Who’s on the hook when Cybersecurity Awareness fails? The Defenders’ Dilemma

October 3, 2023
Mark Wojtasiak
Vice President of Product Marketing
Who’s on the hook when Cybersecurity Awareness fails? The Defenders’ Dilemma

Hooray! It’s Cybersecurity Awareness Month – a security marketer's dream.  An entire month dedicated to building awareness and educating the public on adopting safe cyber practices. A worthwhile initiative for sure, because when it comes to cyberattacks, the human attack surface is probably the biggest and most porous, so every little thing we can do to shrink it and make it less permeable, the better.

BUT the brutal truth we all know is the human attack surface will always be the biggest and most permeable. AND as cyber attackers adopt Artificial Intelligence (AI), we will be dealing with an expansive “artificial human” attack surface where we can’t tell the difference between friend or foe, adversary or ally. Case in point, social engineering practices targeting humans via phishing remains a top attacker infiltration method, and according to reports, vishing is one of the fastest growing attacker methods, case in point – Scattered Spider.

The bottom line is Cyber Security Awareness Month is a good thing, but let’s face it, attackers will always find ways in and when they do, who's on the hook to stop them? – The human shield that is defenders.

The other side of cybersecurity awareness that we don’t have a “month” for

I applaud Cyber Security Awareness Month – it's a good thing, but there are two sides to the human factor. On one side we have the end users, employees, contractors that need to be more cyber aware and adopt safe cyber practices, and on the other side we have the defenders that bear the burden when they don’t.

So, we propose we need to not only build cybersecurity awareness to educate end users on safe cyber practices, but also build end user awareness around implications of not doing so on their fellow humans – the defenders. Given its Cybersecurity Awareness Month, there is no better time to raise awareness of what we call the “Defenders’ Dilemma.”

In this blog series, we aim to raise awareness of the Defenders’ Dilemma. Over the course of the next 4 weeks, we will share insights gathered from our research, collaboration with partners, conversations with customers and our very own in-house SOC analysts. Here is a rundown of the conversations we hope to start and the awareness and education we aim to raise:  

  • The Defenders’ Dilemma – the spiral of more
  • The Defenders’ Dilemma – a conversation with SANS on the spiral of more
  • The Defenders’ Dilemma – the need for a voice that is heard
  • The Defenders’ Dilemma – the need for a better definition of effectiveness  
  • The Defenders’ Dilemma – the need for recruitment, empowerment, mentorship  
  • The Defenders’ Dilemma – the desire to build their skills and expertise
  • The Defenders’ Dilemma – the desire to make defense a team sport  

Thanks for joining this conversation. We believe it warrants attention, discussion, debate and ultimately, hopefully, answers.