Employee Training is Key in Preventing Breaches, But is it Enough?

March 31, 2020

Cybersecurity experts have long touted properly trained employees as an organization’s first line of defense amid the rapid proliferation of cybercrime. Cybercriminals, meanwhile, reveal through their tactics that they still consider untrained employees an organization’s Achilles heel.

Almost every successful cyberattack reported in the media exploits the human factor. Fortunately, IT decision makers are increasingly aware of this. The most conscientious security chiefs are placing greater emphasis on staff training to secure their organization’s perimeter.

However, is it truly possible to train every single employee—including those working from home and organizations’ third-party partners—to spot a cyber threat? Or to keep good cybersecurity hygiene when handling sensitive data? Or to refrain from stealing intellectual property when they’re disgruntled and about to resign? While training is a key element to preventing breaches and protecting important corporate data, training alone is not enough.

Perimeter Defenses Can Only Do so Much

Businesses handling sensitive data – whether their own intellectual property or customers’ personal information – need to be able to prevent breaches resulting from mistakes and malice, both from the inside and the outside.

In a recent study of IT decision makers, 38 percent named cybersecurity training and support as the pillar of their company’s cybersecurity posture. Organizations that emphasize training are also quicker at detecting attacks, and more efficient at isolating them. Conversely, 43 percent of infosec professionals say they are kept awake at night worrying about their organizations’ cybersecurity, with their biggest fears stemming from insider threats.

When faced with advanced threats like attacks leveraging fileless malware, sophisticated social engineering schemes like spear phishing and CEO impersonation (whaling), or disgruntled insiders with high-level access to company assets, cybersecurity leaders need to pair training with technology for the solution.

Keep Tabs on Your Network Traffic

Cybersecurity executives no longer look at just traditional endpoint and perimeter security solutions to safeguard their assets. They are placing stronger emphasis on next-generation security tools (35 percent) and Network Traffic Analytics (NTA) (34 percent) to keep their organizations secure. NTA technology, in fact, plays a crucial role in safeguarding today’s corporate assets from internal and external threats. A key strength of NTA is behavioral analytics, which enables security teams to spot with dense granularity even the faintest anomaly relative to the known behavior of a company’s applications and processes.

NTA applies machine learning to recognize anomalous behavior, then generates automated responses to attacks in progress. The technology integrates with existing EPP and EDR tools to facilitate swift remediation on devices that exhibit abnormal behavior.

Like a Horse and Carriage

It’s important to strike a balance between strengthening the human factor through training and building a strong cybersecurity technology stack. While training goes a long way toward defending a corporate network, IT chiefs must remember that cybercrooks will always find a way to exploit the human layer of the infrastructure.

Train your troops against outside threats, but don’t forget to equip your IT department with the tools needed to gain visibility into less evident threats that may have slipped through the cracks.

Filip Truta is an Information Security Analyst at Bitdefender. He has more than twelve years of experience in the technology industry space such as gaming, software, hardware and security. He likes fishing (but not phishing), basketball, and playing around in FL Studio. Filip can be reached online at https://www.linkedin.com/in/filip-truta/ and at www.bitdefender.com

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Many of the security screening standards in use today were put in place decades ago. They addressed the threats at the time and employed the security screening equipment that was available.

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products