Syed Abid Ali, COO of Phishrod, shifted the focus to the human aspect of cybersecurity in a special presentation titled Addressing Human Risk to Build Cyber Resilience at Gulf News Cybersecurity Forum 2024. He said that humans are the weakest link in cybersecurity incidents, especially in the face of AI-driven attacks.
“Social engineering, phishing, password attacks, business email compromises are all targeted at humans, the end users,” he said. So it is imperative that organisations invest in human risk management.
He outlined four components of human risk management: detecting and measuring human behaviours, implementing policies and training, educating the workforce, and fostering a positive cybersecurity culture. He emphasized the need for metrics such as phishing index and compliance index to assess vulnerabilities and awareness within organisations.
“There should be a profile of every end user or employee that includes his awareness index, policy compliance index, phishing vulnerability and history of security incidents,” he explained.