A Breach is Just One Click Away – How to Use Training and Technology to Mitigate RiskBy: Eric Browning
If you've read our blog or followed us on LinkedIn or Twitter, you probably know we talk a lot about the importance of security awareness training. That's because many attacks on enterprise networks are the result of successful spear phishing. Arming your employees with tools to help prevent attacks is a start, but it has to be done effectively and it isn't enough to secure your information.
Effective Security Awareness Training - Arming Your Employees
To err is human so how can we expect people to replicate identical results the same way a computer can? Just as a basketball player can't hit the same shot every single time, we can't expect employees to constantly be on-guard against phishing attacks. Malicious hackers are crafty and good at exploiting the vulnerabilities of human behavior.
Don't get me wrong – end-user education is important, but it has to be done properly, and it has to be part of a more comprehensive security program. When you implement your security awareness training program, here are six recommendations to keep your employees interested:
- Provide Real World Examples – Show your team members why they need to follow policy by providing examples of how real world attacks are conducted. This demonstrates why that policy is in place, and it changes behavior from a ‘why should I care' attitude, to an inclusive, cohesive culture of security.
- Fun is Not a Four-Letter Word – Security awareness training is important, but that doesn't mean it can't be enjoyable for employees. Make it interactive and offer incentives. Teams who participate in the process and learn how hackers work and what can happen are more likely to retain the information and remain more vigilant.
- Avoid Information Overload – Instead of subjecting your teams to all-day-mega-trainings, break them up into smaller groups for shorter, interactive sessions.
- Don't Just Check The Box – Approaching awareness training as a compliance requirement will not motivate employees to change their behaviors. Focus on prevention and identification, and create a program that shares fresh, regular updates.
- Creativity is Key – Not everyone retains information the same way so offer a variety of methods from online training to hands-on activities designed to invest employees in not only the how but the why.
- Assign Awareness Advocates – Have each team assign a security advocate to share regularly provided tips and alerts from your security experts.
Enforce Awareness Policies with Technical Controls
It's important to teach employees about prevention – to keep their passwords private and to avoid clicking suspicious links – but technical controls are imperative to detecting and reacting to what you can't prevent. What happens when they do click on that link? How can you detect when an employee's account has been taken over? Even with proper training, relying exclusively on vigilance does not safeguard against what we all know to be true – people make mistakes.
When it comes to phishing, your first line of defense is your email security hardware; but if it gets into an inbox, is awareness training enough of a defense? Hackers may use no-malware spear-phishing tactics to capture private log-in credentials, going undetected to gain access to an organization's network. This is why technical controls are pivotal to your security program. Two-factor authentication, for example, is a simple way to add an additional layer of security to access an account and eliminate a subset of threat actors from impacting your organization. There are many technical mechanisms designed to help organizations protect their data:
- Advanced Malware Protection and Detection – AMPD helps detect threat actors based on behavior. Analyzing binary behavior in an emulated sandbox environment should be done before the binary reaches the endpoint.
- Log Monitoring – Log monitoring also helps identify known bad behavior by filtering out the operational log noise from what is known to be bad.
- Advanced Endpoint Threat Detection – Advanced threats evade many security controls, making smarter endpoint security and early detection even more important. AETD offers advanced intelligence and visibility to reduce the impact of a potential breach.
Behavioral-based detection mechanisms help safeguard your systems. By setting a baseline for normal behavior, you can better detect when something is not normal. Preparing for the day when an adversary gains access to your network helps mitigate the risk and reduce the impact. Documenting and understanding normal behaviors is key to identifying what isn't normal so you can reduce the time it takes to detect and defend.
 Allan Paller, Director of Research - SANS Institute