Employees are a company’s greatest asset, but also its greatest security risk.
“If we look at security breaches over the last five to seven years, it’s pretty clear that people, whether it’s through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities,” said Eddie Schwartz, chair of ISACA‘s Cyber Security Advisory Council.
In the past, companies could train employees once a year on best practices for security, said Wesley Simpson, COO of (ISC)2. “Most organizations roll out an annual training and think it’s one and done,” Simpson said. “That’s not enough.”
Instead, Simpson said organizations must do people patching: Similar to