The Herman Trend Alert - Employees: The Greatest Cybersecurity Threat

The Herman Trend Alert – Employees: The Greatest Cybersecurity Threat

Cyber hacking is not going away and moreover, it is expected to become increasingly sophisticated.

Photo credit: iStock.com/mattjeacock

As security measures become more effective, people are the greatest threat to cybersecurity. Writing this month for Stratfor, the global geopolitical intelligence platform, Scott Stewart, the company’s vice president of tactical analysis, was very clear about the danger of the human element.

A personal story informs this Herman Trend Alert

Back in 1999, Roger Herman, my late partner, and I learned a difficult lesson. A man answered an ad we posted looking for a marketing manager. He claimed to be a “reformed” alcoholic, whose alcoholism had ruined his life; he was looking for a second chance. Unfortunately, one day he came back from lunch slightly drunk, clicked on the wrong email and released the Melissa virus into our system. We lost three manuscripts that day for which we still do not have ebooks. People are clearly the weakest link in cybersecurity.

Phishing – still a prevalent form of attack

The example above was clearly an example of phishing in which the victim clicks on a URL and that sets off the downloading of a virus or other program to the target computer. A more insidious form of this evil tactic is called spear-phishing. Highly targeted, this method uses an advanced form of social engineering to deliver malware. Using the target’s name, this underhanded approach often looks like it is from a trusted friend, coworker or boss. A very sophisticated form of spear-phishing was recently used to hack sensitive information on the target’s clients. Sometimes called a “virtual honey-trap” operation, this type of approach illustrates how social engineering approaches may be used to trick people into unintentionally supporting cyber hacking. And the newest form using social engineering to scam a company is called the “fake president fraud.” This scam features an email that appears to be from the CEO or another senior company officer directed to an accounts payable executive; this fraud requests “the urgent and secret transfer” of funds.

Smugglers, “Office Creepers” and other criminals

Hackers also have used onsite means of gaining access to sensitive information by claiming to have forgotten their credentials to return to a building after a smoke break or even bribing employees for needed access. Then, with a single malware-infected flash drive, hackers can corrupt a system with the needed software to take over and have access to every file in the computer. Warn your people to be on the lookout for such attacks.

Are you vulnerable?

If you have an employee, any employee who is not paying attention, the answer is “You bet!” The only things you can do are 1) Keep you virus software up to date; we like automatic updates behind the scenes best; and 2) Alert your people to the most current threats; encourage them not to open an email if they do not know the sender and even if they know the sender, if something does not seem right, send a separate email to the sender, asking if s/he recently emailed with a particular message.

Cybersecurity – a great career path for the near-term future

Cyber hacking is not going away and moreover, we expect it to become increasingly sophisticated. When asked recently for the most secure career path in this fast-automating world, we suggested cybersecurity. This field will grow exponentially in the near-term future and provide millions of jobs for graduating students who are savvy enough to gravitate toward this field.

What’s next?

As cybersecurity technology becomes more sophisticated, hackers will increasingly look for ways to capitalize on the human element. People will continue to be the weakest link.

Special thanks to Scott Stewart at Stratfor for his informative and consciousness-raising article on cyber threats.

You May Also Like

Time to Hit the Road

Outgoing AMN Editor Amy Antenora reflects on her time covering the automotive aftermarket.

Amy Antenora aftermarket news

Twenty years. That’s more than 5,000 business days, roughly 15 AAPEX shows (for me, at least), more than 400 executive interviews and who knows how many article posts.

That’s what my time here at Babcox Media, as Editor of aftermarketNews, looks like in black and white numbers. But that’s not the real measure of what I’ve accumulated over 20 years’ time.

‘The Aftermarket Should Not Fear the Future’

Paul McCarthy flipped the script on vehicle technology and its potential impact on the automotive aftermarket.

The Challenge of Organizational Culture, Post-Covid

The impact of Covid on our society and organizations will not be fully understood for many years.

Four Keys to Creating a Succession Plan That Works

Do you have a plan in place to ensure your business maintains its success after you leave?

Commentary: The Power of Team Spirit

Dr. John A Passante & Dr. Thomas Litzinger share their thoughts on the multiplying benefits of adopting a team spirit.

Other Posts

The Impact of Open AI on Cybersecurity

AI is just the latest tool available to hackers as well as security professionals.

As Cars Keep Aging, What Will The Future Look Like?

The big issue for the next 22 years is how sensors and software that make driving safer impact vehicle serviceability.

LG 1st to Meet Global Cybersecurity, Safety Standard

LG adds it also has acquired functional safety certification for its ADAS front camera in the ‘4M’ (Material, Method, Machine, Man) categories in 2022.

UL Issues 1st Auto Cybersecurity Program Certificate

The UL Solutions CAP Certificate recognizes that LG Innotek’s cybersecurity management system meets the requirements.