"Building security into the framework of an organization prevents security from being seen as a barrier to daily activities. If an employee feels as if a security measure is inhibiting them from completing their daily tasks, they're far more likely to find a way around that measure. This can range from propping open a door to using the same easy-to-remember password for every account."
"These seemingly small acts can multiply, making it easy for threat actors to attack an organization. Maybe a former employee finds that their door code still allows them into the building. Or a password is easily accessible information, such as a wedding anniversary or publicly-shared birthday. Perhaps an outdated video management system (VMS) is allowed to remain because there "hasn't been an incident"."
Security must be embedded into organizational frameworks so protections enable daily work instead of obstructing it. Security professionals should lead with curiosity to learn operational goals, workflows, points of friction, and team motivations through ongoing dialogue. Security should align with business objectives so teams view security as an ally rather than an adversary and include security earlier in strategic priorities. Approachable security teams prevent workarounds and labels like “Department of No.” Small user workarounds—propped doors, reused or publicly guessable passwords, retained access codes, and outdated systems—can multiply into exploitable vulnerabilities.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]