As organizations continue to face evolving social engineering attacks during the pandemic, such as the recent linkless email phishing scam, it’s imperative to rethink cybersecurity strategies to combat these threats.
Given the rise in uncertainty during the pandemic, most employees are experiencing a heightened emotional state. Dr. Margaret Cunningham, Principal Research Scientist for Human Behavior at Forcepoint X-Labs, explains this status through “hot” versus “cold” decision making. “We tend to make different types of decisions than we typically would under normal or comfortable circumstances. We may be making more decisions that aren’t always for the best, especially when it comes to security,” she says.
“Hot decision making happens when we’re a little bit agitated and more anxious. This can sometimes cause us to do things that we wouldn’t normally do, perhaps skip a boring but necessary safety step in a process, for example.”
Dr. Cunningham explains that attackers are aware of the types of bad decisions people make when they are in a more agitated state due to stress and uncertainty. Hackers are good at manipulating and heightening emotions to make people feel like they’re running out of time or at risk for losing something. “Social engineering attacks are more successful right now because we’re already primed towards hot decision making by our worries, anxieties, and divided attention,” she states.
Agencies need to update their cybersecurity strategies to accommodate the current telework environment, especially surrounding social engineering attacks.
Prioritize Behavior Analytics
To minimize challenges, agencies should look beyond what is obvious from the traditional data sources. Organizations should focus on understanding human behavior, both positive and negative, and using continuous analysis of behavior in the context of their roles and past behaviors.
“We need to set our employees up for success, so they aren’t mis-clicking and exposing data due to poorly designed technical systems. To better protect these new remote workforces, this means we have to provide support, whether it’s offering office stipends, helping people configure their work from home settings, or enabling supervisors and managers to motivate their teams through different types of goal-setting structures or other more human techniques,” says Dr. Cunningham.
“Human context and human-focused security gives us a better baseline for comparing things,” Dr. Cunningham explains. “When we are only analyzing device activity or behavior, we only have a partial picture. If there’s a shift, a change, or a problem with how people are behaving, we can find it faster, and we’re much more confident about what we’re seeing through behavior analytics.”
As agencies look to design new security strategies, they should begin measuring performance and behavior. “When organizations start measuring behavior and coming up with things like quarterly reports, KPIs, and performance metrics, they are able to measure and define success. If you don’t have a way to measure these things and how they change over time, you can’t design an intervention strategy,” states Dr. Cunningham.
This is where Forcepoint can help. Dr. Cunningham notes the capabilities in Forcepoint’s Behavior-Based Cybersecurity Guide, which provides organizations a guideline to design balanced intervention strategies to address identified risks through behavior analytics.