Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

02:00 PM
Debby Briggs
Debby Briggs
Connect Directly
E-Mail vvv

Smart Prevention: How Every Enterprise Can Create Human Firewalls

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.

The average cost of a data breach is now $3.92 million, according to IBM and Ponemon. Hackers are taking advantage of the many smart and Internet of Things devices in modern offices, which give them more attack vectors to penetrate networks.

But enterprises are fighting back by training employees to become human firewalls who can secure online resources and act as an added line of defense against phishing attacks. Companies should use technologies such as machine learning and artificial intelligence (AI) to safeguard digital assets further. Combining people and technology is the best way to keep networks and their data safe.

Too Many People and Devices to Protect
There will be more that 20 billion internet-connected devices worldwide by 2020, and that number is growing daily. Many people also employ their smartphones, tablets, and laptops in both personal and professional settings. That may be more convenient, but it heightens the risk of human error because users no longer have a network edge to protect them.

An employee reading personal email on a corporate device bypasses the protections in place. An executive who falls victim to cybercrime on a personal device can similarly endanger the office network.

Phishing scams, which account for more than 90% of these hacks, are disguised in seemingly innocuous messages like banking alerts, travel offers, or (especially during the holiday season) shopping deals. They play on peoples' emotions: An excited or scared user clicks on the link and inputs personal information without asking too many questions.

These attacks are a constant presence in the media, so it might seem surprising that people still fall for them. In recent years, laws like Europe's General Data Protection Regulation and the California Consumer Privacy Act have also highlighted the importance of data privacy.

Users alone aren't at fault, however. Many enterprises don't put time or money into educating personnel on hacking risks. But a properly prepared workforce can be a human firewall that prevents attacks before they begin, so companies must put online safety at the forefront.

Creating a Human Firewall
Everyone from entry-level to C-suite should know how to identify and report breaches so they can defend the enterprise. Training is the most crucial step in this process, and it doesn't need to include rote messages and endless PowerPoint slides. Learning sessions can be humorous, fun, and — most importantly — educational.

One best practice is having the corporate IT department send a simulated phishing email to all employees. Administrators can include a fraudulent offer for a free vacation or other amenity to see which employees recognize the trick. They should then follow up with anyone who clicked the link or opened the attachment to educate them on the dangers of this practice.

Leaders must conduct this instruction in a way that's informative but not heavy-handed. Everyone in the enterprise is on the front lines of this fight, so those with more experience need to help their less-seasoned colleagues rather than shame them.

Once employees know the warning signs, they'll stop falling for hacker schemes. More importantly, they'll start reporting suspicious phishing emails so the IT department can investigate them and keep the company informed about new scams. In this way, the human firewall achieves its real purpose.

The best part is that enterprises don't have to do this work alone. Technology can be an invaluable partner in these initiatives when used correctly.

How Virtual Tools Can Help
Even the best human firewall can't protect and secure a network all on its own. Indeed, 61% of enterprises say they need technologies like AI and machine learning to help detect data breaches. Large companies should use these methods to augment existing processes, thwart attacks, and strengthen security.

Machine learning and AI algorithms study network traffic patterns, email subject lines, and body text. They then compare these elements to a pre-existing bank of malicious content to protect sensitive data and detect threats faster.

If a breach occurs, these technologies can also respond quickly to reduce dwell time. That saves enterprises from client churn, hefty fines, and negative publicity. Companies that put in the effort to develop a robust AI or machine learning interface have more protection against online attacks.

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets. Business leaders also need to evolve training programs frequently and update their software as new digital dangers emerge. These critical investments in people and technology help protect companies from risk and strengthen emergency response plans.

Cybercriminals never stop attacking networks, so organizations should never stop defending them. Every business needs to educate its staffers about online security, so they become human firewalls. Industry leaders can also keep enterprise systems safe with state-of-the-art digital resources like AI and machine learning. When human ingenuity and smart technology come together, the whole company benefits.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: ""How to Build a Rock Solid Culture"


Debby Briggs has more than 20 years of experience in cybersecurity and has been with NETSCOUT for the last 15 years. Prior to joining NETSCOUT, Debby held various network administrator and IT infrastructure roles with leading companies, including RSA, Healthsource, and GTE. ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...