Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Vulnerability Management

02:00 PM
Debby Briggs
Debby Briggs
Connect Directly
E-Mail vvv

Smart Prevention: How Every Enterprise Can Create Human Firewalls

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.

The average cost of a data breach is now $3.92 million, according to IBM and Ponemon. Hackers are taking advantage of the many smart and Internet of Things devices in modern offices, which give them more attack vectors to penetrate networks.

But enterprises are fighting back by training employees to become human firewalls who can secure online resources and act as an added line of defense against phishing attacks. Companies should use technologies such as machine learning and artificial intelligence (AI) to safeguard digital assets further. Combining people and technology is the best way to keep networks and their data safe.

Too Many People and Devices to Protect
There will be more that 20 billion internet-connected devices worldwide by 2020, and that number is growing daily. Many people also employ their smartphones, tablets, and laptops in both personal and professional settings. That may be more convenient, but it heightens the risk of human error because users no longer have a network edge to protect them.

An employee reading personal email on a corporate device bypasses the protections in place. An executive who falls victim to cybercrime on a personal device can similarly endanger the office network.

Phishing scams, which account for more than 90% of these hacks, are disguised in seemingly innocuous messages like banking alerts, travel offers, or (especially during the holiday season) shopping deals. They play on peoples' emotions: An excited or scared user clicks on the link and inputs personal information without asking too many questions.

These attacks are a constant presence in the media, so it might seem surprising that people still fall for them. In recent years, laws like Europe's General Data Protection Regulation and the California Consumer Privacy Act have also highlighted the importance of data privacy.

Users alone aren't at fault, however. Many enterprises don't put time or money into educating personnel on hacking risks. But a properly prepared workforce can be a human firewall that prevents attacks before they begin, so companies must put online safety at the forefront.

Creating a Human Firewall
Everyone from entry-level to C-suite should know how to identify and report breaches so they can defend the enterprise. Training is the most crucial step in this process, and it doesn't need to include rote messages and endless PowerPoint slides. Learning sessions can be humorous, fun, and — most importantly — educational.

One best practice is having the corporate IT department send a simulated phishing email to all employees. Administrators can include a fraudulent offer for a free vacation or other amenity to see which employees recognize the trick. They should then follow up with anyone who clicked the link or opened the attachment to educate them on the dangers of this practice.

Leaders must conduct this instruction in a way that's informative but not heavy-handed. Everyone in the enterprise is on the front lines of this fight, so those with more experience need to help their less-seasoned colleagues rather than shame them.

Once employees know the warning signs, they'll stop falling for hacker schemes. More importantly, they'll start reporting suspicious phishing emails so the IT department can investigate them and keep the company informed about new scams. In this way, the human firewall achieves its real purpose.

The best part is that enterprises don't have to do this work alone. Technology can be an invaluable partner in these initiatives when used correctly.

How Virtual Tools Can Help
Even the best human firewall can't protect and secure a network all on its own. Indeed, 61% of enterprises say they need technologies like AI and machine learning to help detect data breaches. Large companies should use these methods to augment existing processes, thwart attacks, and strengthen security.

Machine learning and AI algorithms study network traffic patterns, email subject lines, and body text. They then compare these elements to a pre-existing bank of malicious content to protect sensitive data and detect threats faster.

If a breach occurs, these technologies can also respond quickly to reduce dwell time. That saves enterprises from client churn, hefty fines, and negative publicity. Companies that put in the effort to develop a robust AI or machine learning interface have more protection against online attacks.

Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets. Business leaders also need to evolve training programs frequently and update their software as new digital dangers emerge. These critical investments in people and technology help protect companies from risk and strengthen emergency response plans.

Cybercriminals never stop attacking networks, so organizations should never stop defending them. Every business needs to educate its staffers about online security, so they become human firewalls. Industry leaders can also keep enterprise systems safe with state-of-the-art digital resources like AI and machine learning. When human ingenuity and smart technology come together, the whole company benefits.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: ""How to Build a Rock Solid Culture"


Debby Briggs has more than 20 years of experience in cybersecurity and has been with NETSCOUT for the last 15 years. Prior to joining NETSCOUT, Debby held various network administrator and IT infrastructure roles with leading companies, including RSA, Healthsource, and GTE. ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-12-10
The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML do...
PUBLISHED: 2019-12-10
In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location.
PUBLISHED: 2019-12-10
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
PUBLISHED: 2019-12-10
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2019-12-10
Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames.