UpGuard launches User Risk tool to tackle employee cyber threats
UpGuard has introduced a new Human Risk Management solution, User Risk, designed to address threats arising from employee behaviour in cybersecurity breaches. This addition aims to give organisations direct insight into risks that stem not only from external sources but also from their own workforce.
Workforce risk
User Risk provides a unified view of internal workforce risk by correlating information about an organisation's employees with existing data on third-party vendors and digital attack surfaces. The platform is designed to surface risks such as the use of unauthorised cloud applications, known as Shadow SaaS, and leaked or compromised employee credentials.
The solution integrates what UpGuard describes as an AI Analyst, which scores and ranks the most significant threats to help security teams prioritise responses. By consolidating such risk information, the company states that organisations can eliminate blind spots and obtain a comprehensive perspective on their exposure to cybersecurity incidents.
Blind spots
Data from UpGuard's recent report highlights that many organisations remain exposed due to gaps in monitoring unauthorised software adoption. The report notes that eight out of ten employees use AI tools not approved by their company, and 70% are aware of sensitive data being shared with these tools in their workplace. These trends increase the difficulty of ensuring data security, particularly when combined with the sharing of credentials or risky application permissions.
Behavioural nudges
User Risk supports security teams by augmenting existing employee training efforts. The product provides real-time notifications that the company refers to as behavioural nudges, designed to guide users toward safer decisions as they work. These prompts are intended to influence habits at the moment risk is identified, rather than relying solely on periodic training sessions.
Jess Hooper, Vice President, Product at UpGuard, said, "Our customers have successfully managed their external cyber risk with UpGuard's Vendor Risk and Breach Risk products for years, but have consistently asked for a way to solve for the human element inside their organisation. User Risk addresses this by giving security teams a measurable, real-time solution. We are not just training people; we are transforming awareness into secure, habitual behaviour."
Integrated governance
User Risk allows organisations to define and enforce their security policies by creating custom rules. With built-in AI, the system converts data into actionable insights, aiming to move companies from a reactive to a proactive approach in risk management. All information relating to employee activities, applications, and identity breaches is consolidated into a single view, supporting the company's aim of comprehensive governance.
Industry demand
The release follows feedback from UpGuard's customer base, who have requested an internal risk solution to complement the company's existing portfolio, which focuses on external vulnerabilities.
"We are not just training people; we are transforming awareness into secure, habitual behaviour," said Hooper.
