Ashley Rose, CEO of Living Security, discusses the human risk organizations confront and how to address it.
The recent intrusion that resulted in the disruption of several systems at MGM facilities throughout the United States has brought attention to a prevalent vulnerability seen across multiple businesses, namely, the susceptibility to human error or conduct.
The breach was determined to have resulted from a vishing (voice phishing) assault, in which the perpetrators assumed the identity of an employee in order to illicitly infiltrate the casino’s networks and subsequently compromise several facets of its operations.
Instances of such attacks are frequently observed within various corporate establishments. According to the DBIR report published by Verizon earlier this year, a significant majority of security events, specifically 74%, may be attributed to human error or human behavior as their underlying cause.
Although the breach has been acknowledged and dealt with, it raises the question of how firms may enhance their protection against such assaults and mitigate their human risk.
According to Ashley Rose, the CEO of Living Security, a firm specializing in human risk quantification, it remains evident that humans are the primary catalyst for security events and breaches, irrespective of the multitude of tools and technologies implemented in our environment. The MGM breach serves as an illustrative instance among other attempts that persistently target the human element in order to compromise security. It is imperative for enterprises to acknowledge the necessity of departing from traditional practices, as they continue to yield unvarying outcomes.
As per Rose’s assertion, corporations typically provide compliance training to their workers, albeit on an annual basis, which tends to adopt a comprehensive rather than a focused approach.
Human risk management training plays a crucial role in the transition from a reactive to a proactive security approach. By leveraging data and predictive analysis, organizations can effectively identify employees who are most susceptible to risks and develop tailored training programs to mitigate these risks.
Rose said that by identifying the people within an organization who are most vulnerable to succumbing to this particular form of attack, proactive measures can be taken to avoid its occurrence before any detrimental consequences arise. By discerning the many combinations of human behaviors that may result in a breach, it becomes possible to identify the most vulnerable groups within an organization. This knowledge may then inform the implementation of targeted measures to mitigate risks effectively. This is the primary area in which a notable transition towards adopting a data-driven and predictive methodology is observed.
Data can be gathered regarding an employee’s job designation, their level of access to data, and their habits that may contribute to heightened susceptibility. These behaviors encompass activities such as frequent clicking of links, password reuse, and viewing of websites that may pose possible security risks.
According to Rose, the data is utilized to generate a risk profile, which enables the implementation of more precise and focused mitigation measures.
According to Rose, their findings indicate that a comprehensive assessment of human risk is currently lacking.
According to Rose, the business risks that our clients are currently examining include account penetration, data loss, malware, phishing emails, and training compliance. The organization possesses the capability to classify human behavioral hazards that may pose a threat to its operations. Furthermore, it is able to assign a numerical score to these risks, indicating their current level and the extent of improvement achieved over a given period.
According to Rose, it is imperative for organizations to develop a comprehensive understanding of the risk landscape, which includes the consideration of human workers, in order to effectively safeguard themselves against targeted attacks.
According to Rose, it is imperative to recognize that conventional compliance training is no longer sufficient for safeguarding organizations. It is imperative to enhance our reliance on data-driven approaches and predictive methodologies. Over the course of time, it is anticipated that there will be a growing acknowledgment of the insufficiency of checklist training.
The implementation of efficient human risk management programs may necessitate the establishment of appropriate management protocols and the quantification of associated risks. Consequently, it is plausible that businesses may be mandated to possess data and metrics that substantiate the efficacy of their human risk management endeavors. It is my belief that we are still far from reaching our goal, but our progress is undeniably aligned with the intended trajectory.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More Article Here: