The world of cyber security is strewn with examples of security vulnerabilities, many of which have resulted in embarrassing and expensive security breaches. A lot of these situations could have been prevented by basic security training.
Where does the most dangerous and commonly leveraged security vulnerability exist and where should we be concentrating our attention?
There’s one very simple response: people!
The problem is that people make mistakes, they can suffer lapses in judgement and they often have not had any real security training.
How can we reduce this attack surface?
There are many great tools which will help in detection and mitigation of attacks which target your employees, DLP solutions, secure email gateways, firewalls and the like are all helpful to combat this type of threat.
But they are just tools and even the Gartner best of breed in each of their respective fields wont stop or detect everything.
I believe this is an essential measure which is frequently overlooked in favour of technical options that are shiny and pushed heavily by large sales teams.
Security training will educate people on how to properly design, build and operate with the lowest possible risk. It will also assist people in supporting your infrastructure, pointing out possible flaws before they become a problem. Security training will also give your users more confidence in doing what needs to be done when things do go wrong.
But beyond the standard security education, people should also be educated on why security is important. In my experience people are much more receptive to following best practices and taking an interest in infosec once they have been shown what the consequences of a security breach are. I’ve seen organisations where employees outside of the security function can help them react to issues, propose improvements or report difficulties.
And while they are undergoing security training and post training, remember to keep their knowledge current. Examine how they respond under pressure and attempt to gauge their readiness to report perceived security threats.
Having properly trained users who are ready to report perceived threats and issues, and more importantly, those who are empowered to ask questions and better their knowledge on the subject will essentially become an extension of the SOC function, actively reporting issues as they arise and picking up where the tools are incapable.