Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

10/17/2019
02:00 PM
Debby Briggs
Debby Briggs
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
0%
100%

Smart Prevention: How Every Enterprise Can Create Human Firewalls

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.

The average cost of a data breach is now $3.92 million, according to IBM and Ponemon. Hackers are taking advantage of the many smart and Internet of Things devices in modern offices, which give them more attack vectors to penetrate networks.

But enterprises are fighting back by training employees to become human firewalls who can secure online resources and act as an added line of defense against phishing attacks. Companies should use technologies such as machine learning and artificial intelligence (AI) to safeguard digital assets further. Combining people and technology is the best way to keep networks and their data safe.

Too Many People and Devices to Protect
There will be more that 20 billion internet-connected devices worldwide by 2020, and that number is growing daily. Many people also employ their smartphones, tablets, and laptops in both personal and professional settings. That may be more convenient, but it heightens the risk of human error because users no longer have a network edge to protect them.

An employee reading personal email on a corporate device bypasses the protections in place. An executive who falls victim to cybercrime on a personal device can similarly endanger the office network.

Phishing scams, which account for more than 90% of these hacks, are disguised in seemingly innocuous messages like banking alerts, travel offers, or (especially during the holiday season) shopping deals. They play on peoples' emotions: An excited or scared user clicks on the link and inputs personal information without asking too many questions.

These attacks are a constant presence in the media, so it might seem surprising that people still fall for them. In recent years, laws like Europe's General Data Protection Regulation and the California Consumer Privacy Act have also highlighted the importance of data privacy.

Users alone aren't at fault, however. Many enterprises don't put time or money into educating personnel on hacking risks. But a properly prepared workforce can be a human firewall that prevents attacks before they begin, so companies must put online safety at the forefront.

Creating a Human Firewall
Everyone from entry-level to C-suite should know how to identify and report breaches so they can defend the enterprise. Training is the most crucial step in this process, and it doesn't need to include rote messages and endless PowerPoint slides. Learning sessions can be humorous, fun, and — most importantly — educational.

One best practice is having the corporate IT department send a simulated phishing email to all employees. Administrators can include a fraudulent offer for a free vacation or other amenity to see which employees recognize the trick. They should then follow up with anyone who clicked the link or opened the attachment to educate them on the dangers of this practice.

Leaders must conduct this instruction in a way that's informative but not heavy-handed. Everyone in the enterprise is on the front lines of this fight, so those with more experience need to help their less-seasoned colleagues rather than shame them.

Once employees know the warning signs, they'll stop falling for hacker schemes. More importantly, they'll start reporting suspicious phishing emails so the IT department can investigate them and keep the company informed about new scams. In this way, the human firewall achieves its real purpose.

The best part is that enterprises don't have to do this work alone. Technology can be an invaluable partner in these initiatives when used correctly.

How Virtual Tools Can Help
Even the best human firewall can't protect and secure a network all on its own. Indeed, 61% of enterprises say they need technologies like AI and machine learning to help detect data breaches. Large companies should use these methods to augment existing processes, thwart attacks, and strengthen security.

Machine learning and AI algorithms study network traffic patterns, email subject lines, and body text. They then compare these elements to a pre-existing bank of malicious content to protect sensitive data and detect threats faster.

If a breach occurs, these technologies can also respond quickly to reduce dwell time. That saves enterprises from client churn, hefty fines, and negative publicity. Companies that put in the effort to develop a robust AI or machine learning interface have more protection against online attacks.

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets. Business leaders also need to evolve training programs frequently and update their software as new digital dangers emerge. These critical investments in people and technology help protect companies from risk and strengthen emergency response plans.

Cybercriminals never stop attacking networks, so organizations should never stop defending them. Every business needs to educate its staffers about online security, so they become human firewalls. Industry leaders can also keep enterprise systems safe with state-of-the-art digital resources like AI and machine learning. When human ingenuity and smart technology come together, the whole company benefits.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: ""How to Build a Rock Solid Culture"

 

Debby Briggs has more than 20 years of experience in cybersecurity and has been with NETSCOUT for the last 15 years. Prior to joining NETSCOUT, Debby held various network administrator and IT infrastructure roles with leading companies, including RSA, Healthsource, and GTE. ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-0404
PUBLISHED: 2019-12-11
SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure.
CVE-2019-0405
PUBLISHED: 2019-12-11
SAP Enable Now, before version 1911, leaks information about the existence of a particular user which can be used to construct a list of users, leading to a user enumeration vulnerability and Information Disclosure.
CVE-2019-0395
PUBLISHED: 2019-12-11
SAP BusinessObjects Business Intelligence Platform (Fiori BI Launchpad), before version 4.2, allows execution of JavaScript in a text module in Fiori BI Launchpad, leading to Stored Cross Site Scripting vulnerability.
CVE-2019-0398
PUBLISHED: 2019-12-11
Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions 4.1, 4.2 and 4.3, may lead to an authenticated user to send unintended request to the web server, leading to Cross Site Request Forgery.
CVE-2019-0399
PUBLISHED: 2019-12-11
SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.