IDS, IPS, NIPS, HIPS. Acronyms for hardware and software in the field of information security can be listed all day long without repeat; however, this does not address the greatest security risk to an organization.
In a 2021 study jointly conducted by Stanford University and firm Tessian (link), participants cited that 9 in 10 data breach incidents were caused by human error.
Breaking down the subset of this population further, it was found that over 50 Percent of staff between the ages of 18 to 30 make mistakes in the workplace, as compared to ages 50+ where approximately 10 Percent make make mistakes.
This troubling statistic is a top concern of organizations as millennials account for the largest generation in the workforce (link).
To account and attempt to reduce this threat impacting an organization, training is pivotal.
Some compliance authorities require such training, to include:
HIPAA (Privacy Rule 45 CFR §164.530) – required for entities with PHI.
A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart and subpart D of this part, as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity.
PCI DSS (Requirement 12.6) – required for entities storing, processing OR transmitting credit card information.
Implement a formal security awareness program to make all personnel aware of the cardholder data security policy and procedures.
Insurance Data Security Law (Section 3.D.5) – required for insurance companies in states adopting the NAIC Insurance Data Security Model Law.
Provide its personnel with cybersecurity awareness training that is updated as necessary to reflect risks identified by the Licensee in the Risk Assessment.
Latest Security Headlines from Krebs on Security: