Services
Industries
Approach
Resources
About
Client Portal
SPEAK WITH AN EXPERT
search
menu close
  • Back
    • Type to search
IT security & compliance

Home Back to Insights 
anthony porter
Anthony Porter
Cloud Security Architect - Canon Business Services ANZ

Anthony, affectionately known as Anto, hails from Perth, Western Australia. With over 15 years of IT experience, Anto has spent the last 5 years specialising in Microsoft cloud technologies. Currently, he serves as a Cloud Security Architect at Canon Business Services ANZ, where he leverages his expertise in Microsoft Intune and Defender XDR to enhance security and streamline operations.

Anto’s career journey began in Microsoft Cloud Managed Services helpdesk, progressing through various cloud infrastructure projects, and ultimately focusing on cloud security. He is a strong advocate of the “KISS” model – Keep It Simple Stupid – ensuring that solutions are secure and effective, while still being admin and user-friendly.

Outside of his professional life, Anto enjoys spending time with his family and tinkering with his Subaru. He is also a regular at the Perth-based Microsoft Security Meetup user group, where he shares his knowledge and insights with the community.

Last updated Monday 06 October 2025

Summary: Despite advances in cyber security technology, human behaviour remains the leading cause of breaches—accounting for up to 95% of incidents, according to industry reports.

In this article, Anthony Porter from Canon Business Services ANZ (CBS) explores why people are still the biggest vulnerability in most organisations’ defences, and how they can become your strongest asset.

From phishing simulations and behavioural nudges to role-specific training and culture-led strategies, the piece outlines practical ways to close the human gap in cybersecurity. Anthony shares why CBS focuses on education, enablement, and human risk profiling to build lasting resilience across teams—and why treating human risk with the same rigour as technical risk is essential for any modern security strategy.

Cybersecurity’s biggest blind spot: The human factors and how to address it

Technology may be advancing fast—but human behaviour remains cyber security’s weakest link. Despite billions spent globally on next-gen security tools, breaches continue to originate with a single click, a missed alert, or a moment of misplaced trust.

Despite significant investments in advanced security technologies, human behaviour continues to be a critical weak point in cybersecurity defences. The latest 2025 Verizon Data Breach Investigations Report reveals that nearly 60% of confirmed breaches involved a human element—through error, manipulation, or misuse—underscoring that people, not just systems, remain the most targeted and exploitable facet in breach scenarios.

This aligns with historical data (2024’s report showed 68%), reflecting sustained risk associated with human interaction across organisational environments. The report uncovered that a staggering 8% of employees were responsible for 80% of human-risk-related incidents—highlighting the need for targeted behavioural interventions.

The message is clear: you can’t patch human nature.

The human element in cybersecurity

Cybersecurity has always been a race between technology and human behaviour,” says Anthony Porter, Cloud Security Architect at Canon Business Services ANZ. “And humans remain the most unpredictable variable.”

Attackers have long understood that the easiest way into a secure system isn’t through the firewall—it’s through people. Social engineering exploits our most natural instincts: curiosity, trust, urgency, even helpfulness. And it works.

“Even with AI-augmented monitoring in place, a well-timed phishing email or shared credential can unravel the most advanced defences,” Anthony notes. “Security incidents are increasingly less about technological sophistication and more about manipulating human behaviour.”

Why security culture lags behind

If the risk is so well understood, why are so many organisations still under-investing in the human element?

Part of the problem, says Anthony, is visibility. “Technical vulnerabilities are easy to scan, track, and remediate. Human risk is harder to measure—and harder to prove ROI on.”

This often results in security awareness being treated as a compliance exercise: annual training modules, static slide decks, and tick-box reporting. Meanwhile, real-world behaviour—sharing passwords, ignoring MFA, clicking suspicious links—remains unchanged.

There’s also a cultural challenge. “Many employees see security as someone else’s job,” Anthony says. “And leadership often assumes that tech tools will compensate for human mistakes. But technology can only alert you to the risk. It can’t stop someone from clicking send.”

Add to this the pressure on time-poor staff, and security training can feel more like a distraction than a priority. Yet the consequences of neglect are significant. In 2024, Mimecast’s State of Human Risk Report found that a staggering 95% of data breaches involved human error, with the average cost of an insider-driven data exposure reaching $13.9 million.

Bridging the gap between people and protection

Changing human behaviour isn’t easy. But it is possible with the right mix of psychology, technology, and culture.

Forward-thinking security teams are shifting from fear-based messaging to behaviourally informed engagement,” Anthony explains. “They understand that people aren’t purely rational actors. Small nudges can make a big difference.”

Examples include:
  • Nudges: Real-time prompts encouraging MFA, flagging sensitive data, or warning users before risky actions.
  • Gamification: Turning awareness into a competitive or reward-based exercise, particularly effective for younger cohorts.
  • Positive reinforcement: Rewarding secure behaviour instead of just punishing mistakes.

Anthony also notes the value of micro-learning—ongoing, short-form training integrated into daily workflows. “Annual sessions don’t cut it anymore. You need just-in-time education, ideally delivered at the moment of risk.”

Importantly, not all users respond to the same approach. “Some respond to peer-based recognition. Others want traditional group learning. Tailoring the message to different audiences is critical to long-term cultural change.”

Get in touch

Talk to us today to optimise your operations.

Contact Us

Practical strategies to reduce human risk

So how can organisations turn the human factor from a liability into an asset? Anthony suggests a layered approach that combines security controls with cultural investment.

