Why cybersecurity awareness matters more than ever

Cybersecurity in a connected world

As buildings and businesses become ever more connected, the line between convenience and vulnerability is increasingly blurred. IP-based access control systems, cloud platforms, and smart devices are all part of this digital transformation, but each one can be a potential entry point for cybercriminals.

Cybersecurity threats are no longer confined to IT departments. They are real-world risks that can shut down casinos and ground airlines or compromise critical infrastructure — all because of a single, careless mistake.

That’s why cybersecurity awareness isn’t just an IT concern anymore. It’s a company-wide priority — and a personal responsibility.

In this first blog of a three-part series, we’ll look at the human side of cybersecurity: why awareness matters, what happens when it’s lacking, and how cybersecurity best practices can protect even the most advanced systems, especially when combined with secure development and design from the ground up.

If you want more information about cybersecurity, be sure to download our free Cybersecurity eBook packed with insights, shocking statistics, real-world case studies, and actionable advice for your business.

Download for free

Human error - The weakest link in the cybersecurity chain

No firewall, encryption, or AI-driven security system can fully protect against the weakest link in cybersecurity – human error. In fact, the World Economic Forum’s Global Risks Report indicates that 95% of all data breaches involve a human element, whether through weak passwords, falling for phishing scams, ignoring security advisories, neglecting periodic updates, using default settings, or misconfiguring security settings.

Hackers are aware of this and exploit it systematically, often bypassing sophisticated security systems by simply tricking employees into granting access. No matter how advanced your cybersecurity measures are or how much cybersecurity awareness you think you possess, one careless click or a reused password can bring an entire organization to its knees.

How users put organizations at risk

• Weak & reused passwords: Studies show that more than 50% of people reuse passwords across multiple accounts, making it easy for hackers to gain access after a single breach.

• Phishing attacks: More than 3.4 billion phishing emails are sent every day, and shockingly, 1 in 4 employees admit to clicking on phishing links. The increasing sophistication of phishing attempts, often boosted by artificial intelligence, has made them more convincing and harder to detect.

• Lost or stolen credentials: Over 15 billion stolen credentials circulate on the dark web, giving hackers an easy way into corporate systems.

Real-world examples of costly human error

The MGM Resorts Hack (2023) was a 10-minute call that cost $100M. A simple social engineering attack enabled hackers to take down MGM Resorts’ hotel and casino systems for weeks. Cybercriminals used LinkedIn to gather employee details, then posed as an MGM IT worker and tricked a real employee into resetting access credentials over the phone. The result? A complete system shutdown – ATMs, hotel keycards, slot machines, and even digital menus stopped working. MGM's estimated losses exceeded $100 million.

Even a brief lapse in cybersecurity awareness can have devastating consequences. As the MGM Resorts hack proves all too clearly, the cost of the wrong click has never been higher.

Building resilience through design

Even the most well-trained end users and cautious system integrators are powerless if the technology they rely on has high-risk vulnerabilities built in. This is why cybersecurity awareness must start at the foundation – within the design and development of the products themselves.

Secure-by-design: Security from the ground up

A fundamental shift in product development is represented by the secure-by-design approach, which ensures that security is an integral part of the entire product development process, not an afterthought. This entails implementing rigorous security measures throughout the entire development process, from the initial design phase to coding, testing, deployment, and long-term maintenance.

By following industry cybersecurity best practices, such as threat modelling, risk assessment, and security vulnerability testing, manufacturers can significantly reduce the risk of exploitable weaknesses. Instead of reacting to threats after they occur, secure-by-design products are built with proactive security features from day one.

Why SSDLC matters

However, achieving truly robust security requires a structured, standardized approach to software development. That’s where the Secure Software Development Lifecycle (SSDLC) comes in. It defines key cybersecurity best practices that organizations should integrate into their software development life cycle. These practices help reduce the number of potential vulnerabilities in cybersecurity, improve software integrity, and enhance cybersecurity resilience.

How 2N builds cybersecurity in from day one

As part of the Axis Group, 2N have adopted the Axis Security Development Model (ASDM), a meticulously designed framework built upon the fundamental principles of the SSDLC. Axis has developed this model with a strong focus on cybersecurity awareness, ensuring that every product undergoes rigorous security checks before being released to customers. By implementing ASDM, we align with industry-leading practices and uphold the highest security standards in our own development processes.

The first step: Cybersecurity awareness training

These examples make one thing clear: to truly reduce risk, technology and people must work together. That’s why cybersecurity user awareness training and employee cybersecurity awareness training are just as critical as selecting the right technology.

However, even with well-trained users and secure-by-design development, new vulnerabilities will continue to emerge, sometimes in unexpected ways. In the next blog, we’ll explore how to handle them: what responsible vulnerability management looks like, what steps to take when a flaw is discovered, and what you should expect from a reliable vendor.