Connect with us


The Herman Trend Alert – Employees: The Greatest Cybersecurity Threat

Cyber hacking is not going away and moreover, it is expected to become increasingly sophisticated.


Herman Trend Alerts are written by Joyce Gioia, a strategic business futurist, Certified Management Consultant, author, and professional speaker. Archived editions are posted at

Photo credit:

As security measures become more effective, people are the greatest threat to cybersecurity. Writing this month for Stratfor, the global geopolitical intelligence platform, Scott Stewart, the company’s vice president of tactical analysis, was very clear about the danger of the human element.


A personal story informs this Herman Trend Alert

Back in 1999, Roger Herman, my late partner, and I learned a difficult lesson. A man answered an ad we posted looking for a marketing manager. He claimed to be a “reformed” alcoholic, whose alcoholism had ruined his life; he was looking for a second chance. Unfortunately, one day he came back from lunch slightly drunk, clicked on the wrong email and released the Melissa virus into our system. We lost three manuscripts that day for which we still do not have ebooks. People are clearly the weakest link in cybersecurity.

Phishing – still a prevalent form of attack

The example above was clearly an example of phishing in which the victim clicks on a URL and that sets off the downloading of a virus or other program to the target computer. A more insidious form of this evil tactic is called spear-phishing. Highly targeted, this method uses an advanced form of social engineering to deliver malware. Using the target’s name, this underhanded approach often looks like it is from a trusted friend, coworker or boss. A very sophisticated form of spear-phishing was recently used to hack sensitive information on the target’s clients. Sometimes called a “virtual honey-trap” operation, this type of approach illustrates how social engineering approaches may be used to trick people into unintentionally supporting cyber hacking. And the newest form using social engineering to scam a company is called the “fake president fraud.” This scam features an email that appears to be from the CEO or another senior company officer directed to an accounts payable executive; this fraud requests “the urgent and secret transfer” of funds.


Smugglers, “Office Creepers” and other criminals

Hackers also have used onsite means of gaining access to sensitive information by claiming to have forgotten their credentials to return to a building after a smoke break or even bribing employees for needed access. Then, with a single malware-infected flash drive, hackers can corrupt a system with the needed software to take over and have access to every file in the computer. Warn your people to be on the lookout for such attacks.

Are you vulnerable?

If you have an employee, any employee who is not paying attention, the answer is “You bet!” The only things you can do are 1) Keep you virus software up to date; we like automatic updates behind the scenes best; and 2) Alert your people to the most current threats; encourage them not to open an email if they do not know the sender and even if they know the sender, if something does not seem right, send a separate email to the sender, asking if s/he recently emailed with a particular message.


Cybersecurity – a great career path for the near-term future

Cyber hacking is not going away and moreover, we expect it to become increasingly sophisticated. When asked recently for the most secure career path in this fast-automating world, we suggested cybersecurity. This field will grow exponentially in the near-term future and provide millions of jobs for graduating students who are savvy enough to gravitate toward this field.

What’s next?

As cybersecurity technology becomes more sophisticated, hackers will increasingly look for ways to capitalize on the human element. People will continue to be the weakest link.

Special thanks to Scott Stewart at Stratfor for his informative and consciousness-raising article on cyber threats.



Sponsored Content

Why OE Spark Plugs May Not Always Be the Best Option

Sponsored Content

Updating Your Shop’s Approach to Vehicle Filtration