An organization can implement all the best security tools, but security is ultimately a people issue. “Human error is at the root of most data breaches,” says Mike Mellor, vice president of cybersecurity consulting at a network security firm nuspired.
Ransomware attacks, for example, grab headlines and cost businesses millions of dollars each year. “The most effective way to reduce the occurrence of these types of attacks is to educate users,” advises Mellor.
Asset management is an important first step in securing an environment. “Unmanaged devices are one of the biggest internal network security mistakes an organization can make,” says Devin Ertel, CISO of Menlo Security, a network security company. “Devices that are not under the control of security and IT teams, but have access to the global network, pose a huge risk to the environment.”
Over the past few years, many organizations have simply banned unmanaged devices. Times are changing, however. “The increase in remote, hybrid and outsourced work means that these unmanaged devices need to be allowed on the network,” says Ertel. “As a result, security teams must ensure that their security stacks adequately protect against the inherent vulnerabilities associated with unmanaged devices.”