Key strategies include:
  • Phishing simulations: Regular, realistic drills that help staff recognise and respond to suspicious messages.
  • Reward-based reporting: Encouraging employees to report threats or anomalies—especially when incentivised.
  • Zero trust principles: Minimising access and applying least-privilege logic reduces the blast radius of human error.
  • Multi-factor authentication (MFA): Still one of the simplest, most effective ways to prevent credential compromise.
  • Security nudges: Embedded reminders and prompts that guide behaviour in the moment.

Importantly, these strategies should not exist in isolation. “The most effective programs are the ones that integrate security into the rhythm of work—subtle, continuous, and context-aware,” Anthony says.

As for success stories? He notes that while many CBS clients outsource aspects of awareness training, the human variable remains difficult to quantify. “Real change isn’t always visible in dashboards. It’s the absence of incidents, the quiet shift in behaviour, the moment someone stops and asks before sending.”

Avoiding security fatigue

One growing risk in the push for awareness is security fatigue—where employees feel overwhelmed, disengaged, or simply tune out.

To avoid this, Anthony recommends three key principles:
  1. Make it relevant: Use storytelling and real-world examples instead of abstract scenarios or static content.
  2. Keep it simple: Policies should be clear, concise, and easy to apply.
  3. Deliver it when it matters: Use real-time interventions or post-incident debriefs—not just annual refreshers.

“People relate to people,” he says. “When they understand how a breach happened—or almost happened—they’re more likely to change their behaviour.”

CBS’ approach to human-centric cybersecurity

Canon Business Services ANZ takes a multi-dimensional approach to human risk, combining education, behavioural analytics, and secure technology enablement.

“We recognise that technology alone can’t fix the human gap,” explains Anthony. “Our role is to make security intuitive, contextual, and aligned with each organisation’s culture.”

CBS offerings include:
  • Role-specific training for executives, frontline teams, and developers, recognising that each group faces unique risks.
  • Human risk assessments to identify behavioural patterns and align interventions accordingly.
  • Integrated awareness campaigns combining simulations, micro-learning, and cultural reinforcement.
  • Tool enablement that ensures security platforms support, not hinder, user experience.

Perhaps most importantly, CBS doesn’t treat security as a bolt-on. “Our philosophy is that culture is the ultimate control,” says Anthony. “If your people see security as enabling their work—not blocking it—you’ve already won half the battle.”

Your people are your perimeter

If Anthony had one piece of advice for CIOs and CISOs, it’s this: “Treat human risk with the same rigour as technical risk. Invest in understanding behaviour, not just deploying tools.”

Ultimately, people aren’t the weakest link. They’re your most underutilised defence. “When empowered, staff can be just as effective as any tool in detecting threats. They create a culture where security becomes everyone’s responsibility,” he says.

As attackers become more sophisticated, the key differentiator won’t be technology alone. It will be how well your people are equipped to recognise, respond to, and prevent threats—before they ever reach your firewall.

To learn how Canon Business Services helps customers to uplift security and what discovery workshops we have available, contact us today.

Related Services

IT SECURITY AND COMPLIANCE CYBERSECURITY ASSESSMENTS Cloud Security Assessment Essential 8 Security Assessment Cybersecurity Uplift data sheet Compliance and security uplift for Government

Trending Stories

Cybersecurity's biggest blind spot IT outsourcing signs Why AI projects fail

Similar Articles

VIEW ALL
alt-description
IT security & compliance

APRA CPS 230 & the future of IT compliance
Ensure IT compliance with APRA CPS 230. Learn how AI and automation help enterprises build resilience in a changing regulatory landscape.
alt-description
Data Analytics Microsoft Business Modernisation Business process automation IT security & compliance Cybersecurity Assessments Cybersecurity Uplift

What is Security Automation?
Learn how automated security transforms cybersecurity, making it simpler and more efficient. Protect your business data with CBS Australia's expert insights now!
alt-description
IT security & compliance Cybersecurity Uplift Cybersecurity Assessments

What are the benefits of penetration testing?
Gain confidence in your digital security with the benefits of penetration testing. Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS Australia's expert insights now!
alt-description
Cybersecurity Assessments Cybersecurity Uplift IT security & compliance

Cybersecurity Threat Detection: Proactive strategies
Stay ahead in cybersecurity with our 2024 guide on threat detection. Learn advanced technologies & response plans to protect your business against threats with CBS Australia.
alt-description
IT security & compliance Cybersecurity Assessments

Cybersecurity risk assessment
Learn how to protect your business with a detailed cybersecurity risk assessment. Start now to identify threats and secure your digital assets!
alt-description
IT security & compliance

The key differences between CIO vs CISO in business
Uncover the distinct roles of CIO and CISO in Australian business: Key responsibilities, overlaps, and IT leadership evolution.
alt-description
Application Modernisation IT managed services IT security & compliance

Digital transformation in different industries

Discover how digital transformation is driving innovation across industries like healthcare, finance, and retail in Australia. Learn more.
alt-description
IT security & compliance

Essential 8 maturity levels
Learn about Essential 8 Maturity Levels to protect your business from cyber threats. Discover strategies to enhance security for Australian organisations. Start meeting compliance standards today.
alt-description
IT security & compliance

How do you prevent phishing attacks?

Prevent phishing attacks with MFA, anti-phishing tools, and employee training to safeguard sensitive information and stay secure with Cannon Business Services Australia!
alt-description
IT security & compliance Cybersecurity Assessments

Ultimate guide to internal penetration testing
This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in Australia.
alt-description
IT security & compliance

The role of AI in cyber security
Discover how AI enhances cybersecurity with faster threat detection and automated, real-time protection with Canon Business Services Australia.
alt-description
IT security & compliance Cybersecurity Assessments Cybersecurity Uplift

The Threat Intelligence Lifecycle explained
Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in Australia.