Human Detection and Response: A New Approach to Building a Strong Security Culture

Jelle Wieringa analyzes the differences between HDR and security awareness training and how HDR addresses the security layer of human risk management.

March 23, 2023

4 Min Read
Dark Reading logo in a gray background | Dark Reading

Human detection and response (HDR) is a new approach to cybersecurity that focuses on identifying and responding to threats that originate from human activity, such as phishing attacks or social engineering tactics. Traditional security awareness training (SAT), on the other hand, aims to educate employees on best practices for staying secure online and avoiding common cybersecurity risks.

A key difference between HDR and SAT is what they focus on. While SAT typically emphasizes prevention, HDR focuses on analyzing and responding to security incidents that have already infiltrated an organization. This can include monitoring network traffic for unusual behavior, analyzing user behavior to identify potential insider threats, and users neglecting to follow an organization’s IT policies.

These events typically consist of security alerts, based on indicators of compromise (IoCs), that are collected by an organization's existing security stack. These are used as triggers to generate an alert to dedicated technologies that sit alongside traditional security categories within the security stack, such as firewalls, intrusion prevention, extended detection and response tools, and security event and information management systems. These dedicated technologies are uniquely positioned to monitor, identify, detect, and respond to user-related security activity and behavior.

HDR and traditional SAT are complementary. By enabling users to make better security decisions, security awareness training helps prevent many common social engineering threats. Meanwhile, HDR provides an added automated layer of protection by analyzing and responding to threats that may have slipped through the cracks. Combined, SAT and HDR help to actively reduce risk to organizations.

A Multifaceted Approach to Building a Security Culture

HDR is an effective tool for building a strong security culture within an organization. By emphasizing the importance of analyzing and responding to security threats, HDR helps employees understand the critical role they play in protecting sensitive data and systems. This creates a sense of ownership and responsibility around cybersecurity, encouraging employees to take a proactive approach to security.

HDR integrates a mindset of security into the daily operations of employees. It fuels an intrinsic motivation in employees to make better security decisions by employing nonintrusive, behavior-boosting techniques that increase the user's awareness and responsibility levels.

Additionally, HDR helps reinforce the message that security is everyone's responsibility, not just the job of the IT department. By involving employees in the detection and response process, organizations create a culture of vigilance and collaboration that encourages individuals to watch out for one another.

By integrating HDR into a broader security awareness program, organizations create a culture of security that permeates all levels of the organization, from frontline employees to executives. This leads to a more secure and resilient organization that is better equipped to protect against a wide range of cyber threats that target an organization’s largest attack surface: their employees.

Addressing the Security Layer of Human Risk Management

HDR significantly improves an organization's ability to manage human risk by automatically responding to threats that arise from human activity. By monitoring user behavior and analyzing data for anomalies, HDR detects and mitigates risks such as insider threats, phishing attacks, and other social engineering tactics. This helps organizations address human risk, minimize the impact of security incidents, and ultimately protect sensitive data and systems from compromise.

Because of the automated nature of HDR technologies and their integration in an existing security stack of an organization, they provide a proactive form of security. Where traditional security measures that focus on the human factor often take an approach of trying to prevent attacks, HDR acts at the moment an attack has slipped through these prevention methods. It provides an additional layer of security through real-time detection and response, thereby increasing the organization’s resilience and reducing risk.

The Three Big Benefits

The three biggest benefits are increased visibility for security operations through specialized threat detection and response, improved incident response times, and enhanced visibility and control by giving security operations the ability to enable response mechanisms in response to risky user behavior.

First, HDR enables organizations to analyze and respond to attacks that originate from human activity, like phishing attacks or social engineering tactics that have successfully escaped the users’ notice.

Second, by automating the detection and response process, HDR significantly reduces security operations center (SOC) alert noise and incident response times, minimizing the impact and damages of security incidents on the organization.

Finally, by providing enhanced visibility and control over user intended and unintended behavior, HDR helps organizations manage human risk and protect sensitive data and systems from compromise.

About the Author

Jelle Wieringa

Jelle Wieringa has over 20 years of experience in business development, sales, management, and marketing. In his current role as security awareness advocate for EMEA for KnowBe4, he helps organizations of all sizes understand why more emphasis is needed on the human factor, and how to manage the ongoing problem of social engineering. Previously, Wieringa was responsible for building an AI-driven platform for security operations at a leading managed security provider. Wieringa holds the SACP certification.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights