Almost half of information security leaders believe that if a significant breach happens to their organization, an end user will be at fault, according to a Dark Reading survey released in late 2021.
The survey results confirm a long-held belief in security circles: End users who unknowingly break security policy or act negligently provide the greatest threat to enterprise security.
While this belief comes from years of data and observations, it may also be nearing a tipping point. The growth of monitoring and remediation tools, and new ways of thinking about security is creating a new paradigm where end users go from a liability to a strength.
The new security team
An organization’s information security traditionally fell to specific job titles. In some cases, this may be a simple IT administrator for many smaller organizations, while larger organizations may have a full dedicated team.
Organizations today utilize hundreds of SaaS applications. In today’s work environment, nearly everyone from the CEO down to summer interns uses SaaS applications and can start to play a more prominent role in defense.
Today’s new security structure leverages all levels of an organization. Let’s look at each in more detail:
Employees can take a more substantial stake in helping an organization defend applications. That’s not to say all staff must become security experts, but they should understand how to recognize a threat and have the tools to mitigate it quickly.
Leveraging employees in this manner empowers them to help ensure the security of the organization. After all, employees use these SaaS applications throughout their daily workflow. As a result, they can quickly see if something seems amiss with the tools they commonly use.
These additional eyes can provide a valuable early warning system. Modern security tools can make employees active defense members, not just bystanders. They can become involved in solving problems, identifying vulnerabilities or sharing abnormal behavior, which improves an organization’s security posture.
Time for a change in security
The development and increased use of SaaS solutions have created a new status quo for business operations. The days of static systems living on a desktop or a local server will soon no longer exist. As a result, organizations need to leave the security practices used to protect these tools in the past. Instead, leaders must see how this shift in how employees use technology requires new solutions and strategies to find success.
Today, employees better understand organizational security challenges, and many grew up as digital natives accustomed to working online and interacting with connected technologies. Therefore, leaders should aim to empower their employees to become part of the security process and an active part of the defense. This does not mean security teams lose control over security solutions, on the contrary – security teams should always have the upper hand with full visibility and control over all security processes. But the mundane daily work of revoking tokens, permissions or shared data can be lifted off their busy shoulders and transferred to the capable hands of the users who best know the business context of the apps they chose to use.
This content was originally published here.