Human Detection and Response: A New Approach to Building a Strong Security CultureHuman Detection and Response: A New Approach to Building a Strong Security Culture
Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.
March 23, 2023
Human detection and response (HDR) is a new approach to cybersecurity that focuses on identifying and responding to threats that originate from human activity, such as phishing attacks or social engineering tactics. Traditional security awareness training (SAT), on the other hand, aims to educate employees on best practices for staying secure online and avoiding common cybersecurity risks.
A key difference between HDR and SAT is what they focus on. While SAT typically emphasizes prevention, HDR focuses on analyzing and responding to security incidents that have already infiltrated an organization. This can include monitoring network traffic for unusual behavior, analyzing user behavior to identify potential insider threats, and users neglecting to follow an organization’s IT policies.
These events typically consist of security alerts, based on indicators of compromise (IoCs), that are collected by an organization's existing security stack. These are used as triggers to generate an alert to dedicated technologies that sit alongside traditional security categories within the security stack, such as firewalls, intrusion prevention, extended detection and response tools, and security event and information management systems. These dedicated technologies are uniquely positioned to monitor, identify, detect, and respond to user-related security activity and behavior.
HDR and traditional SAT are complementary. By enabling users to make better security decisions, security awareness training helps prevent many common social engineering threats. Meanwhile, HDR provides an added automated layer of protection by analyzing and responding to threats that may have slipped through the cracks. Combined, SAT and HDR help to actively reduce risk to organizations.
A Multifaceted Approach to Building a Security Culture
HDR is an effective tool for building a strong security culture within an organization. By emphasizing the importance of analyzing and responding to security threats, HDR helps employees understand the critical role they play in protecting sensitive data and systems. This creates a sense of ownership and responsibility around cybersecurity, encouraging employees to take a proactive approach to security.
HDR integrates a mindset of security into the daily operations of employees. It fuels an intrinsic motivation in employees to make better security decisions by employing nonintrusive, behavior-boosting techniques that increase the user's awareness and responsibility levels.
Additionally, HDR helps reinforce the message that security is everyone's responsibility, not just the job of the IT department. By involving employees in the detection and response process, organizations create a culture of vigilance and collaboration that encourages individuals to watch out for one another.
By integrating HDR into a broader security awareness program, organizations create a culture of security that permeates all levels of the organization, from frontline employees to executives. This leads to a more secure and resilient organization that is better equipped to protect against a wide range of cyber threats that target an organization’s largest attack surface: their employees.
Addressing the Security Layer of Human Risk Management
HDR significantly improves an organization's ability to manage human risk by automatically responding to threats that arise from human activity. By monitoring user behavior and analyzing data for anomalies, HDR detects and mitigates risks such as insider threats, phishing attacks, and other social engineering tactics. This helps organizations address human risk, minimize the impact of security incidents, and ultimately protect sensitive data and systems from compromise.
Because of the automated nature of HDR technologies and their integration in an existing security stack of an organization, they provide a proactive form of security. Where traditional security measures that focus on the human factor often take an approach of trying to prevent attacks, HDR acts at the moment an attack has slipped through these prevention methods. It provides an additional layer of security through real-time detection and response, thereby increasing the organization’s resilience and reducing risk.
The Three Big Benefits
The three biggest benefits are increased visibility for security operations through specialized threat detection and response, improved incident response times, and enhanced visibility and control by giving security operations the ability to enable response mechanisms in response to risky user behavior.
First, HDR enables organizations to analyze and respond to attacks that originate from human activity, like phishing attacks or social engineering tactics that have successfully escaped the users’ notice.
Second, by automating the detection and response process, HDR significantly reduces security operations center (SOC) alert noise and incident response times, minimizing the impact and damages of security incidents on the organization.
Finally, by providing enhanced visibility and control over user intended and unintended behavior, HDR helps organizations manage human risk and protect sensitive data and systems from compromise.
About the Author
Jelle Wieringa has over 20 years of experience in business development, sales, management, and marketing. In his current role as security awareness advocate for EMEA for KnowBe4, he helps organizations of all sizes understand why more emphasis is needed on the human factor, and how to manage the ongoing problem of social engineering. Previously, Wieringa was responsible for building an AI-driven platform for security operations at a leading managed security provider. Wieringa holds the SACP certification.
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023