Humanisec: Securing The Human Network
The most effective methods to minimize security risk are comprehensive user training and education.
Humanisec Information Security Training Programs Deliver Metrics That Matter
Humanisec: Our Story Distilled
The True Nature of the Data Security Challenge: People
Employee Data Security Awareness Training Solutions
Your Data Security Training ROI - Metrics That Matter
  Data Security Awareness Training Solutions That Deliver Metrics That Matter


On The Difficulty of Assessing Data Security Risk
Quantifying a return on the data security investment has always been an enormous challenge for security professionals: If you spend money on a loss prevention program, and then no loss occurs, how do you accurately measure the ROI of the effort?

Add to this equation the sheer size and growing complexity of the typical network footprint, the diversity of data it contains, its myriad vulnerabilities, the evolving nature of the threat, and the devastatingly high costs of the average breach, and well… It’s easy to see the enormity of the task.
 

Security Spend Doubles Yet Yields Decrease
Of course, that doesn’t mean businesses aren’t qualitatively assessing the risks of a data breach. Nowhere is this fact more apparent than in examining the composition of the typical company’s IT budget, where security spending allocations have literally doubled over the last three years. Clearly the data security mindset has shifted dramatically from being a question of “if” we’re attacked, to one that now focuses on the matters of “how” and “when” it will ultimately occur—if it hasn’t already.

Unfortunately, this dramatically increased investment has neither decreased the number of attacks on our networks, nor diminished the rising costs of the average data breach. In fact, in many ways things have actually gotten worse, leading many data security executives to question whether they are investing their increased security dollars on the best overall solutions.
 

On Risk Management & Mitigation
While there are a plethora of data loss prevention technologies now available, few (if any) of them can cost effectively or dependably prevent data loss from occurring from within, which is essentially what happens in a typical social engineering attack. Unfortunately, criminals have also discovered this vulnerability, and have shifted their tactics from technological attacks to targeted assaults on rank and file employees, who are now at the center of nearly one-third of all data breach attempts.  

Suffice it to say, this speaks to the heart of our security awareness training programs, and to the value of the proven risk mitigation propositions they provide. In fact, we need only proffer a solitary real-world example to make this case, and to illustrate the devastating vulnerability of this growing risk vector.
 

Is Anyone Immune?
Security giant RSA is one of the oldest, largest and most respected security companies on the planet. They help the largest companies and government entities safeguard their highly-sensitive internal information. In short: Security is their business.

Yet, in early 2011, a rank and file employee inside RSA was lured into responding to a sophisticated social engineering attack that arrived in the form of a highly targeted, spear-phishing email. Once successfully initiated this attack ultimately installed malware directly inside the RSA network. The result: A massive data security breach for both RSA and its customers (who were also quickly victimized), an estimated $66 million in recovery costs, and incalculable damage done to their esteemed reputation.
 

The Questions You Should Be Asking

  1. If venerable security giant RSA is not immune from targeted, social engineering style attacks (a company whose sole focus and purpose is providing dependable, cutting-edge data security), then who among us is?
     
  2. In retrospect, what would RSA have been willing to pay to keep this breach from occurring? Finally, and most importantly…
     
  3. Given this dramatic change in the threat environment, and the realization that your rank and file employees are quickly becoming the path of least resistance for those who will do your company harm, what portion of your current data security spend is now being dedicated to employee security awareness training?

 

For a comparatively small portion of your current data security budget, and at a tiny fraction of the cost of even a minor data breach, Humanisec can quickly teach your employees to recognize and defend against these types of data security attacks.

Please contact us now to find out more about our data security awareness training programs, and how we can help you to modify your employees’ security behavior —immediately, effectively, and permanently.

Next