Wednesday 21st August 2024
Addressing the weakest link in any organisation’s cyber security strategy, human risk is quickly becoming a top priority for cyber security professionals around the world. Through careful consideration of access, understanding attack paths, and monitoring actions, human risk management can help reduce the attack surface your organisation faces.
In this blog, we will be exploring the different aspects of human risk management, and how you can enhance your own security strategy by adopting what Gartner term as Human-Centric Security practices.
The Cyber Landscape has somewhat changed over the past few decades…
Rewind to the 1990’s; the dawn of widespread internet adoption. Firewalls and AV were about all you needed to feel confident in the safety of your online activities and your organisation’s infrastructure. Moving on to the 2010’s and cyber security tools are proliferating, as adversaries and bad actors start to uncover new and creative ways of exploiting weaknesses in our cyber security posture. We begin to see rapid expansion in the cyber security footprint as new point solutions come to market to address niche business challenges. Now with the 2020’s, the rise of AI and a reverse in mindset as we see the industry and consumers alike opting for a steer towards consolidation and rationalising of security architectures and spend. Couple this with the vastly different working culture that has been adopted post-pandemic, with remote or hybrid working being a new norm, and now more than ever we have humans at the centre of our security strategy. My colleague, Henry Glynn, gave further insights into the evolving threat landscape in our Cyber Journal: Entry 1.
We must better understand our users and their patterns of behaviour, access requirements and their position in within the organisational context, to best prepare our defences and provide these users with a secure working environment.
Like all big tasks, it’s often best to break it down to manageable chunks. When looking to tackle your Human Risk Management strategy, consider these three steps:
Are employees sharing login credentials? Credential abuse and compromise continues to be a leading cause of data loss within organisations.
In 2023, users reported over 930,000 unique threats attempting to phish credentials. *
It is recommended that you make use of strong Identity Access Management (IAM) and Privileged Access Management (PAM) features, such as password rotation, credential hiding, and audit capabilities to ascertain which users have accessed which resources at what time.
Secondly, is corporate data leaving your network, either being sent to partners or competitors, or to personal email addresses? Data loss prevention (DLP) is an area of cyber security that is multi-faceted and demands attention from multiple stakeholders. For example, you can utilise email gateway tooling to ensure confidential or sensitive data is not sent outside of your organisation through email, as well as through collaboration platforms like Microsoft Teams, Slack, and others. More broadly speaking, data security and governance is also a strong use case for exploring Identity Governance tools, which can provide granular controls as to what data users can see within applications, and what they can or cannot do with that data.
What kinds of malicious attachments are being received by your users? These can vary from Word or Excel documents that will launch macros, running commands on your system and potentially flying under the radar; to spoof invoices pushing for overdue payments to bogus accounts, all the while pushing urgency and haste on the would-be victim. There are a variety of email solutions, backed up by threat intelligence, that can aid you in better understanding the types of threats coming into your organisation.
Are particular users being targeted? It’s important to highlight the individuals or groups that are being actively targeted, be it with phishing campaigns, malicious attachments or forms of social engineering. In understanding who these users and groups are, we can apply dynamic policies to ensure their access is fortified.
More broadly, investing in exposure management (or external attack surface management) tooling can provide valuable insight into where defences need shoring up. In this case, it is best to consider the cycle of vulnerability management:
Discover > Assess > Prioritise > Remediate > Improve
Rinse and repeat!
Is access to financial or otherwise sensitive data restricted to specific user groups? If so, how are these access rights determined? By introducing automation, we can remove much of the human bias and decision making from the equation. This is another strong use case for Identity Governance tooling.
Are senior roles granted excess privilege? Often, VIPs demand levels of access that simply aren’t appropriate for the work they actually need to carry out. It is here that we can look to implement Just-In-Time (JIT) privilege elevation through PAM tooling so that we don’t have to say no, necessarily. It can be a ‘Yes, but do it in this way, please’! I wrote more about this subject in a previous blog focused on protecting the VIPs of your organisation.
The same applies to regular users and especially admin users. We want to get away from having any level of standing privilege across your business.
If you remove standing privilege, you remove the target from your users’ backs as suddenly the attackers will have no access to compromise.
Numerous areas of technology and strategy have been discussed in this blog; there is no denying that tackling Human Risk Management is a mammoth project that requires buy-in from multiple stakeholders. Fortunately, Bytes are primed and ready to assist in navigating this subject.
Whether through workshops that seek to educate and strategise, or through technology reviews that help you gain maximum value from your existing investments, our team of expert specialists are perfectly positioned to build with you a long-term strategy for best securing your weakest link.
Our workshops are engagements fully funded by Bytes that aim to leave you with an action plan on improving your security posture, whether through a singular project, or touching on multiple areas of your security architecture. Please reach out if you’d like to understand more!
Thank you for reading.
If you have any questions, or would like to learn about any of the content covered in this blog, please email our friendly team via [email protected]
Want to keep informed? Sign up to our Newsletter