In an exclusive interview, Andrew Rose, Chief Security Officer at SoSafe, looks at the often overlooked human side of cybersecurity.
Watch the full interview to learn how to turn your organization’s greatest vulnerability into its greatest asset.
In cybersecurity, one constant remains both the greatest asset and the greatest vulnerability: the human factor. While technological advances continue to strengthen digital defenses, human behavior remains a critical element in determining the success or failure of cybersecurity measures.
This complex interaction was the focus of our recent discussion with Andrew Rose, Head of Security at SoSafea security awareness training and human risk management company focused on reducing human-related security risks by leveraging behavioral science to improve employees’ security instincts.
As an award-winning CISO with over 25 years of experience in cybersecurity, including at MasterCard and as a Forrester analyst, Rose brings a wealth of knowledge on how organizations can better prepare for and mitigate cyber threats.
In this exclusive interview, Rose explains how attackers exploit human behaviors through sophisticated techniques such as pretexting and social engineering, highlighting the need for greater awareness and training to empower individuals to become proactive defenders.
This is particularly crucial in financial services, which are preferred targets of cybercriminalsEmployees in this industry can either serve as the first line of defense or become the first point of vulnerability. A single mistake can lead to serious breaches of confidential information, resulting in significant financial and legal repercussions.
Additionally, Rose explores the evolving threat landscape, the impact of AI on attackers and defenders, and the importance of continued education and regulation to improve cybersecurity resilience.
Watch the full interview:
Subjects discussed :
- The growing sophistication of cyber threats: How attackers are constantly adapting to outwit defenses.
- The Achilles Heel: How human errors and weaknesses are the primary attack surface for cybercriminals.
- Strengthening the human firewall – transforming employees from potential liabilities into powerful assets.
- AI, the double-edged sword of cybersecurity – how AI is being leveraged by both attackers and defenders in an ongoing battle.
- Future trends and challenges in the cybersecurity landscape.
The growing sophistication of cyber threats
In recent years, cyber threats have become significantly more sophisticated. Ransomware attacks, advanced persistent threats, and other malicious activities have become more frequent and damaging. Financial services, in particular, have been at the forefront of these attacks because of the direct financial gain they offer cybercriminals. Despite significant investments in advanced technologies to strengthen their defenses, these organizations continue to face significant risks, primarily related to the human element in their security frameworks.
Andrew Rose points out a critical imbalance in cybersecurity investments: while about 90% of IT security budgets are allocated to technology, about 90% of the real risk comes from human actions. “You can pile on the technology controls and buy the latest firewalls and intrusion detection systems, but the reality is that the statistics show that it’s the human side of security that’s the biggest vulnerability,” Rose says.
This divergence highlights a widespread underinvestment in addressing the human side of security, which Rose says is where the greatest vulnerabilities lie.
The human element: first attack surface or first line of defense?
The human element is often cited as the weak link in cybersecurity, but Rose challenges this notion. Instead, he sees people as the primary target for cybercriminals. Phishing, social engineering, and pretexting attacks exploit human behaviors and trust, making it imperative to move from purely technological solutions to comprehensive, human-centric strategies.
One of the ever-evolving trends in cyberattacks is pretexting, where attackers build a narrative and establish trust with their targets before delivering the malicious payload.
“If attackers can spread that trust and send you a text message and then a phone call when they send you the malware, you’ll find that people will click on it at a much higher rate,” Rose says.
To counter these sophisticated attacks, Rose advocates empowering individuals within organizations to act as a network of human sensors. This involves ongoing training, enabling employees to recognize and report suspicious activity.
“We need to continue to educate them about how attacks and techniques are evolving so they can stay informed about the threats they face.”
In conclusion
The conversation with Andrew Rose highlights the urgent need for a paradigm shift in how organizations approach cybersecurity. While technological defenses are essential, the human element cannot be overlooked. By investing in ongoing training, organizations can transform their employees from potential vulnerabilities to powerful assets in the fight against cyber threats.
Watch the full video interview: