Human Factors and Organizational Security Culture in Cyber Risk Mitigation
Summary
Hide â˛
Show âŧ
Organizations are increasingly recognizing that technology alone is insufficient to mitigate cyber risk. Human behavior and organizational security culture are critical factors in preventing breaches. Nearly 60% of breaches in 2024 involved human elements, highlighting the need for a strong security culture that supports secure behavior. Effective security culture involves leadership signals, security team engagement, policy design, and security training. Misconceptions about employees being the weakest link are addressed by focusing on creating an environment that supports secure behavior. Organizations must prioritize and invest in security culture to complement their technical security programs. This involves aligning leadership, security team engagement, policy design, and training to create a cohesive security environment.
Timeline
-
19.08.2025 14:15 đ° 1 articles
Human Factors and Organizational Security Culture Highlighted in Cyber Risk Mitigation
In 2024, nearly 60% of breaches involved human elements, emphasizing the need for a strong security culture. Organizations are recognizing that technology alone is insufficient to mitigate cyber risk. Effective security culture involves leadership signals, security team engagement, policy design, and security training. Misconceptions about employees being the weakest link are addressed by focusing on creating an environment that supports secure behavior. Organizations must prioritize and invest in security culture to complement their technical security programs. Alignment across all cultural levers is essential for a cohesive security environment.
Show sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
Information Snippets
-
Human risk represents the greatest driver of breaches globally, with nearly 60% of breaches in 2024 involving human elements.
First reported: 19.08.2025 14:15đ° 1 source, 1 articleShow sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
-
Security culture is defined by shared perceptions, beliefs, and attitudes about cybersecurity within an organization.
First reported: 19.08.2025 14:15đ° 1 source, 1 articleShow sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
-
Effective security culture involves leadership signals, security team engagement, policy design, and security training.
First reported: 19.08.2025 14:15đ° 1 source, 1 articleShow sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
-
Misconceptions about employees being the weakest link are addressed by focusing on creating an environment that supports secure behavior.
First reported: 19.08.2025 14:15đ° 1 source, 1 articleShow sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
-
Organizations must prioritize and invest in security culture to complement their technical security programs.
First reported: 19.08.2025 14:15đ° 1 source, 1 articleShow sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
-
Alignment across leadership, security team engagement, policy design, and training is essential for a strong security culture.
First reported: 19.08.2025 14:15đ° 1 source, 1 articleShow sources
- Why Your Security Culture is Critical to Mitigating Cyber Risk â thehackernews.com â 19.08.2025 14:15
Similar Happenings
North Korean actors exploit fake employee identities to infiltrate companies
North Korean state-sponsored hackers have infiltrated companies by using fake or stolen identities to secure IT jobs. These actors have stolen virtual currency and funneled money to North Korea's weapons program. The practice has grown with the rise of remote work and AI, posing significant security risks to organizations. The Justice Department has disrupted several laptop farms enabling these activities, but the threat persists. The U.S. Treasury has imposed sanctions on individuals and entities involved in the scheme, highlighting the use of AI to create convincing professional backgrounds and technical portfolios. Organizations are advised to enhance supervision, access governance, and use AI tools to detect and mitigate these insider threats. Japan, South Korea, and the United States are cooperating to combat North Korean IT worker fraud schemes. The joint forum held on Aug. 26 in Tokyo aimed to improve collaboration among the three countries. The scheme involves thousands of operatives and facilitators with distinct roles, including setting up laptop farms, contacting recruiters, and processing stolen information. The North Korean remote-worker scheme has collected more than $88 million over six years. The number of North Korean operatives infiltrating companies by posing as remote IT workers has increased by 220% year-over-year. North Korean operatives have used AI-generated profiles, deepfakes, and real-time AI manipulation to pass interviews and vetting protocols. American accomplices have operated laptop farms to provide North Korean operatives with physical US setups, company-issued machines, and domestic addresses and identities. The threat of hiring fraud is escalating quickly, with over 320 cases of North Korean operatives infiltrating companies reported in August 2025.