FEATURE : CYBER SECURITY highly adept at sniffing out threats , while others require additional support . Some subsets of users are targeted with greater regularity , while others receive very few phishing attempts . As such , a human-centric security approach must begin with a detailed understanding of the organisation ’ s distribution of risk .
The first step is identifying those at the company who are most at risk . Studies have found that just 8 % of employees are involved in 80 % of incidents , and many in this subset are typically repeat offenders . Certain individuals are also targeted more frequently due to their roles : managers receive 2.5 times more phishing emails on average than non-managers , and the rate of attempts goes up for all employees the longer they remain at a company , nearly doubling every three years .
These figures can vary widely between organisations , so it is key for businesses to perform their own analysis . This can be done by analysing data that is often overlooked , like the logs generated by security endpoints when they prevent employees from executing malware , and gathering patterns from it .
In the ideal framework , security administrators should be able to pull data from all manner of security tools to understand what good or risky security decisions users make on an ongoing basis and build a profile on users ’ individual risk levels .
Much like financial institutions with credit scores or insurance companies with premiums , organisations can then begin leveraging these risk scores to create a personalised , adaptive approach to security , beginning with tailored training .
Rather than making all employees complete the same generic security awareness modules , which many people may skip through with little attention paid if the training is too long , too frequent or uninteresting , individuals who have proven themselves a low risk can instead be served a light slate of policy reminders and checklists .
multi-factor authentication tokens are valid on at-risk users ’ machines .
It is important that these practices are carried out with transparency . When security teams take a constructive stance , for example , by sending out report cards that affirm positive behaviour and suggest areas to improve , employees universally respond with openness and appreciation . For the small percentage of users in the high-risk group , extra care should be taken to explain how additional training and adaptive measures are designed to help them get better .
Collecting and analysing security events also allows administrators to take a more data-driven approach to measuring results and , ideally , improvement . By gauging their baseline , security teams can then track the number of risky behaviours occurring on the network over time and dial in the best methods of bubble wrapping subsets of the user base to reduce future occurrences .
Brian Pinnock , EMEA VP of Sales Engineering , Mimecast
Those on the opposite end of the spectrum , who are either frequently targeted or will be , can be mandated to take more rigorous training with a focus on the topics related to the risks they face .
With detailed insights into behaviour patterns , organisations can also reward good security practices with recognition . They can then take steps to stem bad habits with interventions like adaptive nudges , personalised messages sent at the right time or context to prevent users from falling victim to attacks , or strategies such as tighter email security filtering , stricter browsing permissions , or reducing the time that
JUST 8 % OF EMPLOYEES ARE INVOLVED IN 80 % OF INCIDENTS , AND MANY IN THIS
SUBSET ARE TYPICALLY REPEAT OFFENDERS .
www . intelligentcio . com INTELLIGENTCIO AFRICA 47