50% of CISOs will adopt practices focused on human behavior
Today, the human factor still plays a role in most cybersecurity incidents. Human error is involved in 74% of data breaches. It’s essential to shift towards designing human-centric controls that promote and facilitate the use of responsible cybersecurity practices among employees.
Gartner predicts that by 2027, 50% of chief information security officers (CISOs) will adopt human-centric design practices into their cybersecurity programs to minimize operational friction and maximize control adoption among employees. The firm’s research shows that over 90% of employees who admitted to undertaking a range of insecure actions knew they would increase risk to their organization but did it anyway. Designing security controls focusing on individuals rather than on technology or threats recognizes that employees play a crucial role in cybersecurity and aims to reduce the likelihood of risky behavior.
How to establish an identity-based, human-centric security strategy
By implementing identity-based security measures, organizations proactively improve their security posture by establishing defensive practices that help manage threats arising from unpredictable human behavior. However, for this to work, we need to take user actions into account. The most effective approach in this respect is one that focuses on user identity and access controls, adopting human-centric design. Enlisting the help of an MSP can be particularly beneficial so that you can take the following recommended steps:
Designing easy-to-use security controls:
Gartner also predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT visibility. This further indicates that if established processes are complicated, employees will find a way to circumvent them. We need to assess existing controls to understand the experience from the user's perspective to optimize what works well and eliminate what doesn’t as this will reduce potential errors substantially.
Improving password use:
Passwords are a key part of identity-based security, but they can be difficult to remember and manage. Password managers can help users create secure, hard-to-guess passwords using an organized system. This reduces the danger of brute-force and phishing attacks, giving companies greater control over password strength, lessening the need for password resets, and mitigating problems related to shared or stolen passwords. Enabling users to create different passwords for all their digital accounts, without remembering them all, simplifies user access without compromising security.
Establishing a strong authentication method:
Authentication methods need to be strengthened through a multi-factor authentication (MFA) solution that integrates single sign-on (SSO) and risk-based authentication. The latter improves the user experience by eliminating additional authentication once it verifies that the user has sufficient security according to the parameters set in the rules.
Investing in team member training:
Apart from providing regular security awareness training, you must develop a compelling value proposition that connects with employees and influences their decision-making. An MSP can assist in the development and delivery of effective training courses, helping to reduce the likelihood of a human error-induced cyberattack.
Identity-based security is a multi-layered approach that requires continuous monitoring, updates, and enhancements. To be effective, organizations must implement powerful solutions capable of protecting them and providing the facilities that users need to make use of them.