Your end users are your biggest source of risk. To mitigate this risk, you train and educate your users on security policy, but training and education is not enough. Over the past year you might have watched your users:
Adopt widespread BYOD and shadow IT assets
Proliferate large amounts of sensitive data and files
And constantly switch between work and personal assets
From this there are a few clear lessons.
First: During times of stress, your users might forget their security training.Second: They will subvert policy — intentionally or not — to get their work done.Third: You must develop more robust user security that protects your users during those inevitable moments when their training and education fails.Here’s how you can accomplish these goals.Robust User Security: Three New Outcomes to AchieveTo be clear — user training and education is important. It delivers three critical outcomes:
It makes users more vigilant while they work.
It teaches users red flags to report or avoid.
It turns users into stakeholders for security.
But if you acknowledge that user training and education will fail from time to time, then your user security strategy must also drive towards three additional outcomes:
It must limit the number of times that users subvert policy by getting out of their way and allowing them to complete their work without obstruction.
It must reduce the volume and severity of incidents that users will generate when they invariably make mistakes and subvert policy.
It must rapidly detect, investigate and learn from the incidents that still occur.
To achieve these additional outcomes, you must develop a suite of new capabilities.Robust User Security: Nine Core Capabilities to DevelopTo build non-intrusive security that gets out of your users’ way, you need:
User Behavior Monitoring to set a baseline for normal behavior and to only intervene when you notice a significant aberration.
Remote Control to close all instances of the vulnerabilities that attackers exploited in your environment.
Layer these additional controls over your users. Protect them in those moments when their training and education fails. And you will more confidently close your organization’s biggest source of risk.To learn more, download this Minding the IT Gaps whitepaper that discusses how a unified approach to IT management closes major gaps in business resilience, visibility and accountability.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news