An organization can implement all the best security tools, but security is ultimately a people problem. “Human error accounts for most data breaches,” says Mike Mellor, vice president of cybersecurity consulting at network security firm Nuspire.
Ransomware attacks, for example, dominate the headlines and cost companies millions of dollars each year. “The most effective way to reduce the occurrence of these types of attacks is to train the users,” Mellor advises.
Asset management is an important first step in securing an environment. “Unmanaged devices are one of the biggest internal network security mistakes an organization can make,” says Devin Ertel, CISO of Menlo Security, a network security company. “Devices that aren’t under the control of the security and IT teams, but have access to the overarching network, cause a huge risk to the environment.”
In past years, many organizations simply prohibited unmanaged devices. Times are changing, however. “The increase of remote, hybrid, and contracted work means that these unmanaged devices must be allowed on the network,” Ertel explains. “As a result, security teams must ensure that their security stacks adequately protect them against the inherent vulnerabilities that are associated with unmanaged devices.”