'You do need to take the appropriate action, because the consequences are severe if you get it wrong,' says chief tech officer at financial firm
Clicking on phishing emails or failing security tests multiple times is an offence worthy of termination, according to the chief technology officer (CTO) of Australian financial services firm Insignia Financial.
Frank Lombardo, CTO at Insignia, made the remarks during The Australian Financial Review Cyber Summit. Lombardo revealed that Insignia sends its employees simulated phishing emails to see who clicks on them as part of their education and training on cybersecurity.
"We're performing regular tests on our people pretty much every day, and we're sharing those results with [staff]," he said as quoted by the AFR.
According to the CTO, failing these tests multiple times could lead to termination.
"Ultimately, you need to recognise that if you've done everything that you can and if there's a weakness, and if it's at that human level and the human just isn't getting it, then you do need to take the appropriate action, because the consequences are severe if you get it wrong," Lombardo said as quoted by the AFR.
"It may even lead to performance management and exiting individuals who are just not getting it. You have to take this really, really seriously at all layers of your organisation."
According to Lombardo, phishing and malware are still the largest methods for threat actors to get into an organisation.
A recent survey from KnowBe4 revealed that phishing attacks disguised as emails from an organisation's HR department are most likely to victimise employees.
Jonathan Rubinsztein, the CEO of the investigation software company Nuix, said during the AFR Cyber Summit that humans are the biggest risk in an organisation.
This echoes findings from an EisnerAmper research early this year that revealed 71% of executives believe their next security breach will likely be due to an internal staff error.
"Humans unfortunately make mistakes. And I think that humans are often the single point of failure in the cyber landscape," Rubinsztein said as quoted by AFR.
KnowBe4 CEO Stu Sjouwerman said educating employees on the most common cyberattacks is crucial in minimising their threats.
"An educated workforce is an organisation's best defence and is essential to fostering and maintaining a strong security culture," Sjouwerman said.
