Human sensors: How encouraging user reporting strengthens security
by Scott Greaux - VP of Product Management and Services, PhishMe - Tuesday, 14 May 2013.
Despite the pervasiveness of cyber-attacks threatening the enterprise security today, many organizations are still not taking advantage of their most widely deployed security asset: people.

Adversaries, including cyber criminals, nation-states, and hacktivists, are actively targeting employees, and by not encouraging users to report suspicious emails, organizations are missing a huge opportunity to gather vital information about threats. Developing a formal process for users to report suspicious emails provides real-time threat information, and allows for improved response and mitigation activities. Still, many organizations resist encouraging user response, citing a variety of reasons for not doing so, including a lack of manpower to process reports and a belief that there is limited value in user reporting anyway.

However, encouraging user reporting is not only beneficial, but can be done in a manner that avoids the common pitfalls and doesnít substantially tax your staff.

What are the benefits?

Encouraging your users to report suspicious emails is akin to literally adding thousands of new sensors to your network. Upon receiving a report of a suspicious email administrators can initiate reactive response controls such as removing similar emails from usersí inboxes, redirecting and capturing command and control traffic, and blocking outbound traffic at your gateway. In the event of a compromise, you are able to more quickly and more effectively contain the damage.

Once user reporting becomes part of your culture, it will provide actionable data. Tracking the reports sent by individual users allows you to increase monitoring on certain machines as well as recognize users who provide valuable reporting data.

Can my users really provide useful information?

Many security administrators take the mistaken view that their users canít be a source of valuable information. In my experience, most users want to do the right thing, but they havenít been given enough information about what to look for or what to do if they receive something suspicious. By educating them on how to recognize the typical signs of a phishing email, and establishing a simple process for reporting, your user base can become a line of defense that is more effective than all of your technology.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st