How VillageMD Is Driving Proven &
Lasting Change In Security Culture
With Unify Insights
“How do you use that data to empower the business, to make the change? Because if we’re a compliance-based security awareness program and just pushing people to change, then we’re telling them what to do as opposed to showing them the data and to empower them to want to change on their own. No one goes to work in the morning and says, ‘Hey, today I want to be the least secure employee in the company.’ So if we provide that data to them, then it’s an opportunity to be like, ‘Wow, didn’t realize that I had this blind spot, and I need to correct it.'"
CISO of VillageMD
MEASURE WHAT YOU WANT TO KNOW AND REPORT ON WHAT YOU WANT TO CHANGE
After spending hours and weeks to make sense of the raw data, Dan and team were able to identify some points of interest. One point of interest was a team within the organization was under more significant threat than other divisions due to their access, but the question remained: ‘How do you make sure that your team is secure and prepared for the attacks they are facing, without embarrassing people, punishing them, violating privacy, or disempowering them?’
In another sense, now that we know where this significant risk is in our business, what actions can we take to decrease the potential threat? In Dan’s words, he believed that the best way to mitigate the human side of risk or to manage human risk is to “measure what you want to know and report on what you want to change.”
That meant he needed to be able to parse all of that data in a way that provided actionable pathways for change in a way that could also be efficiently and clearly communicated to key stakeholders higher up the chain.
FINDING EFFICIENCY AND SCALE TO DRIVE
With his initial view into the data, Dan was able to find high risk areas to then focus his team’s efforts to mitigate risk to the organization. This test proved to be worth the effort to scale this approach for easier measuring, reporting, and decision making going forward. Dan chose Living Security’s Unify Insights human risk management solution to help with this initiative at VillageMD.
HUMAN RISK MANAGEMENT
Unify Insights allows Dan to not only focus on which departments are exhibiting the most cyber risk, but it provides him with the intelligence and context he needs to focus on what to do with the information. For example, he notes “90% of the risky activities by the VillageMD workforce have a legitimate business reason for them”. Unify Insights helps Dan have the context he needs to discuss the risky behaviors, present the business reasons on why this behavior needs to change, and what actions the security organization can take to mitigate this risk.
“Traditional security and awareness is one of the few departments on the security team that didn’thave any really good technical tools. And so for the first time with Unify Insights, you’re empoweringthem with the data that you already have. I believe human risk management is the future oftraditional security awareness, and we are excited to be on the leading edge of that.”
ABOUT LIVING SECURITY
Living Security is a cybersecurity training company, working to reduce cyber risk through impactful, human-focused training.
Living Security’s focal point is decreasing human error–the greatest cybersecurity risk enterprises face–through immersive and intelligence-driven training solutions. Their science-based approach drives user engagement and reinforces positive security behaviors, integrates threat intelligence to train on the most relevant user-facing threats and delivers metrics that enable companies to measure the effectiveness of the program.