Cisco Talos

Predicting Human Behavior in Cybersecurity

by David Howell, VP of Corporate Marketing, Forcepoint



Our world is becoming a mosaic of physical and digital, and the two parts are coming together in a way that will soon make them virtually indistinguishable. While this fusion creates new opportunities for innovation, it's also prompted security challenges for companies, law enforcement, intelligence agencies and the military. Organizations that cannot quickly identify, analyze and mitigate behavior-centric risks across their myriad of extended networks are left exposed. But that exposure is no longer an isolated issue to be remedied with fines and harsh penalties—it could dismantle our society as we know it.  

In 2011, the White House published The International Strategy for Cyberspace, which reserved the right to use any means necessary, including military strikes, to defend against threats originating from cyberspace. It also set guidelines to deal with emerging threats that could attempt to destabilize the functions of our critical infrastructure. Attempts to unravel these systems now occur at an alarming velocity, hoping to catch security leaders off-guard and limit their chances to react.

Borrowing from Sun Tzu's Art of War, "If you know the enemy and know yourself, you need not fear the result of a hundred battles." State of war declarations are atypical in cyberwarfare, and targets, attackers and intentions are not well delineated, just as in current day warfare. Visibility is paramount in ensuring the military's ability to protect critical data: their approach to cybersecurity is one that strives to know itself (and the enemy) through clarity into what people are doing, and where and why they are doing it. The military is so adamant about understanding behavior and intent that they've prioritized an active defense with monitoring capabilities, threat intelligence and incident management to identify when an attack is taking place and set auto-response mechanisms in motion when a breach occurs. 

So how do we translate this approach for companies in the commercial space? We move from a technology-centric view of cybersecurity to a focus on understanding the points in which people interact with data, which can undermine the most comprehensively designed cybersecurity systems in a single malicious or unintentional act.

Today, the consequences of clicking a link in an email or remotely logging onto the network can be a complete unknown. This gives anyone that touches the network the potential to be an insider, by default. The Cyber Continuum of Intent, a model we've created here at Forcepoint, examines a number of factors behind people's cyber behaviors, such as security awareness, fatigue, job satisfaction and so on. People with access to critical data—like all humans—change over time. Similarly, someone can be "normal" in one moment and compromised the next. Determining a baseline for what normal looks like can help us identify abnormal or risky behavior that leads to data loss. Given the consequences of this new technology world order, anticipating, classifying, predicting and understanding intent cannot be optional – it is the new battleground of cyber and what "Protecting the Human Point" is all about.

UpcomingEvents

ShowCoverage

StayConnected

Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners