More information regarding human-based cyber defence is available at Human Element Security, and in the 2014 Cyber Security Intelligence Report published by IBM. If you would like to discuss Cyber Risk Management and insurance, please contact us.
Large-scale studies such as IBM’s 2014 Cyber Security Intelligence Index reveal that 95% of all security breaches are the result of human error. This is well-understood by today’s cyber attackers, who know that people are the weakest link in cybersecurity.
Security breaches and compromises of information occur and result in damage to the agency, organization or business. It happens to the best and brightest; the organizations with the newest tools and the best security products and technologies, and the smartest security engineers. We implement frameworks, use encryption, control access, authenticate users, deploy patches, and even detect malware. And we still have breaches. Why?
After performing numerous security assessments and responding to a myriad of incidents, we’ve learned that despite all of the frameworks, policies, processes, and technologies, our enterprises are designed, implemented and used by humans. And humans are the one type of asset in the enterprise, unlike hardware and software, that make mistakes. More often than not, human errors, either accidental or deliberate, are the cause of security breaches. To address this requires a multi-pronged approach we call Human-Based Cyber Defense.
This approach includes:
- A conceptual Framework to represent the ideas and concepts for understanding human-based vulnerabilities.
- Architectures and Techniques to reduce the likelihood of human-based breaches as well as reduce the impact when they occur.
- Using User Behavior Analytics to detect erroneous or malicious user activity that could lead to breaches.
- Going beyond conventional user training and awareness programs by implementing a program of Practice, Drills and Exercises to change human behavior.
- Creating a Business and Workplace Culture that raises the importance of security in all aspects of the business enterprise.
- Implementing a program of Human-Based Vulnerability Management to identify, detect, remediate, and track human vulnerabilities in the environment.
source: Human Element Secuirty