On the concept of a human firewall

relemedf5w023 · Post by **relemedf5w023** » Sun Feb 09, 2025 7:45 am

But there is a broader concept at play here: a firewall is not simply a software application or a physical device that serves as a demarcation point between the corporate structure and the rest of the world. Instead, a human approach to the firewall aims to provide each end user with a combination of tools, threat awareness, and security best practices, and to instill in them an understanding of the importance of their role in securing the enterprise.

The idea of using a human firewall strategy to secure an enterprise has been around for years. While the end user has always been an important aspect of any security effort, 2021 and 2022 seem to be the tipping point, with the need for a human firewall coming to the forefront.

Research conducted during this period by the World senegal mobile database Forum , IBM, and Cybint found that 90 to 95 percent of breaches were caused by human error. A joint study conducted around the same time by Stanford and Tessian found that human error was responsible for 88 percent of data breach incidents.
Soon after, KPMG began educating its clients about the human firewall as a way to ensure secure behavior and remove the human element from cybersecurity. It defined a human firewall as “people who follow best practices to prevent and report any data breaches or suspicious activity.”

Just recently (February), Metomic, a company specializing in protecting sensitive data in SaaS applications, introduced a set of human firewall features for the SaaS versions of Google, Slack, and MS Teams. The new features perform several security enhancement tasks, while shifting some of the burden from IT and security departments to the users themselves.

For example, one feature automatically sends real-time notifications to Slack when a user violates a data policy. Another feature sends employees automatic reminders if data they've shared in one of these apps in the past could pose a potential risk.

Christopher Russell, CISO at tZERO, notes that this is a growing problem. Employees are under pressure to work quickly and often share sensitive data across common SaaS applications. They think, “I’ll just share it on Slack and then delete it, and everything will be fine.”

This is all well and good until someone hacks the app and leaks data. Metomic performs data discovery on SaaS apps, and when it finds at-risk data, it automatically sends a reminder to the user so they can fix the problem.