Email Security 2023

    Human Risk Management: Why it’s Time to Re-Envision Awareness Training

    A real solution that transforms the way organizations mitigate employee risk

    by Kurt Werner  

    Key Points

    • Research shows that 80% of security issues are actually caused by just 8% of users.
    • While effective, even the most up-to-date security solutions fail to address the biggest risk – human error – in a practical and useful manner.
    • The human risk management platform and human risk dashboard will change all of this – allowing security admins to very easily identify the users that pose the most risk.

    Only 8% of users cause 80% of security issues. While all users need security awareness training and should be mindful of potential cyberattacks during the conduct of their daily tasks, the fact remains that organizations must properly identify the users that pose the most risk, and be able to take action.

    Organizations tend to invest in disconnected security point products, and while some invest in security awareness training, they tend to unwittingly create an environment with security professionals who cannot differentiate risk across employees because they lack the right tools to do so, and frustrated end users who ignore continuous security warnings and bypass disparate controls.

    Ours is an increasingly connected world and employees have access to a myriad of collaboration tools and unlimited access to organizational data, making them prime targets for complex attacks such as phishing and other forms of business email compromise (BEC). In addition, they are constantly multi-tasking and have multiple tools open at the same time. All of these factors make users more prone to errors, and traditional security measures often fall short in addressing these human-centric risks, leading to significant vulnerabilities. 

    The Human Risk Management Platform

    Traditional security awareness only measures simulated risk and training engagement – it doesn’t measure real risk. Fortunately, at the time when it is needed most, an evolution of risk mitigation – the human risk management (HRM) platform – is poised to address many of these issues.

    A connected HRM platform is built on a central risk engine and is designed to prevent the evolving and sophisticated threats targeting human error within organizations. The HRM platform offers preventative controls and the ability to take direct actions that mitigate the risk associated with human behavior such as clicking a link that downloads malware, opening malicious attachments, or visiting a website with malicious content.

    The HRM platform marks an important and eagerly anticipated milestone in advancement toward the next generation of cybersecurity. In response to customer and market demand for a more effective means of mitigating risk brought on by employee mistakes and user errors, the HRM platform will provide unprecedented visibility into an organization’s risk profile, scoring users by risk and allowing CISOs to educate and protect the riskiest part of their employee base.

    Human Risk Dashboard: Unparalleled Visibility   

    With an HRM platform, security teams can surface and centralize risk signals in the form of a human risk dashboard. This provides security teams with human risk scoring and visibility based on event data from both native metrics as well as data from third-party tools. In addition, the dashboard is positioned to quantify attack factors measuring the frequency and severity of inbound threats, including analysis of inbound phishing attempts, blocked malware, malicious web content loaded by visited websites, and more. With full visibility into this data, organizations and security professionals can tailor user-specific security strategies, including awareness initiatives that provide more training to those who need it and less to those who don’t.

    Integrating Security Awareness Training

    A key function of the HRM platform and the human risk dashboard is to integrate findings into an organization’s security awareness training program. This redefines how security leaders can manage human risk. Traditional security awareness programs take a standardized approach, rendering IT leaders unable to identify high-risk employees or effectively mitigate their risky behavior. Now, security professionals can eliminate blind spots by offering extensive visibility into employees' risky behaviors powered by the HRM platform and the human risk dashboard to adapt interventions to each individual's unique risk profile. This approach also helps increase productivity as lower risk employees are interrupted far less with training tasks, enabling them to focus on more critical business activities. 

    The Bottom Line

    The HRM platform, the human risk dashboard, and the integration of both with the latest in security awareness products will revolutionize how organizations manage human risk.

    Mimecast is leading the way. Our mission to advance security and transform the way organizations manage and mitigate risk is now bolstered by our very own HRM platform, human risk dashboard, and Mimecast Engage, our new security awareness product powered by our new HRM platform. By integrating security into the very fabric of human interaction, organizations can set a new standard for protection in an increasingly complex digital world.

    For more information on how you can benefit from Mimecast’s human risk management solutions, visit our Mimecast Engage awareness training website page.  

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page