Why Are People the Biggest Risk to an Organisation?

Blog | Posted: 09-05-2024
Row curve

There is a saying in cyber security, the biggest risk is the one between the screen and the chair. You pose the biggest cyber threat to your organisation. Now, I hope most people reading this aren’t cyber criminals looking to take down an organisation from the inside (But, if you are I am on to you). Instead, I am sure you are a hard-working employee, just doing the job you were hired to do.   

Your company hired you for your skills and knowledge and they gave you the tools to facilitate them. In the modern corporate world, those tools come in the form of applications, and it is your access that cyber criminals want. Your access to corporate applications make you the biggest risk to your organisation.  

When cybercrime was in its infancy, protecting an organisation’s data was a physical job. There were only two ways to access it. Either by physically entering the office building and going straight to the server room, or logging onto a computer connected to the server room. Protecting the data was simple: stop people from getting in. With the rise in remote working and SaaS (Software as a Service) applications, accessing data from wherever you want has never been easier, which is great for user productivity! But, it makes protecting yourself from cyber criminals much harder. 


The processes and procedures around assigning access have no best practice assigned to them, even though it is one of an IT team’s most common tasks. A user is most secure on their first day at an organisation, as their access is limited and normally assigned based on what their team leader has suggested. The issues start to creep in when the user has been there a while. Typically, the longer someone has been at an organisation the more access they will have accumulated.  

Allowing IT teams to have visibility of who has access to what is the best way to ensure the user stays secure and the blast radius can be reduced and managed. With this mentality, IT teams are looking to implement stronger ‘identity governance and administration’ (IGA) into their Identity security strategies.   

I think everyone has received the memo about the dangers that passwords present, and, although we try our best to move away from them, it is not an easy transition. A lot of systems still use passwords as their primary form of authentication, leading to shared passwords for internal and external users, as well as password reuse. Enterprise password managers, such as LastPass are a superhelpful tool to help with shadow IT and improve the password hygiene of an organisation. 

Equally, a robust identity platform, such as Okta is another great way to improve your overall IGA. With its powerful automation abilities, users can request access through communication tools, such as Slack and Microsoft Teams, applications can approve access with one click, and access can be revoked just as quickly. This means that applications can be viewed and managed like never before!   

But, a word of warning as I wrap this up, getting the latest and greatest technology is always great, but if your policies and processes don’t change with the times, you will find the technology never really lives up to the hype. This is why it is always important to include conversations around the longer-term plans when discussing which technology to adopt and the identity experts at Distology Studios, are always available to help lead and drive those conversations.  

Want to find out more about Identity and Access Management? Make use of Distology’s Identity Sidekick service and reach out to the team for more information.