An advanced approach towards cyber-security
Information Security has its own pros and cons. Where at times it might prove fruitful in saving the data but other times it can lead to frustration between security professionals and end users. Any activity with an indication of any sort of exfiltration even when an employee is accessing any work-related-file, may lead to automatic denial.
The inelasticity of the system may cause the user to seek workarounds thereby leading to a critical situation while requiring security managers and professionals to hunt down the security warning.
Agencies must focus on an attempt to revamp and create well-defined security measures. Instead of ''all or nothing'' approach agency must focus on a more targeted approach where security procedures are executed in a user-friendly manner which explains all instructions in detail. The agencies can set up policies which are automatically imposed whenever necessary, thereby allowing employees to focus on their respective jobs. This would help the enterprise focus more on the progress of their work thereby slowing down the friction.
Suggested Read: Where to Focus Your Cybersecurity Efforts in 2018
By Andy Hammond, Strategist and Evangelist, SSH Communications Security and Red Curry, Cybersecurity Strategist, SSH Communications Security
The agency is expected to closely monitor and gain a better insight into how, when and why people use and access information. These behavioral patterns of users, if passively examined can give the former a detailed account of a human-centric approach towards developing a security system.
Human beings are creatures of habit and risk adaptive protection places each user’s actions into a larger context based on their established patterns of behavior. It starts with a baseline “normal” understanding of user patterns and proceeds to compare future actions to that baseline. Any deviations could trigger automatic security responses (anything from closer monitoring, to a warning, to denial of privileges or other measures) depending on the policies and security protocols set forth by agency administrators.
During this procedure, each user is assigned a "risk score" - a numerical value indicating their potential risk factor. Risk scores are deduced by the users' access to data and can fluctuate depending upon behavior patterns and be changing roles and responsibilities. The risk adaptive system can automatically adjust to account for the changes, unlike today's binary security systems which gives a choice between allow or deny.
These risk scores aid in telling the users regarding their access to sensitive data and are not necessarily an indicator of security threat. For Instance, an agency CIO may have a high-risk score but may not be a threat whereas a person with a low-risk score could see their score-raising on a rapid pace if they are subjected to an unusual pattern of behavior or when their job demands access to proprietary information. Individual access rights could be subjected to blocking if comes under questionable activities.
For a more detailed explanation, we can say that a user may log into his computer on a routine basis and access the same files- a normal behavior pattern which he follows every day. But for an instance what if the user breaches the norms and starts uploading sensitive content to an unauthorized Google account or attempts to access the network during the night when he is not physically present at his/her desk. Hence, this would be an indicator of bizarre and dubious behavior thereby questioning the individual's credibility. In this way, the system could automatically target and block that user without impacting the organization. An automated alert could also be generated thereby allowing security personnel to swiftly apply additional inspection.
Minimised Risk Levels With Better Security
Understanding that is a subject of concern, the administrator can act according to the situation to mitigate the risk as it occurs. Security protocols and responses can be adjusted with depending upon the way agency personnel interacts with the data and the acceptable risk levels.
'Start with yourself first', efforts have to be started on an individual level first. If the security is improved, no binary choices would be a necessity thereby allowing an organization's work unaffected.
You may like: Security Solutions for Cyber Risk Mitigation
By Colin Black, CIO, Crowd Strike