The Human Firewall

Show Notes

In an era where cybersecurity breaches are rampant and data breaches make daily headlines, organizations are increasingly turning their attention to fortifying their defenses against digital threats. However, amidst the focus on sophisticated software, A.I, and firewalls, there's a critical component often overlooked: the human factor.

Tune in to discover how you can harness the power of the human firewall to safeguard your organization's sensitive data, mitigate risks, and stay one step ahead of cyber adversaries. 

Support the show

Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Transcript

EP 63 – The Human Firewall

 

 

Episode Recap:

·      What is a human firewall? 

·      Recipe for an excellent human firewall

·      How can you be a stronger human in cybersecurity

 

 

What is a human firewall?

·      As they say in cybersecurity show business – the human chain is only as strong as its weakest link. We can also say a thread usually breaks from where it is thinnest. Whichever idiom you decide to use, this expresses the success or failure of an organization cybersecurity hygiene depends on each member of the group – if one person fails, the whole group fails which leads to severe consequences when you are dealing with a cybersecurity incident. The term “human firewall” refers to a group of people in your business who offer an added line of defence against cyber attacks. To supplement your cybersecurity efforts, train your employees on how to prevent data loss, identify malicious activities, and protect your systems. Baking this into the organizations culture is key. 

·      How can this protect you against cyber threats? Well considering that the human factor is 95% of biggest causes of common security breaches, this should not go unnoticed. Millions of businesses, big or small, have to consider the repercussions on relying just on. Hardware and software-based defences. This is not enough. Implementing a robust cybersecurity solution that factors in the human element is extremely vital. Staff and employees are the weakest link in all organizations. In cybersecurity, we have the mountain of data and personal stories to prove this time and time again. 

·      Behind every cyberattack on an organization there is a human being responsible. According to the data, there is a staggering amount of cyberattacks today that occur due to human error, such as – phishing emails, clicking on malicious links, installing malware, phone scams, and not following cybersecurity best practices. Many employees think cybersecurity is just the responsibility of IT or third party tech vendors.

·      To build a strong human firewall, companies must provide extensive education, simulation, training and relevance to workers. Cybersecurity awareness training should not take place in the company’s core product or service but in employees specific roles and metrics. 

·      Before any of this remote work from home stuff became cool back during the COVID-19 days, I have been preaching to businesses to adopt this cybersecurity mindset when it comes to all their organizations, regardless of size and budget. All of you need to cultivate a strong cybersecurity culture within your business in order to thwart most of the cyber-attacks out there today. From my experience, many organizations have well-meaning intentions, however, the leadership or management teams lacked the real leadership to move this cybersecurity mindset into their organizations correctly. I always say leaders need to lead by example, and if you are a CEO or manager of an organization who is not taking cybersecurity seriously, or even living the security culture, then their examples will not be followed by their own staff. Cybersecurity training is not a one-and-done ordeal. Many of these cybersecurity trainings I do for businesses are completed, there is a process called the “Forgetting Curve” where people, over time, forget the training and eventually go back to their old habits. Cybersecurity is constantly evolving, and it is that cat and mouse game, meaning knowledge should be updated and refreshed constantly. 

 

The Recipe for an excellent human firewall

·      I have experienced corporations spend massive amounts of money on cyber prevention tools while leaving themselves vulnerable with the lack of human firewall implementation. I also experienced many businesses who simply did not have the budget for IT and Cybersecurity preventative technologies, or the solutions were cost prohibitive. I always say to all these organizations, spending money or not, that 95% of cybersecurity breaches are due to human errors. When you have a business that is not educated, any investment tools won’t be 100% effective. 

·      You need to create a multi-layer line of defence; this starts and ends with your strong human firewall. Let me list the recipe that could help you build your successful human firewall.:

o   Employee education – this should be #1 priority for all businesses, shapes and sizes. You need to make sure you are all on the same page when it comes to cybersecurity best practices. Remember, training is an ongoing process and this is not a one-time event. I’ve seen it from personal experience, making training sessions more regular will keep peoples mind sharp of the latest cybersecurity threats and best practices they need to employ daily.

o   Offering Incentives – No I don’t mean pizza parties, what is with companies doing this? Anyways, an incentive does not have to be massive or expensive, just by giving people recognition by following the correct protocol. 

o   Include all departments – the cybersecurity problem is not IT or cyber experts responsibilities, its everyone. Include management, HR, part time employees, etc. Even test your technical team too. I’ll be the first to admit that some IT/Cybersecurity people can be egotistical to the point where they will become a threat without knowing it to their organization. I say this not to criticize all people in my field, but from personal experience seeing some individuals who hold the key to the cyber kingdom. This is why it is so important to include management or those decisions makers be on the same wavelength to “encourage” the technical people to make changes. 

o   Equip the humans with the right tools – Even with the training and knowledge, you still need to give the team the tools to report or being able to properly inform and fight cyber risks. By implementing protocols to flag an incident to have an alerting system can come handy during issues. Some tools such as MFA

o   Don’t overwhelm your people – Even after your people have been made aware in what to look for against a social engineering attack, for example. Don’t feel the need to assume they will fully understand or to continue constant phishing simulations. They should understand that online security should not just rest on the IT or Cybersecurity teams, however, by keeping clear communication with your staff, regular updates and reinforcements, straightforward best practices, and by promoting a security culture – eventually your teams across all departments will understand the need to report or second guess these evolving threats in the workforce. 

·      By combining these strategies organizations can strengthen their human firewall and reduce the risk of falling victim to various cyber threats. It's crucial to create that cybersecurity culture where individuals are proactive in protecting themselves and the organization from potential cyber risks. So what does this mean?.. 

 

How can you be a stronger human in cybersecurity

·      Let’s be honest here, we are all not perfect, we all do something that goes against our better mindset. This is the epitome of being human, we all make mistakes; however, we cannot always use this as an excuse for not being vigilant.  During the pandemic period, this really affected business operations digital resilience, scaled remote and the outbreak on cyber threats. These challenges went beyond the four walls of an organization into all manners of networked environments and introduced a new ways of working. 

·      Human firewalls are part of the longer-term offense. We cannot always rely on A.I. to make predictive outcomes to help businesses – although this automation is better today at managing the volume of protentional threat vectors. Today, humans remain the focused knowledge controls, context, knowledge and exploitability. In time I am sure A.I. will play an even bigger role at threat detection and resolution, but, humans today are still responsible to threat detection and remediation. 

·      The true resilience requires the human firewall to be firmly in place, in which every employee is trained, equipped, and empowered, outnumbering the bad actors with their security-minded workforce. By allowing your employees to make inquiries or decisions in the security-landscape you increase the protection surface. Many of these behaviours can start from the top, and not a great expense either. I understand that the barrier to entry is money to most businesses, but by simply understanding the requirement the curiosity will pull towards the information that an organization needs. Consider the fact that countries have cybersecurity initiatives for businesses is a big step in the right direction. However, many for-profit organizations use this as an opportunity to exploit the landscape which brings some sort of resentment from those who could just use some simple advice to get the ball rolling. 

·      Anyone can lay the groundwork of a strong culture of security, building this into their fabric of all job roles to ensure that the human firewall continues to stand firm over the face of time.