Cybersecurity's greatest weakness is also its best line of defence

This article is part of the World Economic Forum's Geostrategy platform

The Office of Management and Budget (OMB) released a risk report earlier this year that delivered some sobering cybersecurity news to federal agencies.

According to the OMB, a majority of agencies with cybersecurity programmes in place are at significant risk of attack. As noted in the report, “agencies cannot detect when large amounts of information leave their networks.”

This revelation provides perspective to the recent prediction from Cybersecurity Ventures that global cybersecurity spending will increase steadily to exceed $1 trillion from 2017 to 2021; and, the cost of cybercrime around the world will rise to $6 trillion annually by 2021. Inherently, something is wrong with any prediction that correlates increased spending on prevention with increased damages from successful penetration of those same defences.

To put all of this into context, think of the cyber security industry today as a technology arms race, whereby a new threat is revealed, a new patch or update is released to address it and the cycle repeats.

Cyber security investment continues to rise, but so does the volume of threats in stealing sensitive data. A paradigm shift in how we address cybersecurity is needed to stop this vicious cycle and empower cyber defenders with the right tools to mitigate the onslaught of cyberattacks.

Data is the new oil

Governments and enterprises are facing a hyper-converged world where connected systems put critical data and intellectual property (IP) at significant risk. This data is everywhere: in private and public clouds, on removable media, and on the mobile devices organizations rely on to conduct business.

The challenge in securing this data is particularly daunting because of the sheer number of devices in use. The average organization has around 23,000 mobile devices in use by employees.

That is where cyber defenders are most challenged when it comes to preventing the exfiltration of mission-critical data: lack of visibility and context in how and where data is used as it sprawls across agency-issued, personally-owned, and hosted applications and devices.

This landscape delivers adversaries a rich field to attack and ultimately mine. Regardless of how attacks originate, they drive to the same final intersections, where they can ultimately inflict the most damage.

These intersections are points in which people interact with critical business data and intellectual property. These “human points” of interaction have the potential to undermine even the most comprehensively designed systems in a single malicious or unintentional act.

The human point

To put this in wider context, one-third of organizations have suffered from an insider-caused breach, with potential losses from each incident totalling more than $5 million, according to the SANS Institute.

The Verizon 2017 Data Breach Investigations Report also revealed that over 43% of data breaches last year were social attacks. Meaning, these attacks all focused on exploiting the human point of weakness in an organization’s security defences.

Humans can also be the strongest line of defence, however, and act as warning signs of cyber espionage and attacks. Deploying a human-centric approach to security can sound the alarm based on human cyber behaviour and enable cyber defenders to mitigate or prevent critical data loss regardless of whether the network was breached.

Security teams receive thousands of alerts in a given day and are losing the cyber battle as a result. Advances in human behaviour and risk analytics will enable these cyber defenders to more quickly identify cyber anomalies and garner needed context to parse normal from malicious or compromised network activity alerts.

Integrated risk-adaptive and automated enforcement policies can then curtail or prevent access to sensitive IP depending on the observed level of risk. In this model, security teams garner the ability to understand, predict, and act on potential threat events as they unfold, not weeks, months, or years after the fact.

By shifting the security focus from the traditional model of protecting infrastructure to understanding human behaviour, employees can also be enlisted to help secure mission critical and corporate assets. This enables not only greater security efficacy within an organization, but it also engages an organization’s first line of defence—its people—and continually includes them in the security equation.

In a chaotic world of hackers and industrial thieves, it will require an “everyone-to-the-defence” shared mission strategy to keep both an organization’s people and data secure.

All agencies and enterprises, big and small, want a strategic and effective solution for securing important data—the trade secrets and digital “crown jewels.” The answer might come down to something as simple as being human.

Utilizing the Human Element to Mitigate Today’s Sophisticated Cyber Threat Landscape, Sean Berg, the Atlantic Council