Employees are an essential component of an organization’s security defenses, according to Nico Popp, Chief Product Officer at Forcepoint. On the CyberWire’s Hacking Humans podcast, Popp explained that humans generally want to do the right thing and can help prevent cyberattacks that can’t be stopped by technical safeguards. Popp pointed to the way financial institutions have their customers verify potentially suspicious transactions as an example of this.
“I always use the example of credit card companies,” he said. “They have been brilliant. You know, they have huge fraud issues. And what have they done? They basically involve us in the process of solving, right? They don’t always block your credit card. They may block you, but they may ask you, you know what? We’ve seen that transaction. It looks suspicious to us. Is that really you trying to complete this thing? And it’s working, right? Can you imagine, they are using all these consumers to solve the fraud problem? And, of course, we care. So we participate.”
Popp concluded that organizations need to shift the way they think about how employees fit into their security posture.
“So, taking that concept of putting the human in the middle and saying, look, you’re part of the solution,” Popp said. “We’re going to engage you. It’s not just about monitoring you, spying on you. Quite the opposite. We’re trying to make you better. But also, we want you to be part of our cybersecurity team, you know, because we want to be able to leverage the fact that we have this smart and caring human being, common folks behind the keyboard that also care about the company assets and can help there. Something that cyber has never done, really, that whole idea of putting humans in the middle of cyber. It’s all this different dimension, these different approaches.”
New-school security awareness training can create a culture of security within your organization by enabling your employees to thwart social engineering attacks.