Masha Sedova

Studies and industry reports consistently show that unintentional insiders cause the most incidents. 2 out of 3 insider threat incidents originate from the unintentional insider.

If you take the time to trace the kill chain all the way back, you will find that users unintentionally cause 85% of security incidents. And it turns out that it’s only 6% of your workforce causing the vast majority of these incidents.

@hello_Elevate Awareness and training are methods, not outcomes. It's time to think about the broader goal of what we are trying to achieve in security around user risk.

@JosiahDykstra Of course, if a perfectly secure employee with no track record falls for an APT attack- we cant predict that. But looking at years of incident data, thats not what we spend most of our SOC time cleaning up.

@JosiahDykstra It's probability- we look at how likely is something to happen and what's the impact of that event. Since 85% of breaches are rooted in human fallibility (DBIR 2021), and Elevate knows which employees make risky past decisions, we can flag where future incidents may occur.

We don't empower our employees to fight phishing based on how attackers actually attack. What if we used real-world data to inform our proactive security? Tomorrow's webinar will bust myths about what works and what doesn't to prevent incidents. @hello_Elevate

check out the full report here: elevatesecurity.com/resource/cyent…

Is security training effective at reducing phishing clicks? Yes until it's counterproductive. @hello_Elevate

🌐 Elevate Security is a global company and while the world is opening up for some of us, not all are able to travel. I asked my team to compile a list of fun virtual activities we could do together to have fun and stay connected. The list w/ links: #gid=0" target="_blank" rel="nofollow noopener">docs.google.com/spreadsheets/d…

Here is a quick writeup about our research and findings: elevatesecurity.com/do-phishing-si…

Security teams spend a lot of emotional capital with employees testing them with simulation phishes in hopes that by tricking them we build our resilience to actual attacks. But do these tests actually work to reduce our human risk? The answer- Yes but to a point.

@0wn @swagitda_ @hello_Elevate Thanks Eric! Glad to have made an impression :)

This may be my PowerPoint magnum opus, as seen live just now by attendees of @hello_Elevate's event today. #BringClippyBack

@swagitda_ @hello_Elevate This was just brilliant. As, frankly, was the whole keynote. I agree with one of the attendees who asked for the 3-hour version of that talk.

Humans make (security) mistakes. It's inevitable. We can't keep trying to train people out of it. If we do, ransomware, account takeover, & data loss will continue to run rampant. It's time for a new way of defending the Human Attack Surface. hopin.com/events/human-a…

The launch is happening tomorrow! Hop in and buckle up. eventbrite.com/e/net-measure-…

Love the boldness of the vision the GCCC has outlined for the security community. "What can we accomplish if we remove the boundaries and barriers that exist – to view the world as one enterprise – with the goal of solving far-reaching challenges in cybersecurity together."

I don't always do fireside chats, but when I do....it is with the most impressive Tony Spinelli. Join us, I promise it'll be entertaining and enlightening! hubs.li/H0F-zzZ0

Pressure to balance productivity with #security with expanded remote workers & complex environments? Join me and @RichardSeiersen to learn about #cybersecurity frameworks you can apply to best deal with today’s risk without slowing your employees down. elevatesecurity.com/learning-hub/s…