- Today organizations are struggling with the best way to protect against attacks that are targeting the endpoint.
- Too often, the security strategy has been to put the onus on the individual employee.
- Research has shown, over and over again, that training and user restrictions are both tedious and expensive, and have a very low success rate.
- This is because cybercriminals are experts at using social engineering to manipulate users into behaving insecurely.
Being a CISO is tough. You’re responsible for the security of your organization’s intellectual property, customer data and you fight an enemy that can’t be seen or heard. If you’re lucky, you’ve constructed a security stack aimed at preventing a breach, but the reality is, cybercriminals have figured out your most vulnerable threat surface are the humans who are doing the work in your company. That means your whole job comes down to trusting the people who surf the net, read email and download documents hundreds of times a day. So to cope with this variable, you find yourself locking things down, blacklisting websites and doing regular phishing tests to see who’s not paying attention. You know this comes at the cost of productivity. You know because the organization tells you. Repeatedly. Yet what are you supposed to do? You will lose your job and your reputation if there’s a breach.
Welcome to the CISO’s Dilemma.
We conducted a study with researchers at