I believe based on the article the top two cyber security mistakes are “We have to achieve 100 percent security” and “When we invest in best-of-class technical tools, we are safe”. These two mindsets can be dangerous. This can lead to over-working employees and becoming too confident. There is no way to achieve 100 percent security as if there is a vulnerability it will be exploited. Defense is good practice, but so is observation or detecting the attacks with a swift response. This concept applies to mistake two as well as top-on-the-line tools do not guarantee success. Success is monitoring and training and being aware of what attacks have been happening to best prepare. Staff should not be scared to raise concerns and becoming overconfident and not preparing is dangerous.
The hardest objective to overcome I believe is changing the organizational culture. Changing the mindset that a threat is due to someone not performing their best. If employees are scared or overconfident it is dangerous for everyone. Monitoring can help with detection, but being aware of recent attacks or attempts can help grow one’s knowledge to prevent it from happening at the company. Technology is constantly changing and so should people as you can not stay up to date otherwise. Changing a mindset that has been implemented or occurred for so long can be very challenging.
Resources:
Cyber security: it’s not just about technology The five most common mistakes. (n.d.). https://assets.kpmg/content/dam/kpmg/pdf/2014/05/cyber-security-not-just-technology.pdf