Just in time security
Ankush Johar
Ambassador Global Cyber Alliance | Co-Founder Elite CISOs Global | Director - InfosecVentures, HumanFirewall.io, EmailAuth.io, BugsBounty.com, Wireless Federation and Lloyds Ventures. @ankush
Imagine your user inserts a USB drive, It gets blocked - Great. But now you can send them an email telling them that they lost 50 points for bad cyber security behaviour. To gain this back, they need to complete a 2 min training that tells them the "WHY" this was dangerous for the org and them personally. They pass the quiz, and BAM! They get the 50 points back.
Alternatively, they report a real phishing attack, and the SOC confirms it as a real attack, cleans the attack from across hoards of users, and BAM! 100 points get credited to their profile.
Reward good behaviour, and correct bad behaviour, now, just in time, when it matters the most, and you can change behaviour, one security event at a time, to change things at scale!
It’s estimated that about 90% of all security incidents are caused by human actions. This statistic underscores the critical need for effective security awareness training that not only educates but also engages employees in meaningful ways.
Enter Just in Time Security – a game-changer in personalised cybersecurity education.
Challenges in Traditional Security Awareness Training
Traditional security awareness training methods often fall short in several key areas:
? Time-Consuming: Industry standards demand 6-8 hours of training per employee per year, which is a significant time investment.
? Low Engagement: Only a fraction of employees actively engage with these training modules, leading to a lack of measurable ROI.
? Inefficient Targeting: A small percentage of the workforce is responsible for the majority of security incidents, yet training is uniformly distributed, missing the mark on high-risk individuals.
The Just in Time Security Solution
Just in Time Security addresses these challenges head-on by providing bite-sized, personalised security awareness lessons tailored to each employee’s unique risk profile. Here’s how it works:
1. Data-Driven Identification: The platform identifies the top 20% of risky users who account for over 90% of incidents by analysing security detection data.
2. Personalised Training: It leverages this data to create personalised, contextual lessons for these high-risk users, ensuring the training is relevant and engaging.
3. Automated Campaigns: Once teachable moments are identified, personalised training campaigns are automatically launched, targeting specific users with the most relevant content.
领英推荐
Key Benefits
Implementing Just in Time Security yields significant benefits:
? Reduction in Security Risks: Organisations can see a measurable reduction in security incidents, including over 90% reduction in malware-related issues.
? Increased Engagement: Over 90% of employees engage and complete the personalised lessons, thanks to the contextual and relevant nature of the training.
? Time Efficiency: There’s a substantial reduction in the time employees spend on security awareness training, freeing them to focus on their primary responsibilities.
? Compliance Reporting: The platform generates reports that satisfy compliance requirements for standards such as NIST, ISO 27001, HIPAA, PCI-DSS, and SOC II.
? Enhanced SOC Efficiency: With fewer security incidents, Security Operations Center (SOC) analysts spend less time investigating, allowing them to focus on more critical tasks.
How It Works
Just in Time Security operates through a series of well-orchestrated steps:
? Integration with Security Platforms: The platform integrates with various security tools to pull detection data and formulate a coaching plan.
? Recommendation of Teachable Moments: It recommends personalised, teachable moments for every employee based on the latest security detections.
? Engaging Training Content: Employees receive targeted, contextual lessons through various formats, including games, comics, posters, text messages, newsletters, and traditional online training.
? Customisable Templates: Administrators can customise coaching templates to suit their organisation’s specific needs.
Conclusion
Just in Time Security represents a paradigm shift in how organisations approach cybersecurity awareness training. By focusing on personalised, data-driven training for high-risk users, it not only reduces security risks but also enhances employee engagement and operational efficiency. In an era where cyber threats are constantly evolving, Just in Time Security provides the timely and relevant education needed to keep organisations safe.
For more information on how Just in Time Security can benefit your organisation, contact the HumanFirewall team. Its the difference between a good, and a great program for Human Risk Management.