industry unlocked
organisations must operate and even in ‘ perfect ’ conditions , they ’ ll still make mistakes . Sadly , the gift of more time and resources is beyond the capability of security teams to deliver . Similarly , IT leaders cannot be the moral guardians against worker dishonesty . These are all human , not technological , failings and that is why we believe that a specifically human layer security programme is the only effective answer to mitigating insider breach risk .
Human layer security identifies the risk points in employees ’ working processes and ensures that there is a safety net to support them when they are vulnerable to tiredness , rushing and stress , preventing them from making mistakes . It also acts to put a brake on employees who might be more reckless or dishonest with sensitive government data , protecting it against malicious leaks .
By using AI and contextual Machine Learning to identify what typical user email behaviour looks like , human layer security learns the normal sharing patterns , contacts and data types that flow between users and organisations . Once this benchmark is established , users are alerted when they deviate from their typical behaviour : perhaps they have been rushing and included an external recipient address into a usually internal email group , due to an incorrect suggestion by autocomplete . It also identifies when users are emailing a new contact or domain for the first time ,
Human layer security identifies the risk points in employees ’ working processes and ensures that there is a safety net to support them when they are vulnerable to tiredness , rushing and stress , preventing them from making mistakes . which is particularly valuable in the case of phishing and spear-phishing emails where the deception depends on users failing to spot tiny address changes . Alerts allow users to correct the error before a breach occurs , helping to build a culture of tighter security , but without adding cumbersome extra processes to an already busy employee ’ s workflow .
When it comes to protecting the data itself , the key is knowing what data is about to leave the organisation . An intelligent solution that scans email and attachment content and identifies data such as personally identifiable information ( PII ) or bank account details can alert users that they are about to send information to an unauthorised recipient or without the correct degree of encryption . If the user persists , the risky email can be blocked from being sent and administrators alerted to a potentially intentional attempt to breach data , so they can respond accordingly .
The key to human layer security is that it works with the users to support them when human factors intervene to introduce risk . It is the missing piece of the email data protection puzzle that means insider breach risk must no longer be accepted as an inevitable price of day-to-day operations . u
46 Issue 31 | www . intelligentciso . com