In Depth
Can Security's Human Side Stop Data Breaches?
As human error increasingly becomes the top reason for security breaches, behavior-based strategies are making their way into the workplace to supplement technology
By Joan Goodchild, Senior Editor
Similar findings from consulting firm Deloitte earlier this year back up the Cisco research. A Deloitte survey of more than 100 companies found 75 percent cited human error as the leading cause of security failures.
Green Armor is one of several companies with a product that is based on human behavior. A quick Google search turns up many antivirus and malware solutions that utilize behavior analysis. Most of the major antivirus software makers, such as Symantec and McAfee, have implemented some kind of behavior-based defense into products.
A California-based consultancy called Security Mentor, which only launched in April, is hoping to find business in an approach that goes right to the source: the user. Security Mentor offers training that, according to founder and President Marie White, takes on a brief, frequent and focused approach. Employees take part in weekly, seven-minute-long informational Web sessions that teach and reinforce good security habits and practices.
"There is wide spread information at this point that employees are one of the greatest threats to an organization," said White. "But the question is: Why do they remain the greatest threat? One can assume they are either intentionally or unintentionally engaging in risky behavior. Most people agree it's unintentional. This training addresses that."
Security Mentor, which launched at the RSA conference, is still in the start-up phase, according to White. While the firm is not working with any customers yet, there is interest from a wide-swath of commercial and government organizations, she said.
White said in developing the sessions, she also took into account how the typical employee works today. The sessions are short to fit the attention-span criteria of a busy person. They are regular so that retention of information will be more effective.
"We consider how employees multi-task and the training fits in that attention span window," said White. "Also, how often people get interrupted coupled with how they remember. And the frequency of having training weekly makes it a lifestyle difference for employees."
Other stories by Joan Goodchild
behavior-based security
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
