It is a well known fact among information security professionals that humans are the weakest link when it comes to safeguarding data. Look at any security breach and the culprit is usually shoddy coding practices by a lazy software programmer, such as leaving a backdoor open. Or a lackadaisical employee who clicks on a malicious link in a phishing email. Oftentimes it’s a company CIO who is too cheap to upgrade his legacy systems, which are no longer receiving necessary security updates. These are what is known as unintentional insider threats.
Unfortunately, no matter how devastating the breach, somehow these events still occur on a daily basis. Even after users have taken their mandatory security awareness training, whether administered annually, or throughout the year via CBT.
The Search for a Cure
Sure, AI advancements are rapidly eliminating the need for humans, but until they are completely replaced by robots (and that is definitely the plan), what can be done about these unintentional insider threats? How can we change their behavior to where “security is everyone’s responsibility” is not just a catch phrase? And that means from the top down. If management is not committed to securing the company’s data, then no one else will either. But, who has time to worry about secure coding practices when the software package’s delivery deadline is looming overhead. And don’t forget, it costs money to have an actual person come and teach the employees how to be active security awareness advocates.
Security Awareness Programming
Security Awareness Programming (SAP), a theory currently being researched at Fire Tiger Research Labs, is a possible solution to the problem of unintentional insider threats. SAP can incorporate one or more methods that work to instill a security conscious mindset in individuals that do not require direct user interaction. In Part 1 of this series, we introduce a method called Visual Security Training or VST.
Visual Security Training
Visual Security Training is a SAP technique that facilitates learning at a subconscious level – meaning that it works in the background, without the user being aware that it is even present. The goal of VST is to “embed” security awareness concepts into a user’s thought patterns, so that they will naturally take the appropriate actions in relation to the goals of the information security or insider threat program.
Benefits of VST
Visual Security Training..
1. Eliminates outdated CBT security awareness training
2. Transparent to the end user
3. Administered easily via GPO
4. Compliments Insider Threat Programs
5. Measurable results
6. Reduces potential security incidents
VST is a conditioning program that has the potential to significantly reduce security breaches, by hacking into an individual’s subconscious mind and thereby getting to the “root” of the problem. By changing thought patterns at the subconscious level, security awareness training can be maintained automatically, as the security landscape and requirements change.
The objective of Security Awareness Programming techniques is to help secure information in a way that is effective, transparent to the user, yet easy to administer. Once methods such as VST are implemented as a standard practice in Insider Threat programs, we will likely begin to see a dramatic drop in preventable security incidents on a global scale.
About Fire Tiger Research Lab:
Fire Tiger Research Lab conducts independent cybersecurity research and is based in the USA.