Platform

Unify HRM Overview

Platform

Capabilities

Identify: HROC Dashboard
Human Risk Quantification (HRI)

Insights

Benchmarking

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report
Report
Measure progress and ROI of action plans

Board and Executive Reporting

Manager Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

September 11, 2019

Cyber Threats - The 7 Deadly Sins of Security Awareness - a Living Security Intelligence Report

Cyber Threats

7 cybersecurity ‘sins’ are responsible for the majority of your human risk.

Meaning, employees who are unaware of (or intentionally) committing these seven security blunders are significantly more likely to assist or accelerate cyber attack against your company:

Misinterpret legitimacy
React impulsively
Over-rely on security controls
Disregard policy
Mishandle devices
Neglect suspicious activity
Surrender to security fatigue

The cost of ignoring these ‘sins’ is steep. A successful cyber attack in 2019 is over $5 million USD on average, or around $301 per employee (ponemon). Coupled with the fact that people are now 20x more likely to be robbed at their computers by a cyber criminal than to be held up in the street, the urgency becomes all the more real for people to become situationally aware of current and emerging threats before it's too late.

Traditionally, the reaction by security awareness program owners has been some form of blame-and-train. But better program design means taking responsibility for any resistance and instead choosing to influence culture change through non-punitive action steps. Sustaining culture change requires understanding not just behavior, but also the identity and motivation behind each decision made.

The Sins

Misinterpreting email legitimacy
- 91% of cyberattacks begin with a phishing email (TrendMicro)
- 86% of people said they had received more than one suspicious email in the last two weeks, and a majority of them said they would appreciate additional training (Living Security)
- 76% of businesses reported being a victim of a phishing attack in the last year. (Wombat Security)
- 56% of organizations identified targeted phishing attacks as their biggest current cybersecurity threat. (CyberArk)
- 30% of all phishing emails are opened, 12% clicked (Verizon)
Reacting impulsively to suspicious calls
- Being “caught off guard” and “curious” were the two main reasons why respondents fell for social engineering scams, according to a Living Security study. For respondents being “caught off guard,” they did not understand that it was OK to hang up, collect their thoughts, talk to security and call back (if applicable). “Curious” respondents, on the other hand, were unaware of the dangers of inquisitiveness.
Over-reliance on mobile security controls
- Millions of people have over-trusted the native security controls of their phone. The obvious corporate implication is that users will inevitably bring compromised devices into the workplace (barring strict BYOD policies) and connect to WiFi (NetworkWorld). Moreover, the next wave of malicious mobile applications is expected to be even more advanced, with botnet tendencies to actually hijack and control infected devices (VeraCode).
- 73% of people admit to not notifying IT when their device has been infected (webroot)
Disregarding policy guidelines
- Policy questions had the lowest net score on the Living Security platform in 2018, indicating a difficulty identifying appropriate responses to corporate policies and industry regulations.
- 12% of employed respondents were fully aware of the IT security policies and rules set out by their employers (B2B International, Kaspersky Lab)
Mishandling company devices while teleworking or traveling
- 64% of people felt their role made them a moderate to high risk target for cyber criminals, many without an adequate understanding of what security precautions to follow while teleworking or traveling. This attack surface presents a significant risk for accidental loss, theft or tampering of company-furnished devices while away from the workplace. (Living Security)
Neglecting to challenge strangers on premise/ reporting suspicious activity on network
- 90% of all cyber crimes stem from minor oversights (on premise or on network), whether because of gross neglect or stress. (Willis Towers Watson)
Surrendering to password fatigue
- Password-related questions are one of the most misunderstood topics among end users on the Living Security platform, and some indicate the practice of reusing passwords across all their platforms, or merely incrementing/decrementing them to only slightly change the base password (Living Security). Recent reports show that users are also overwhelmed with managing an array of passwords and are looking for “convenience” (Yubico -Ponemon study).

Thinking about briefing your team on the 7 deadlies? Maybe you want to customize a slide-deck for your end-users? Download the editable slide deck (.pptx) below just by signing up!

Cyber Threats - The 7 Deadly Sins of Security Awareness - a Living Security Intelligence Report

Cyber Threats

7 cybersecurity ‘sins’ are responsible for the majority of your human risk.

The Sins

Misinterpreting email legitimacy

Reacting impulsively to suspicious calls

Over-reliance on mobile security controls

Disregarding policy guidelines

Mishandling company devices while teleworking or traveling

Neglecting to challenge strangers on premise/ reporting suspicious activity on network

Surrendering to password fatigue

Thinking about briefing your team on the 7 deadlies? Maybe you want to customize a slide-deck for your end-users? Download the editable slide deck (.pptx) below just by signing up!