A Layered Security Approach: Humans and Machines

Cyber crime rose by 600% during the peak of COVID-19, totalling $6 trillion in damages worldwide over 2021 – and is continuing to increase year-on-year. The pandemic has altered the security landscape for 2022, creating new opportunities for attackers to leverage, including workforces being away from the support of IT teams due to the rise in hybrid working. Businesses cannot afford to leave room for error with new and innovative attack methods having entered the market, such as; fileless attacks, phishing, ransomware, malware and more sophisticated vulnerability exploits. 

Not only is there an acceleration of cyber attacks, but technology is also becoming more developed, as businesses embrace a ‘digital first’ approach to both processes and operations. Machine-led intelligence tools, such as Machine Learning (ML), Artificial Intelligence (AI) and Behavioural Analysis are now playing a more crucial part in keeping organisations’ networks safe against cyber criminals. However, organisations mustn't ignore the key role the workforce plays in keeping data safe. A combination of workforce education and technology is crucial for a layered security approach –  it shouldn’t be the case of one or the other,  explains Andrea Babbs, General Manager , VIPRE.

Where Does The Workforce Stand?

Cyber criminals continue to take advantage of key vulnerabilities, one of these being human error. According to a study by IBM, human error is the main cause of 95% of cyber security breaches as users are permanently exposed to new threats and are prone to making mistakes, whether this is sending an email to the wrong person or clicking on a phishing link. The role of the human has never been more important to keep data safe, especially with more workforces working remotely, relying strongly on the use of email and potentially working on open internet connections.

Humans may be aware of the existing cyber threats, but they might not necessarily know how to respond, or where they fit into an organisation's overall defences. Rather than leaving the responsibility to IT teams, educating the user on the role they have to play against cyber attackers is essential. This can be reinforced with consistent security awareness training programmes, which give security support where applicable and highlight any existing weaknesses within the workforce. Not only will this improve a businesses overall IT security strategy, but it will also teach users to be more alert and security-aware.

Once trained, employees will then have valuable insight into their organisation’s cyber security strategy and they will be trained to combat these threats. If businesses can leverage this understanding and work with their teams collaboratively, then they can help workforces to see where they fit into the bigger picture of keeping information secure, further contributing to the overall defence of the organisation.

The Role of Technology

Technology plays a crucial role in keeping business data safe alongside a human workforce. However, it can’t be fully relied upon, and some responsibility should still lay with the user. But AI, ML and Threat Intelligence innovations can support existing processes and offer additional security layers. 

Machine Learning is a subset of Artificial Intelligence. Instead of relying solely on vendor programming, ML is focused on training machines to learn from past and present data to identify threats, where they originate and where they’re likely to strike. In particular, ML is beneficial for understanding and noticing patterns, detecting threats based on their behaviour by comparing it to previous examples of threats – over time learning what is both good and bad. 

A specific application of this is to identify never-before-seen, zero-day, or ever-changing polymorphic threats, helping organisations keep up with the evolving and dangerous threat landscape. A behavioural detection engine powered by Machine Learning can examine a threat’s behaviour and determine if it is malicious or not based on what it has seen before. 

Today’s sophisticated attacks require a far more rigorous defence than traditional scanning and email protection tools – even though they can help secure emails from many threats and establish a baseline for protection, it’s not enough. AI and ML technologies are also key components in email and endpoint security services, for example, email security attachment and URL sandboxing solutions, where an email attachment or link is opened and tested via Artificial Intelligence in an isolated environment away from a customer’s network. Such services, including VIPRE’s Email Link Isolation, which can neutralise possible attacks in emails URLs via re-scanning and sandboxing links once they are clicked on. Therefore, this helps to increase email security and protect businesses’ vital communication tool – email. 

But the solution to a truly secure environment shouldn’t stop there. Once the user has made an error, they should be educated straight away. Businesses need to re-train their users, ideally at the point of error. Simply stopping the threat isn’t enough.

Working Together

Businesses can't rely on either the human or technological layers within an organisation's cybersecurity approach.  Instead, technology and the workforce work better collaboratively. For example, whilst Artificial Intelligence provides computers with human qualities, AI can’t perform precise decision making and complex tasks as well as humans can. An example of this is VIPRE’s SafeSend tool that prompts the user to check their recipient and attachment list when sending an email. AI may struggle to interpret if the recipient should receive that specific file, therefore in this situation, the human is better to make the final decision.

Educating users and implementing a cyber security aware culture should be the first steps taken before adding any innovative tools. Machine learning has to work in tandem with other processes, including application allow-listing, email filters, antivirus, firewalls and intrusion detection, to deliver optimum security.. And with human intervention, these technologies can reach their full potential. For example, in order to make Machine Learning successful, the algorithms need lots of data from a variety of sources to provide accurate, actionable results – and feeding the right types of data to the model requires human expertise. Not only will this increase the workforce's understanding of their role to play in keeping the organisation safe, but this combination is vital to ensure the correct digital solutions are in place.

Conclusion 

For an organisation to stay secure, they’ll need more than one layer of detection to deliver the results. The best systems are built around a partnership between humans and machines, where businesses let technologies such as AI and ML work on the functions that we as humans, may struggle with or be less enthusiastic about, but still utilising the workforces strength within the front line of defence.

By taking a layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered.

Organisations need to ensure that they have both the next generation human and technology protection in place. A cyber-aware culture with continuous training is vital, and so is having access to the right technology to ensure maximum protection.