Mimecast has launched its Human Risk Management (HRM) platform, in response to customer and market demand for a more effective means of mitigating risk brought on by employee mistakes and user errors.
The platform will provide visibility into an organisation’s risk profile, scoring users by risk and allowing security teams to educate and protect the riskiest part of their employee base.
A small number of users tend to cause the majority of security issues. But, to date, organisations have invested in disconnected security point products, resulting in security professionals who cannot differentiate risk across employees, and frustrated end users who ignore continuous security warnings and bypass disparate controls – all of which ultimately increases both human and organisational risk.
Mimecast’s connected HRM platform, which is built on a central risk engine, is designed to prevent the evolving and sophisticated threats targeting human error within organisations.
The new platform will offer preventative controls and direct actions that will mitigate the risk associated with human behaviour such as an errant click of a link, the opening of a malicious attachment or inadvertently sharing a document.
In an increasingly connected world, employees have access to a myriad of collaboration tools and unlimited access to organizational data, making them prime targets for complex attacks such as business email compromise (BEC) and phishing, but also makes them more prone to errors as they are constantly multi-tasking and have multiple tools open at the same time. Traditional security measures often fall short in addressing these human-centric risks, leading to significant vulnerabilities.
“Our platform is centered around protecting organizations from employee mistakes and user error, aligning key defense and data controls to offer one of the most comprehensive approaches to human risk management,” says Mimecast CEO, Marc van Zadelhoff. “We provide a single solution that brings together multiple technologies – from Mimecast and dozens of partners – to help organisations protect collaboration and engage employees in risk mitigation.”
The HRM platform is engineered to include a unique human risk dashboard, providing security teams with company-wide human risk scoring and visibility based on event data from both native Mimecast metrics as well as data from current and future integrations with third party tools.
In addition to increased visibility at the organisation-wide, group, and individual levels, this dashboard is designed to also quantify attack factors measuring the frequency and severity of inbound threats, with plans to analyse inbound phishing attempts, blocked malware, malicious web content loaded by visited websites, and more. With full visibility into this data, organizations can tailor security strategies specifically, including awareness initiatives that provide more training to those who need it and less to those who don’t.
A key pillar of the platform is the company’s new human risk awareness training offering, Mimecast Engage, which redefines how security leaders can manage human risk.
Traditional security awareness programs take a standardised approach, rendering IT leaders unable to identify high-risk employees or effectively mitigate the risky behaviour.
Mimecast Engage technology, the result of the integration of Elevate Security technology acquired in December 2023 with Mimecast’s awareness training product, combines to eliminate blind spots by offering extensive visibility into employees’ risky behaviors powered by the human risk dashboard and adapting interventions to each individual’s unique risk profile. This approach also helps increase productivity as the lower risk employees are interrupted far less with training tasks, enabling them to focus on more critical business activities.
“Mimecast Engage awareness and training empowers security teams to identify and reduce risky behavior with smarter, more targeted training,” says van Zadelhoff. “It leverages risk insights from the Mimecast ecosystem and beyond to deliver contextual interventions at the point of risk, helping to ensure a more secure worksurface.”