People Are the Weakest Link in Cybersecurity

People Are the Weakest Link in Cybersecurity


With digital natives, people who have grown up with technology and are used to being constantly connected, entering the workforce in large numbers, the old mantra that people are cyber security’s weakest link have never been more accurate.

In recent years, the vast majority of data breaches have been caused by human error, and 78 percent of security professionals now believe that negligence among employees for security practices is the biggest threat to endpoint security there is.

Persistent Problem

Security professionals have been saying that people are the weakest link in cybersecurity for many years, trying many solutions without much success. “Don't click on email links or open attachments, and we'll all be safer. We've been saying that for 15 years and the strategy doesn't work,” explains former White House CIO Theresa Payton.

At the HIMSS Healthcare Security Forum in 2018, Payton pointed out that business email compromise is now one of the largest unreported crimes because it has never been easier to trick employees. From smartphones to laptops to internet-connected wearable devices, employees today are always connected and constantly bombarded with emails and notifications, to which they often pay very little attention.

Training Is Not Enough

“We run internal phishing campaigns against our employees. We have been doing that for over four years and it doesn’t get any better than an 80 percent compliance rate,” says Steve Nichols, chief technology officer of Georgia. In other words, one out of five employees will click on a malicious link when given a chance to do so regardless of the employee’s previous cybersecurity training.

Phishing scams are especially difficult to stop because it has become so common for employees to communicate with a large number of colleagues over many different communication channels, including email, text messages, instant messengers, and collaboration hubs such as Slack. That’s bad news because phishing opens the door to identity theft, ransomware, and other potentially devastating cyberattacks.

Removing People from the Cybersecurity Equation.

While organizations should not give up on cybersecurity training, it’s clear that simply teaching employees how to recognize phishing emails and avoid malware is not enough. Training, awareness, and regular assessments should be implemented alongside a comprehensive cybersecurity solution capable of protecting all endpoint devices from malware infections and data theft without sacrificing system performance or staff productivity

At BCA, we offer our TOTALSecurity suite to provide the most comprehensive protection against all common and not-so-common cyber threats. TOTALSecurity is designed from the ground up to be the only security solution necessary to protect an organization from external attacks and breaches, and it has been extensively battle-tested by organizations of all sizes. With TOTALSecurity, unavoidable human errors never have disastrous consequences because they are completely removed from the cybersecurity equation.


The unfortunate fact that people are the weakest link in cybersecurity is something organizations of all sizes have to deal with. Because no amount of training is enough to prevent employees from making unfortunate mistakes, it’s in the best interest of all organizations that want to remain competitive in the digital era to implement a comprehensive cybersecurity solution such as TOTALSecurity.