Building a Cyber Immune Culture Blog

Building a Cybersecurity-Aware Culture

The human factor is rated as the #1 threatening factor by CISOs in a recent survey by the Ponemon Institute. Indeed, as we look deeper at the data, a majority of incidents have a human angle to them. One of our customers once said the biggest cyber security challenge is “PIBCAK (Problem is between chair and keyboard)”. Human actions that can lead to security compromise include:

Weak passwords
Weak passwords
Clicking on Phishing links
Clicking on Phishing links
Use of public Wi-Fi
Use of public Wi-Fi
Use of USB devices
Use of USB devices
Clicking on risky apps
Clicking on risky apps
Visiting risky websites
Visiting risky websites

To address the above problems, most enterprises today use “cookie-cutter” approaches where all employees are sent the same phishing simulation or the same quarterly training. This approach often does not target at-risk users at the critical moment when a potential attack is in progress, or with enough frequency to remain top of mind for employees. It is also hard for CISOs to pinpoint the effectiveness of such training efforts.

The SecurityAdvisor and Demisto integration bring a unique approach to helping organizations inject cyber-immunity into their culture by incorporating end user coaching into incident response workflows via automated playbooks.

Here, SOC teams can directly engage with at-risk users and coach them on the risks they face by leveraging SOAR playbooks. The diagram below summarizes our approach:

We can now directly coach users at the right teachable moments, by seamlessly integrating coaching tasks into the incident response playbooks that customers are already using. A couple of examples focused on the two most common teachable moment use cases are shown below.

Coaching end users using a Phishing playbook:

Phishing playbook

Coaching users using a Malware Analysis and Enrichment playbook:

Analysis and Enrichment playbook:

As shown above, by injecting a coaching task within a playbook, SOC analysts can direct end users to consume SecurityAdvisor’s unique micro content. Our content includes short messages, pop ups, comics (shown below), games, traditional training modules.

Our contents

The biggest benefit of our approach is measurable outcomes that CISO’s can use to justify the investment made not just on our products overall but across multiple security products. Some top security outcomes that we deliver are listed below:

# Infections at Customer

Malware infection rates: AVs, for example, are only 60-80% effective and higher risk employees tend to keep getting infected. A surgical campaign focused on these higher risk employees and giving them specific tips to avoid the root cause of infections can reduce incidents by as much as 90-99%. A real case study with one of our customers is shown below.

Reduced phishing incidents: We can help with a number of outcomes related to phishing. This starts with reducing the number of users targeted by phishing attacks to encouraging users to report phishing emails.

Users targeted by Email Malware
# Users without 2FA

Users that have turned on 2FA or use a password manager: Weak passwords are a top compromise vector. Turning on 2FA or using a password manager significantly reduces this risk. A real time campaign to turn on 2FA at the time of login can boost 2FA usage rate

Conclusion

The Demisto and SecurityAdvisor integration delivers a unique approach to building cyber-immunity across an organization through personalized and bite size tips delivered to “at-risk” users via automated playbooks. For more questions contact us at [email protected]




Learn how SecurityAdvisor can help your team

Schedule some time to talk with one of our experts and they will show you how we can help your organization.

Get a demo Today