End user security is beginning to become mainstream, and for good reason. According to a study conducted in 2014, 80% of IT and security admins believe that end user carelessness is a bigger threat than actual cyber attacks and malware.
As cyber security professionals, we put the majority of our time into securing and hardening our applications and networks. Obviously, this isn’t a complete waste of time, because we have logs that tell us that these things are constantly under attack. However, almost as frequently under attack are the end users, and whats worse, targeting end users is more effective for hackers.
So why have we been so slow to invest in end user security training? It seems to be a widely ignored topic, one that is only now becoming mainstream. In fact, we have actually had conversations with security leadership from large organizations who have admitted that they have yet to invest in training their end users.
The truth is, its time to invest in end user security training. So many attacks occur because people do things either negligently or even somewhat maliciously. Creating a culture that values secure practice regarding the IT applications they use to do their jobs, is the only way we can ensure we are truly, defending the data within our organizations.