Cybersecurity Answers

What are the biggest problems we face in cybersecurity?

The human element is behind

some of the most critical security attacks that we've seen,

everything from wiring millions of dollars to attackers

to clicking on ransomware

that causes hospitals to shut down.

I'm Masha Sedova, VP of human risk management at Mimecast,

and I'm here to answer your questions.

This is Cybersecurity Answers.

[upbeat percussive music]

Everyone is talking about human risk management,

but what does that actually mean?

Human risk management is all about addressing

the user-initiated incidents of an organization.

8% of the workforce is responsible

for over 80% of incidents.

When you understand where your risks are,

you can take better action to better secure organization.

What are some practical ways companies can address

the non-malicious human element

that accounts for a significant portion of data breaches?

Non-malicious actions by employees

are one of the biggest sources of incidents

for security teams.

While malicious users really cause a lot of damage,

non-malicious users make up nearly 63% of all incidents

security teams have to deal with,

so the first step in dealing with this problem

is to understand first where employees are

on the risk rating.

Are they repeat offenders?

Do they make mistakes once and course-correct?

Once you have visibility

into the kind of risks that employees pose,

you can start tailoring your interventions appropriately.

How do you get busy employees

to prioritize cybersecurity training?

I love this one.

What research shows is that most employees

tend to ignore the security trainings that they get,

they mute it, fast-forward to the end

and just brute-force the quiz question,

and we do this because it's not relevant

to us as individuals,

and so, when we provide security training and feedback

that is tailored to your experience

because of your actions, whether or not good or risky,

we are going to be paying attention much more

as employees of a workforce.

Here's a good one.

What tools help identify risky users and mitigate threats?

In order for an organization

to mitigate human-centered threats,

they first need to have visibility into it,

so when we think about tools and technology

that help us do this,

a human risk-management platform does exactly that.

When you ingest data from security tools

in your environment, you get visibility

in what kind of employee actions people are taking,

both good and bad.

At Mimecast, our human risk-management platform

lets our customers do exactly that.

Once you have that kind of visibility in your organization,

you can see who your high-risk users are,

who your low-risk are, who are repeat offenders,

what kind of geographies and managers you need to focus on.

The threat landscape has gotten really sophisticated.

What should cybersecurity

and IT professionals be thinking about?

Phishing attacks have evolved significantly,

especially with the introduction of AI

on the threat landscape.

Not only do we no longer trust email,

which has been around for a long time with phishing attacks,

but now, we can no longer trust

many other forms of communication,

voice, video to name a few.

This has been the bread and butter

of Mimecast for over 20 years.

Things like deep-fakes and AI-generated phishing

can be really difficult for an employee

to detect on their own, when partnered with a technology

that can help with things like probability ratings

of whether or not it is a deep-fake or a spoofed voice,

we have to rely on technology

to help supplement the way we detect attacks,

but it also really changes the game

for how we think about securing the workforce,

it's not about more training,

it's about the kind of outcomes

the training's trying to drive,

and ultimately, partner the technology with our workforce

to be able to detect our new era of AI-based attacks.

[upbeat percussive music]