Hackers are consistently breaching enterprise's systems by going after the end user through the use of things like phishing attacks. Even as security technologies are getting smarter hackers are going after the one thing that hasn't improved: The end users' security knowledge.
Even the major attacks on Apple and Facebook last month started because of a human error. High-value users were sought out by hackers and attacked through clever social engineering.
No matter how good cyber security tools get, a lack of education for the end user will mean that attacks never dissipate. Attacks will always exist but better education will at least make it harder for hackers to get the job done.
During this year's RSA conference, security researchers repeatedly called out hackers as "lazy". Meaning, in essence, that a hacker will use the easiest and most efficient methods to get what they want.
In the case of enterprise security, the easiest method to get what they want is a social engineered attack on an end user. The only way to at least slow down these "lazy" hackers is to train an end user about what not to do on the web.
A recent Microsoft study highlighted the issue of end-users downloading their own software on business computers. According to the study, 57 percent of end-users download software on company systems.
If those end users don't have some kind of grasp on cyber security they are likely to download dangerous software. A figure backed up by the fact that those end users who downloaded software ended up putting malware on company computers 21 percent of the time.
That is an alarming statistic. Not just because end users were putting bad software on company machines, but because they had no idea they were doing it.
This idea that a firewall and frequent updates will save a company from cyber attack is now dead. Hackers are smarter and end users have stayed the same. The time has come for companies to get serious about security training.
That doesn't mean some handbooks and an educational video. To really train end-users companies need to get involved, create periodic education labs, and implement programs that constantly keep users aware of the threats they face.
An educated person should be able to spot a phishing attack. An educated person should be able to know the difference between bad software and clean software. But today's end users are not educated about cyber security.
It's time for enterprise to stop focusing on the latest attacks and the newest security tools. To really get ahead of hackers in the cyber security war, enterprise needs to fortify its systems at their base by educating its employees.
07 Mar 2013