Careers & People

2/12/2019
02:30 PM
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Cybersecurity and the Human Element: We're All Fallible

We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.

First of a six-part series.

We are only human; we all make mistakes sometimes. Until the day when both the offensive and defensive sides of cyberattacks are conducted entirely by machines, we need to factor in human error as part of the cybersecurity process. Generally, when the topic of the human element is discussed, it focuses exclusively on the actions of the end user. But there is far more to the story than that. Every aspect of securing, defending, and attacking has a human element, an element that profoundly affects all the other components and guarantees that there can be no silver bullet in cybersecurity.

In this six-part series, we will address cybersecurity and the human element from the perspectives of fallibility: end users, security leaders, security analysts, IT security administrators, programmers, and attackers. For each perspective, we will explore common mistakes and the underlying issues that cause mistakes to happen, the repercussions of these mistakes, the processes and organizational changes needed to minimize mistakes on the defense side, and the fundamental changes the industry needs to reshape the current paradigm.

End Users
We begin with a look at the group that is often disparaged as the "weak link" in cybersecurity defense: the end users. These are the people who use our organization's network, software, and hardware on a regular basis to do their jobs. Some are technology-savvy, others know only the very basics of how to use their devices, and many are somewhere in between. Most end users, including the technology-savvy, lack knowledge about cybercrimes.

Common Mistakes
We have all seen numerous occasions in which end users fall prey to typical attack scenarios. End users enter their user credentials on phishing sites, click on malicious links and malware attachments in spear-phishing emails, visit malware-laden websites in waterhole attacks, plug infected thumb drives into their machines, or leave laptops or mobile phones unattended (or have their devices stolen). Sometimes end users are just not thinking about security and make rookie mistakes, sometimes the attacks are stealthy and trick end users into believing they are legitimate, and sometimes the attacks are so sophisticated that only a trained eye would be able to catch them.  

Repercussions
The result of end-user error varies based on the type of attack, but a common outcome is a malware infection if the threat is not detected and remediated by the endpoint security software running on the end user's system. If sensitive data resides on the end user's system, a malware infection could lead to a data breach or business disruption. Stolen credentials can be used to access or destroy data on the network. Malicious attachments or websites can infect the endpoint, leaving it susceptible to data exfiltration, data destruction (as in the case of ransomware), and lateral movement that could lead to further compromises on the network. Some incidents can be resolved with a straightforward technique, such as a reimaging the infected system, but every case still requires review by the security team, which increases incident investigation and response costs.

Minimizing Mistakes
Naturally, one of our priorities is to minimize the end user's exposure to malicious emails, websites, and the like so that there is less room for end-user error. This means implementing and continually fine-tuning the proper prevention technologies that weed out as many of the malicious attacks as possible (endpoint protection, email security, firewalls/web proxies, mobile device management, etc.).

It also means providing end users with training on why cybersecurity is important, and how they can be the "human firewall" who identifies cyberattacks, particularly email-based ones such as phishing/spearphishing attacks. This way, the end users not only refrain from clicking but also report incidents to us so that we can investigate and gain threat intelligence and prevention measures from it. Moreover, we need to deal with the inevitability of end user error by encrypting end user devices whenever possible so that data breaches do not occur when devices are lost, and by having solid incident response plans in place so we are ready to handle the infections that result from an erroneous click.

Change the Paradigm
We can't view our end users as stupid or as "enemies" who are the obstacle to our work. Like us, they're just trying to do their jobs. We cannot expect them to be able to identify malicious emails and websites as well as we can; that's not their skill set. So, we have to be understanding when they, as expected, make mistakes. When we adjust the way we think about our end users, it improves the way we interact with them. This can go a long way toward improving the dynamics between the security team and end users. We certainly don't want our end users to view us as the "enemy" who is the obstacle to their work. Improved relations begin with mutual respect. By  working together we can help turn the "weak link" in cybersecurity defense into part of the solution.

Join us next time to discuss the second perspective in our series: security leaders. 

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Roselle Safran is President of Rosint Labs, a cybersecurity consultancy to security teams, leaders, and startups. She is also the Entrepreneur in Residence at Lytical Ventures, a venture capital firm that invests in cybersecurity startups. Previously, Roselle was CEO and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RoselleSafran
50%
50%
RoselleSafran,
User Rank: Author
2/21/2019 | 11:47:13 AM
Re: End user and the holistic perspective
Thanks, @Smilenlucky! We decided to delve into the issue from multiple angles because there's so much more to the topic than just the end user side of it. We hope you can check out the rest of the articles in the series!
Smilenlucky
100%
0%
Smilenlucky,
User Rank: Apprentice
2/20/2019 | 10:37:29 AM
End user and the holistic perspective
This is a great initiative to consider all the involved parties in information security .
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-10078
PUBLISHED: 2019-02-23
Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.
CVE-2014-10079
PUBLISHED: 2019-02-23
In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.
CVE-2018-20785
PUBLISHED: 2019-02-23
Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, this d...
CVE-2019-9037
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.
CVE-2019-9038
PUBLISHED: 2019-02-23
An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.