Although the cybersecurity sector is always rattled by new trends, such as the ever-increasing sophistication of attackers and the increased risks from the data economy, there is a common element in all of them: human error.

A human-centered solution for employee risk is the focus of Elevate Security Inc., which uses data that companies already have to classify an employee’s risk based on their security actions and offers personalized communications that guide employees to improve security habits.

“The biggest number I’ve seen so far is something like 95% of breaches have human error,” said Masha Sedova (pictured), co-founder of Elevate Security, which was founded three years ago by two former Salesforce.com Inc. employees. “But, honestly, I can’t tell you what are the 5% that don’t include it, because if you go back far enough … there’s a human being at the core of every breach.”

Sedova spoke with John Furrier, co-host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed Elevate Security’s approach to the cybersecurity market, how companies can develop a culture of security and the benefits that can be achieved.

Treating human errors holistically

Human errors need to be treated as holistically as companies’ technologies and processes, according to Sedova. This approach begins with the visibility of existing data sets that most organizations that have a basic level of maturity already possess.

“We can use your imprint protections, your [data loss prevention] solutions, your proxies, your email security gateways to understand what your employees are doing on the network and see if user-generated incidents are getting better over time or getting worse and to understand how you should be orchestrating your program in this space,” Sedova explained.

Goals of this strategy are to reduce phishing click-throughs, increase reporting rates, reduce malware infection rates, and improve sensitive data handling.

Since the human element is a ubiquitous problem, Elevate Security is in more than a dozen different sectors. “We really work well with larger enterprises because they tend to have the data sets that really provides insights into human behavior,” Sedova stated.

The best time for companies to invest in a culture of security is to begin managing employee risk for problems happen. But, it’s never too late to get a handle on employee risk, according to Sedova.

“Post-breaches or post-incidents is a really great time to come in and look at your culture because people are willing to suspend their beliefs of what good behavior looks like, what’s acceptable,” Sedova pointed out. “By investing a little bit in your organization now, the impact you have on your culture and investing on future decision, future mistakes that never get made, is actually untold.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

Photo: SiliconANGLE