Comments
Social Engineering Defenses: Reducing The Human Element
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
PaxDominicus01
100%
0%
PaxDominicus01,
User Rank: Apprentice
4/30/2015 | 12:45:05 PM
Replacing poor training with impractical technical controls is not a real solution.
While the author makes some great points and backs some of it up with data, I have to disagree with his overall abstract. First and foremost, Rob Ragan is absolutely correct about that fact that most awareness training is poorly convinced and poor implemented and the problem is only compounded when companies decide not to bother tracking whether their security training is even having an impact. Rob goes on to suggest that organizations should re-allocate their budgets and implementing technical controls to reduce the attack surface that makes up the human element while eliminating the employee training and its associated cost. Here's where things start to fall apart; many of his technical controls are not practical.

-Implementing SPF, DKIM, and DMARC will help to reduce phishing emails that appear to come from your organization but doesn't do anything to stop the countless phishing emails masking themselves as originating form a legitimate organization.

-Disabling HTML in emails is a great suggestion on paper but not when you go to implement it. There are two options when you do this. You can either convert an HTML email into plain text which means all the links are removed and if the link wasn't presented as a URL the link is now lost, meaning you can never click it. Or you can just present HTML emails as text which would present users with a jumbled mess of HTML markup.

-Using browser plugins to prevent the technical portions of typical social engineering attacks is something most tech savvy users do and I'd love it if everyone one of my company's users did it but there one problem. If we aren't doing any awareness training how am I supposed to train and encourage my users to actually use this plugins instead of disabling them?

I could go on but I stop here. In the end, even if everyone could implement all these controls does it stop the root cause? No, users are going to continue to make poor choices or avoidable mistakes.

Here is my proposal. Let's start building a security aware culture at our organizations by better demonstrating the need for security with relevant threat intelligence, providing awareness training that educates users over time instead of the same exact training ever year regardless of skill or experience, conducting remedial training for users involved in incidents, rewarding good behavior, and monitoring the impact our awareness program has.

Users still won't be happy they have to do the training but if they walk away feeling like they've learned something new and we can measure that, then mission accomplished!
<<   <   Page 2 / 2


New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.