Shoring Up the Weakest Link: Empowering the Human Firewall

The Persistent Threat Landscape

In our technology-driven world, cybersecurity incidents have become an ever-present concern. The 2024 Verizon Data Breach Investigations Report alarmingly reveals that nearly 80 percent of data breaches involve phishing and credential misuse. While businesses invest heavily in security appliances, endpoint protection and detection systems, the weakest link often lies within the human element.

Threat actors, ranging from amateur ‘script kiddies’ to sophisticated state-sponsored hackers, relentlessly target industries like telecommunications, healthcare, utilities and credit bureaus, seeking to exploit the treasure trove of sensitive information and control systems. No organization is immune, and the question is no longer ‘if’ but ‘when’ a breach will occur. The key is in minimizing the possibilities.

The Vulnerability of Human Interaction

Even the most robust security measures can be compromised by human error or negligence. High-profile incidents like the Equifax breach in 2017 and the LastPass attack in 2022 underscore the vulnerability of credentials and password managers. Trusted vendors like Microsoft, Uber, AT&T and more recently, Dell have fallen victim to exploits, while the ubiquitous Google Chrome browser has already released six security updates in 2024 to address ‘zero-day’ vulnerabilities.

In response, governments like the United Kingdom have enacted stringent laws such as the Product Security and Telecommunications Infrastructure Act (PTSI), mandating secure default settings, regular updates and reporting mechanisms for connected devices. However, addressing the human factor remains the most critical line of defense.

Strengthening the Human Firewall

At Douglas Emmett, we recognized the importance of the human firewall early on. In 2016, we partnered with KnowBe4, a cybersecurity company specializing in awareness training and simulated phishing platforms. Knowbe4 was partly owned by Kevin Mitnick (KnowBe4’s Chief Hacking Officer before his passing in 2023), a master of social engineering best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes.

Initial testing revealed an alarming 60 percent failure rate among high-risk users, prompting us to implement comprehensive training and periodic testing across the entire enterprise.

Our efforts have paid off, with the failure rate now averaging around 6 percent—a significant improvement, though a zero percent failure rate remains elusive due to employee turnover. Notably, a former employee’s vigilance in identifying and reporting a phishing attempt at their new workplace underscored the value of our human firewall initiatives.

A Proactive Approach to Cybersecurity

While technological defenses are crucial, the human firewall represents a proactive approach to cybersecurity. By empowering employees with continuous security awareness training, incentives, recognition and an inclusive organization-wide effort, we cultivate a strong security culture that complements our technological safeguards.

Regularly monitoring employee vigilance through simulations and incorporating proactive threat intelligence enable us to stay ahead of potential threats, identify areas for improvement and prevent breaches before they occur.

In the ever-evolving cybersecurity landscape, the human firewall stands as a formidable defense, fortifying our organization against the relentless onslaught of cyber threats. By investing in our most valuable asset—our people—we can proactively protect our systems, data and reputation, ensuring a secure and resilient future.