Cybersecurity is among the most important board-level issues for nearly every organization. Businesses face a double-edged sword: Not only are today’s attacks more virulent and using new attack vectors, but the penalties for a breach are now more substantial as well. The recent enactment of the General Data Protection Regulation (GDPR) in the European Union has put huge financial penalties in place, rising to as much as 4% of annual revenue.
Deploying more effective defenses requires new approaches. Building a Jenga-like amalgam of individual point products meant to protect thousands of individual devices is no longer an effective approach. Modern protection relies on more intelligent security processes and enforcement. And one of the most effective ways of implementing an intelligent approach to security is to move past a focus on devices to a focus on users. The goal is to know how individual users consume technology and apps so that risk profiles for each user can be built based on that context. This approach, which makes security more effective, is “context-aware” security.
Next-generation security strategies are driven by personalized cyberdefenses based on what each user typically does and what information and applications each user regularly works with. This user-focused security approach, driven by patterns of individual usage, makes it possible to focus cyberdefenses on each user’s interactions with systems and thus simpler to identify activities that are “out of bounds.” The context considered by context-aware security extends to an awareness of the corporate information, network data and feeds from security sensors as each user interacts with different applications. This makes it simpler to protect both the user and the organization and ensure integrity across various methods of access.
Using supplemental information such as location, identity, time of day and device type helps provide greater context to understand whether an interaction is valid and typical or atypical and suspicious. For example, say the username and password of a salesperson who covers the Southwest are used to access non-sales databases at 3 a.m. PST from a location in Eastern Europe. Even though the username and password are correct, the context of that interaction shows clearly that this is a very suspicious login and should be quarantined automatically.
We certainly know that login credentials are inadequate as the primary method of protection. The theft of user credentials is reaching epidemic proportions. In recent years, many of the largest breaches, such as the Target data theft, were possible because credentials were stolen via a phishing attack or similar tactic. Contextual information makes it much easier to spot and stop a potential breach made possible by the acquisition of a user ID and password.
Using context-aware security also improves the user experience. As the security platform learns about users and their normal habits or activities, it modifies policies to make improvements seamless. Improving the user experience is a virtuous cycle. A context-aware approach allows for less rigid policies and more personalized technology (apps, devices, etc.), which then reduces the likelihood that users will go rogue and use services and devices outside of IT’s purview. In addition, this removes the onus from users to act as the first line of defense for cybersecurity by forcing them to download and install multiple security products, update those products and ensure they are correctly installed.
Today’s attackers are not disaffected individuals looking to cause mischief. They are well-financed, technically skilled and increasingly clever adversaries who are constantly improving their attack processes to steal information they can monetize. Organizations must adopt new and improved cybersecurity approaches that provide more intelligence to better combat these threats. The additional information obtained from context-aware security platforms delivers far better identification of attacks and improves the ability to stop them.