If you purchase a new car today, you may encounter enhanced safety features such as automatic braking, rear-view cameras, or beeping alerts if you get too close to an object or veer into the wrong lane. These driver assistance features are great for those times when you’re not paying close attention as you should while you’re driving.
Think of your company’s IT infrastructure like a car without enhanced safety features: you might be trusting your employees to drive an expensive piece of equipment that contains valuable information, but not providing them with the needed assistance features for those times when they aren’t paying close attention as they should. You might have all of the antivirus and software security systems possible and in place, but those systems won’t protect you from one big and unpredictable thing: human error.
Your employees won’t — and sometimes can’t — always be paying close enough attention, and they could end up getting into an “accident” that will cost your company greatly. In fact, user error is one of largest causes of security breaches. Thankfully, behavior analytics and threat management training now exist to act as a kind of “driver assistance” for your employees, and to help prevent costly mistakes from being made.
In response to an environment in which malicious attacks are becoming more frequent, complex, and devastating, an integrated approach to network security is necessary to protect companies from these attacks. Many of these attacks are blended, which means they are a combination of various malware created to cause as much harm as possible. Threat management works to stop attacks before they enter the system, often by detecting negligent users who make a mistake, get infected, or participate in unauthorized file sharing or software installation.
Threat management works to create safeguards against the following issues:
- Security leaks from careless employees
- Hacking attempts
Careful monitoring and analysis can identify areas in which a warning or security control could be implemented to prevent a user error from causing a data breach. Behavior analytics moves from passive awareness and training to a more active approach aimed at shaping behavior. Behavior analytics tracks behaviors and patterns to detect internal threats, both accidental and intentional. A behavior analytics tool typically sets a baseline for employee behavior and uses that to pinpoint anomalies.
Forbes recently released an article with some startling statistics about cyber threats to companies. This article reinforces the need for making sure your employees are educated on safe computing practices:
- Before it can infect a target, 90 percent of malware requires human interaction (clicking a link, opening an email, etc.).
- Human elements are responsible for 70 percent of IT breaches.
- Some 63 percent of employees surveyed admitted to using work computers for personal use every day.
- Some 83 percent of employees reported using their computers for personal use at least sometimes.
- About 78 percent of employees used their business computers to access their personal email.
- Cybercrime costs are estimated to reach $2 trillion by 2019.
While you might expect employees to use common sense and follow company policies and procedures when it comes to computer use, you can’t always guarantee that they will. Therefore, utilizing threat management and behavior analysis to adjust your employees’ behaviors and keep them well-trained is key to maintaining a secure cyberspace for your company.
Global Learning Systems (GLS) offers a Human Firewall approach to security awareness. Partnered with leading insider threat management and behavioral analytics provider ObserveIT, GLS provides real time, injective training or automatically scheduled future training based on detected employee behavior. At the moment of a policy violation a notification is displayed, and the user is connected directly to the appropriate GLS training product to reinforce correct behavior, deter insider threats, and prevent any future violations.
Here are a couple of courses that are available to reinforce your company’s Human Firewall:
- SecureGenuis: Over 200 questions assess your employees’ knowledge and skills aligned with common risky behaviors.
- PhishTrain: Phishing exploit testing that helps you assess your employees’ abilities to resist phishing attacks
Global Learning Solutions, in its partnership with Observe IT, can deliver these and other useful courses that are part of a content library to your employees at the moment a policy violation or risky behavior is detected. This type of learning solution, known as “just-in-time learning,” makes learning opportunities available at any time of day and/or any day of the week. Security threats don’t wait until scheduled training time to present themselves, so it’s vital to keep your employees prepared for, and educated on, security threats at all times.
When it comes to security awareness, GLS can help you take it to the next level by managing user behavior risks and working to adjust your employees’ behaviors regarding computer security. For more information on developing a Human Firewall for your company, or about any other GLS programs, contact GLS today.