Code42 launched the Code42 Instructor microlearning
solution, a new Insider Risk education offering that improves Insider
Risk awareness by focusing on the creation of holistic,
security-oriented cultures. The solution delivers actionable,
hyper-targeted and bite-sized lessons to end-users when they're needed
most, helping to change security behavior for the long term. Instructor
can be used directly with the Code42 Incydr product to decrease
accidental risk with right-sized, right-timed situational guidance
that's relevant for specific end-users at the moment of impact.
According to a 2021 survey by Code42 and CyberSecurity Insiders, 71% of security leaders reported that
they are most concerned about an inadvertent [negligent or accidental]
data leak. And they're right to be worried: risk from insiders is
pervasive and can account for the loss of up to 20% of annual revenue. At a time when employees average 13 data exposure events per user per day, security teams require scalable solutions that focus on contextual education.
"Collaboration
tools are essential to how the hybrid workforce operates. Is it any
surprise then that source code and customer pricing plans end up in
personal email and cloud storage accounts without employees giving it a
second thought? Insider Risk is pervasive, and to address it requires
transparency, training and technology," said Joe Payne, Code42 president
and CEO. "Instructor delivers on all three of these fronts. It provides
role and topic-specific lessons in the moment to help employees learn
how to make smart security choices."
Security
awareness and education is paramount to any security and risk strategy;
however, awareness training is often generalized or only provided to
employees on an annual basis or upon employment. This approach provides
minimal opportunity for contextual understanding. The Code42 Instructor
solution helps organizations rapidly mature their Insider Risk
Management programs by incorporating data-driven Insider Risk behavioral guidance for
end-users. Instructor was built with a presumption of positive intent
and will offer lessons to be shared as needed, in a hyper-targeted way.
This also allows end-users to self-correct so security teams can focus
their efforts on risk incidents that require in-depth investigation.
"Human
error is now recognized as a key contributor to the overall risk
profile of an organization. Unfortunately, as an industry, we're still
struggling to manage this risk," Jinan Budge, Principal Analyst, Forrester Research.
Code42 Instructor Microlearning: Building a Security-Aware Culture
Security
awareness and education programs are intended to change user behavior,
improve risk posture and deliver value to organizations. To meet those
goals, the Code42 Instructor solution provides proactive, situational
and responsive lessons. While a proactive lesson might focus on security
best practices, situational lessons are
designed for a specific user or group - departing employees, for
example. Responsive lessons are delivered at the moment risky behavior
occurs and are triggered by employee activity.
To
keep the lessons highly relevant and contextual for end-users, lessons
are also designed to specifically address risks that are role specific.
For example, lessons for software engineers will address how to keep
source code safe, while the lessons for marketing will focus on keeping
marketing data safe. Similarly, the Instructor offering will have
lessons that target specific technologies used in an organization, such
as lessons that are specific to proper use of Microsoft OneDrive, Slack
and so on.
Initially, there will be two Instructor offerings for organizations to choose from:
Code42 Instructor
The
standard Instructor offering will include proactive, situational and
responsive lessons. This package is best suited for security teams that
need to add Insider Risk education to an existing training program or
expand their current capabilities to correct end-user behavior.
Instructor with Code42 Incydr
For
security teams implementing a holistic end-to-end Insider Risk
Management program, this offering will integrate Code42 Instructor with
Code42 Incydr to automate right-sized response lessons to end-users
based on Insider Risk Indicators that show accidental or negligent user
activity. Additional lessons for proactive training will also be
included.
All
lessons will be available for custom branding, allowing companies to
include their own logos and contact information, ensuring each lesson
aligns appropriately with that company's culture and brand. Both Code42
Instructor and Instructor with Code42 Incydr will be made generally
available in the fall of 2021.
The Importance of Right-Sized Response for Insider Risk Management
The Code42 Right-Sized Response methodology
- a philosophy built on the principle that every organization has a
different risk tolerance - helps security teams to detect and respond
quickly and effectively when employees put corporate data at risk. By
aligning security teams' response to risky employee behavior with
organizational risk tolerance, Code42 helps to reduce alert fatigue and
improve the scalability of automated responses.