Integrating Human Risk Scores into Mimecast’s Security Framework

Key Takeaways

• The cybersecurity industry’s primary vulnerability lies in the person behind the keyboard, with human error being a significant source of risk
• Mimecast uses AI and behavior scoring to identify high-risk users and assign risk scores to individual users
• The company focuses on behavior modification through nudges and micro-training to reduce risk
• Archiving and auditing are critical in tools such as Slack, Teams, and Zoom
• Investment in Asia-Pacific outside Australia and New Zealand is on the rise

Introduction to Cybersecurity Risks
The cybersecurity industry is structured around network, application, and data defenses, but the most vulnerable part of the system remains the person behind the keyboard. Despite the advancements in technology, human error continues to be a significant source of risk. The clicking of malicious links, misuse of credentials, and inadvertently leaking of sensitive data are just a few examples of how humans can compromise the security of an organization. According to Marc van Zadelhoff, CEO of Mimecast, human risk is accentuated now because agents are acting as humans with passwords, identity, and credentials, making it easier for them to act undetected. This highlights the need for a proactive stance in addressing human risk and reducing the likelihood of cyber attacks.

The Importance of Behavior Scoring
Mimecast has developed a system that collects behavioral signals from across its ecosystem and partner tools to identify which users pose the most risk. This information is then used to assign risk scores to individual users, much like a credit score for cybersecurity behavior. This approach allows organizations to identify high-risk users and take proactive measures to reduce the risk of cyber attacks. Van Zadelhoff noted that about 8% of users at a typical organization are causing 80% of the risk or damage, emphasizing the need for targeted interventions to address human risk. By using AI and behavior scoring, organizations can identify and mitigate potential security threats before they become incidents.

Behavior Modification through Nudges and Micro-Training
Mimecast’s approach to reducing risk is not just about identifying high-risk users but also about modifying their behavior through nudges and micro-training. The company believes that by providing users with targeted training and reminders, they can reduce the likelihood of human error and improve overall cybersecurity posture. This approach is critical in today’s digital landscape, where employees are increasingly using cloud-based tools such as Slack, Teams, and Zoom to collaborate and communicate. By providing users with the right training and resources, organizations can empower them to make better decisions and reduce the risk of cyber attacks.

The Need for Archiving and Auditing
Van Zadelhoff also emphasized the critical need for archiving and auditing in tools such as Slack, Teams, and Zoom. As employees increasingly use these tools to communicate and collaborate, it is essential to have a record of all interactions and activities. This not only helps to identify potential security threats but also provides a audit trail in case of an incident. Archiving and auditing are critical components of a comprehensive cybersecurity strategy, and organizations must prioritize these capabilities to ensure the security and integrity of their data.

Investment in Asia-Pacific
In addition to discussing Mimecast’s approach to cybersecurity, van Zadelhoff also talked about the company’s investment in Asia-Pacific outside Australia and New Zealand. The region is experiencing rapid growth, and organizations are increasingly looking to invest in cybersecurity solutions to protect their assets. Van Zadelhoff noted that Mimecast is committed to supporting this growth and is investing in the region to provide organizations with the cybersecurity solutions they need to succeed. This investment is critical, as the Asia-Pacific region is becoming an increasingly important hub for business and commerce, and cybersecurity will play a vital role in ensuring the security and integrity of this growth.

Conclusion
In conclusion, the cybersecurity industry’s primary vulnerability lies in the person behind the keyboard, and human error remains a significant source of risk. Mimecast’s approach to cybersecurity, which includes behavior scoring, nudges, and micro-training, is a critical step in addressing this risk. By providing users with targeted training and resources, organizations can empower them to make better decisions and reduce the risk of cyber attacks. Additionally, archiving and auditing are critical components of a comprehensive cybersecurity strategy, and organizations must prioritize these capabilities to ensure the security and integrity of their data. As the Asia-Pacific region continues to grow and evolve, investment in cybersecurity will be critical to ensuring the security and integrity of this growth.