Don’t be fooled...
Businesses are investing more than ever into strengthening their resilience against evolving cyber threats, but a big problem still plagues SMBs and enterprises in every sector — user-related data breaches.
Even with more businesses rolling out security awareness training measures, advanced technical security and following stricter data compliance standards, data breaches are more widespread than ever.
But why is this?
With many businesses we've come across, the technical elements of security - like firewalls and endpoint protection - are still overly relied upon as a silver bullet for keeping their data and people safe.
But the machine element of security isn't a silver bullet and, when technology fails, the human element becomes your first line of defense.
In our recent webinar we covered the human factor being the down fall for many of our clients and any organization for that matter.
For technology as old as email to still be the driving force for ransomware attacks as we have seen over the past 10 years. It must mean that organizations still aren't getting it, that technology is only one side of the coin and that the other side the human element needs to be strengthen in order to have a full cyber risk management program.
True, more businesses are rolling out security awareness training programs to address their human element of security, but irregular and generic training doesn’t always stick and it can be difficult to measure.
So, what's the solution?
In this article, we look at how businesses can truly reduce user-related security incidents and drive secure employee behaviour through usecure's automated Human Risk Management (HRM) platform.
Lets look at some elements from our partners at Usecure that talks about the Human Risk Management.
Here's how usecure defines HRM:
Human Risk Management is the new class of user-focused security that empowers businesses to understand, reduce and monitor their employee cyber risk — without having to sacrifice productivity for protection.
Most companies would use security awareness training to handle employee risk. Together with Usecure we work to build the human side into the strongest defense against cyber threats.
To make sure that employee cyber risk is continuously being tackled, usecure's HRM platform automates the following features:
Cyber Awareness Training - Personalised video and interactive training programs are created for every user, with bite-sized courses and follow-up quizzes being automatically sent each month.
Simulated Phishing - Regular phishing simulations are automatically deployed that assesses user vulnerability to a range of attack techniques. Custom phishing campaigns can be created in minutes.
Dark Web Monitoring - Continuous dark web monitoring detects when sensitive company data (e.g. usernames and passwords) has appeared in a data breach, which could be used for targeted attacks.
Policy Management - Policies are centralised in one easily accessible place and staff are automatically notified of any updated policies that they need to sign, with staff approval signatures being tracked.
Human Risk Monitoring - Human risk is continuously tracked, with insight-rich reporting and human risk scoring. Dig deep into training performance and phishing trends straight from your dashboard.
Employees play a huge role in keeping systems and sensitive data safe which, in the wrong hands, can cause hefty financial, operational and reputational damage.
Bad news is, employees make mistakes, with Verizon stating that 85% of data breaches involve the human element.
So, what exactly are the "human problems" of cyber security?
Whether it's typos or forgetting passwords, mistakes at work happen every day.
Unfortunately, supposedly small mistakes like downloading an attachment from an unknown sender or misdirecting an email on a burnt-out Friday afternoon can cause more than just a red face - with IBM reporting that human error is a major contributing cause in 95% of all breaches.
Whether it's down to lack of awareness or just a momentary lapse of judgement, it's vital for businesses to train their users in order to reduce costly mistakes.
uLearn, usecure's automated security awareness training platform, analyses each users' unique security vulnerabilities through a quick-fire questionnaire, and then strengthens these areas through personalised training programs, with prioritised courses auto-deployed every month.
Sometimes, rule-breaking can be done with malicious intent, like a disgruntled ex-employee stealing mountains of data and selling this on to scammers or whoever else is willing to buy.
According to IBM’s Insider Theft Report, insider threats (including employee data theft) have cost companies $11.45M and incidents have tripled since 2016.
Other times, employees might just be trying to cut corners to make their lives a little easier, like reusing the same password for multiple accounts.
Limited access control is one fix for reducing this, but it's just as important to make sure that employees are well-versed on the organization's security policies — like secure passwords, data handling and remote working.
usecure's uPolicy simplifies policy management by centralizing documents in one easy-to-find place, automatically notifying staff of policies updates, and tracking eSign approvals to ensure that staff know their responsibilities.
Cyber criminals often view humans as the easier and quickest way to gain access to a company's systems and data.
This is why so many of today's cyber attacks are geared towards manipulating employees, often with criminals using phishing to impersonate customers, colleagues, contractors and suppliers.
The tricky part is, it only takes one mistake from an employee to cause a ripple of repercussions - with phishing scams costing US businesses adjusted losses of over 54 million dollars.
Attacks like Business Email Compromise (BEC) and targeted phishing will only keep increasing, with Google recently reporting that there are now 75 times as many phishing sites as there are malware sites on the internet.
With uPhish, usecure's automated phishing simulation tool, employees are regularly assessed on their ability to spot a range of sophisticated attacks that are being used by real-world cyber criminals, with instant follow-up training being deployed to help educate vulnerable users.
It's easy to think that rolling out some security awareness courses and sending a few email bulletins from time to time can fix all of the above. But, as many businesses are finding out, security awareness training alone isn't enough to truly boost user resilience and drive secure human behaviour.
Security awareness training is a core part of Human Risk Management but, by itself, it just doesn't address enough user-targeted risks - like dark web exposures, phishing attacks and adherence to policies.
Plus, traditional training hasn't always been up to scratch...
Here are some common reasons we've found as to why relying on traditional security awareness training is ineffective for tackling human risk:
How usecure's HRM fixes this - To tackle human risk areas, you need to shine a light on them first. usecure enables businesses to understand their people's unique cyber vulnerabilities, and then launch automated training programs that tackle their individual risk areas.
How usecure's HRM fixes this - Micro training courses are automatically delivered to each user every month, keeping training frequent enough to make an impact without creating more work or hindering productivity.
Delivering generic training - Some employees are highly vulnerable to phishing but really cautious with password hygiene. Some employees have weak passwords that they re-use, but never forget to log out of their devices. Point is, every employee has a unique set of risk areas. Send-to-all training courses don't address each users' knowledge gaps, resulting in unengaging and ineffective learning.
How usecure's HRM fixes this - To start with, each users' core security knowledge gaps are assessed during a quick 10-min Gap Analysis Questionnaire and then, from their answers, an ongoing and personalised training program is deployed - with courses being prioritised to address their weakest areas first.
How usecure's HRM fixes this - Before launching your HRM program, usecure will calculate your organisation's Human Risk Score to give you a benchmark of your employee security posture. Then, multiple metrics (incl. ongoing phishing, training and dark web results) are fused together to give your business an insightful overview of how user risk is changing over time.
How usecure's HRM fixes this - Regular phishing simulations are automated to help monitor each users' vulnerability to a range of evolving attack techniques.
How usecure's HRM fixes this - Ongoing dark web monitoring detects when employee credentials are compromised and up for grabs on the dark web, with additional insight into what service led to the breach and what type of data is exposed.
How usecure's HRM fixes this - Policy management and communications are made simple with an easy-to-navigate document library and automated eSign approval tracking that eliminates the time and hassle of chasing staff signatures.
Start calculating and understanding your organization's human cyber risk with eknotec services + usecure. Grab a free 14-day trial to:
Create your free trial account now.
Get your free 30 minutes consultation
DUNS # 817052313
Stoney Ground, Russell Centre, P.O Box 825, Kingstown
Saint George, VC0100
St Vincent and the Grenadines