Back to Basics: Cybersecurity's Weakest Link

Category: Wordpress News
Original source: thehackernews.com
Read time: < 3 minutes
Sentiment bias: Positive
Sentiment Score: 0.98013
Published: Oct 6th, 2022
Back to Basics: Cybersecurity's Weakest Link

Quick Read

But just ask Uber or Rockstar Games whether they thought that their systems were safe from social engineering.
All it took was a simple social engineering message – something like, "Hey Bob, I'm from the IT team, and we need to check something on your PC, so I'm sending you a tool for you to run.
" Yet we're not learning Social engineering was a driver for hacking over 20 years ago and, apparently, we still haven't moved away from it.
Adding insult to injury, successful social engineering isn't restricted to non-technical organizations.
It's very plausible that an unsavvy user in a backwater government department might fall for social engineering, for example, but much less so someone working at a leading tech firm – and we see that both Uber and Rockstar Games were impacted by social engineering.
However, social engineering attacks have so consistently been in the public news – not just cybersecurity news – that the excuse "I didn't know I shouldn't click email links" is getting harder and harder to accept.
If tech-savvy companies like Uber and Rockstar Games can get it wrong, then it can happen to anyone else too.

Back to Basics: Cybersecurity's Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go. It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver bullet for all your cybersecurity problems? No. There's no easy, technology-driven fix for what is really cybersecurity's biggest challenge: the actions of human beings. It doesn't matter how state-of-the-art your best defenses are. Perimeter firewalls, multi-tiered logins, multi-factor authentication, AI tools – all of these are easily rendered ineffective when Bob from a nondescript department clicks on a phishing link in an email. This isn't news to anyone We've all heard this before. The fact that humans are a key flaw in cybersecurity strategy is hardly news – or, at least, it shouldn't be news. But just ask Uber or Rockstar Games whether they thought that their systems were safe from social engineering. Both companies were very recently breached because a hacker tricked an employee into doing something so against every security best practice that you wonder if the person who got tricked has ever heard any news about IT security. You might even wonder whether that employee had any cybersecurity training whatsoever. In both cases, the successful attack didn't involve a very sophisticated attacker using state-of-the-art tools while exploiting as-of-yet undisclosed vulnerabilities. All it took was a simple social engineering message – something like, "Hey Bob, I'm from the IT team, and we need to check something on your PC, so I'm sending you a tool for you to run. Just click the link below." Yet we're not learning Social engineering was a driver for hacking over 20 years ago and, apparently, we still haven't moved away from it. Adding insult to injury, successful social engineering isn't restricted to non-technical organizations. It's very plausible that an unsavvy user in a backwater government department might fall for social engineering, for example, but much less so someone working at a leading tech firm – and we see that both Uber and Rockstar Games were impacted by social engineering. At some point, as a cybersecurity practitioner with the responsibility of educating your users and making them aware of the risks that they (and by extension the organization) are exposed to, you'd think that your colleagues would stop falling for what is literally the oldest trick in the hacking playbook. It's conceivable that users are not paying attention during training or are simply too busy with other things to remember what someone told them about what they can click on or not. However, social engineering attacks have so consistently been in the public news – not just cybersecurity news – that the excuse "I didn't know I shouldn't click email links" is getting harder and harder to accept. Forcefully reinforce the message – that's your only option There is no magic solution for the cybersecurity implications of human behavior. Humans will make mistakes and, as in every avenue in life where humans repeatedly make mistakes, reinforcing education is really your only option. If tech-savvy companies like Uber and Rockstar Games can get it wrong, then it can happen to anyone else too. The only option you have is to impress cybersecurity best practices on every employee through rigorous educational programs. And it's not just users that need educating – you should reinforce these practices in your security team too, by covering patching, permissions, and overall security positioning. There will always be a risk that a user having a bad day clicks on a link promising that someone in a remote part of the world is trying to give them millions of dollars if they only visit that website. But, as with every approach to cybersecurity, the focus should be on minimizing and mitigating that risk. Constantly reinforcing and educating is your best defense. Note: This article is written and sponsored by TuxCare, the industry leader in enterprise-grade Linux automation. TuxCare offers unrivaled levels of efficiency for developers, IT security managers, and Linux server administrators seeking to affordably enhance and simplify their cybersecurity operations. TuxCare's Linux kernel live security patching and standard and enhanced support services assist in securing and supporting over one million production workloads.
The Original Article can be found on thehackernews.com

Recent Wordpress News Articles

CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive (BOD) that directs federal agencies in the country to keep track of …

Read more here
CISA Orders Federal Agencies to Regularly Track Network Assets and Vulnerabilities
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million

A 46-year-old man in the U.S. has been sentenced to 25 years in prison after being found guilty of laundering over $9.5 million accrued by carrying out cyber-enabled financial frau …

Read more here
BEC Scammer Gets 25-Year Jail Sentence for Stealing Over $9.5 Million
Five Steps to Mitigate the Risk of Credential Exposure

Every year, billions of credentials appear online, be it on the dark web, clear web, paste sites, or in data dumps shared by cybercriminals. These credentials are often used for ac …

Read more here
Five Steps to Mitigate the Risk of Credential Exposure
Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy …

Read more here
Researchers Uncover Covert Attack Campaign Targeting Military Contractors
Latest News
Help & How To's
Around the Web