Comments
Social Engineering Defenses: Reducing The Human Element
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
PaxDominicus01
100%
0%
PaxDominicus01,
User Rank: Apprentice
4/30/2015 | 12:45:05 PM
Replacing poor training with impractical technical controls is not a real solution.
While the author makes some great points and backs some of it up with data, I have to disagree with his overall abstract. First and foremost, Rob Ragan is absolutely correct about that fact that most awareness training is poorly convinced and poor implemented and the problem is only compounded when companies decide not to bother tracking whether their security training is even having an impact. Rob goes on to suggest that organizations should re-allocate their budgets and implementing technical controls to reduce the attack surface that makes up the human element while eliminating the employee training and its associated cost. Here's where things start to fall apart; many of his technical controls are not practical.

-Implementing SPF, DKIM, and DMARC will help to reduce phishing emails that appear to come from your organization but doesn't do anything to stop the countless phishing emails masking themselves as originating form a legitimate organization.

-Disabling HTML in emails is a great suggestion on paper but not when you go to implement it. There are two options when you do this. You can either convert an HTML email into plain text which means all the links are removed and if the link wasn't presented as a URL the link is now lost, meaning you can never click it. Or you can just present HTML emails as text which would present users with a jumbled mess of HTML markup.

-Using browser plugins to prevent the technical portions of typical social engineering attacks is something most tech savvy users do and I'd love it if everyone one of my company's users did it but there one problem. If we aren't doing any awareness training how am I supposed to train and encourage my users to actually use this plugins instead of disabling them?

I could go on but I stop here. In the end, even if everyone could implement all these controls does it stop the root cause? No, users are going to continue to make poor choices or avoidable mistakes.

Here is my proposal. Let's start building a security aware culture at our organizations by better demonstrating the need for security with relevant threat intelligence, providing awareness training that educates users over time instead of the same exact training ever year regardless of skill or experience, conducting remedial training for users involved in incidents, rewarding good behavior, and monitoring the impact our awareness program has.

Users still won't be happy they have to do the training but if they walk away feeling like they've learned something new and we can measure that, then mission accomplished!
<<   <   Page 2 / 2


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12633
PUBLISHED: 2018-06-22
An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (...
CVE-2018-12634
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
CVE-2018-12635
PUBLISHED: 2018-06-22
CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs.
CVE-2018-12630
PUBLISHED: 2018-06-21
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVE-2018-12631
PUBLISHED: 2018-06-21
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.