Working life has changed as we know it. The pandemic has acted as a catalyst for businesses adopting a hybrid working model, with research undertaken by SWZD revealing that 25% of workforces are continuing to work from home. This has, however, allowed successful cyberattacks to increase as businesses adapt and transition to the new normal.
Hybrid working has created new security problems when managing dispersed workforces, and companies must have the right security policies and tools in place to tackle this ever-rising threat. However, technology protective layers such as firewalls and endpoint security do not and cannot provide businesses with complete protection. Employees remain the main target of cyberattacks, and are vulnerable to human error.
In December 2021, VIPRE released a whitepaper that explains why companies need to invest in a next generation human firewall when it comes to modern cybersecurity, and not be solely dependent on technology-led security tools. Andrea Babbs, UK general manager, VIPRE, emphasises the importance for businesses to have complete all-round security, relying on technology augmented by human intervention.
Key security challenges
Cybercriminals are using increasingly sophisticated means of targeting both individuals and businesses of all shapes and sizes. Social engineering, ransomware and malware are just some of today’s top IT risks, and that’s without considering any new threats that might be around the corner. According to VIPRE’s whitepaper, email phishing scams and malware attacks accelerated by 20% during the pandemic. Hackers took advantage of vulnerable remote workers who are away from the support of their IT teams, and these numbers show no signs of slowing down – especially with hybrid working now becoming the ‘norm.’
However, the biggest threat of all is the humans themselves, with 85% of data breaches involving a user. And now, the risk is only further heightened as working from home brings new security problems, for example, adding distractions that you may not find in an office environment leading to mistakes being made, such as sharing private information with the wrong person, or working from a personal and unprotected device.
These additional security challenges need to be addressed by not only the IT team, but the overall business, yet IT professionals say it is more difficult to support remote workers than those in the office, with 56% saying that remote working makes securing devices and data more challenging in the SWZD Future of Remote Work report. Procedures and processes designed for an office environment are simply not applicable in most remote working situations. This suggests even more reason for companies to educate their employees and invest in a strong human link to counter potential breaches that are constantly changing and evolving.
Enter the next generation human firewall
‘Human Firewall’ as a term has been around for years, but the meaning has developed over time. The Next Generation Human Firewall, which VIPRE defines as ‘A dispersed workforce, fully trained and ready to act on security threats with the right tools at their disposal’ meets the needs of a securely distributed, flexible, integrated modern workforce. This term highlights the role of employees taking the responsibility of cybersecurity into their own hands. Cyberattacks affect business, and therefore, everybody needs to be aware of the signs to look out for and how to prevent them. But in most organisations, more is needed to improve security awareness and ensure that every member of the organisation is part of their cybersecurity strategy.
IT tools are not the be-all and end-all of protection against cyber attacks, especially not by themselves. Humans have skills that technology solutions cannot comprehend. Employees can interpret language differently and take into consideration multiple perspectives, whereas not all technology is mature enough to make these decisions. Although these tools play a significant part in keeping threats out, if companies invest more in their human firewall then the two can join forces, providing 360 degree protection. But how can businesses do this successfully?
Investing in the workforce
The key to creating a safe and agile workforce starts with changing the existing mindset, rather than perceiving security training as a compliance tick box. If all employees are trained to be more alert of the risks they pose and understand the role they have in keeping data safe, businesses can reinforce a “security-first approach.”
VIPRE’s whitepaper outlines four key elements to creating a human firewall fit for the needs of the modern working environment. The first is to foster a security culture through recognition, awards and incentives – rather than fear. Businesses need to know how their employees like to learn and what motivates them to succeed.
Secondly, businesses need to offer learning that is engaging. By incorporating relevant and real-life scenarios into the security training, the content should resonate with a global audience and reinforce key messages. The whitepaper also highlights the importance of making sure security training is consistent, rather than a one-time movement. It states how users don’t retain information for long, with approximately 50% of teachings being lost within three weeks. Therefore, training must be reinforced over a longer period of time to keep staff up-to-date and vigilant.
Finally, for companies to be able to assess the progress of their training, incorporating simulations of cyberattacks can be beneficial. VIPRE’s research shows phishing simulations reduce a learner’s susceptibility to attacks from 30% to 2-4% when done on a monthly basis, ensuring that employees are made aware of what to do when faced in such situations.
Combining humans with technology
A range of security solutions are accessible to the IT team to reduce security threats. Some of these are invisible to the user, for example, Endpoint Security, which works away in the background to detect and restrict cybersecurity breaches. New innovations have come to the fore in identifying and stopping security threats, such as Artificial Intelligence (AI) and Machine Learning (ML). However, these technologies, without human intervention, have yet to reach their full potential and include limitations because decision-making tasks, such as deciding to click on a link or send a document to a specific person, can only be gauged by the user themselves.
As highlighted, human error is one of the main entry points for cyberattackers, but such risks can be mitigated. When sending an email to the incorrect recipient, or attaching the wrong document, technologies can be put in place to alert the employee to double-check their email before clicking send in turn, helping to prevent these types of inadvertent data breaches without having an impact on employee productivity.
Additionally, visible tools, such as multi-factor authentication, password protection and restricted web browsing can be supported better and used more effectively once the staff are trained. When this final step, an appropriate set of security tools both those that are visible and invisible to the user is implemented, with regular user training; then the Next Generation Human Firewall is ‘active’.
As cyberattacks become more sophisticated and the working needs of society continue to change, businesses must also adapt the way they approach their cybersecurity. The fundamental principles of a modern cybersecurity approach must include; security awareness being embedded as part of the company culture; all employees being aware of the responsibility they have – rather than leaving it to IT; and consistently updating training to keep staff informed of new threats and tools. And working with the right security provider allows businesses to have insight into the gaps that exist in their security strategy, while supplying the correct tools and education to facilitate these needs.
Embracing and investing in the next generation human firewall addresses both traditional threats and the modern security challenges caused by a distributed workforce; and combines that with user training to support and assist them wherever they are located.
The author is Andrea Babbs, UK general manager, VIPRE.
Follow us and Comment on Twitter @TheEE_io