While most information security professionals will point to people as the weakest link in an organization's security, that doesn't have to be the case. People can be an organization's strongest security control, Durbin says, but that requires altering how you think about security awareness and training.
Rather than just making people aware of their information security responsibilities and how they should respond, Durbin says the answer is to embed positive information security behaviors that will cause employees to develop "stop and think" behavior and habits.
"2017 is really about organizations having to wake up to the fact that people do not have to be the weakest link in the security chain," Durbin says. "They can be the strongest link if we do better about understanding how people use technology, the psychology of human behavior."
Successfully doing so requires understanding the various risks faced by employees in different roles and tailoring their work processes to embed security processes appropriate to their roles.
Sign up for Computerworld eNewsletters.