While most cybersecurity weaknesses involve technology, cybersecurity is ultimately a people problem. The human element exposes an enterprise to risks, undermines the effectiveness of technology, yet it can also mitigate what technology cannot. Some cyber problems are best dealt with human solutions or at least consideration for the human condition.
We are sharing a few pro tips that organizations can implement to mitigate security gaps. This will help alleviate workloads and pressure from many layers of the cybersecurity program. For more pro tips, download our infographic.
Hunt for Exposed Miscellaneous Errors
As per Verizon DBIR 2019, “Miscellaneous Errors” were among the Top 3 patterns for breaches in Financial, Insurance, Education, Healthcare, Information, Public Administration, Retail, and Professional Technical/Scientific Services.
PRO TIP: Only redundant, proactive processes can treat these human-caused symptoms. Your people should be maintaining and seeking Top 10/25/100 lists on what ‘errors’ they should hunt. Collaborate with peers to maintain these lists. Prioritize thigh-impacts vulnerabilities. Seek ways to compartmentalize to reduce exposures.
Rely on Experts for Pen testing, Not on Pretenders
Humans gravitate to the familiar and comfortable. Some pen testers draw from the same bag of tricks rather than methodically
targeting the entire, probable spectrum of risks. Many enterprises have struggled to tell experts from pretenders.
PRO TIP: Make use of threat frameworks such as Mitre Att@ck. Threat Intelligence providers ought to be selected in part on how well they can narrow focus from the possible to the probable. Avoid using the same pen test firm unless you are sure it is incredible. The difference between two different pen testers can be stark, with one recognizing gap others missed. Learn how AppGuard aligns with key cybersecurity frameworks in our latest whitepaper.
Build a Persona Based Cyber Training Program
Effective employee cyber readiness training mitigates major risks. Giving the same training to a receptionist and an IT Systems
Admin might be worse than none. Their perceptions of risks (too low) and mitigations (too high) vary considerably. Binge training is soon forgotten, and temporary bumps in vigilance fall back to carelessness. Human problems require human solutions.
PRO-TIP: Individualize employee cyber readiness training. Mine data, such as from phish simulations, to discover higher-risk employees. Use content tailored to different personas. Make readiness a continuous endeavor that instructs, motivates, and reinforces.
Due to the COVID-19 crisis, most employees are expected to work outside of the traditional environment. Moreover, as a remote workforce is becoming a norm for various reasons, organizations can use this opportunity to build a robust cybersecurity posture fit for traditional and remote environments. A crucial point to understand is that cybersecurity challenges are not only about technology and that people-centric remedies are essential. And a prescription optimal for one organization may not be best for others.