Human-first approach key to tackling cybersecurity threats

Globally, we are experiencing a massive data sprawl that sees critical and sensitive data from corporations spread across public cloud systems, networks and BYOD devices.

However, only 7% of cybersecurity professionals feel they have extremely good visibility into how employees use these critical business data across these platforms, according to Forcepoint.

This has led to an overwhelming 80% of professionals believing they need more insight into the way their employees are using critical data. Of which, only 32% of these professionals feel they are able to monitor and derive context around human behavior effectively. This human-first approach to tackling cybersecurity threats is relatively new and Forcepoint is addressing this with their insider threat solution.

“By switching the equation and focusing on humans instead, companies can get to the root of the problem more effectively and efficiently,” says Maurizio Garavello, VP of Forcepoint APAC, in an email interview with Networks Asia.

In the interview, Garavello also said that this shift to a human-first approach to cybersecurity will serve modern enterprises far better than broken cyber-defence models centred on “keeping bad stuff out.”

Garavello also talked about the best way for enterprises to implement a human-first approach to security and how will It impact businesses.

The following is an excerpt of the interview:

Given mobility and new devices accessing the network, should we look at the employee being the endpoint rather than a device and look to better identify access and data management controls?

Employees have an insatiable appetite for new devices, apps, social media, and content, as well as individual preferences for their work environments. If we think of the way corporations function these days, it is hard to pin point where the boundaries are. With the rise of personal devices in the workplace and the increased use of file-sharing platforms and private cloud applications, corporations need a multitude of solutions to deal with incoming threats.

By switching the equation and focusing on humans instead, companies can get to the root of the problem more effectively and efficiently.

Put simply, the ‘Human Point’ is an intersection of behaviors, intent, and critical business data. There are many points where humans interact with critical business data and intellectual property. Email, by far, is gauged to present the greatest threat. In fact, 45 percent of respondents in Forcepoint’s Human Point survey named this as the top risk.

Human actions, ranging from inadvertent behaviors to criminal intent, were also seen as high risk, for example malware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviors, were seen as the number one risk by respondents; each was named to the top spot with 30 percent. 

We’ve had IAM for a long time. We’ve also had logs and M2M generated logs as well. Why doesn’t IT have better visibility into what employees are doing over the network and what data they’re accessing?

The key point that is missing from these security solutions is the understanding of human behaviour and intent. IAM helps control and regulate employees’ access to business data. However, it does not consider the way employees interact with that data. An employee with rightful access could be transferring large amounts of information out of the server and it will not be flagged as suspicious. However, with solutions that understand behaviour and intent, it’s now possible to weed out suspicious activities across the network and monitor the intent of the employee as he/she utilises the data. This not only increases the visibility that IT has over data but also helps companies build a case to protect innocent employees and persecute the real cyber criminals.

Why are employees still considered the weak link in security? We’ve been dealing with this issue for a long time so why is it still an issue? Are the ways we’ve been using to educate employees on security and their role in a secure enterprise wrong? What more can or should we be doing? If they are determined to cause harm or steal data, what can be done to counter this? Won’t we always be reacting in this situation? How is human- first changing traditional security approaches?


Are current security tools adequate for a human-first security approach? What about current network and data visibility tools? What does the intersection of data and people mean for enterprises? What is the best way for enterprises to implement a human-first approach to security and how will It impact businesses? How will this make a change to existing security spending?

Fundamentally, organisations are starting to realise that existing security tools are no longer sufficient to protect their evolved organisations, where data is no longer a tightly controlled entity. In fact, only 4 percent of cybersecurity professionals are extremely satisfied with the cybersecurity investments they’ve made to date.

This shift to a human-first approach to cybersecurity will serve modern enterprises far better than broken cyber-defence models centred on “keeping bad stuff out”.

Humans are the constant across technology use and cyber threats. To determine the cause of security incidents (e.g., data theft, intellectual property loss) and prevent them in the future, security professionals must look at the intent behind peoples’ actions. Insiders fit into three groups along a spectrum that we call the continuum of intent, which categorizes users as accidental, compromised or malicious. People can move in and out of those categories depending on several factors, so we also examine typical behaviors that map to these categories and span the full continuum.  By focusing on these human points of interaction, companies can develop a proactive, in-depth cybersecurity system that considers user behaviour analytics and is more selective with the access they are granting to employees.

On the part of the employee, more can be done to raise awareness about cybersecurity issues. With the prevalence of BYOD devices, employees need to be held more accountable for their interactions with critical data. For example, employees are unwittingly subjecting themselves to cyber threats through their social media and internet usage. As individuals share much of their personal and sensitive information on social media, attackers can take advantage of the information that is given out for malicious purposes including creating context around hacking. Corporations need to take a more active role in educating employees on the importance of privacy settings in their use of social media.

When is too much employee monitoring too much? How do you balance the need for security and the employees need for privacy? Is there a need to anonymize the data collected? But if you do so, how do you ensure you going after the right person? Given the number of devices an employee may use, do enterprises have a right to look at a personal device if it isn’t connected to the office network but is running of a 4G telecom network instead?

The shift to BYOD presents a paradox: managed endpoint policies can allow users to access, modify and store data on their devices, while unmanaged devices require a more restrictive policy that prevents the loss of critical corporate data. Potential data leakage and exposure broadens as organizations allow access to critical business data, either through BYOD or corporate policies. The problem is, the lack of insight into the behaviours and intent of the mobile workforce creates risk that that cuts across enterprise and undermines its stability.

With data sprawled across a range of systems and devices, there is a need to monitor employees’ interaction with critical data. Severe cyber-attacks can happen from a single misstep on the part of an employee.  In a recent ransomware attack, Forcepoint Security Labs discovered that spear-phishing emails containing tailored logos and staff names were used to deceive employees into activating the ransomware.

By closely monitoring and understanding mature insider threat profiles, corporations can eliminate the potential for damage before it even happens.

Executing a cyber strategy founded on people-centric protection is clearly a process rather than a single point in time, as the market begins to adopt preventative approaches that focus less on the perimeter and more on safeguarding data through its entire lifecycle of creation, use, dissemination, and deletion.

Only by understanding the intent behind a user’s actions can we recognize the difference between good and bad cyber behaviors.