Each new data breach that hits the front pages proves that some current security practices aren’t working. Rather than throw more technology at the problem, however, many experts say it’s time to put more attention on the human factor.
This means understanding why users engage in “risky” behavior, recognizing we often can’t change that behavior, and working with users to manage risk without reducing their productivity.
A Human-Centric Strategy
A human-centric strategy involves understanding the context of users’ actions. This includes their behavior over time and our understanding of their job responsibilities, says Richard Ford, chief scientist at Forcepoint. If a salesman downloads five customer records every day, it’s reasonable to assume that’s legitimate. If he downloads 10,000 a day, that’s cause for concern.