Cybersecurity is awash in threat detection and mitigation solutions: SIEM, DLP, SOAR, MDR, EDR, XDR, and more.
Threat detection is essential, as it serves to locate and minimize the threat as quickly and effectively as possible.
A recent study from Cisco found that only 15% of companies are ready to defend against threats with a mature approach, citing the changes to hybrid work as a major reason that many companies are not prepared.
These solutions were designed to fight a specific kind of threat and are implemented on an island - not talking to the other security solutions.
3) Even new multi-pronged cybersecurity approaches are all focused on threats, which are already happening.
The relatively new approach called XDR was designed to pull together information from disparate threat detection software like cloud, network and email, to respond to more complex threats by sorting through raw data and alerts and mitigating threats across vectors.
While this coordinated approach to threat mitigation is necessary, the focus is on threats, not risks.
At the same time, recent data from Gallup shows that people are stressed in record numbers - 44% of respondents said that they experienced a lot of stress the previous day - which paves the way for insider threats.
The concept of human-centric security focuses on better management of the insiders that either inadvertently or maliciously cause so many of the threats that companies must deal with.
A human-centric approach to security not only takes the burden of security off the employee, it starts to look at the overall risk associated with certain behaviors and on improving the experience of employees.
Another important way to look at risk is to analyze the behaviors that are most likely to lead to future threats and determine new ways to mitigate those risks to reduce future threats.
Any number of solutions can be put in place based on various risk signals before they become threats.
Human-centric security complements threat detection.
Far from replacing the various threat detection and mitigation solutions in place, human-centric approaches serve as a valuable companion.
Not only can they serve as an early detection layer that can improve insider risk and reduce threats, they can also feed valuable information to threat detection solutions.
Without monitoring, there's the risk that the threat goes undetected until it's too late.
Can give an early warning sign of an insider threat.
Pattern mining activities by employees allows to immediately detect subtle changes in behaviors leading to identifying threats before they happen.
Perhaps the wisest aspect to human-centric security is the focus on employees and the need to create a better experience that reduces friction well before a threat occurs.
While technology is incredibly valuable in the cybersecurity landscape, understanding the habits of the people that work for an organization and making it less likely that they cause a threat provides benefits well beyond cybersecurity.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 27 Dec 2023 05:43:04 +0000