Cybersecurity is awash in threat detection and mitigation solutions and strategies from SIEM to DLP, SOAR, MDR, EDR, XDR and more. Threat detection is essential, as it serves to locate and minimize the threat as quickly and effectively as possible. However, some companies are starting to embrace an earlier line of defense, which Gartner calls human-centric security and lists as the number one cybersecurity trend of 2023, forecasting that 50% of CISOs will adopt this new approach by 2027.

Exposing Today’s Cybersecurity Challenges

There are three major issues with cybersecurity today. The first is that many companies lack a comprehensive cybersecurity strategy. Most companies have little in the way of cybersecurity at all. A recent study from Cisco found that only 15% of companies are ready to defend against threats with a mature approach, citing the changes to hybrid work as a major reason that many companies are not prepared.

Second, even the company that has invested in cybersecurity solutions, quickly learns that it is a complex landscape of solutions that are not interoperable. A large multinational corporation may have as many as 50 different security solutions in place for several different purposes including network security, cloud security, endpoint security, mobile security, IoT security, application security, zero-trust and governance. All of these solutions were designed to fight a very specific kind of threat, and are implemented on an island – not talking to the other security solutions.

The third challenge is that even new multi-pronged cybersecurity approaches, like the acronym soup of SIEM to DLP, SOAR, MDR, EDR and XDR are all focused on threats, which by their nature are already happening. For example, the relatively new approach called XDR (extended detection and response) was designed to pull together information from disparate threat detection software like cloud, network and email, to respond to more complex threats by sorting through raw data and alerts and mitigating threats across vectors. While this coordinated approach to threat mitigation is necessary, the focus is on threats, not risks.

Human-Centric Security Shifts the Focus to Risks

The cost of threats is growing quickly. With the huge surge in remote work, former cybersecurity practices, which heavily focused on network security, have many gaps as people work from their own devices or off-network entirely. At the same time, recent data from Gallup shows that people are stressed in record numbers – 44% of respondents said that they experienced a lot of stress the previous day – which paves the way for insider threats in particular.

The concept of human-centric security focuses on better management of the insiders that either inadvertently or maliciously cause so many of the threats that companies must deal with. Gartner recommends reducing the friction caused by security strategies and starting to manage security risk. A human-centric approach to security not only takes the burden of security off the employee, it starts to look at the overall risk associated with certain behaviors and improving the experience of employees.

Certainly, one way to look at this is as a trade-off. Allowing people to work remotely, for example, carries a certain security risk that needs to be weighed against the benefits of giving employees flexibility. However, another important way to look at risk is to analyze the behaviors that are most likely to lead to future threats and determine new ways to mitigate those risks as a way to reduce future threats.

For example, by using insider risk management software, companies can better understand new work patterns of remote employees, track negative sentiment and flag access to sensitive data as a way to proactively improve the company’s overall cybersecurity and employee experience. An HR intervention of a disgruntled employee can have a positive impact before becoming an issue. Access to sensitive data could be controlled or restricted, or new credentials provided to employees. Any number of solutions can be put in place based on various risk signals before they become threats.

By “backing up the timeline” on threats, insider risk management becomes a valuable stop-gap, providing proactive information to security teams, managers and HR, reducing the number of threats considerably. When threats do occur, insider risk management will have the paper trail needed to provide a full picture of the timeline leading up to the event.

Human-Centric Security Complements Threat Detection

Far from replacing the various threat detection and mitigation solutions in place, human-centric approaches serve as a valuable companion. Not only can they serve as an early detection layer that can improve insider risk and reduce threats, but they can also feed valuable information to threat detection solutions. For example, if someone uses credentials to log in from a remote location just minutes after the same credentials were used in the office, an insider risk management system can raise a flag the instant the second login occurs, which can then enable the SIEM solution to kick into gear sooner than if there were no monitoring in place. In fact, without monitoring, there’s the risk that the threat goes undetected until it’s too late.

Behaviors such as loss of productivity, absenteeism, disgruntlement, etc. are all considered psychosocial risk patterns. Combining such patterns with activities such as accessing sensitive data, transferring sensitive data, logon at odd hours, etc., can give an early warning sign of an insider threat.

Human-centric security also considers deviation from baseline behaviors, not only at an individual level but across other employees – peers or even other groups. Pattern mining activities by employees allow us to immediately detect subtle changes in behaviors leading to identifying threats before they happen.

Perhaps the wisest aspect of human-centric security is the focus on employees and the need to create a better experience that reduces friction well before a threat occurs. While technology is incredibly valuable in the cybersecurity landscape, understanding the habits of the people who work for an organization and making it less likely that they cause a threat provides benefits well beyond cybersecurity.