What Do We Mean by User Risk?
Risky end-user behaviours are impacting organisations around the world, with implications that can be immediate (like a ransomware infection) or become a threat that lies in wait (like an incident of credential compromise). What we’ve come to recognise is that users’ personal cybersecurity habits carry over into work hours — and that, often, infosecurity teams are overestimating end users’understanding of fundamental cybersecurity best practices.
These two factors — and the reality that mobile devices and applications continue to blur the separation between personal and corporate connectivity — make it clear there is a pressing need to better defne and manage end-user risk. Because cybercriminals are increasingly exploiting end-user mistakes rather than hardware, software, and system vulnerabilities, organisations must take a peoplecentric view of cybersecurity in order to most effectively protect data and assets.
PASSWORDS AND PHYSICAL SECURITY
Passwords and physical security measures offer some of the most basic data and device protections—yet users are failing to apply relatively simple best practices in these areas. There has been much discussion about the dangers of password reuse among online accounts, so it’s good to see that a relatively small percentage of respondents who don’t use a password manager—just over 20%—said they repeat the same one or two passwords across their accounts. Yet, this percentage still represents a signifcant vulnerability for organisations; for example, in a 10,000 employee company, this would equate to more than 2,000 users putting secure accounts and systems at considerable risk.
HOW DEVICES ARE BEING USED
With these questions, we wanted to gather some insights about how freely users share their personal—and business—information on public channels, and the personal activities they are likely to perform on corporate-issued devices. Social media is a regular pursuit for most global respondents: 51% said they regularly post to social channels; 30% said they are “lurkers” (that is, they read others’ posts but rarely post themselves), and 19% said they don’t use social media at all. However, German respondents are much less likely than their global counterparts to participate heavily in social networking: Just 35% post regularly, and 27% do not have any social media accounts.
