The associates and employees within an organization have proven to be – by some measures – the greatest threat of all in cybersecurity. A comprehensive report of cybersecurity threats entitled, “The Human Factor,” asserted that “people-centered threats define the landscape.” Because the unintentional contamination that characterizes the human factor in cybersecurity is even more common than malicious attacks, let’s look at that wider threat.
First, consider that every associate or employee carries at least one device – a mobile phone – that is exposed to the Web and potentially bombarded with malware, phishing, and cyber-crime assaults. What most of the attacks have in common is the leverage they seek from your associates’ natural curiosity, love of a bargain, desire to be helpful, and even from the time constraints that were not relieved – if anything exacerbated – by the presence of digital tools.
How Social Engineering Exposes Your System to Sabotage
The sinister analysis of these common motives and the effort to manipulate them for strategic leverage is described in The Human Factor report as “social engineering.” This is how your associates’ devices acquire their contamination and threats.
Some new trends have been observed in the ways that attackers target and deploy their connections. Dropbox phishing is an emerging lure; in fact, twice as many victims were enticed by file-sharing invitations as by the next most numerous means. People’s interest in Bitcoin digital currency systems, as another example, was a source of surges in malicious digital activity. The instance of coin-mining bots increased 90% in one year. Prior to the surge in Bitcoin exploits, ransomware and banking “Trojans” represented 82% of malicious emails.
Increasing reliance on cloud services for collaboration brings with it new risks and greatly increased exposure. The Human Factor cybersecurity study reported that 25% of suspicious login attempts to cloud services were successful; about half of all cloud users have installed third-party add-ons, and 18% of these add-ons give access to email and files. Even worse, 60% of cloud service users did not have a multi-factor authentication or even a password policy.
Because this is the world to which your associates’ devices are exposed, is it any wonder we refer to a personal mobile device as a “Petri dish” of contamination, especially when it is attached – even momentarily – to your information system through a USB connector or data port?
Training Alone Does Not Protect
Are your associates and employees well trained and indoctrinated in company cybersecurity policy? Experience demonstrates it doesn’t matter much training they have received, as even intelligence agents and analysts with classified security clearance are prone to plugging unknown USB flash drives into office computer ports. In a widely reported experiment, the U.S. Department of Homeland Security randomly dropped USB and optical drives in government and private contractor parking lots – and more than half of those who picked one up readily plugged it into their work computer. Bloomberg News reported that 90% of found drives stamped with official government logos were plugged in.
Unfortunately, in the digital age, sabotage is too easy and casual contamination occurs somewhere every hour of every day.