Of all the causes of cybersecurity breaches within organisations, one of the most prevalent remains human behaviour.

Indeed, according to a Verizon data breach report[1], human error is involved in 74% of data breaches. For this reason, it is vital that security teams shift towards designing human-centric controls that promote and facilitate the use of responsible cybersecurity practices.

Interestingly, analyst firm Gartner predicts[2] that, by 2027, 50% of chief information security officers (CISOs) will adopt human-centric design practices in their cybersecurity programs to minimise operational friction and maximise control adoption among employees.

Concerningly, the Gartner research shows that more than 90% of employees who admitted to undertaking a range of insecure actions knew they would increase risk to their organisation but did it anyway. Designing security controls focusing on individuals rather than on technology or threats recognises employees play a crucial role in cybersecurity and aims to reduce risky behaviour.

Establishing a Human-centric Security Strategy

By adopting a strategy of implementing identity-based security measures, organisations can proactively improve their security posture by establishing defensive practices that help manage threats arising from unpredictable human behaviour. However, for this to work, user actions need to be taken into account.

In this area, the most effective approach is one that focuses on user identity and access controls, and adopting human-centric design. It requires a range of steps including:

Building Simple-to-use Security Controls

If established security processes are complicated, employees will find a way to circumvent them. Security teams need to assess existing controls to understand the experience from the user’s perspective to optimise what works well and eliminate what doesn’t.

Streamlining and Improving Password Usage

Passwords remain a key element of identity-based security, however they can be difficult to remember and manage. Password managers can help users create secure, hard-to-guess passwords using an organised system. This reduces the danger of brute-force and phishing attacks, giving companies greater control over password strength, lessening the need for password resets, and mitigating problems related to shared or stolen passwords.

Establishing a Strong Authentication Method

Authentication methods should be strengthened through a multi-factor authentication (MFA) solution that integrates single sign-on (SSO) and risk-based authentication. The latter improves the user experience by eliminating additional authentication once it verifies that the user has sufficient security according to parameters set in the rules.

Undertake Regular Staff Training

As well as providing regular security awareness training, organisations must develop a compelling value proposition that connects with employees and influences their decision-making. A managed services provider (MSP) can assist in the development and delivery of effective training courses, helping to reduce the likelihood of a human error-induced cyberattack.

The Rise In Identity-based Threats

Taking steps such as those outlined above are also important when you consider the ongoing increase in identity based cyberattacks.

A recent report[3] by the Identity Defined Security Alliance (IDSA) revealed that 90% of organisations with more than 1,000 employees reported at least one security incident related to digital identities during the past 12 months. The number of stolen credentials available for sale on the dark web exceeded 24 billion during this period.

Alarmingly, the Dark Web Price Index shows that credentials can be obtained for as little as $1. This strongly indicates a new approach is needed to combat the rapid spread of identity-based attacks.

The Role of Identity Threat Detection & Response

Identity Threat Detection & Response (ITDR) is a security discipline designed to protect identity systems.  This strategy emerged in 2022 as a Gartner proposal following a series of attacks on IAM infrastructure and encompasses threat intelligence, best practices, a knowledge base, tools, and processes.

The primary goal of ITDR is to improve security around identity-centric infrastructure by detecting, analysing, quarantining, and eliminating or mitigating suspicious activity that targets identity systems. It’s an approach that can be implemented as a part of an XDR strategy.

There are a number of steps involved in implementing an effective ITDR strategy. They include:

• Defining the IAM guidelines: The first step is to identify your organisation’s identity security objectives and the policies and procedures needed to achieve them.
• Deploying strong identity security: Controls used to achieve this can include password managers, multi-factor authentication, web single sign-on and zero trust risk-based policies.
• Setting strong detection controls: These controls identify suspicious identity-related activities. They include configuration monitoring in IAM systems, monitoring of identity-related user activity, dark web credential monitoring, and detection of anomalies in habitual user behaviour patterns.
• Establishing robust response controls: These controls need to include measures such as isolating and disabling synchronisation between systems, gathering information to investigate the severity of the threat, restoring compromised credentials, and blocking suspicious accounts or IP addresses.

Identity and human behaviour-based threats are going to continue to be an issue for organisations in the months ahead. By taking steps now to strengthen security defences, they will be well placed to withstand attacks and avoid disruption and loss.

References

[1] https://www.verizon.com/about/news/2023-data-breach-investigations-report

[2] https://www.gartner.com/en/newsroom/press-releases/2023-03-28-gartner-unveils-top-8-cybersecurity-predictions-for-2023-2024

[3] https://www.prnewswire.com/news-releases/new-study-reveals-only-49-of-organizations-proactively-invest-in-identity-protection-prior-to-a-security-incident-301836114.html