Platform

Unify HRM Overview

Platform

Capabilities

Identify: Human Risk Operations Center (HROC)
Dashboards

Power Insights

Benchmarks

Protect: Action Plans
Nudges: Communications & Employee Scorecards

Training: Risk Based SAT and Phishing

Orchestration: Policy Playbooks

Report: Human Risk Index (HRI)
Employee Scorecards

Manager Reporting

Board and Executive Reporting

Bundles

Unify Go
Start your journey to HRM here.

Monitor risk by:

Security Training Compliance

Phishing and Email

Unify Enterprise
Covers risk in Unify Go and adds:

Malware & Ransomware

Data Loss

Account Takeover

Featured Resources

Living Security Blog
What is Attack Surface Management?
link

Living Security Blog
Why Your Team Should Have A Business Continuity Plan
link
Solutions

Solutions Overview

Solutions

By Role

CISO
Provides CISO’s, executives, and boards a complete picture and prioritization of workforce risk by type, department, location, and more.
link

Security Awareness Team
Go beyond training completion and phishing click rates and proactively safeguard your organization from human-induced security incidents.
link

GRC
Identify, resolve and track commonly violated policies with granular accuracy to lower risk and improve workforce compliance.
link

SOC/IR
Unleash the true potential of your human firewall with data-driven insights and action plans that curb threats before they become incidents.
link

By Risk

Training Compliance
Monitor training compliance status for users and segments across the enterprise.
link

Phishing & Email
Identify the users most and least at risk to social engineering attacks and protect them.
link

Malware & Ransomware
Proactively protect users from malware including viruses, worms, Trojan viruses, spyware, adware, and ransomware.
link

Data Loss
Pinpoint when data is at risk of leaving your controlled environment through unauthorized access or malicious intent.
link

Identity Threats
Get visibility into the most susceptible users for account compromise and mitigate their risk.
link
Products

Products

Products Overview
Transform how your organization approaches Security Awareness and Training by shifting to a proactive HRM approach that creates a strong culture of security.

Living Security Blog
What is Attack Surface Management?
link

Unify Human Risk Management
Establish a proactive security loop.
Security Awareness Training
Interactive compliance training for modern threats.
CyberEscape Rooms
Put your team in the center of security scenarios
Cybersecurity Awareness Month
Create a cyber vigilant workforce in October
Cybersecurity Engagement Training Go beyond compliance training Phishing
Stop social engineering attacks in their tracks with realistic simulations and training
across phishing, vishing, smishing, and more.
HRM

HRM

Human Risk Management: Proactive Security
Human Risk Management (HRM) is the process of identifying, assessing, and mitigating risks associated with human behavior in relation to an employee's use of technology.
HRM Maturity Model
How far is your company along the path to true proactive security?

Living Security Blog
What is Attack Surface Management?
link
Resources

Resources

Resources
Level up on Human Risk Management with a comprehensive collection of webcasts, whitepapers, ebooks, and more.
Blog
Access hundreds of informative blogs with deep dives and best practices relating to the full array of cybersecurity risks we face.
Webinars
Watch dozens of webinars tackling some of cybersecurity’s biggest challenges featuring thought leaders from leading organizations.
Case Studies
See how a variety of organizations utilize Living Security’s HRM Platform, Training, and Phishing to reduce risk with proactive defense.

Partners
Human Risk Management Powered by Partners.
Technology Alliance Program
Extend the value of your offering with HRM.
Partner Support
Unlock your potential with our partner hub.

Living Security Community Share HRM best practices Newsroom Read the latest news on Living Security. Support
The more you know, the more you grow.
Why Living Security
Establish a proactive security loop.
Start Now

December 9, 2022

7 Human Risk Management and Cybersecurity Terms You Should Know

When it comes to cybersecurity, jargon gets thrown around like confetti. If you’re new to the field, you might not be familiar with all of the cybersecurity jargon. Even as a security professional, the security and awareness space is constantly evolving and adapting, and there maybe terms you are unfamiliar with.

Wherever you are on your cybersecurity career path, it’s important to stay informed.

The following seven cybersecurity terms have been gathered to help readers get a better understanding of the main components of Cybersecurity and Human Risk Management. Even if you’re familiar with som

e of the terms, considering their connection to the human risk element is important as security programs shift towards a Human Risk Management focus.

7 Human Risk Management and Cybersecurity Terms You Should Know

1. Human Risk Management

What is Human Risk Management? Human Risk Management is a cybersecurity keyword because it’s an approach that focuses on identifying the riskiest human behaviors of individuals and groups within an organization. The 2022 Verizon Data Breach Investigations Report indicated that “82% of breaches involved the human element, including social attacks, errors, and misuse.”

