There are many layers within today’s security landscape. The most talked about in cybersecurity is, understandably, often the technical layer. Businesses have for years implemented purely technical solutions to try to remedy internal and external risks to their security. These include technologies for perimeter protections, like firewalls, and those designed to identify what’s going on within an organization, like malware detection platforms.
But an often-overlooked layer is the most important of all, and the one closest to home: the human layer.
The impact of human behavior on data security is unavoidable. It’s simply a fact of life. Even the most attentive and conscientious employee will occasionally slip up or choose to act outside of security policy, and those incidents can have broader consequences than you might think. Something as simple as accidentally sending an email to the wrong person can cause a major data breach if privileged or sensitive information is subject to unauthorized access—and research shows that 78 percent of IT leaders believe employees may have accidentally put data at risk within the past 12 months.
Traditionally, it’s been difficult to truly secure the human layer. People are unpredictable—training and awareness can only go so far, and static technologies can’t flex to respond to different and emerging risks. Fortunately, the rise of machine learning technology has placed new, highly effective protections in the hands of security defenders.
Email Breaches Regularly Put Organizations at Risk
As of late 2019, the average cost of a data breach exceeded $8 million in the United States. While larger organizations may be able to absorb that damage, it is often enough to put smaller companies out of business. And indeed, records show that approximately 10 percent of organizations that suffered a breach in 2019 were forced to close their doors later that year.
Despite the many new tools available to today’s businesses, our research has shown that the application that remains most vulnerable to a breach is the one we’ve been using for decades: email. In fact, one in three finance industry respondents to our survey admitted that they had personally broken company policy by accidentally sharing data via email to the wrong recipient.
Email has a wide surface area for risk, as it’s vulnerable to both inbound and outbound threats. Phishing emails were the culprit in 41% of surveyed cases, while 31% said they had simply sent information to the wrong person. In the past year alone, nearly half of all respondents indicated that they had received a recall message or email asking them to disregard a previous email sent in error. Think about how many emails your business sends and receives in a given day. Even if only one in every hundred, or even every thousand, is misdirected, those small percentages can result in large repercussions for the business. And it’s actually happening far more regularly.
We May Not Understand Human Behavior, But We Can Predict It!
Humans are complex creatures—it’s part of what makes us great. But it also means that protecting the human layer of any organization is a critically important aspect of cybersecurity. Thanks to today’s advanced artificial intelligence and contextual machine learning technologies, we are more capable than ever to predict the unpredictable and stop human-activated data breaches. Simple mistakes like misdirected emails are a major concern for IT professionals, but today’s human layer security technology is capable of learning what constitutes normal behavior and flagging anything that doesn’t fit the bill. Our own research has taught us that accidental internal breaches keep IT professionals up at night, but it’s a problem that—thanks to modern technology—is increasingly solvable.