Skip to main content Link Menu Expand (external link) Document Search Copy Copied
ePortfolio

Don’t Click That! Managing People to Overcome Cybersecurity Threats


Human error is often cited as one of the most significant contributors to cybersecurity threats and attacks. As highlighted in a 2022 article by Thomson Reuters, most security breaches occur due to social engineering tactics. The ISO/IEC Standard 27000 Section 3 Terms and Definitions provide valuable insights into how organizations can address the human element, often the insider threat, in cybersecurity. This blog post explores five key terms from this standard: risk assessment, access control, incident management, awareness, and continuous improvement (ISO/IEC, 2018).

Risk Assessment: It is crucial for organizations to conduct comprehensive risk assessments. These assessments identify vulnerabilities such as employee access to sensitive data and the potential ramifications that could arise from misuse of such data.

Access Control: Implementing strict and robust access control measures can minimize insider threats. Limiting access to sensitive information based on necessity reduces the likelihood of data breaches or unauthorized activities.

Incident Management: Despite taking numerous precautions, security incidents can still occur. Therefore, organizations must have a well-defined incident management process to respond effectively and mitigate potential damage.

Awareness: Regular education and training on the importance of cybersecurity can keep employees informed about the latest threats. It also equips them with skills to identify and report suspicious activity.

Continuous Improvement: Cybercriminals are always inventing new methods to exploit security gaps. Consequently, organizations should strive for continuous improvement, regularly training their employees and conducting audits and risk assessments to stay a step ahead of potential threats.

References:

International Organization for Standardization & International Electrotechnical Commission. (2018). Information technology — Security techniques — Information security management systems — Overview and vocabulary. Available from: https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-5:v1:en:term:3.52

Thomson Reuters. (2022). Top 5 most common cyber threats to watch out for today. Available from: https://legal.thomsonreuters.com/en/insights/articles/top-5-most-common-cyber-security-threats-today