Combatting the Human Element

Written by

According to research from CompTIA, malware and hacking are serious concerns for nearly half of all companies; but, the human element in security trumps all—companies report that it’s the largest factor behind security breaches.

That element can take many forms.

“Regarding human error, there is a big difference between making mistakes and being tricked by the threat into taking some action which ultimately leads to you being compromised,” said TK Keanini, CTO of Lancope, via email. “Most individuals face the latter and as our lives become more and more publicly visible in social networks, these phishing tactics grow more and more sophisticated.”

More training is the clear answer, but companies struggle with understanding how to make an investment in training that will pay off. Only 54% of companies offer some form of cybersecurity training, typically done through new employee orientation or an annual refresher course. But there are few metrics to evaluate the effectiveness of that. And businesses readily acknowledge that they would like to see better content in their security training.

Another dimension to combatting the threat lies in monitoring and analytics. Whether it's an outside hacker breaking into the network in an attempt to get privileged user credentials (e.g. hijack an account) or a malicious insider user, their activities leave several "visible" traces.

“Users, as they interact with IT systems, leave a recognizable fingerprint which can be detected and learned,” explained Péter Gyöngyösi, product manager with BalaBit, in a note to Inforsecurity. “Users log into the same applications, do the same things while working and access similar data. Organizations must close the blind spots, by uncovering risks that many DLP, IAM and SIEM tools cannot identify, and examine their users' behavioral patterns. These 'learned' profiles can be compared in real-time to the actual activities of a user to detect anomalies and differences in behavior.”

Of course, the higher privileges a user has, and the bigger the difference with one's everyday user profile is, the more prioritized the security risk should be.

“Once anomalies are detected and prioritized, counter actions could be applied to stop an ongoing attack or to investigate the event further,” he added.

Richard Blech, CEO of Secure Channels, noted that encryption is an important part of the picture as well.

“During a time of epidemic proportions of breaches I find it odd that ANYONE needs to be ‘convinced’ that they need to encrypt their data,” he said. “So let me be really clear … either encrypt your data from the start or plan to lose it or pay to get it back. The job of technology is to design systems to protect us from human error. The only sophistication the hackers have over us is their ability to encrypt our data first (apparently ransomware hackers are better decision makers than the rest of us) and move faster without the cumbersome system of corporate glue to get in their way.”

What’s hot on Infosecurity Magazine?