Being able to identify this human element and observe risky behaviors before they turn into breaches allows cybersecurity professionals to provide opportunities to prevent incidents through training and education that changes human behavior.

2. Insider Threat

An Insider Threat, also known as an Insider Risk, is an individual within your company or organization who is engaging in risky behaviors, whether intentionally or unintentionally. While some insider threats may be caused by a lack of understanding of proper security measures or an accident that the employee isn’t even aware of, some are also caused by intruders with a deliberate intention to cause harm to an organization’s infrastructure, like through exploiting vulnerabilities or leaking sensitive data on purpose. It’s important to be able to monitor and identify these threats, whatever their cause may be.

3. Risk Assessment

A Risk Assessment is the overview of the threats that an organization may face, the cause behind them, and what the impact may be. It serves as a high-level analysis of potential threats that allows a Program Owner to effectively monitor them in order to safeguard the organization, and communicate back to CISOs and key stakeholders. Typically, a traditional risk assessment relies on estimations and as much data as can be gathered about threats and vulnerabilities.

By incorporating Human Risk Management into a risk assessment, cybersecurity leaders are given a much more accurate view of the human risk element and can not only assess and plan for threats, but adjust their strategies to redirect unwanted behaviors. Additionally, this cycle of gather-analyze-monitor-redirect-report shows whether or not the training has effectively changed behaviors.

4. Ransomware

Ransomware is a piece of malicious software that holds a user’s data hostage until money has been paid to the attacker. It’s a form of cyber extortion, and it’s been increasing more and more globally. Verizon’s 2022 Data Breach Investigations Report indicated a 13% increase in ransomware breaches, which is “more than the last 5 years combined.”

Ransomware is concerning for an individual, and incredibly dangerous for an organization; individual files may be encrypted, deleted, stolen with a serious consequence to the individual, but for an organization, a ransomware attack can take down an entire system, leak more than just one individual’s data, and leave the whole organization’s infrastructure dead in the water. Knowing how to prevent ransomware from being installed in the first place can prevent untold amounts of damage.

5. Phishing

Phishing is a form of email-based cybersecurity attack which pretends to be from a legitimate source, in order to coax the recipient to click a link or provide personal or company data. For example, an email may pretend to be a critical software update, but when the user clicks the link, ransomware or some other virus is installed instead.

Or, an email may pretend to be from the company itself, or even from the company’s IT or Security department, prompting a virtual user to perform some fraudulent security action that is not what it seems. Training virtual employees how to identify phishing schemes empowers them to take appropriate action when confronted with one, and potentially avert a company-wide disaster.

6. Scareware

Scareware and Phishing are similar cybersecurity words, but instead of Scareware coming in through an email, it appears on a website as a pop-up or other notification that frightens and confuses the virtual user into believing that their computer has been compromised. Again, like phishing, it seeks to either install malicious software or harvest personal credentials.

Either way, scareware is dangerous because it preys on inexperience, fear, and the willingness an employee may have to try and do the right thing although they may not know how. Through understanding the human factor in cyber risk, the riskiest users and groups can instead be educated to perform the correct action.

7. Social Attacks

Phishing, ransomware, and scareware are all examples of Social Attacks: Techniques that use fear, anxiety, urgency, shame, deception, and other forms of psychological manipulation to trick people into making mistakes. Social attacks begin with gathering information about your company and then using that specific information to target users and groups that appear to be the most vulnerable. Whether it’s a phishing attack that sends “Critical Security Update!!” alert emails to your entire organization with malicious links, or a fake version of a company’s secure site used to capture passwords, social attacks thrive on manipulating human behavior, and exploiting weakness.

Getting Started With Human Risk Management

There is a lot of cybersecurity terminology out there, it would be impossible to cover it all. We selected these terms to showcase how important Human Risk Management truly is to a company’s cybersecurity infrastructure—not just for now, and not just for these known forms of hacking, but as an enduring philosophy that considers human behavior, not just tech-based threats or brute-force attacks.

If social attacks capitalize on fear, ignorance, and manipulating human behavior, then the strongest defense against them is knowledge. Human Risk Management can help showcase where the weakest individuals and groups are in your organization so that you can effectively change human behavior. If you’re interested in more information, check out our resources for Cybersecurity Awareness Month. Or, to learn more about how Living Security is changing the Security Awareness & Training arena, click here for a preview of our Unify HRM platform.