Artificial Intelligence & Machine Learning , Events , Next-Generation Technologies & Secure Development
Human Risk Crisis: 8% of Employees Cause 80% of Incidents
Mimecast's Masha Sedova on Using a Metrics-Driven Approach to Mitigate Human RiskVerizon's 2024 Data Breach Investigations Report shows that 68% of all breaches in 2023 involved the human element. But organizations have not evolved their approach to addressing human risk, said Masha Sedova, vice president, human risk strategy, Mimecast. Traditional security awareness initiatives, often fixated on training participation and engagements, are inadequate in mitigating incidents triggered by employees' risky behaviors, she said.
See Also: Safeguarding Election Integrity in the Digital Age
To overcome the limitations of traditional security approaches, businesses need to "look at the kind of security tools" they have in place and "the risky decisions that employees make that are tied to the logs that you're collecting in the security tools. You can pull that in to start creating a security credit score," Sedova said.
She suggested using artificial intelligence and machine learning to examine the data generated by these security tools and "find key pockets of risks that you need to focus on. What we're seeing in our datasets is that about 8% of employees cause 80% of incidents. When you have a large dataset like that, being able to lean into machine learning and AI to help find key trends and analysis is a huge game changer."
In this video interview with Information Security Media Group at RSA Conference 2024, Sedova also discussed:
- The challenges of using only reactive, network-centric security solutions;
- Fortifying defenses via the dual approach of controlling access and verifying endpoints;
- Demonstrating ROI by tying human risk management programs to reductions in user-initiated incidents.
Sedova co-founded Elevate Security to help organizations identify risky employees, reduce the likelihood of future incidents and proactively defend their workforce. She has more than 20 years of leadership experience and previously worked for Salesforce and the National Cyber Security Alliance.