As security measures become more effective, people are the greatest threat to cybersecurity. Writing this month for Stratfor, the global geopolitical intelligence platform, Scott Stewart, the company’s vice president of tactical analysis, was very clear about the danger of the human element.
A personal story informs this Herman Trend Alert
Back in 1999, Roger Herman, my late partner, and I learned a difficult lesson. A man answered an ad we posted looking for a marketing manager. He claimed to be a “reformed” alcoholic, whose alcoholism had ruined his life; he was looking for a second chance. Unfortunately, one day he came back from lunch slightly drunk, clicked on the wrong email and released the Melissa virus into our system. We lost three manuscripts that day for which we still do not have ebooks. People are clearly the weakest link in cybersecurity.
Phishing – still a prevalent form of attack
The example above was clearly an example of phishing in which the victim clicks on a URL and that sets off the downloading of a virus or other program to the target computer. A more insidious form of this evil tactic is called spear-phishing. Highly targeted, this method uses an advanced form of social engineering to deliver malware. Using the target’s name, this underhanded approach often looks like it is from a trusted friend, coworker or boss. A very sophisticated form of spear-phishing was recently used to hack sensitive information on the target’s clients. Sometimes called a “virtual honey-trap” operation, this type of approach illustrates how social engineering approaches may be used to trick people into unintentionally supporting cyber hacking. And the newest form using social engineering to scam a company is called the “fake president fraud.” This scam features an email that appears to be from the CEO or another senior company officer directed to an accounts payable executive; this fraud requests “the urgent and secret transfer” of funds.
Smugglers, “Office Creepers” and other criminals
Hackers also have used onsite means of gaining access to sensitive information by claiming to have forgotten their credentials to return to a building after a smoke break or even bribing employees for needed access. Then, with a single malware-infected flash drive, hackers can corrupt a system with the needed software to take over and have access to every file in the computer. Warn your people to be on the lookout for such attacks.
Are you vulnerable?
If you have an employee, any employee who is not paying attention, the answer is “You bet!” The only things you can do are 1) Keep you virus software up to date; we like automatic updates behind the scenes best; and 2) Alert your people to the most current threats; encourage them not to open an email if they do not know the sender and even if they know the sender, if something does not seem right, send a separate email to the sender, asking if s/he recently emailed with a particular message.
Cybersecurity – a great career path for the near-term future
Cyber hacking is not going away and moreover, we expect it to become increasingly sophisticated. When asked recently for the most secure career path in this fast-automating world, we suggested cybersecurity. This field will grow exponentially in the near-term future and provide millions of jobs for graduating students who are savvy enough to gravitate toward this field.
What’s next?
As cybersecurity technology becomes more sophisticated, hackers will increasingly look for ways to capitalize on the human element. People will continue to be the weakest link.
Special thanks to Scott Stewart at Stratfor for his informative and consciousness-raising article on cyber threats.