The Human Side of Security:  Security Threats and Considerations For Today’s Mobile Workforce

The Human Side of Security: Security Threats and Considerations For Today’s Mobile Workforce

While flexibility is empowering the workforce, it is also complicating data security.

As an industry, even as a community, we’ve been particularly focused on external cybersecurity threats. Colossal data breaches and high profile attacks on corporate data centers and institutional networks that have originated outside victim organizations have dominated the news cycle. However, it’s going to become increasingly important to focus on insider threats and the human element of cybersecurity as workforces continue to become more mobile. Over half (52 percent) of employees already work outside of a traditional office at least one day a week, while 18 percent are working from a public location every week.[i]

Whether by malice, accident or negligence, end users – people like you and me – are increasingly responsible for network breaches. Gone are the days where we work exclusively from our offices on our desktop PCs. Today we’re working from our homes, coffee shops, co-working spaces and other locations on laptops, smartphones, tablets and desktop computers. While flexibility is empowering the workforce, it is also complicating data security. With this in mind, there are a few key areas that will become increasingly important to focus on this year: social engineering attacks, user behavior analytics and the need for a multifaceted security solution to address both internal and external threats.

Gaining Access Through Social Engineering

While many external threats start with malware or phishing, we’re seeing an increasing number of attacks using social engineering to compel users to expose their credentials like passwords and usernames. These attacks are appealing because if successful, the attacker can pose as a legitimate user – and won’t be easily caught by anti-virus or anti-malware software. Social engineering uses various methods to target specific employees’ personal information with the intent to leverage that information to deceive those employees into handing over confidential, restricted company information. According to the results of the Dell End-User Security Survey, nearly half of all employees at companies large and small are regularly accessing social media sites on their work devices, which indicates this is an area of significant exposure, and one to which we need to pay more attention.

While the employee’s actions are usually not malicious, accessing social media using the same devices that are used to access corporate data can create significant cybersecurity vulnerabilities. Once an attacker gains access to an organization’s network with credentials stolen via social engineering, they can stay in that network for any length of time, stealing critical data or plotting a larger attack without an organization realizing that the person accessing the network and its information isn’t who they say they are. This is where user behavior analytics comes in.

User Behavior Analytics

While still in its early stages, user behavior analytics is rapidly gaining interest from a wide range of organizations. User behavior analytics leverage big data techniques to help organizations identify unique patterns indicating who is accessing the network, from where, and that they are who they claim to be. If the system detects anomalous behavior, the deviation creates an alert to help organizations determine if a breach is in motion and then take steps to stop it. User behavior analytics differ from other forms of security analytics because they focus squarely on users’ behavior rather than traditional security events. If someone has had their credentials stolen, eventually, an anomaly will arise – whether that’s logging in at odd times, poking around areas of the network that they don’t normally access, or moving large amounts of data.

Organizations Need a Multifaceted Approach to Cyber Security

The combination of both internal and external threats facing organizations today creates a significant threat landscape that requires a multi-layered security solution. While user behavior analytics can help detect and flag threats from within the network, you must also put programs in place to prevent these threats from occurring in the first place. It is essential to provide employee education to help reduce the incidence of insider induced breaches. According to the Dell End User Security Survey, only thirty-six percent of those surveyed feel very confident in their knowledge of how to protect sensitive company information. Many successful attacks target users who are traditionally more vulnerable to cyber-attacks, or those who handle sensitive data – be it smaller businesses without dedicated IT resources and education programs or organizations where data is of paramount importance. Better educating employees about cybersecurity and the role they play in helping to reduce threats should be part of any organization’s security strategy.

Finally, organizations need to focus on securing their data with file-based data encryption as well as protecting against external threats with an advanced threat prevention solution. The combination of both data encryption and advanced threat prevention ensures that while we reduce and quickly detect external threats, the data remains protected whether at rest on an endpoint or when it travels, both inside and outside of the organization.

[i] Dell 2016 Future Workforce Study

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Nearly Half of Companies Exclude Cybersecurity Teams When Developing, Onboarding and Implementing AI Solutions

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3