This post was from the September edition of our newsletter. Want to get content like this delivered straight to your inbox for free? Sign up here!
|
Are you telling me a human fired that wall?
|
|
|
|
| Denethor isn’t the only human firewall joke we’ll make this edition. Be warned.
|
|
| The human firewall is one of the most fundamental aspects of a strong cybersecurity culture, and is one of those things that every organization needs to cultivate. It just might be the thing that saves your company. Let’s dive into the two big questions you gotta ask when exploring a new topic: What is the human firewall, and why is it so important? | |
What is the Human Firewall? |
|
| Unlike a technical firewall that silently blocks threats in the background, the human firewall is about people making conscious choices: questioning odd requests, reporting suspicious emails, and staying alert to new scams. It’s a living, breathing defense system that adapts as attackers change their tactics. | |
| The human firewall consists of whatever specific training, documentation, education, or policies that companies have put in place to help up-skill their workforce, show them how to spot potential dangers, and how to respond to them. This can include security awareness training, mock phishing campaigns, | |
| Think of it as a last line of defense so that when (and not if!) security tooling fails, the humans at an organization still stand a chance against falling victim to a cyber attack. Think of it as a bonus to your org’s investigation skill checks!
|
|
|
|
| In Dungeons and Dragons, you investigate… when you want to investigate.
|
|
| When implemented properly, the human firewall is especially interesting because it’s a responsibility shared equally by all members of an organization, not just dedicated security resources or upper management. | |
Why is the Human Firewall so Important? |
|
| Simply put, because 74% of breaches involve the human factor. This means that in nearly 3 out of every 4 breaches, someone made a mistake, gave up information, allowed access, or otherwise contributed to the breach event. | |
| The human firewall is so much more than just sending out recurring mock phishing campaigns and playing security awareness videos; it’s about building a security-aware culture that knows just how vulnerable it is if even one team member fails to take the threats out there seriously. Let’s look at some other numbers: | |
|
|
| These numbers support main argument: the human firewall matters because the overwhelming majority of attacks require a human to grant access. This can mean clicking on an email, downloading a file, answering the wrong questions, sending money to a mysterious bank account, etc. Wouldn’t it make sense then, that we focus our efforts on improving the human firewall? | |
Got it, so human firewall is all I have to worry about, right? |
|
| Not so fast! Here’s the real important part to keep in mind when you look at these numbers: often times, the reason why the human element seems to be the weak point is because there is powerful tooling in place that helps prevent other attacks, such as Managed Detection and Response platforms, email filters, and Multi-Factor Authentication. | |
| Security tools are your walls, and the human firewall is your gate: you can’t just have one or the other, they work together.
|
|
|
|
| Obi-Wan Kenobi was actually trying to warn Anakin not to rely exclusively on security tooling. Unfortunately, Anakin didn’t focus on the right things and became a different kind of human fire…wall… Ok this is the last firewall joke I promise.
|
|
Conclusion |
|
| If you don’t have anything in place that proactively educates and trains your workforce to be more cyber aware, you are at a substantially greater risk of being impacted by a cyber attack. | |
| Here’s the bottom line: Investing in developing your organization’s human firewall can reduce the risk of a security incident by 70%. If that aligns with your business goals, let us know and begin taking steps towards a better security posture today! |
