Today’s cybercriminals focus on outwitting people. They increasingly use persuasive social engineering to manipulate state and local government employees in ways that lead to identity theft, ransomware downloads and other malicious activity.
Technical controls like firewalls, malware detection and access restrictions are not sufficient to detect and prevent today's sophisticated cyberattacks. Organizations must incorporate human-centric security.
Human-centric security views people as the nexus for both risk and risk reduction. It recognizes that most cybersecurity attacks start by exploiting human vulnerabilities related to aspects of a person’s personality, job function or activities. It layers in technology, processes and best practices that mitigate human-related risk factors.