Advertisment

Understanding user behaviors and intent is crucial for investing right in security

author-image
Soma Tah
New Update
insider threats

For years, the cybersecurity industry has focused primarily on securing technology infrastructure. The challenge, however, lies with this approach only, reveals Forcepoint's new study. The survey’s results reveal a potential upside associated with understanding users’ behaviors and intent as they interact with critical business data, such as intellectual property.

Advertisment

“By understanding how, where and why people touch data, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives,” said Matthew P. Moynahan, chief executive officer at Forcepoint.

“In order to detect, understanding human behavior is curial. For us to be in forefront, industry needs to understand how, where and why people touch confidential data and IP which will enable businesses to focus their investments in the right kind of cybersecurity initiatives.” said Surendra Singh, Country Director, Forcepoint.

Key findings presented in the report include:

Advertisment

Data Sprawl and Eroding “Network” Boundaries: Corporate networks are no longer tightly controlled entities with clear boundaries. The definition of a corporate network must be reconsidered given the expansive nature of applications, systems and infrastructure connected to critical business data. For example, respondents reported a variety of systems with limited corporate control are used in the context of critical business data, such as private cloud services (49 percent), BYOD laptops or other devices (28 percent), removable media (25 percent) and public cloud services (21 percent).

In addition, the growing use of BYOD and corporate policies allowing social media usage is creating concern. In fact, nearly half of respondents (46 percent) are very or extremely concerned about the co-mingling of personal and business applications on devices such as smart phones.

Losing Visibility of Critical Business Data: Data sprawl is making it more difficult for cybersecurity professionals to maintain visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and employee services (e.g., Google Drive, Gmail). Only seven percent have extremely good visibility; 58 percent say that have only moderate or slight visibility.

Advertisment

Vulnerabilities at the Intersection of People & Content: There are many points where people interact with critical business and data and content, ranging from email to social media to third party cloud applications and more. Email, by far, was gauged to present the greatest threat. In fact, 45 percent of respondent named this as the top risk. Mobile devices and cloud storage were also deemed significant areas of concern.

Respondents were also asked to assess vulnerabilities associated with actions of people, ranging from inadvertent behaviors to criminal intent. Overall, malware caused by phishing, breaches and BYOD contamination, for example, along with inadvertent user behaviors were seen as the number one risk by respondents; each was named to the top spot by 30%.

Technology to Strengthen Cyber: Those surveyed do not hold high hopes that more cybersecurity tools will improve security; only 13 percent strongly agreed these investments would improve security, while 48 percent only slightly or moderately agreed. This could be, in part, due to the low levels of satisfaction with existing tools. Only four percent were extremely satisfied with cybersecurity investments to date.

Advertisment

A Focus on Cyber Behaviors and Intent: As cybersecurity professionals look to get a better handle on the risks that might be posed to critical business data, the questions of behaviors and intent are rising priorities. Overall, Forcepoint’s study shows that while there is agreement that understanding behaviors and intent is vital to cybersecurity, most companies are unable to effectively do so.

An overwhelming majority of respondents – 80 percent – believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data. Further, 78 percent believe understanding intent is very or extremely important. However, only 31 percent said their companies are very or extremely effective at understanding behaviors; only 28 percent responded similarly in the context of understanding user intent.

However, there appears to be agreement on an approach that could serve to bolster security: focusing on the point in which people interact with critical data to better understand behaviors and intent. In fact, 72 percent of respondents – the vast majority – strongly agree or agree that doing so will help prove results and costs associated with cybersecurity investments.

cyber-security security