To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life

To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.

Endpoint misconfigurations are responsible for a third of all security incidents, and poor remote management policies account for hundreds of thousands of vulnerable systems, according to Bitdefender telemetry. Making the situation worse, 93% of employees recycle old passwords, invalidating the work of security departments.


While pop culture and Hollywood productions depict hackers working tirelessly to compromise security systems and break down firewalls, only a handful of attacks require this level of intense work. In reality, the hackers' work is much simpler. Employees and misconfigured systems do most of the heavy lifting for these threat actors, creating vulnerable points of attack in any organization. The cyber kill chain is only as strong as its weakest link — which is often its people.


Misconfigurations and Human Risks Drive the Need for SecurityDespite the myriad security precautions an organization has taken to stave off intrusions, it's a challenge to account for the human element. However, human error is not solely someone opening an attachment containing malware or an employee falling for a phishing scheme. Instead, it includes everything that had to go wrong for that message to reach the employee, for the malware to be able to take hold, or for the security event to go unnoticed.


The human risk element starts with misconfigurations of companywide security policies. There's nothing that hackers love more than IT errors caused by policy misconfiguration in software, such as patching, access control, and even services like Windows Remote Management (WinRM).


Analysis of Bitdefender telemetry shows that WinRM topped that list of misconfigurations in the first half of 2020, with 55.5% of all scanned endpoints. Attackers seek ou ..

Support the originator by clicking the read the rest link below.