This blog post is AI-Assisted Content: Written by humans with a helping hand.

Author’s note: This is an AI-generated summary of a webinar InterWorks hosted on May 29, 2025. The main presenter was Benjamin Darsigny, Regional Sales Manager — SMB. If you want to watch the whole webinar we summarized for this piece, feel free to watch it here!

The cybersecurity landscape has undergone a fundamental transformation over the past five years. With the shift to hybrid work models and the explosion of collaboration tools like Slack, Teams and Zoom, the way employees communicate and share data has evolved dramatically. Unfortunately, so have the risks. While organizations have invested heavily in sophisticated defenses for networks, devices and applications, one critical vulnerability remains largely unaddressed: people.

According to industry research, 68% of breaches involve a non-malicious human element. Yet despite this alarming statistic, over 80% of security spending focuses on protecting devices, networks and applications rather than the people using them. This disconnect leaves organizations dangerously exposed. Attackers know that no matter how advanced your technology is, it only takes one person making one mistake for them to be successful.

The Changing Nature of Work

The transition to hybrid and remote work hasn’t just changed where people work. It’s fundamentally altered how they collaborate and share information. Email, once the primary method of communication, now accounts for only about 28% of an employee’s workday. The rest is spent in other applications, collaborating through tools like SharePoint, OneDrive and various messaging platforms.

These new communication channels come with different contexts and conventions. Slack messages don’t read like email messages. They include slang, emojis and reactions that create great opportunities for collaboration but also represent new avenues for compromise. People tend to let their guard down more in these informal channels than they do with traditional email, creating additional security risks that organizations must address.

Enter Human Risk Management

Recognizing these evolving challenges, Mimecast has re-engineered its platform to focus entirely on what it calls the “human layer.” The company has made several strategic acquisitions over the past 18 to 24 months to build out a comprehensive human risk management platform. These include Elevate Security for awareness training and risk management, Code 42’s Insider solution for insider risk management, and AWARE for AI-driven data governance and compliance across collaboration platforms.

This expanded platform delivers three core pillars of value. First, it measures human cyber risk to provide visibility into risky behaviors and targeted attacks. Second, it empowers people through real-time training and feedback to help users make better decisions. Third, it protects what matters most with adaptive policies and advanced detection to prevent breaches before they happen.

At the heart of this approach is the Human Risk Command Center, a consolidated view of all risk signals gathered from Mimecast tools and other cybersecurity tools in an organization’s environment. The platform doesn’t just rely on Mimecast data. It pulls signals from endpoint solutions like CrowdStrike and Microsoft Defender, creating a comprehensive risk score for each user based on their actions, the attacks targeting them and the access they have.

A Different Take on Training

Traditional annual compliance training has proven insufficient for addressing modern threats. Mimecast takes a different approach, aiming for short, engaging content that people actually enjoy so they retain relevant security information almost by accident. The company has developed hundreds of TV-quality micro-learning videos, some as short as 10 seconds, that deliver targeted content at the right time.

These behavioral nudges engage users when risky actions are actually taking place rather than weeks later during a scheduled training session. The system is fully automated based on what users are doing, providing consistent education perfectly tailored to individual behavior. Additionally, personalized risk scorecards give users visibility into how their actions impact the organization as a whole, empowering them to take ownership of their role in keeping the organization safe.

One Mimecast customer, CrowdStrike, saw impressive results from this approach. Within just three months of implementing insider micro-training videos, they experienced a 13% drop in personal Google Drive usage and a 36% reduction in low to moderate risks, all without any hands-on management from their security team.

Rethinking Data Loss Prevention

Perhaps the most innovative aspect of Mimecast’s platform is its approach to data loss prevention through the Insider solution. Traditional DLP tools have earned a reputation for being overly complex, resource intensive and frankly not worth the effort. They typically require significant time and resources to deploy, and the return on investment can feel underwhelming because organizations must define perfect policies upfront, essentially making assumptions about their data before they can gain any visibility.

Incydr was designed from the ground up to address these challenges. Unlike legacy solutions, it doesn’t require complex policies before deployment. Instead, it can be implemented in just three to four weeks and provides complete visibility out of the box. The solution monitors all file movements across endpoints, browsers, email and cloud applications, collecting around 180 billion data points every 90 days to provide a comprehensive view of the data protection landscape.

The platform uses scenario-based analysis to identify both known and unknown risks. For known risks, organizations can create simple rules with just a few clicks. But for unknown risks, Incydr’s prioritization model surfaces hidden threats in a transparent, actionable way. Because the system watches every file movement and understands what sanctioned versus unsanctioned behavior looks like, it can make educated guesses backed by AI about what should and shouldn’t be happening.

Flexible Response Options

One of the most compelling aspects of Incydr is its flexible approach to incident response. Rather than defaulting to aggressive blocking that can disrupt legitimate workflows and create friction between security teams and employees, the platform enables tailored responses based on risk severity.

For low-risk incidents, automated micro-training videos educate users and correct behavior without involving the security team. Moderate-risk incidents can be documented and investigated with detailed information about file movements to support in-depth analysis. Only for high-risk incidents does the system take immediate action like blocking data transfers or revoking access.

This graduated approach prevents the common problem of organizations running DLP tools in monitor-only mode because false positives are too disruptive. It also addresses modern data exfiltration methods that go far beyond USB drives, including AirDrop, GitHub, Salesforce and generative AI platforms.

Looking Ahead

As AI continues to evolve, so does the cybersecurity arms race. Attackers are already using generative AI to improve efficiency in creating phishing attacks and other threats. Organizations must ensure their defenses incorporate AI in tangible, effective ways rather than just stamping AI on existing solutions. Mimecast continues to invest in AI-driven protections, including natural language processing for email analysis and cross-platform analysis capabilities that use AI to determine which filters to apply and when.

The modern work environment demands a new approach to security, one that recognizes people as both the greatest vulnerability and the strongest defense. By providing visibility into human risk, empowering users with timely education and protecting data across the entire work surface, Mimecast’s human risk management platform helps organizations turn targeted users into proactive defenders, accidental users into safe operators and risky behaviors into secured operations. In an era where 68% of breaches involve human error, securing the human layer isn’t optional. It’s essential.

If you want to see the webinar that inspired this post, check it out here!