Many businesses consider employees to be their biggest weak spot when it comes to cybersecurity. This is because typically, breaches still rely on social engineering to succeed, tricking users into performing actions they shouldn’t – including risky activities like opening suspicious email attachments and clicking on links.
But while companies are quick to blame users when things go wrong, in the modern business landscape a collaborative security culture is needed. One that sees IT and security departments working alongside users to provide a safe environment for employees to do their job. With sophisticated threats constantly evolving, security awareness training is not foolproof.
You can’t patch user behavior
Almost every job today requires users having a PC – usually one provided by their employer. And while businesses ask them not to click on anything ‘risky’, this is often necessary to do their day-to-day role. In industries like finance, invoices are required to be sent as PDF attachments via email for processing. So, why should employees be blamed for opening the ‘wrong’ PDF? If end users need to click and open files to perform their job, it's unrealistic to expect them to be cyber experts who can detect every piece of malicious content before clicking – especially with some of the convincing phishing attacks targeting them today.
This means comprehensive security education and awareness training programs are crucial. Users must be taught how to identify suspicious emails – including how to go beyond looking at the name of who has sent an email, and instead at the domain name structure for the email address.
VP Security Solutions at HP Inc.
However, with the recent rise in thread-hijacking, users also need to be wary of content from trusted sources. When they get an email from someone internally, or from an external company they have been working with, they need to think; is the email relevant in the context of the email chain? Or are email attachments not appearing as expected? If so, this could be a red flag.
For example, in a recent attack analyzed by HP Wolf Security, threat actors compromised a user logged into Outlook for Web. Attackers then used this compromised address to share malicious word files posing as finance documents throughout the organization. As the files came from within the organization, it’s much more likely that employees would trust this.
Businesses can patch IT systems, but it’s impossible to patch user behavior. And cybercriminals continue to exploit this, despite companies undertaking regular phishing tests. Everyone makes mistakes, and it only takes one user clicking to initiate the breach.
Like workplace health and safety, cybersecurity is a collective responsibility. Everyone needs to play their part. While education is important to reduce the risk of a user clicking, it’s time for businesses to stop solely relying on security training and blaming users for their failure to spot threats. Instead, organizations must leverage proper technology and strategies to protect users – who are on the front line in the cyber war. This can be done by implementing three key strategies:
1. Applying NGAV as a first step
First, businesses need good protection. Luckily, there are a lot of great vendors in this space. But while anti-virus (AV) or next-generation anti-virus (NGAV) is a good place to start, this technology alone isn’t sufficient to protect against modern cyber threats.
In reality, most organizations that have suffered a ransomware attack or some other breach were running AV on the devices that were affected. If AV or NGAV alone was enough, there would be no more breaches. A properly implemented quality NGAV tool is just step one.
2. Knowledge is Power
Organizations need visibility over applications running on employee devices, and how they behave. This requires a good visibility tool – which often comes in the form of endpoint detection and response (EDR), or extended detection and response (XDR).
For instance, a user might download a new .exe file that starts reading files from the user's OneDrive folder and uploading this to a server in a foreign country – which shows user data is being stolen. In this case, the anti-virus tool has missed the malware and let the bad executable run. But, businesses with a good visibility tools can spot this unusual behavior, and mitigate any potential risks.
While traditionally EDR and XDR tools have been expensive and labor intensive to implement – with the power of the cloud with AI and machine learning, these tools are becoming more efficient. However, just like AV tools will fail properly detect all malware, visibility tools will also not catch everything in time before severe damage occurs.
3. Isolating the Problem
To significantly reduce the threat faced by end users, organizations should implement isolation technology alongside protection and visibility tools. There are two key approaches for implementing and running isolation containers: cloud and on-device. With an on-device approach the container runs locally on the user’s device and leverages the power of hardware-based virtualization to isolate the container away from your Windows OS and internal network.
Using hardware-based isolation containers, businesses can leverage isolation technology to create a virtual safety net for end users to protect them when they click on high-risk content. This could be an email attachment, file downloaded from the Internet, a file opened on a USB drive, or website link a user has clicked on. If the content turns out to be malicious, the malware is isolated inside a container and cannot harm the user’s PC or your internal network.
Protect your end users
Organizations must start building a more collaborative security culture as they settle into the future of hybrid work. But even so, they must prepare for the reality that most users will eventually click on something they shouldn’t.
To protect users, it’s vital that IT and cyber professionals also take a layered approach, starting at the endpoint with security baked in – while also being as unobtrusive as possible to avoid end-users trying to circumvent it. This will give employees the tools and systems they need to safely do their job – instead of blaming them for breaches they can’t control!
