So much Security but still not safe!

Too much investment in enhancing technical security controls but companies are still getting hacked, and their data/systems are getting compromised. Why?

We live in a world of technology which evolves at lightning speed but so does the sophistication of attacks. Tech companies are doing a great job of developing new tools to improve security using machine learning and AI technologies, aimed at limiting human error.  But the big question is – Is that enough? Clearly not!

As per researchers, 4 out of 5 attacks are caused by human or process error. So we know where the problem is and still, most businesses ignore the human aspect of security or invest minimally in it. Moreover, if you observe a real attack, in a lot of cases, the attackers use social engineering techniques like phishing and SMShing to drop a malicious payload on the victim's device and then use different tools/techniques to gain privilege escalation on that device, then move laterally until they find something valuable. Most of the time, it starts with a click on something!

Quite often, I hear humans are the weakest link in the cybersecurity chain, which, in my opinion, is a wrong narrative. If organisations invest a small portion of what they spend on latest security tools/technologies on the human aspect of the cybersecurity instead - train, educate and make them cyber aware, they could be their best defence against most of threats.

Security Awarness Programme must be included in every organisation's overall security programme if the organisation is serious about improving their security, whatever their size.