Security professionals aren’t satisfied with their current security tools. What’s more, they believe the growth of cloud and mobile makes it harder to track critical data. And their biggest realization? They have to focus less on technology and more on a better understanding of human behavior.
Those are the results of a global Forcepoint survey of 1,252 cybersecurity professionals. Consider these highlights:
- Only 36% reported being very or extremely satisfied with their current security tools.
- Nearly half – 46% – said they are very or extremely concerned about the co-mingling of personal and business applications on mobile devices.
- Fifty-eight percent said they have only moderate or slight visibility into how employees use critical business data on mobile devices or cloud services.
- And 80% say it is very or extremely important to understand how users interact with data. In addition, 78% say understanding the intent behind that behavior is very or extremely important, but less than a third (28%) said they are very or extremely effective at doing so.
The answer to these challenges is to focus on what Forcepoint calls the human point: The intersection of users – wherever they are, data – wherever it’s stored or processed, and networks which connect them – and where security either fails or succeeds.
Take, for example, email, which respondents called one of their top security risks. Nico Fischbach, Forcepoint’s global chief technology officer, says the performance of email security tools is not the real issue. Instead, “security professionals should focus on accepting that users will keep clicking on suspicious emails,” he says. IT and security professionals need to not only step up email security training but adopt tools that focus countermeasures on the riskiest user behavior.
The same is true for the use of analytics to identify suspicious patterns around user activities and devices. Of the 27% of respondents who reported using such approaches, 49% said it made security only slightly easier, with 33% saying it actually made security slightly or much more difficult.
Analytics can deliver much better results, says Fischbach, if it is fed with data not only coming from servers, applications and network telemetry, but also about people. That’s why Forcepoint acquired Red Owl, whose user and entity behavior analytics combines structured and unstructured data to provide holistic visibility into nuanced human activity, patterns, and the long-term trends that comprise human risk.
With such understanding, security pros can configure tools to “treat folks who are least contextually dangerous in a certain way and treat those who are more contextually dangerous in a different way,” says Brandon Swafford, Forcepoint’s chief technology officer of user and data. Such efficient, automated “intelligent adaption” of policy enforcement can help companies of all sizes better protect data even in a world where traditional network perimeters are dissolving.
Forcepoints’s human-centric cybersecurity systems protect your most valuable assets at the human point: The intersection of users and data over networks of different trust levels. Visit www.forcepoint.com