Mimecast Announces a Strong Performer Position in the Inaugural Forrester Wave for Human Risk Management
As HRM blossoms into a distinct and expanding market, Mimecast contributes by innovating and reducing risk through quantification and technology integrations
Key Points
- Mimecast has been listed on the Forrester Wave for HRM as a Strong Performer.
- Mimecast’s rating as a Strong Performer also includes reference to our acquisition of Elevate Security (and their accompanying human risk analysis and intervention capabilities).
- In order to stay ahead of today’s threats, organizations must implement a human risk platform that uses a comprehensive, accurate methodology to measure human risk and evaluates the likelihood and impact of harm.
Forrester has recognized Mimecast as a Strong Performer in The Forrester Wave™: Human Risk Management Solutions, Q3 2024 report. This marks Forrester’s first official evaluation of the HRM market and the first notable evaluation from the analyst community. The release of this Forrester Wave for HRM is a major milestone in the development of the human risk management market.
The Wave evaluates the vendors that Forrester considers to be the most significant solution providers in the market and their accompanying research, analysis, and scoring. Rated as a Strong Performer, we believe we have demonstrated undeniable momentum for Mimecast Engage and the Human Risk Management Platform.
In the report, Forrester cites the acquisition of Elevate Security (and their accompanying human risk analysis and intervention capabilities), as well as our plans to introduce the human risk dashboard to our 45,000 customers and plans for extensive third-party integration across the security ecosystem. Also referenced by Forrester is the calculation of human risk as the composition of actions (behavior), attacks, and access (identity).
Forrester states in the report that organizations that have a “strong behavioral change drive” and a desire to “move beyond SA&T” should consider Mimecast.
How HRM Has Evolved, and Why It’s So Critical
In the past, organizations have tried to address the problem of human risk via multiple, disconnected solutions. In addition, when leadership thinks of security, they tend to think of protecting organizations against attacks from the outside, the external risk. As a result, security solutions have gotten really great at identifying those threats, but threat actors have evolved from wide-spread attacks to very focused threats targeted at individuals.
So, about the risk from the inside? Today it’s more important than ever to ensure that organizations can protect themselves from internal or insider risk. And what connects the two? The human in the middle. Organizations ask their employees to not only identify threats that come in via email and collaboration tools, but also to properly handle organizational data.
By delivering a connected human risk management platform, organizations can solve multiple use cases covering areas across the spectrum from external risks, like business email compromise, uncontrolled collaboration channels, and secure data retention to insider threats like exfiltration of critical company data and identification of compromised users.
How We Re-envision: Going Beyond Traditional Awareness Training
HRM is becoming distinct because of its ability to focus on human risk – and the riskiest users. While all users need security awareness training and should be mindful of potential cyberattacks, the fact remains that only 8% of users cause 80% of security issues. Security teams must properly identify these users and be able to take action.
Employees have access to a myriad of collaboration tools and unlimited access to organizational data, making them prime targets for complex attacks such as phishing and other forms of business email compromise. In addition, they are constantly multi-tasking and have multiple tools open at the same time. All of these factors make users more prone to errors, and traditional security measures often fall short in addressing these human-centric risks.
All these factors combined is why companies should focus on these key behavioral changes that go beyond traditional awareness training. As a result of these trends, human risk management solution customers should look for providers that:
- Enable adoption of HRM, not just buy into it: Look for providers that can readily show you which behaviors and events you can measure based on your tech stack, how you can use human risk to adapt training and policies, and how their customer success teams can help you progress your HRM maturity.
- Demonstrate that HRM capabilities are clearly and significantly different: Look for vendors that offer actual HRM capabilities that go well beyond awareness and phishing simulations. Ensure that the solution can identify risky user behaviors and events via integrations with security technologies and respond to those behaviors and events with a broad set of targeted, real-time interventions based on a user’s human risk, such as training, nudging, updating technical policies, or sending alerts or workflows.
- Use a comprehensive, accurate methodology to measure human risk: Look for solutions that use a correct definition of risk, evaluating the likelihood and impact of harm to your organization. These solutions consider four key points: individuals’ actual behaviors, identity, personal attack exposure, and security knowledge and sentiment. The more granular the data on each, the better you will be able to measure and manage risk. Granular solutions measure actual behaviors across security categories, derive identity insights such as seniority and access levels, and recognize personal attack exposures.
How Mimecast Can Help
The Mimecast HRM Platform has been designed by having human beings at the center of everything we do, aligning key protection and data controls to offer the most comprehensive approach to human risk management. With the Mimecast HRM Platform, you get a single solution that brings multiple products together to help you protect collaboration, educate employees, and detect insider risk. This is the connected human risk management platform organizations need.
Read the Forrester Wave for HRM report to learn more.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!