Individuals are a weak link in the battle against cyber criminals

February 11, 2015

Few would disagree with me that Internet users are now more attuned to well-known old school spamming and phishing attacks.Its all about protecting applications, users, devices, operating systems, vulnerabilities, services, processes, network behaviors, files and threats.Cyber criminals have to keep re-inventing new ways to lure targets into opening a malware-laden emails or clicking on a link that goes to a malicious website. As an keen watcher of cyber crime trends globally, I know I’d be much more likely to click on one of those emails or visit sites that built for criminal purposes. Sadly, the truth behind the Cyber crime numbers shows that individuals are a weak link in the battle against cyber criminals. Many os us continue to click on links or attachments sent through mailboxes like Gmail, Twitter, Facebook without taking any steps to verify the origin of the email or the validity of the link or even the attachment. It is no rocket science that it only takes one click to for an attacker to establish a foothold in the target’s systems. Various Data Breach Investigations Reports that I have read have found that sending just three emails per phishing campaign gives the attacker a 50 per cent chance of getting one click.

With more than five emails the success rate goes up to beyond 78 per cent and at 10 it is virtually guaranteed. Social media platforms like Facebook, Twitter helps spur success, enabling cyber criminals to gather information about individual targets so they know how to more effectively entice targets to click on that malicious email.As an insider of technology sector, I know that security as a people problem is not going away anytime soon, and the advent of the Internet of Everything is going to make this even more of a problem.Not only will users be able to inadvertently expose their systems to malware from their laptops and tablets, they will also be able to click on links from their smart watches, wrist watches or even self driving cars. It won’t take a century once that malware is on their device for it to proliferate across the entire network and any connected devices, simply from a seemingly trusted news link sent from a “friend’s” Facebook or email address.In order to address this growing concern, those behind the technology need to move beyond securing devices and data to addressing the people and process aspects of this problem through education.

Companies must recognize this gap in their security and implement internal programs to ensure users know how to recognize and cease to click on potential malware. They must also understand when and how to inform the organization of any suspicious occurrences so future attempts can be minimized or blocked.Even with the best of education, malware will still make its way onto the network. Companies need security solutions that couple visibility and control to help protect against these inevitable attacks.There is an adage in tech industry that you can’t protect what you can’t see. You need security solutions that have contextual awareness and can see and intelligently correlate extensive amounts of event data related to IT environments. Attackers are learning from each attack to increase their chances for success. As individuals, we need to do the same.Education is an essential component of any well-rounded security strategy. When combined with visibility and control, it can help minimize cyber attacks and protect ourselves and our networks.

Contador Harrison