Page 85 - CDM Cyber Warnings February 2014
P. 85
While the variety and sophistication of cyber security debut in droves, while the effectiveness of countermeasures
technologies has expanded exponentially over the last lag behind.
decade, the ability of organizations to defend themselves
against security breaches doesn� t seem to be improving.
To date, the information security industry has been
primarily focused on using technology to secure
information. But not much has been done to secure the
human element, and as a result employees have become
the primary attack vector of cyber criminals. Technologies
such as anti-virus, firewalls, intrusion detection and
behavior-blocking components are undoubtedly essential
countermeasures in the fight against cyber crime, but
unfortunately just about every cyber security technology
engineered to protect computer systems and information
can be accidentally circumvented by human interaction.
“Information security Based on the shear volume and velocity of attacks waged
has always required a against unsuspecting and under-educated employees, it is
evident that something must be done to shore up this
delicate balance gaping hole in corporate defenses. Maintaining the status
quo is no longer a sustainable option, as organizations
between usability, cannot afford to spend increasing amounts of time, money
and energy responding to these types of cyber attacks.
cost and strength”
Recognizing that humans are still the weakest link in the
Information security has always required a delicate balance security chain, many security officers are re-evaluating
between usability, cost and strength. Building an their approach to cyber security training. Most employee-
impenetrable fortress would not only stifle employee caused security breaches occur through ignorance rather
productivity, but also would be cost prohibitive. In the age than malice. The old model of herding employees into a
of IT consumerization, employee demands for increasing classroom once a year (or upon hire) to sit through the
mobility and connectivity has made the challenge of boring, antiquated style of training session that emerged
maintaining a balanced approach to security even more 15-20 years ago, has proven to be ineffective.
difficult—a fact, which cyber criminals have been quick to
exploit to their advantage. Threats are evolving at a rapid pace as employee adoption
of mobile computing and social networking has
As cyber attacks are growing in sophistication, many skyrocketed. The old once-a-year �check box� approach to
observers say corporate America is not doing as much as security training cannot keep pace, nor will the creation of
it should to mitigate the threat. New breeds of a security policy by itself prevent breaches. Wombat
sophisticated attacks that target vulnerable employees— Security Technologies� own research shows that tried and
such as spear-phishing, drive-by downloads, poisoned true cyberattack methods, such as relatively simple
search engine results and mobile malware—continue to phishing emails, are still hooking up to 60% of employees.
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 85
