How to incorporate human-centric security
Cybersecurity is awash in threat detection and mitigation solutions: SIEM, DLP, SOAR, MDR, EDR, XDR, and more.
Threat detection is essential, as it serves to locate and minimize the threat as quickly and effectively as possible. However, some companies are starting to embrace an earlier line of defense that Gartner calls human-centric security. The tech research firm lists it as the number one cyber security trend of 2023 and has forecasted that 50% of CISOs will adopt this new approach by 2027.
Exposing today’s cybersecurity challenges
There are three major issues with cybersecurity today.
1) Many companies lack a comprehensive cybersecurity strategy. In fact, most companies have little in the way of cybersecurity at all. A recent study from Cisco found that only 15% of companies are ready to defend against threats with a mature approach, citing the changes to hybrid work as a major reason that many companies are not prepared.
2) Even companies that have invested in cybersecurity solutions quickly learn that it is a complex landscape of solutions that are not interoperable. A large multinational corporation may have as many as fifty different security solutions in place for many different purposes, including: network security, cloud security, endpoint security, mobile security, IoT security, application security, zero trust, and governance. These solutions were designed to fight a specific kind of threat and are implemented on an island – not talking to the other security solutions.
3) Even new multi-pronged cybersecurity approaches are all focused on threats, which are already happening. For example, the relatively new approach called XDR (extended detection and response) was designed to pull together information from disparate threat detection software like cloud, network and email, to respond to more complex threats by sorting through raw data and alerts and mitigating threats across vectors. While this coordinated approach to threat mitigation is necessary, the focus is on threats, not risks.
Human-centric security shifts the focus to risks
The cost of threats is growing quickly. With the huge surge in remote work, former cybersecurity practices that heavily focused on network security have many gaps, as people work from their own devices or off-network entirely. At the same time, recent data from Gallup shows that people are stressed in record numbers – 44% of respondents said that they experienced a lot of stress the previous day – which paves the way for insider threats.
The concept of human-centric security focuses on better management of the insiders that either inadvertently or maliciously cause so many of the threats that companies must deal with.
Gartner recommends reducing friction caused by security strategies and starting to manage security risk. A human-centric approach to security not only takes the burden of security off the employee, it starts to look at the overall risk associated with certain behaviors and on improving the experience of employees.
One way to look at this is as a trade-off. Allowing people to work remotely, for example, carries a certain security risk that needs to be weighed against the benefits of giving employees flexibility. However, another important way to look at risk is to analyze the behaviors that are most likely to lead to future threats and determine new ways to mitigate those risks to reduce future threats.
By using insider risk management software, companies can better understand new work patterns of remote employees, track negative sentiment and flag access to sensitive data to proactively improve the company’s overall cybersecurity and employee experience.
An HR intervention involving a disgruntled employee can have positive impact before becoming an issue. Access to sensitive data could be controlled or restricted, or new credentials provided to employees. Any number of solutions can be put in place based on various risk signals before they become threats.
By “backing up the timeline” on threats, insider risk management becomes a valuable stopgap, providing proactive information to security teams, managers and HR, and reducing the number of threats considerably. And when threats do occur, insider risk management will have the paper trail needed to provide a full picture of the timeline leading up to the event.
Human-centric security complements threat detection
Far from replacing the various threat detection and mitigation solutions in place, human-centric approaches serve as a valuable companion. Not only can they serve as an early detection layer that can improve insider risk and reduce threats, they can also feed valuable information to threat detection solutions.
For example, if someone uses credentials to log in from a remote location just minutes after the same credentials were used in the office, an insider risk management system can raise a flag the instant the second login occurs. This may enable the SIEM solution to kick into gear sooner than if there were no monitoring in place. In fact, without monitoring, there’s the risk that the threat goes undetected until it’s too late.
Behaviors such as loss of productivity, absenteeism, disgruntlement, etc. are all considered psychosocial risk patterns. Combine such patterns with activities such as accessing sensitive data, transferring sensitive data, logon at odd hours, etc., can give an early warning sign of an insider threat.
Human-centric security also considers deviation from baseline behaviors, not only at an individual level but across other employees – peers or even other groups. Pattern mining activities by employees allows to immediately detect subtle changes in behaviors leading to identifying threats before they happen.
Perhaps the wisest aspect to human-centric security is the focus on employees and the need to create a better experience that reduces friction well before a threat occurs. While technology is incredibly valuable in the cybersecurity landscape, understanding the habits of the people that work for an organization and making it less likely that they cause a threat provides benefits well beyond cybersecurity.