Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

2/12/2019
02:30 PM
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Cybersecurity and the Human Element: We're All Fallible

We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.

First of a six-part series.

We are only human; we all make mistakes sometimes. Until the day when both the offensive and defensive sides of cyberattacks are conducted entirely by machines, we need to factor in human error as part of the cybersecurity process. Generally, when the topic of the human element is discussed, it focuses exclusively on the actions of the end user. But there is far more to the story than that. Every aspect of securing, defending, and attacking has a human element, an element that profoundly affects all the other components and guarantees that there can be no silver bullet in cybersecurity.

In this six-part series, we will address cybersecurity and the human element from the perspectives of fallibility: end users, security leaders, security analysts, IT security administrators, programmers, and attackers. For each perspective, we will explore common mistakes and the underlying issues that cause mistakes to happen, the repercussions of these mistakes, the processes and organizational changes needed to minimize mistakes on the defense side, and the fundamental changes the industry needs to reshape the current paradigm.

End Users
We begin with a look at the group that is often disparaged as the "weak link" in cybersecurity defense: the end users. These are the people who use our organization's network, software, and hardware on a regular basis to do their jobs. Some are technology-savvy, others know only the very basics of how to use their devices, and many are somewhere in between. Most end users, including the technology-savvy, lack knowledge about cybercrimes.

Common Mistakes
We have all seen numerous occasions in which end users fall prey to typical attack scenarios. End users enter their user credentials on phishing sites, click on malicious links and malware attachments in spear-phishing emails, visit malware-laden websites in waterhole attacks, plug infected thumb drives into their machines, or leave laptops or mobile phones unattended (or have their devices stolen). Sometimes end users are just not thinking about security and make rookie mistakes, sometimes the attacks are stealthy and trick end users into believing they are legitimate, and sometimes the attacks are so sophisticated that only a trained eye would be able to catch them.  

Repercussions
The result of end-user error varies based on the type of attack, but a common outcome is a malware infection if the threat is not detected and remediated by the endpoint security software running on the end user's system. If sensitive data resides on the end user's system, a malware infection could lead to a data breach or business disruption. Stolen credentials can be used to access or destroy data on the network. Malicious attachments or websites can infect the endpoint, leaving it susceptible to data exfiltration, data destruction (as in the case of ransomware), and lateral movement that could lead to further compromises on the network. Some incidents can be resolved with a straightforward technique, such as a reimaging the infected system, but every case still requires review by the security team, which increases incident investigation and response costs.

Minimizing Mistakes
Naturally, one of our priorities is to minimize the end user's exposure to malicious emails, websites, and the like so that there is less room for end-user error. This means implementing and continually fine-tuning the proper prevention technologies that weed out as many of the malicious attacks as possible (endpoint protection, email security, firewalls/web proxies, mobile device management, etc.).

It also means providing end users with training on why cybersecurity is important, and how they can be the "human firewall" who identifies cyberattacks, particularly email-based ones such as phishing/spearphishing attacks. This way, the end users not only refrain from clicking but also report incidents to us so that we can investigate and gain threat intelligence and prevention measures from it. Moreover, we need to deal with the inevitability of end user error by encrypting end user devices whenever possible so that data breaches do not occur when devices are lost, and by having solid incident response plans in place so we are ready to handle the infections that result from an erroneous click.

Change the Paradigm
We can't view our end users as stupid or as "enemies" who are the obstacle to our work. Like us, they're just trying to do their jobs. We cannot expect them to be able to identify malicious emails and websites as well as we can; that's not their skill set. So, we have to be understanding when they, as expected, make mistakes. When we adjust the way we think about our end users, it improves the way we interact with them. This can go a long way toward improving the dynamics between the security team and end users. We certainly don't want our end users to view us as the "enemy" who is the obstacle to their work. Improved relations begin with mutual respect. By  working together we can help turn the "weak link" in cybersecurity defense into part of the solution.

Join us next time to discuss the second perspective in our series: security leaders. 

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Roselle Safran is President of Rosint Labs, a cybersecurity consultancy to security teams, leaders, and startups. She is also the Entrepreneur in Residence at Lytical Ventures, a venture capital firm that invests in cybersecurity startups. Previously, Roselle was CEO and ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RoselleSafran
100%
0%
RoselleSafran,
User Rank: Author
2/21/2019 | 11:47:13 AM
Re: End user and the holistic perspective
Thanks, @Smilenlucky! We decided to delve into the issue from multiple angles because there's so much more to the topic than just the end user side of it. We hope you can check out the rest of the articles in the series!
Smilenlucky
100%
0%
Smilenlucky,
User Rank: Apprentice
2/20/2019 | 10:37:29 AM
End user and the holistic perspective
This is a great initiative to consider all the involved parties in information security .
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
7 Ways VPNs Can Turn from Ally to Threat
Curtis Franklin Jr., Senior Editor at Dark Reading,  9/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16695
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.
CVE-2019-16696
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.
CVE-2018-21018
PUBLISHED: 2019-09-22
Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.
CVE-2019-16692
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
CVE-2019-16693
PUBLISHED: 2019-09-22
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.