• About
  • Subscribe
  • Contact
Friday, May 9, 2025
    Login
FutureCISO
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
No Result
View All Result
FutureCISO
No Result
View All Result
Home Resources Blogs

Hardening the human firewall

Melinda Baylon by Melinda Baylon
May 13, 2024
Hardening the human firewall

Hardening the human firewall

Share on FacebookShare on Twitter

The role of humans in an organisation’s security is double-edged—a security threat on one side and a vital security asset on the other.

A recent Verizon study finds that most breaches involved a non-malicious human element, including people falling victim to a social engineering attack or making an error (68%). 

On the other hand, when employees know and embrace their role as a human firewall, they can also play a pivotal part in enhancing an organisation’s security. 

Chris Hockings

Chris Hockings, APAC CTO, IBM Security, discussed the importance of a human firewall, its vital role in protecting organisations, its risks and constraints, and how security leaders can help strengthen it for enhanced organisational security. 

Just like a traditional firewall might do for IT networks, the human firewall concept is the recognition that individuals can protect and safeguard their IT assets and their employers

Chris Hockings

Weakest link?

According to the 2023 Ponemon Institute Cost of a Data Breach Report, the global average data breach cost in 2023 was USD 4.45 million, increasing by 15% over three years.

“Across both ASEAN and Australia, phishing continues to be the most prevalent entry point for attackers into organisations, and one of the most expensive in terms of the overall cost,” Hockings shared. 

Hockings said that attackers usually perceive users as the weakest link in an organisation’s security, highlighting the importance of proactive zero-trust measures to help detect and prevent cyber threats. 

“Just like a traditional firewall might do for IT networks, the human firewall concept is the recognition that individuals can protect and safeguard their IT assets and their employers,” acknowledged Hockings.

Related:  Strategic insights for securing Asia’s software supply chains

He explained that deploying human firewalls includes using strong protection mechanisms, such as multi-factor authentication, and detecting suspicious threats or potential phishing emails through a zero-trust mindset. 

“In human-targeted cyber campaigns, having users think and act on any anomalous activities can help prevent incidents, even before they begin,” Hocking said. 

Building the firewall

In the article, “Building the human firewall: Navigating behavioural change in security awareness and culture”, IBM highlights the need to foster a positive cybersecurity culture in an organisation rooted in behaviour change and psychology.

The process starts with auditing employees' capabilities, knowledge, and skills in online safety, including creating strong passwords and recognising phishing attempts.

IBM posits that organisations also need to identify opportunities for learning, the availability of resources, training programs, policies, and procedures.

Finally, organisations must evaluate employees' motivation, willingness, and drive to prioritise organisational security. 

After evaluating those three crucial areas, organisations can introduce interventions for behavioural change targeting employees’ intuitive behaviours and building a first line of defence with a workforce armed with cyber awareness.

Human vulnerabilities

A human firewall works as a first line of defence or an initial detection point. However, even with heightened cyber awareness, malicious players can still exploit advanced psychological techniques to lure employees into risky actions. 

“Organisations cannot simply rely on education to enable users to provide full protection, and therefore must move to a zero-blame culture,” reminded Hockings. 

He said organisations must take note of human vulnerabilities, that no person is exempt from being targeted by malicious players seeking to exploit psychological vulnerabilities, and no one is perfectly capable of not falling into human-targeted cyber campaigns. 

Related:  PodChats for FutureCISO: Counter-tactics against artificially intelligent ransomware

He finds it best to support education, awareness, and individual efforts with technology that can detect and respond to malicious campaigns.

“Across ASEAN, the organisations that augmented their security with AI (analytics) and automation reduced costs of attacks by almost one-third. It is also important that organisations have a well thought through, risk-based methodology for assessing particular roles, and adequate detection and response mechanisms in place around those of highest risk,” he said.

Proactive measures of CIOs and CISOs 

“Education is key, and regular and effective cyber awareness training is essential,” the IBM executive said, highlighting the role of security leaders in championing programs that centre on education and cyber awareness. 

He also reminded CIOs and CISOs to invest in campaigns relevant to each role, with an intensity that rises with the risk.

“If you consider the attackers' perspective, the highest valuable target will incentivise the most effort, so accounts such as privileged users or executives require specific safeguards for the valuable assets they access,” he said.

Hockings recommends making it harder for attackers to deploy successful phishing campaigns through strong prevention and detection capabilities such as Multi-Factor Authentication (MFA), Endpoint Detection and Response (EDR), and passive AI-powered detection capabilities.

Hardening the firewall

As threats become increasingly sophisticated, organisations can also look within and realise that one of their most important security defences is their employees acting as human firewalls.

Through continuous education, awareness, ethics, and practice, employees have the potential to help their organisations strengthen their security posture.

Tags: Artificial Intelligencecybersecuritydigital transformationhuman firewallIBM
Melinda Baylon

Melinda Baylon

Melinda Baylon joins Cxociety as editor for FutureCIO and FutureIoT. As editor, she will be the main editorial contact for communications professionals looking to engage with aforementioned media titles. 

Melinda has adecade-long career in the media industry and served as TV reporter for ABS-CBN and IBC 13. She also worked as a researcher for GMA-7 and a news reader for Far East Broadcasting Company Philippines. 

Prior to working for Cxociety, she worked for a local government unit as a public information officer. She now ventures into the world of finance and technology writing while pursuing her passions in poetry, public speaking and content creation. 

Based in the Philippines, she can be reached at [email protected]

No Result
View All Result

Recent Posts

  • DDoS attacks surge in Asia Pacific, claims Cloudflare
  • Reimagining security for the AI Era
  • PodChats for FutureCISO: Articulating the business value of security in 2025
  • New standard for cybersecurity at the storage layer
  • Cybersecurity challenges persist despite improved defenses

Categories

  • Blogs
  • Compliance and Governance
  • Culture and Behaviour
  • Cybersecurity careers
  • Data Protection
  • Endpoint Security
  • Incident Response
  • Network Security
  • People
  • Process
  • Resources
  • Risk Management
  • Technology
  • Training and awarenes
  • Videos
  • Webinars and PodChats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCISO serves the interests of the Chief Information Security Officer (CISO) and the information security profession. Its purpose is to provide relevant and timely industry insights around all things important to security professionals and organisations that recognize and value the importance of protecting the organisation’s data and its customers’ privacy.

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • People
  • Process
  • Technology
  • Resources
    • White Papers
    • PodChats
Login

Copyright © 2024 Cxociety Pte Ltd | Designed by Pixl