Employees are often considered to be a company’s weakest link when it comes to IT Security – With the proper training, they can become its strongest asset
We look at reasons on why you should create The Human Firewall
1. Ransomware heads the list of deadly attacks
SANS’ Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives.
2. Phishing leads the dirty dozen of scams
The Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that Revenue saw a big spike in phishing and malware incidents during the 2016 tax season
3. CEO Fraud / W-2 Scams is their close second
As Meath County Council found out recently, CEO Fraud can potentially cost millions. High-risk users in Accounting and HR need to be frequently exposed to simulated attacks using email, phone and text to inoculate them against these attacks.
4. Phone Scams
Your users need to be trained that when they pick up the phone, the person on the other end might be a criminal hacker that tries to manipulate them into getting access to the network. They impersonate “Tech Support” and ask for a password, or pretend to solve technical problems and compromise the workstation.
5. Your Antivirus is getting less and less effective
The problem? Proactive detection rates have dropped from about 80% down to 67-70% over approx 9 months.
Now you might think that if AV does not catch it, your spam filter will. Think again.
One in 200 emails with malicious attachments makes it through. That puts the potential for malware making it in your users’ inbox into the millions… every day.
6. The Internet Of Things
Your users need to understand the nature of connectedness. Both consumer and commercial devices are using wireless protocols to connect to each other and the internet, with vendors rushing products to market without proper security features.
Your employees need to be trained to change the default passwords and disable remote access. If your organisation has anything to do with critical infrastructure, users need to be aware of the risks and do fire drills so they are prepared for any kind of attacks against the IoT.
7. Over-reliance On Web Services
This break down in two different flavors. First, shadow-IT where employees completely bypass the IT department and create their own storage and services: an invitation to a host of vulnerabilities and data breaches that IT cannot control. Employees need to be enlightened about the dangers of shadow-IT and understand the risks.
Second, web-apps and mobile apps are increasingly vulnerable to attacks while talking to third-party services. There’s no actual certainty that apps are connecting to the expected entity, or if a man-in-the-middle stepped in, stealing data, and possibly returning false information. This is a problem that developers need to solve with industry-strength handshaking and encryption protocols