Andrea Babbs, UK General Manager, VIPRE, explains how a combination of technology and the human workforce can be stronger together when it comes to a layered security approach. By taking this approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered.
The cybersecurity market is continuing to increase year on year, with cybercrime rising by 600% during the peak of Covid-19, totalling $6 trillion in damages worldwide over 2021. The pandemic has shifted the security landscape for 2022, creating new opportunities for attackers to leverage, including the rise of hybrid working and workforces being away from the support of IT teams. Additionally, new and innovative attack methods have entered the market, from fileless attacks, more sophisticated vulnerability exploits, phishing, ransomware and malware – meaning that businesses cannot afford to leave room for error at any time.
Technology is also becoming more and more developed and businesses are beginning to embrace a ‘digital-first’ approach to processes and operations. Machine-led intelligence tools, such as Artificial Intelligence (AI), Behavioural Analysis and Machine Learning (ML) are now playing a more crucial part in keeping organisations’ networks safe against cybercriminals. However, organisations can’t forget about the key role of the workforce in keeping data safe – but it shouldn’t be the case of one or the other. Instead, a combination of workforce education and technology is crucial for a layered security approach, explains Yvonne Conway, Technology Content Lead, VIPRE.
The role of the workforce
Human error remains a key vulnerability for cybercriminals to take advantage of. According to a study by IBM, human error is the main cause of 95% of cyber security breaches, whether this is clicking on a phishing link, or sending an email to the wrong person – users are constantly exposed to new threats and prone to error. And now, with more workforces working remotely, relying strongly on the use of email and potentially working on open internet connections, the role of the human has never been more important to keep data safe.
Team members may be aware of the existing cyber threats, but they might not necessarily know how to respond, or where they fit into an organisation’s overall defences. Instead, educating the user on the role they have to play against cyber attackers, rather than it being the responsibility of IT teams, is crucial. One way this can be reinforced is through consistent security awareness training programmes that provide business insight into security awareness, highlighting the weaknesses in the workforce and enabling support where it is needed. In turn, this will help to teach users to be more alert and security-conscious as part of the overall IT security strategy.
Once trained, employees will then have valuable insight into their organisation’s cyber security strategy and they will be trained to combat these threats. If businesses can leverage this understanding and work with their teams collaboratively, then they can help workforces to see where they fit into the bigger picture of keeping information secure, further contributing to the overall defence of the organisation.
Additional layers of security with AI and ML
Alongside a human workforce, technology plays a crucial role in keeping business data safe. However, it can’t be fully relied upon, and some responsibility should still lay with the user. But innovations such as AI, ML and Threat Intelligence can improve existing processes and provide additional layers of security.
Machine Learning is a subset of Artificial Intelligence and is focused on training machines to learn from past and present data to identify threats, where they originate and where they’re likely to strike, instead of relying solely on vendor programming. In particular, ML is useful for recognising patterns and detecting threats based on their behaviour by comparing it to previous examples of threats – over time learning what is both good and bad.
A specific application of this is to identify never-before-seen, zero-day, or ever-changing polymorphic threats, helping organisations keep up with the evolving and dangerous threat landscape. A behavioural detection engine powered by Machine Learning can examine a threat’s behaviour and determine if it is malicious or not based on what it has seen before.
While traditional scanning and email protection tools can help secure emails from many threats and establish a baseline for protection, today’s sophisticated attacks require a far more rigorous defence. AI and ML technologies are also key components in email and endpoint security services, for example, email security attachment and URL sandboxing solutions, where an email attachment or link is opened and tested via Artificial Intelligence in an isolated environment away from a customer’s network. Such services, including VIPRE’s Email Link Isolation, help increase email security by neutralising possible attacks in email URLs by rescanning and sandboxing links once clicked on, protecting businesses’ vital communication tool – email.
But the solution to a truly secure environment shouldn’t stop there. The user should be educated on the spot – once they have made a mistake. Simply stopping the threat isn’t enough. Instead, businesses need to retrain their users, ideally at the point of error.
A collaborative approach
As important as both human and technological layers are to an organisation’s cybersecurity approach, businesses can’t rely on just one. Instead, technology and the workforce work better collaboratively. For example, Artificial Intelligence may provide computers with human capabilities, but humans can still perform intricate decision making and complex tasks better than some technologies can. An example of this is VIPRE’s SafeSend tool that prompts the user to check their recipient and attachment list when sending an email. In this situation, the human is often the best person to decide if that specific file should go to that particular recipient, rather than relying on AI intervention –which can struggle to interpret this type of nuanced decision-making.
Additionally, innovative tools shouldn’t be implemented without educating users and embedding a cybersecurity aware culture throughout the workforce. Machine learning has to work in tandem with other processes, including antivirus, firewalls, intrusion detection, application allow-listing and email filters, to deliver the best protection. And with human intervention, these technologies can reach their full potential. For example, in order to make Machine Learning successful, the algorithms need lots of data from a variety of sources to provide accurate, actionable results – which requires human expertise and analysis to feed the right types of data to the models. This combination is crucial to ensure the right digital solutions are in place – as well as to increase the workforce’s understanding of the critical role they play in keeping the organisation safe.
No single layer delivers all the results organisations need to stay secure, hence the need for multiple layers of detection. The best systems are built around a partnership between humans and machines, where businesses let technologies such as AI and ML work on the functions that we as humans may find hard or time-consuming, while also utilising the strengths of the workforce on the front line of defence.
Organisations need to ensure that they have both the next generation human, and technology protection in place. A cyber-aware culture with continuous training is essential and so is having access to the right technology to ensure maximum protection. By taking a layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered