Security Awareness Blog

Leveraging The HumanOS For Detection

When dealing with the human issues of information security, I find myself more and more comparing people to operating systems. Computers store, process and transfer information, so to do people. We already have a variety of policies, processes, and procedures in place to securing operating systems, why re-invent the wheel when we can re-use many of the same lessons learned. For example, securing HumanOS, just like any other OS, is a never ending process. Just as you have to continually patch your computers, so to should you have an active awareness program that is constantly communicating to people. Just as no computer can be 100% secure, the HumanOS shares the same limitations.

But just like any other OS, you can leverage the human for other things. Traditionally awareness and education has been all about prevention, building the "Human Firewall". Why limit ourselves to that? Why not leverage the HumanOS to also become part of detection and response, to become a human sensor. For example, teach your end users what to look for and whom to report it to. Yes, they may have fallen for the phishing email, but if they (or someone else) reports it then you can respond far faster. Teach your system administrators how to detect indicators of an intrusion (odd processes, abnormal network connections, unauthorized accounts added, large files). Teach your help desk to look for sudden spike in unusual activities, such as a sudden rise in password resets or systems infected. Just like any other detection technology the HumanOS is not perfect, it will have false positives especially at the beginning. However I truly feel the HumanOS is an untapped resource, and we need to go beyond just teaching them how not to fall victim, but how to help detect and respond to today's latest attacks.