An NEC employee at headquarters in Japan uses a laptop during a demo of the shared PC with face recognition, eliminating the need to input a password. SSH’s Mononen says the industry will move to “just-in-time” authentication. (Photo by Tomohiro Ohsumi/Getty Images for NEC Corporation)

Companies could make corporate IT environments a lot safer from external threats if those pesky humans would stop clicking on so many sketchy links. Or sharing passwords. Or using bad passwords. Or finding loopholes in the corporate security policy.

Users tend to carry their fair share of blame for data loss and cyberattacks. Human error costs businesses an average of $3.5 million because of breaches that result from carelessness or simple mistakes. It’s also responsible for about 60 percent of cyberattacks in the UK. Even IT pros – presumably more knowledgeable about and less vulnerable to security threats – aren’t any better. Research shows 85 percent of IT and application development professionals share credentials to privileged IT accounts with their peers, even though 75 percent know it’s a security risk.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.