Overcoming Human Error to Secure the Smart Workplaces Transformation

It’s no secret that the workplace is getting smarter every day. Through an increasingly connected world, new capabilities such as location-based services and “smart” buildings are becoming more commonplace to create today’s experience-based economy. In the not-so-distant-future, digitally-driven interactions that are personalized for employees, customers and partners will become the norm.

Aruba’s Spring 2018 survey report, The Right Technologies Unlock the Potential of the Digital Workplace, revealed both the business and human benefits of more digitally-driven workplaces, and how companies that are less technologically advanced are at risk of falling behind the competition and unable to attract top talent.

Survey results also revealed lurking danger behind this digital transformation.

Ironically, digital-savvy respondents disclosed taking greater risks with data and information security. Three-quarters (74%) admitted to behaviors that put company passwords, devices and work files at risk – which is 19% higher than those identified as “non-digital” workers (62%).  In either case, this poses a significant challenge.

Based on these findings, it’s clear that security must adapt to factor in unpredictable behaviors: It cannot be assumed that workers at any level will adhere to security best practices just because the workers are more trained or aware of cybersecurity risks.

Below are recommendations that should be considered to deal with internal security threats as the organization transforms to become digitally connected:

• Acknowledge human error risks: In a recent global survey by the Ponemon Institute in partnership with Aruba, “Closing the IT Security Gap with Automation & AI in the Era of IoT,” nearly half of respondents stated data breaches can be attributed to human error. Establishing a secure defense arsenal is only half of the equation. Organizations also need to acknowledge and plan for risks posed by human frailties. Employees should understand and follow easy-to-perform procedures and policies that adhere to established expectations about sharing and working with sensitive information.  In addition, organizations should establish access policies for anything that connects to the network.  These policies focus not on type of network connection, but on specific roles – finance, engineering, operations, etc. – along with the type of IoT device such as security cameras, smart building controls, manufacturing equipment, and even vending machines. These access policies will help control digitally-savvy employees who know how to skirt around company policies.
• Implement user-friendly security tools. Substandard security implementations lead to poor employee choices and behaviors that add risk. When forced to comply with cumbersome protection policies and procedures that counteract productivity, digitally-savvy workers often circumvent critical protection measures to simplify tasks and accelerate completion of projects and other activities. As part of the planning process, evaluate interfaces and other day-to-day interactions for user-facing security solutions and procedures and reduce the incentives to sidestep them.
• Success relies on closely monitoring behaviors. Fortunately, a new generation of security solutions are now available to help. These new systems harmonize user-friendliness and protection to deliver an enhanced, yet secure, experience.

Thanks to machine learning and other Artificial Intelligence-based technologies, security teams can now do what was heretofore humanly impossible:  granularly monitor behaviors, patterns, and other activities of employees, guests, contractors, and IoT devices. They use AI-based algorithms that automatically seek out anomalies and other minute behavioral changes that are often indicative of a gestating attack. Once the machine-learning technology pinpoints a compromised user or device, it can then be quickly investigated and removed, or otherwise remediated, before the damage is done.

Based on what we’ve learned from these two surveys, organizations can more quickly arrive at a place where employees are actively contributing to the overall protection strategy by simultaneously taking two pathways. One leads to improved usability or even transparency, which ensures that digital-savvy users will not be tempted to find ways around necessary security controls – let’s consider this, the employees will make choices for themselves. The other leverages advanced analytics to quickly spot compromised or negligent users before a real problem occurs – catching bad behavior and reinforcing good lessons before it becomes a problem. Whether organizations decide to reward or reinforce, the end result is a more secure digital workplace.

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.