Omnisperience the leading independent analyst and advisory firm focused on the B2B Telecoms Service Providers, their Vendors and Customers, has outlined a new cybersecurity category that focuses on the biggest risk that businesses have – the behaviour of their users. In its new green paper, ‘Introducing new cybersecurity category: User Isolation Protection’, the firm argues that optimising cybersecurity effectiveness requires businesses to make protecting users and their data their primary purpose.
Despite the best efforts of cybersecurity professionals and vendors, businesses are increasingly in the cross-hairs of cyber criminals, who are focusing on ever-more lucrative targets. Since the COVID-19 crisis began, the risk to businesses has substantially increased, due to more people working from home for the first time, businesses redeploying cybersecurity staff just to keep the lights on, and a wide range of new, unfamiliar and untested technologies having been ingested by businesses.
As is always the case, humans remain the weakest link in the cybersecurity chain. They want to connect from more places, to more things, and don’t want onerous security checks to slow them down. They’re also fallible and prone to making mistakes. It still only takes one employee to fail to spot a spear-phishing scam or visit a malware-contaminated platform to compromise an entire network. At risk is data, money, reputation and significant fines as a result of not complying with hard-hitting regulations such as GDPR.
Omnisperience argues that companies need to evolve beyond traditional approaches to cybersecurity that focus on features and single risk areas. Instead, they need to realign offerings around a new purpose, which is to protect the most vulnerable target of attacks – the user. By protecting the user, and making security intuitively and automatically part of the user’s digital experience, companies can move from mopping up breaches and firefighting cyber-attacks to proactively preventing future incidents that critically damage data, systems and businesses.
Omnisperience calls this User Isolation Protection (UIP), which involves securely isolating the user without compromising their capability to engage with their chosen platforms or systems. This new category does not invalidate current cybersecurity offerings, but rather it makes them more effective by clarifying their goal and purpose. This helps companies identify where they have gaps in their current cybersecurity estate and informs their purchasing of new technology.
“Until now, cybersecurity has largely been adopted and enriched retrospectively and reactively in response to an incident, with individual products focused on specific points of risk,” says Omnisperience’s Kevin Bailey. “Omnisperience advocates that by clarifying the real purpose of cybersecurity approaches and focusing on the most vulnerable point of entry – the user – cybersecurity offerings can be utilised more effectively and new technology can be adopted more confidently”.
Bailey goes on to say that for cybersecurity approaches to be optimally effective they have to be comprehensive and non-intrusive, as cyber criminals will use ‘Air-Gaps’ to attack users, and humans being human will find workarounds or become frustrated if security provisions are too onerous. He continues: “The new UIP security category does two important things: it clarifies the purpose of the industry’s approach, which is to protect the user, and it emphasises the critical requirement for optimal efficacy which is the need for cybersecurity to be user-friendly and unintrusive”.