A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you’re often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.
It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do.
But is it the silver bullet for all your cybersecurity problems? No. There’s no easy, technology-driven repair for what is really cybersecurity’s biggest challenge: the actions of human beings.
It doesn’t matter how state-of-the-art your best defenses are. Perimeter firewalls, multi-tiered logins, multi-factor authentication, AI tools – almost all of these are easily rendered ineffective when Bob from a nondescript department clicks on a phishing link in an email.
This isn’t news to anyone
We’ve just about all heard this before. The particular fact that humans are usually a key flaw in cybersecurity strategy is hardly news – or, at least, it shouldn’t be news. But just ask Uber or even Rockstar Games whether they thought that their systems were safe through social engineering.
Both companies had been very recently breached because a hacker tricked an employee into doing something so against every security greatest practice that you wonder if the person who got tricked has ever heard any news about IT protection.
You might even wonder whether that will employee had any cybersecurity training whatsoever.
In both cases, the successful attack didn’t involve a very sophisticated attacker using state-of-the-art equipment while exploiting as-of-yet undisclosed vulnerabilities.
All it took was a simple social architectural message – something like, “Hey Bob, I’m from the IT team, and we need to check something on your PC, therefore I’m sending you a tool for you to run. Just click the particular link below. ”
Yet we’re not learning
Social engineering was a driver for hacking over 20 years ago plus, apparently, we still haven’t moved away from this.
Adding insult in order to injury, successful social executive isn’t restricted to non-technical organizations.
It’s very plausible that an unsavvy user in the backwater government department might fall for social engineering, with regard to example, but much less so someone working in a leading tech firm – and see that both Uber and Rockstar Games were impacted by interpersonal engineering.
At some point, as a cybersecurity practitioner along with the responsibility of educating your users and making them aware of the risks that will they (and by extension the organization) are exposed to, you’d think that your colleagues would stop falling regarding what is literally the oldest trick within the hacking playbook.
It’s conceivable that users are not really paying attention during training or are simply too busy with other things to remember what someone told them about what they can click on or not.
However, social engineering attacks have so consistently been in the public news – not just cybersecurity news – that the excuse “I didn’t know I shouldn’t click email links” is getting harder and more difficult to accept.
Forcefully reinforce the message – that’s your only option
There is no magic solution intended for the cybersecurity implications associated with human behavior.
Humans will make mistakes and, as in every avenue in life exactly where humans repeatedly make mistakes, reinforcing education is really your own only choice.
If tech-savvy companies such as Uber plus Rockstar Online games can get it wrong, then it may happen to anyone else as well. The only option you have is in order to impress cybersecurity best practices on every employee through rigorous educational programs.
And it’s not just customers that need educating – you should reinforce these practices in your safety team too, by covering patching , permissions, and overall security positioning .
There will always be a risk that an user having a bad day ticks on a link promising that somebody in a remote part of the world is trying to give them millions of dollars if they only visit that website.
But , as along with every approach to cybersecurity, the focus should be upon minimizing plus mitigating that will risk. Constantly reinforcing and educating will be your best defense.
Note: This article is written plus sponsored by TuxCare , the industry leader in enterprise-grade Linux automation . TuxCare offers unrivaled levels of efficiency for developers, IT protection managers, and Linux server administrators seeking to affordably enhance plus simplify their own cybersecurity operations. TuxCare’s Linux kernel live security patching and standard and enhanced support services assist within securing and supporting more than one million production workloads.