Human sensors: How encouraging user reporting strengthens security
by Scott Greaux - VP of Product Management and Services, PhishMe - Tuesday, 14 May 2013.
Despite the pervasiveness of cyber-attacks threatening the enterprise security today, many organizations are still not taking advantage of their most widely deployed security asset: people.

Adversaries, including cyber criminals, nation-states, and hacktivists, are actively targeting employees, and by not encouraging users to report suspicious emails, organizations are missing a huge opportunity to gather vital information about threats. Developing a formal process for users to report suspicious emails provides real-time threat information, and allows for improved response and mitigation activities. Still, many organizations resist encouraging user response, citing a variety of reasons for not doing so, including a lack of manpower to process reports and a belief that there is limited value in user reporting anyway.

However, encouraging user reporting is not only beneficial, but can be done in a manner that avoids the common pitfalls and doesnít substantially tax your staff.

What are the benefits?

Encouraging your users to report suspicious emails is akin to literally adding thousands of new sensors to your network. Upon receiving a report of a suspicious email administrators can initiate reactive response controls such as removing similar emails from usersí inboxes, redirecting and capturing command and control traffic, and blocking outbound traffic at your gateway. In the event of a compromise, you are able to more quickly and more effectively contain the damage.

Once user reporting becomes part of your culture, it will provide actionable data. Tracking the reports sent by individual users allows you to increase monitoring on certain machines as well as recognize users who provide valuable reporting data.

Can my users really provide useful information?

Many security administrators take the mistaken view that their users canít be a source of valuable information. In my experience, most users want to do the right thing, but they havenít been given enough information about what to look for or what to do if they receive something suspicious. By educating them on how to recognize the typical signs of a phishing email, and establishing a simple process for reporting, your user base can become a line of defense that is more effective than all of your technology.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th