By Dr. Yvonne Bernard Ph.D., CTO of Hornetsecurity. Hornetsecurity were finalists in the Best Security Innovation in a SaaS Product (B2B – Small Business/SME) category at The 2024 SaaS Awards.
In our increasingly connected digital world, organizations are increasingly turning to Software as a Service (SaaS) solutions to benefit from robust cybersecurity measures.
These automated systems provide round-the-clock coverage, reliability, and scalability, significantly reducing the workloads of cybersecurity teams and enhancing overall security posture.
Despite the effectiveness of such SaaS solutions in detecting sophisticated cyber threats, they are not flawless. These systems may fail to recognize new forms of attacks orchestrated by threat actors, and can fall short in relation to the psychological aspects of cybersecurity breaches. While these types of security solutions are adept at detecting most threats, their limitations highlight the need for complementary measures to achieve a truly comprehensive cybersecurity strategy.
Combining SaaS solutions with a highly aware, educated workforce offers organizations the best defense against a constantly evolving threat landscape. By training employees on how to identify attacks and following cybersecurity best practices, organizations can create a holistic cybersecurity program that significantly reduces the likelihood of a major breach.

Adapting to a New Threat Landscape
The digitally-centric nature of the modern business world has opened new avenues for threat actors. Recognizing that not every organization is up-to-date with technological advancements, new forms of attack, or common software vulnerabilities, cybercriminals are executing attacks at a concerning rate.
These attacks are not exclusive to smaller, less equipped organizations. In fact, many prominent, large-scale organizations with advanced tech systems have recently fallen victim to cybersecurity incidents. Some (anonymized) examples include:
- A data breach resulting from the exploitation of an organization’s cloud storage account, after the theft of the credentials of a contracted systems employee. 1.3 terabytes of personal data was stolen and posted for sale on an online forum.
- Systems compromised by ransomware after a successful social engineering exploit.
- A system breach by unauthenticated users through the use of a re-used password stored in a log file.
- A VPN password leak, and lack of multi-factor authentication leading to a ransomware exploit.
Considering that many of the affected organizations have advanced cybersecurity measures in place, these attacks reveal an uncomfortable truth about the threat landscape: human error can compromise cybersecurity, even with the most capable SaaS solutions in place. In fact, research from Stanford shows that 88% of all data breaches are a result of human error. SaaS cybersecurity solutions can significantly reduce cybersecurity risks, but employees must also do their part to create a holistic approach to threat mitigation.

Frequent Employee Mistakes
It is essential to understand the most common forms of human error in order to avoid them. Some of the most common employee mistakes that can compromise an organization’s cybersecurity posture include:
- Phishing emails/unverified links – Busy work environments can often lead employees to miss or disregard unusual activity, especially in emails. Recognizing this lapse in attention, hackers regularly use emails for phishing exploits, pretending to be legitimate people to trick users into sharing sensitive information or opening links that actually contain dangerous software.
- Weak Passwords – Employees have numerous accounts that require passwords for access. Despite complexity being long known as an important counter-measure to thwart hackers, many employees still use basic (or short) passwords for easy account access. Many organizations have yet to configure multi-factor authentication (MFA) to add another layer of security to the sign-in process.
- Unsecured Networks – Remote working has grown incredibly popular in the post-pandemic era, with many employees now working from home or in hybrid environments. This has led many employees to connect to unsecure networks, which hackers often use to gain access to devices that lack VPNs or other protective software.
- Outdated software – Common work applications continuously have software updates to fix vulnerabilities. Failing to manually or automatically update these applications leaves the organization wide open for hackers to exploit.
- Device/credential sharing – Many employees, especially those working for small to mid-sized organizations, often share devices or accounts. Sharing devices or login credentials elevates risk, as losing devices or sensitive login data could put it in the wrong hands.
- Insecure workstations – Not all hacks happen remotely. Determined hackers initiate attacks by physically deploying malicious software on a company network or employee device. This can happen when employees fail to lock their workstations at the office, or when stepping away from their devices while working remotely.

Human Firewalls: The Key to Holistic Cybersecurity
SaaS cybersecurity solutions are unquestionably important for safeguarding organizations from cyber threats, but even when working optimally, these solutions don’t complete the entire picture. The most effective strategy for reducing the likelihood of a cybersecurity breach involves harmonizing cybersecurity solutions with a hyper-aware, regularly trained workforce that can help prevent attacks before they begin.
The core philosophy of a “human firewall” revolves around having employees be a core defense against cyber threats. By cultivating a security-centric company culture, employees can uncover suspicious activities before they manifest into full-scale breaches.
An effective human firewall should adhere to the following three principles:
- Mindset: Educate employees on the most common cyber threats.
- Skillset: Train employees on how to spot attacks and how to address a potential hack or breach.
- Toolset: Supply employees with software tools to prevent attacks and uncover suspicious activity.
It’s a common fallacy across the business world that only large-scale, enterprise-level organizations are in danger of a cybersecurity breach. But it’s this naivety that leaves so many organizations as victims. To hackers, anyone and everyone with money or data is a potential target.
Organizations aiming to complement their cybersecurity SaaS solutions with a human firewall should start with the follow basic strategies:
- Conduct regular training: Cybersecurity training shouldn’t be a one-time occurrence during onboarding. Employees should be trained on best practices, as well as the most common types of threats, with phishing simulations to keep them on their toes. This should be done in an ongoing way to ensure learnings are maintained.
- Create work protocols: Whether working in an office, at home, or in a public location, employees should follow clear rules. For instance, in remote worker settings, employees should use secure networks or VPNs to prevent unauthorized access. In office settings, employees must lock their workstations when away from their desks.
- Mandate complex passwords and use MFA: Enforce the use of a mix of letters, numbers, and symbols for passwords that are hard to guess. Consider implementing random password generators and password management systems to create and securely store complex passwords without the need to remember them. Implement MFA as another layer of security.
- Enable automatic software updates: Chaotic work environments can make it difficult for employees to implement critical software updates. Automatic updates help avoid this altogether, ensuring applications and software are updated immediately.
- Create an incident response plan: Create an incident response plan to mitigate the negative impact of a cybersecurity breach and offer transparency to those affected.
Cybersecurity SaaS solutions are critical for protecting organizations in a complex digital landscape, but they should not be the sole defense measure. Having a workforce that understands how to respond to cyber threats can serve as an effective line of defense against a myriad of cyber threats. By combining powerful SaaS solutions with educated, responsive employees, organizations can develop a holistic cybersecurity strategy that shields against an evolving threat landscape.
