The human factor is arguably the most challenging element to deal with in cybersecurity.

Human unpredictability and error have rendered the human factor the “weakest link” in cybersecurity. But is that necessarily true?

Isn’t the human factor also the biggest contributor to cyber-defense?

If so, there’s much we need to do to reduce the impact of human unpredictability, and to leverage the human factor in cybersecurity for better defense and protection.

CybersecAsia discussed the human aspects of cybersecurity with David Chow, Global Chief Technology Strategy Officer, Trend Micro, for insights and solutions:

How does the unpredictability of humans impact cybersecurity, and what is the true “weakest link” in cybersecurity?

Chow: When it comes to cybersecurity, we have control over two things: the technology that we invest in and the processes that we put in place. However, as we all know, a robust and holistic security strategy requires a third piece of the puzzle, namely, people. This is the area that we don’t have control over and requires more attention from organizations.

Here’s why — every individual has their own circumstances, mindsets, and motivations, which will undeniably impact an organization’s security. At any given time, we cannot predict how people will interact with technology and take on the prescribed processes, carved under the organization’s cybersecurity strategy.

Despite this unpredictability, however, I don’t believe that people are the “true” weakest link in cybersecurity, contrary to popular belief. People play an important part in defense, and putting the spotlight on people can hinder the development of a security-conscious mindset, and ultimately, an organization’s security.

When it comes to people, the real challenge lies in modifying people’s behavior to adhere to cybersecurity best practices, as it requires continuous efforts in education and awareness to ensure individuals understand the evolving threat landscape and the potential impact of their actions on security.

To ensure this third piece of the puzzle is in place, it’s important to have cultural alignment across the organization driven right from the top, a process of facilitating constant awareness enhancements, and promoting accountability among employees to ensure internal processes are adhered to. Ultimately, driving these efforts and fostering a security-conscious mindset are critical to maintaining a secure environment.

To me, there is no single weakest link. An organization should look at risk holistically and ensure no gaps across all three areas — people, process, and technology.

Why is it critical for businesses to focus on people and processes when optimizing their cybersecurity strategies, and how can businesses do so?

Chow: While technology is a priority, people and processes need to be a core focus when optimizing cybersecurity strategies for businesses to address risks arising from the unpredictability of humans. Businesses need to ensure their cybersecurity strategies are people-centric and have the right processes in place to drive education and foster a culture of security awareness and resilience.  

In line with a Zero Trust approach, organizations can do this is by prioritizing critical assets – including sensitive data, intellectual property, financial systems, key applications, and infrastructure components – and identifying how people are using them. This means establishing an initial baseline of “normal behavior” for each individual, based on their roles, responsibilities and access privileges, and investigating if activities stray away from this baseline.

David Chow, Global Chief Technology Strategy Officer, Trend Micro
David Chow, Global Chief Technology Strategy Officer, Trend Micro

This is where technology comes into play. One way to achieve this efficiently is by leveraging AI and machine learning to proactively monitor for unusual activity and potential threats. For example, platform-based security tools that deliver AI-powered XDR and attack surface risk management enable organizations to prioritize critical assets and subsequently detect and respond to anomalous behavior. It provides them with visibility in areas such as:

    • How well they can see the assets in their environment
    • How many, what types, and what attributes are associated with these assets
    • Which assets are of high value

This level of visibility, in turn, will help organizations monitor unusual behavior associated with these assets. In tandem with advanced XDR capabilities, such platform-based solutions can improve investigation speed, accelerate detection and response times, minimize attacker dwell times, as well as limit repeat attacks, by breaking down silos and working across various security vectors. This makes proactive and early detection possible so businesses can rapidly respond to potential security incidents. 

How has Zero Trust evolved since 2018 and why is it still relevant today?

Chow: Since 2018, the Zero Trust approach has evolved from network-centric security to identity-centric security, as businesses in APAC and around the world increasingly adopted cloud environments and DevOps. Recent technological developments have also made it possible for businesses’ Zero Trust strategies to leverage advanced analytics and AI-driven technologies like XDR to enable continuous monitoring, early anomaly detection, and comprehensive behavioral analysis.

Over the years, the approach has also benefitted from the development of various industry and regulatory frameworks and standards, such as the National Institute of Standards and Technology’s (NIST) paper on Zero Trust Architecture and President Biden’s 2021 executive order to strengthen the US’ cyber defenses. These have given businesses greater guidance and more clarity around best practices for successfully implementing a Zero Trust approach.

Zero Trust is still relevant today because of the way businesses operations have changed in our current digital-first era. With many APAC organizations maintaining hybrid work arrangements through and post Covid and embracing multi-cloud strategies, the attack surface has vastly expanded – our recent Cyber Risk Index found that 82% of APAC organizations believe it is “somewhat to very likely” they would suffer a successful cyberattack in the next 12 months.

At the same time, the region’s threat landscape continues to evolve rapidly with increasingly rampant, complex, and sophisticated cyberattacks, making active and early threat detection and response critical.

By adopting Zero Trust, organizations can mitigate risks, protect critical assets, prevent insider threats, and enhance their overall security posture in a dynamic and interconnected digital landscape.

Lastly, with increased emphasis on corporate responsibility in recent years, it’s becoming increasingly important for organizations to have strong cyber governance. To that end, Zero Trust can play a crucial role in managing the financial and stakeholder impact of cyber risks, both internally and externally.

How can we tap on the human aspect of cybersecurity to facilitate the implementation of Zero Trust?

Chow: At Trend Micro, we recognize the crucial role that people play in cybersecurity and their direct impact on the successful implementation of Zero Trust. Our approach combines practicality with a deep understanding of the value of data within our environment.

The first step in our approach is to classify datasets, carefully identifying the most critical information that requires protection. By giving priority to this high-risk data, we establish a solid foundation for implementing Zero Trust.

In parallel, we acknowledge the importance of considering the human element in our approach. We thoroughly analyze identities, access patterns, and behaviors to gain a comprehensive understanding of data traffic and potential risks associated with human behavior.

Building upon this analysis, we take a unique approach to deploying the Zero Trust model. Rather than starting with identity and moving forward, we shift our focus to the data itself as the core component. This approach allows us to achieve the objectives of Zero Trust efficiently while optimizing resource allocation and minimizing unnecessary costs.

Trend Micro leverages the power of AI to help security analysts do this efficiently and effectively. Our Vision One cybersecurity platform, designed with a Zero Trust infrastructure, is built with a generative AI assistant to help elevate analysts and the proficiency of cyber teams. The tool empowers users of every skill level with capabilities to enhance their performance and productivity, including:

    • Explaining and contextualizing alerts
    • Triaging and recommending actions
    • Decoding complex scripts
    • Developing and testing sophisticated search queries