Amid all the AI, a ‘human-first’ cybersecurity approach must prevail

COMMENTARY: Today’s AI-driven evolution of cybersecurity technologies created a situation in which human error has emerged as a critical vulnerability in our digital work environments.

According to the Thales Data Threat Report, 31% of organizations that experienced a data breach in the past year identified human error as the primary cause.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

This stark figure highlights a persistent challenge: while advancements in cybersecurity tools continues to keep up with the development of threat tactics, organizations often overlook the human factor. Addressing this requires a paradigm shift towards a human-first approach, a strategy that redefines people not as the weakest link, but as an integral part of the cybersecurity solution.

Time to tap into human firewalling

The cybersecurity community has moved towards strategies that emphasize the need to address human weaknesses. Encapsulating this movement is the term “human firewall,” which refers to the collaborative effort of everyone in the organization to become part of the cybersecurity program.

Institutions and cybersecurity companies have been using the term for the last several years. KPMG published a white paper a couple of years ago called “Human Firewalling,” which explores steps in raising cybersecurity awareness and building a holistic approach to educating employees about secure behaviors. The University of Oklahoma has a human firewall training program aimed at building digital self-defense skills among students and employees.

Setting up human firewalls is valuable for adopting a human-first approach in cybersecurity because it standardizes the cyber defense involvement of everyone in the organization.

The pillars of a human-first approach

A successfully implemented human-first approach in cybersecurity has five elements:

Leadership commitment: The human-first approach can easily spiral into failure without full dedication of the organization’s leadership. Employees are unlikely to support an initiative if they sense a lack of commitment or the inability of management to effectively communicate and demonstrate the urgency of their goals.
Role-centric cybersecurity training: Generic and one-size-fits-all cybersecurity training no longer works. Instead, organizations must tailor training sessions to the roles of employees and the kinds of threats they are likely to encounter, from phishing to configuration errors to sharing sensitive data with unverified third parties.
Simplification of security protocols: Companies have to make everything comprehensible to everyone in the organization. Complexity only benefits threat actors because it creates opportunities for vulnerabilities to develop. It prevents ordinary employees from understanding the adverse impact of the changes or unusual activities they observe.
Designation of cybersecurity champions: This means having someone to oversee and guide the shift toward the human-first approach. These people serve as liaisons between the cybersecurity department and others in the organization.
Catch-all behavioral analysis: Aside from monitoring systems or tech tools, it’s equally important to scrutinize user behavior to spot anomalous activities such as unusual requests for data access or permissions and potentially abnormal login patterns.

A synergy between technology and people

Human firewalls don’t replace cybersecurity tools and measures. They supplement technical defenses by promoting vigilance and delivering sufficient cybersecurity education. They let employees have a better grasp of the threats and the knowledge to thwart them.

The human-first approach implies the need for people to understand how security technologies work and how to use them effectively. This does not mean that everyone in the organization must know how to use a SIEM, CNAPP tools, and other advanced cybersecurity platforms.

For this to work, everyone has to be aware of the threats and know how to leverage tools to keep those threats at bay. This can mean something as simple as enabling multi-factor authentication, activating VPNs when accessing public Wi-Fi, or using project management AI tools that reduce cyber risks.

The use of AI cybersecurity tools needs a well-thought-out strategy. Security controls that leverage machine learning make threat detection and prevention more efficient. However, it’s a given that human discretion will always prevail. People can choose to ignore AI-powered security alerts, rendering them useless.

A human-first cybersecurity strategy ensures that people thoroughly understand the consequences of their actions as they deal with threats and employ security technologies. It prevents over-reliance on security controls while encouraging a strong security culture and proactive behavior in addressing threats.

Ultimately, the human-first cybersecurity strategy aims to mitigate weaknesses while harnessing strengths. It’s an attempt to build a more resilient security posture by recognizing both the inevitability of human error and the value of human ingenuity.

The organization can harden its secure posture in 2025 by empowering everyone on board to become active participants in cyber protection. Companies can make it happen through proper training and the deployment of the right cybersecurity controls and protocols.

David Balaban, owner, Privacy-PC

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.