Story image

Safeguarding users with a Human Point System in security policy

02 Oct 2017

Three years ago, the Global Leadership Summit in London held a survey that found 34% of business leaders believed more than half of their company’s full-time workforce would be working remotely by 2020, a prediction that is still on track to becoming a reality.

The continual advancement of technology has unquestionably transformed the way we live and work. Cloud adoption and mobile devices have allowed for a more accessible workplace. Employees can now engage with office tools and data wherever they are, a change which has led to unprecedented improvements in productivity, collaboration and employee engagement.

The new workplace setting, such as remote working, bring your own device (BYOD), and widespread cloud app usage, have each contributed to a change in workplace expectations.

Many employers now carry new standards for employee availability and expect more connectivity out of office. Similarly, employees expect more flexibility in their workplace, demanding adaptable IT infrastructure capable of supporting their lifestyle choices – with flexible and remote working becoming an important feature of this trend.

Recently, a forecast of employment trends by the World Economic Forum called flexible work, including virtual teams, “one of the biggest drivers of transformation” in the workplace.

The evolving workplace will create new challenges for organisations - what are the impacts of these changes on security? How do we control our critical business data and IP in a cloud and mobile era? And what systems are needed to better protect organisations from data breaches?

Outdated protection models

According to Gartner estimates, worldwide spending on information security is expected to reach $90 billion this year, an increase of 7.6% over 2016, and is expected to top $113 billion by 2020.

While increased spending should theoretically result in fewer incidents, that hasn’t happened in reality, suggesting many organisations are still investing in the traditional security systems.

In the U.S. alone, companies and government agencies suffered a record 1,093 data breaches in 2016, an increase of 40% from the year before. Clearly, organisations require a new approach to security. It’s time for the industry to move away from the traditional approach of protecting a network.

With mobile, cloud and IoT, users and critical data are everywhere. These technologies have eliminated the traditional perimeter. We’re now living in a zero-perimeter world where the perimeter is no longer defined by the boundaries around the data centre. Organisations need to focus on the only constant in the face of technological changes – the people.

People-centric approach: recognising the new perimeter

While cyber security strategies in the past centred on building walls around the network perimeter. Today, people are the new perimeter.

Unsanctioned apps, private devices and remote connections make security a constant challenge, so security strategies need to have a people-centric approach – something that can be achieved through a combination of technology, policies, cultural changes and intelligent systems.

Observing human behaviour and understanding user-intent is the key to better security and to protect against critical business data and IP loss. By focusing on how, when, where and why people interact with critical data and IP, organizations can more effectively identify and address risk.

Shaping the technology-policy framework

User education and enablement should be the first step in any security policy.

To deliver this, organisations need to better understand modern user practices, to create a policy of dos and don’ts built around the users and a focus on both enablement and security in equal measure.

Modern security tools are able to align with data-use policies, allowing organisations to better enforce proper handling of critical data, and prevent its unauthorised use– be that through malicious, unintentional or socially engineered threats.

For establishing truly effective policies, organisations need to have a good degree of visibility over users’ behaviour and intent. Being across people’s movements in data centres, offices and cloud environments is pivotal to identifying anomaly in normal user behaviour and to help quickly identify potential breaches and stop them before they happen.

Human Point system

One of the biggest mistakes an organisation can make is in believing that a breach will never happen to them as they have everything under control. User complacency can lead to behaviours inducing serious threat risks – increasing an organisation’s chance of experiencing a breach incident, whether that’s accidental or compromised.

With the headline grabbing security beaches this month – Deloitte, The Securities & Exchange Commission (SEC) and Equifax, organisations must quickly focus on the human point at the intersection of people with systems and critical data. It’s at this point where information is most useful in creating value, but also most vulnerable to a single malicious or unintentional act.

The Human Point system will allow organisations to understand the normal rhythm of users’ behaviour and the flow of data in and out of the organisation to identify and respond to risks in real-time.

For effective security and risk management – people, process and technology are all important elements that must combine to form a human-centric security. It enables enterprises to better understand human behaviours and the intent that drives them in order to protect critical data and IP everywhere.

Article by Guy Eilon, A/NZ country manager of Forcepoint.

Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.