Human Risk Management: Why it’s time to re-envision awareness training

Only 8% of users cause 80% of security issues. While all users need security awareness training and should be mindful of potential cyberattacks during the conduct of their daily tasks, the fact remains that organizations must properly identify the users that pose the most risk, and be able to take action.

Organizations tend to invest in disconnected security point products, and while some invest in security awareness training, they tend to unwittingly create an environment with security professionals who cannot differentiate risk across employees because they lack the right tools to do so, and frustrated end users who ignore continuous security warnings and bypass disparate controls.

Ours is an increasingly connected world and employees have access to a myriad of collaboration tools and unlimited access to organizational data, making them prime targets for complex attacks such as phishing and other forms of business email compromise (BEC). In addition, they are constantly multi-tasking and have multiple tools open at the same time. All of these factors make users more prone to errors, and traditional security measures often fall short in addressing these human-centric risks, leading to significant vulnerabilities. 

The Human Risk Management Platform

Traditional security awareness only measures simulated risk and training engagement – it doesn’t measure real risk. Fortunately, at the time when it is needed most, an evolution of risk mitigation – the human risk management (HRM) platform – is poised to address many of these issues.

A connected HRM platform is built on a central risk engine and is designed to prevent the evolving and sophisticated threats targeting human error within organizations. The HRM platform offers preventative controls and the ability to take direct actions that mitigate the risk associated with human behavior such as clicking a link that downloads malware, opening malicious attachments, or visiting a website with malicious content.

The HRM platform marks an important and eagerly anticipated milestone in advancement toward the next generation of cybersecurity. In response to customer and market demand for a more effective means of mitigating risk brought on by employee mistakes and user errors, the HRM platform will provide unprecedented visibility into an organization’s risk profile, scoring users by risk and allowing CISOs to educate and protect the riskiest part of their employee base.

Human Risk Dashboard: Unparalleled Visibility   

With an HRM platform, security teams can surface and centralize risk signals in the form of a human risk dashboard. This provides  security teams with human risk scoring and visibility based on event data from both native metrics as well as data from third-party tools. In addition, the dashboard is positioned to quantify attack factors measuring the frequency and severity of inbound threats, including analysis of inbound phishing attempts, blocked malware, malicious web content loaded by visited websites, and more. With full visibility into this data, organizations and security professionals can tailor user-specific security strategies, including awareness initiatives that provide more training to those who need it and less to those who don’t.

Integrating Security Awareness Training

A key function of the HRM platform and the human risk dashboard is to integrate findings into an organization’s security awareness training program. This redefines how security leaders can manage human risk. Traditional security awareness programs take a standardized approach, rendering IT leaders unable to identify high-risk employees or effectively mitigate their risky behavior. Now, security professionals can eliminate blind spots by offering extensive visibility into employees' risky behaviors powered by the HRM platform and the human risk dashboard to adapt interventions to each individual's unique risk profile. This approach also helps increase productivity as lower risk employees are interrupted far less with training tasks, enabling them to focus on more critical business activities. 

The Bottom Line

The HRM platform, the human risk dashboard, and the integration of both with the latest in security awareness products will revolutionize how organizations manage human risk.

Mimecast is leading the way. Our mission to advance security and transform the way organizations manage and mitigate risk is now bolstered by our very own HRM platform, human risk dashboard, and Mimecast Engage, our new security awareness product powered by our new HRM platform. By integrating security into the very fabric of human interaction, organizations can set a new standard for protection in an increasingly complex digital world.

For more information on how you can benefit from Mimecast’s human risk management solutions, visit our Mimecast Engage awareness training website page.