Complex Made Simple

Understanding human behaviour is the first line of cybersecurity defence

Hackers now have a wider attack surface to compromise organisations’ data and other critical assets

in the last seven years, more than $1 trillion has been spent on cybersecurity with a 95% success rate — for the attackers! By building capabilities to understand behaviours from context-rich perspectives, we can adapt and cope with risks more effectively while employees are first in line when it comes to defense, they are also the weakest link

Author: Mahmoud Samy, area vice president for the emerging region at Forcepoint

Forcepoint Dynamic Edge Protection, announced in February 2019, will enable enterprises to transform their network and security architectures with seamless connectivity to take full advantage of the cloud across distributed application and network environments. It’s currently being trialled with a small set of clients as we build up to wide-ranging GTM in 2020.

Forcepoint Dynamic Edge Protection will provide an integrated network security solution that supports modernization of enterprise networks for cloud adoption. The solution will offer converged capabilities for SD-WAN connectivity, next-generation firewall-as-a-service with security for Web and Cloud – all as a cloud-first, hybrid-ready service using Forcepoint’s enterprise grade technologies.

Through the converged security platform, Dynamic Edge Protection will deliver security that works everywhere employees are with solutions delivered from the cloud that take advantage of new advances such as behaviour-centric, risk-adaptive security without on-site updates or redeployment.

Highly distributed organizations such as retailers, financial institutions, hospitality providers, and government agencies can use Forcepoint Dynamic Edge Protection to significantly reduce the cost and complexity of connecting their hundreds or thousands of remote locations in a highly secure and manageable way. The solution’s “zero footprint” can replace disparate hardware appliances deployed at each site with integrated, behaviour-centric security services delivered from the cloud.

Read: Gitex H1 UAE Threat Landscape in Review: Heavily prone to malicious cyberattacks

How are companies in the region impacted by the sophisticated ways hackers target employees?

We are witnessing a rapid development of technology adoption in the Middle East. This means hackers now have a wider attack surface to compromise organisations’ data and other critical assets. In fact,in the last seven years, more than $1 trillion has been spent on cybersecurity with a 95% success rate — for the attackers. We’re seeing businesses throw money at the problem, but they aren’t feeling any safer. We’re seeing hackers target people — not silicon— and businesses need a solution that addresses that.

There is no silver bullet for cybersecurity, as risk will never entirely disappear. We can do a better job by integrating behavioural analytics and through understanding humans – they are our biggest assets and our biggest risks. Forcepoint helps organizations to understand the rhythm of their people (how, what and why people use data) and the flow of their data (how and where the data is going) – and this is becoming a strategic requirement for a modern security plan.

Businesses need to ensure they have the tools to proactively identify and mitigate user activity that could be putting its sensitive data at risk. We need to encourage and empower employees to be part of the solution. 

Read: $147m Goldman Sachs funding for Acronis brings Middle East markets into its crosshairs

How can businesses ensure to proactively identify and mitigate user activity that could be putting its sensitive data at risk?

Risk is never going to disappear – it’s time to take a different approach. That difference is Forcepoint’s behaviour-centric approach. We need to understand risk in context, and that means understanding human behaviour. Understanding behaviours and risk is not always black or white – and what looks risky for a one person may not look risky at all for another, depending on their identity characteristics and behavioural patterns. By building capabilities to understand behaviours from context-rich perspectives, we can adapt and cope with risks more effectively.   Effectiveness also allows people to continue doing their work seamlessly while building systemic resilience to risks. 

The good news is that our recent Middle East survey found that nearly 90% of IT leaders believe in the power of behavioural analytics in stopping breaches. However, more than half aren’t yet using this. This represents an extreme opportunity to build better protection against the most sophisticated attackers across the Middle East. 

A company’s employees are its largest attack vector, while also being its strongest first line of defense – please elaborate on this point?

When you think about it, everyone in an organization is touching data that is either critical to the company or the personally information of another person. Understanding how that data is used (or abused) is a critical part of the defenses that employers want to put in place. So, while employees are first in line when it comes to defense, they are also the weakest link. The only way to do this is by understanding their behaviours and work patterns. 

Forcepoint monitors employees, but we have a rigorous framework in place with safeguards to protect individual privacy. We believe that anything which diverges from the norm can be used as first line of defense to stop hackers.

Read: What is an eSIM, and how can it benefit your business?

What is the role of behavioural analytics is combatting breaches?

Today, security needs to be approached from a human-centric perspective – tracking the rhythm of people to identify patterns and potential threats. Understanding behaviour of identities on the network is a very cutting-edge approach to tackle breaches. By adopting a behavioural-centric security model, companies in the Middle East can improve their businesses and reduce risks. This model is based on a deep understanding of the people (or entities – such as devices or machines) companies trust, which ensures that the people who are connecting to company’s network are behaving responsibly. 

We believe so strongly in the power of behavioural analytics in cyber security, that we recently launched Forcepoint X-Labs division, the world’s first dedicated research division that combines deep security expertise with behavioural science research. The new X-Labs team will use data insights from the entire Forcepoint product portfolio to drive innovation in modern, risk-adaptive security solutions.