and its movement resulting from good/poor security behaviors. Why not cultivate employees to be your early warning system when it can have a great return on investment? The ball is in our court to go on the offensive. We must embrace the changes in workplace culture and reflect it with cybersecurity — by bringing people back to its epicenter. -------------------------------------------------------------------------------- Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify? -------------------------------------------------------------------------------- Follow me on Twitter or LinkedIn. Check out my website. Saket Modi Saket Modi is the co-founder and CEO of Safe Security, a Palo Alto-based cybersecurity and digital business risk quantification company. Read Saket Modi's full executive profile here. * Print * Reprints & Permissions Solar Energy Could Power 40% Of U.S. By 2035, Report Says Cookies on Forbes YOUR CHOICES REGARDING COOKIES ON THIS SITE Please choose whether this site may use cookies or related technologies such as web beacons, pixel tags, and Flash objects ("Cookies") as described below. You can learn more about how this site uses cookies and related technologies by reading our privacy policy linked to below. Your choices on this site will be applied globally. This means that your settings will be available on other sites that set your choices globally. You can change your mind and revisit your preferences at any time by accessing the "Cookie on Forbes" button on the left side of this site. While we need to use required cookies to make our site work, we won't set optional cookies unless you enable them. WE AND OUR PARTNERS We and our partners: process personal data such as IP Address, Unique ID, browsing data for: Informationen auf einem Gerät speichern und/oder abrufen | Personalisierte Anzeigen, Anzeigenmessung und Erkenntnisse über Zielgruppen | Personalisierte Inhalte und Inhaltemessung | Produkte entwickeln und verbessern | Genaue Standortdaten verwenden | Geräteeigenschaften zur Identifikation aktiv abfragen. Some partners do not ask for your consent to process your data, instead, they rely on their legitimate business interest. View our list of partners to see the purposes they believe they have a legitimate interest for and how you can object to it. Accept All Choose Cookies Privacy Statement Powered by: