Human Intent, Still Overlooked By Cyber Security Pros

by CXOtoday News Desk    Feb 27, 2017


While data security continues to pose newer challenges for organizations, as a new study reveals that CISOs are grappling to understand the impact of peoples’ motivations and intent, especially when dealing with critical data.

The study conducted by Forcepoint titled: “The Human Point: An Intersection of Behaviors, Intent & Data,” has been compiled with inputs from over 1,250 cybersecurity professionals worldwide, shows that while cybersecurity professional are dissatisfied with technology investments – and a combination of data sprawl and eroding network boundaries makes security more difficult – there are opportunities to improve security postures and results. Rather than focusing solely on security from a technology perspective, the survey’s results reveal potential upside associated with understanding users’ behaviors and intent as they interact with critical business data, such as intellectual property.

“For years, the cybersecurity industry has focused primarily on securing technology infrastructure. The challenge with this approach, however, is that infrastructure is ever-changing. By understanding how, where and why people touch data, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives,” said Matthew P. Moynahan, chief executive officer at Forcepoint.

The study shows that there are many points where people interact with critical business and data and content, ranging from email to social media to third party cloud applications and more. Email, by far, was gauged to present the greatest threat. In fact, 45 percent of respondent named this as the top risk. Mobile devices and cloud storage were also deemed significant areas of concern. 

Respondents were also asked to assess vulnerabilities associated with actions of people, ranging from inadvertent behaviors to criminal intent. Overall, malware caused by phishing, breaches and BYOD contamination, for example, along with inadvertent user behaviors were seen as the number one risk by respondents; each was named to the top spot by 30%. 

Those surveyed do not hold high hopes that more cybersecurity tools will improve security; only 13 percent strongly agreed these investments would improve security, while 48 percent only slightly or moderately agreed. This could be, in part, due to the low levels of satisfaction with existing tools. Only four percent were extremely satisfied with cybersecurity investments to date.

 As cybersecurity professionals look to get a better handle on the risks that might be posed to critical business data, the questions of behaviors and intent are rising priorities. Overall, Forcepoint’s study shows that while there is agreement that understanding behaviors and intent is vital to cybersecurity, most companies are unable to effectively do so.

An overwhelming majority of respondents – 80 percent – believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data. Further, 78 percent believe understanding intent is very or extremely important. However, only 31 percent said their companies are very or extremely effective at understanding behaviors; only 28 percent responded similarly in the context of understanding user intent.

However, there appears to be agreement on an approach that could serve to bolster security: focusing on the point in which people interact with critical data to better understand behaviors and intent. In fact, 72 percent of respondents – the vast majority – strongly agree or agree that doing so will help prove results and costs associated with cybersecurity investments.

“Technology has always evolved with human connect and it has transformed business like never before. For years, enterprises have focused on investing primarily on securing network infrastructure and technology. The challenge with this approach, however, is that today’s infrastructures are ever-changing in composition, access and ownership. Therefore, the need of the hour requires a shift in outlook, i.e. focusing on detection rather than prevention. In order to detect, understanding human behavior is curial,” Surendra Singh, Country Director, Forcepoint summed up.