[BreachExchange] Breaches Aren’t Inevitable: Employees and Cybersecurity

Audrey McNeil audrey at riskbasedsecurity.com
Thu May 3 19:37:11 EDT 2018


Jane Austen made some very sarcastic proclamations on universally
acknowledged truths, but in the digital age there is only one agreed-upon
reality: nobody is safe online.

This is one of those lessons we as an online society have learned,
relearned, and yet never seem to fully absorb: nobody, and no enterprise,
is safe from the machinations and wrath of digital threat actors. Between
the data breaches at Yahoo!, Equifax, Panera, Lord & Taylor, etc.,
cybersecurity professionals have had plenty of opportunities to remind us
of the realities of cybersecurity. Our data is in constant peril, and
enterprises need to treat cybersecurity as a top business priority. The
consequences otherwise, we’re told, could be disastrous…perhaps more so
than the disasters we’ve seen in the past.

On the one hand, these reminders of the need for better cybersecurity have
engendered some positive changes. CEOs are taking more initiative in
cybersecurity purchasing and budgetary decisions. Enterprises are reporting
they are finding threats faster than ever. Solution providers in endpoint
security, security information and event management (SIEM), identity and
access management, and identity governance and administration are
constantly innovating to provide the next steps in cybersecurity.

On the other hand, the relationship between employees and cybersecurity
hasn’t changed at all. This is a problem. We’ve written the phrase over and
over again, yet only because it remains true regardless of the size or
industry of your enterprise: your employees are your largest attack vector.
Their online behavior and actions will determine whether your security
information and event management (SIEM) solution or any other cybersecurity
solution stays seaworthy or sinks. If your employees and cybersecurity
remain at odds, it won’t matter what solution you deploy. That’s why
phishing attacks have seen an increase in 2017, with over a million new
variants arising.

According to our interview with Richard Bird of Optiv, the relationship
between employees and cybersecurity can best be described as “cavalier.”
Older employees whose generation first developed the modern internet often
choose to sacrifice cybersecurity best practices for expediency and profit.
Younger employees, who grew up in a digital culture, often resign
themselves to a lack of privacy and the inevitability of data breaches.
They express a carefree, “why worry?” attitude that could cost your
enterprise millions in financial damages.

Here’s the thing: suffering a cybersecurity breach is not a foregone
conclusion. One of the (only) positive things about the black market
proliferation of hacking tools and software is that the hacking community
is now encouraging inexperienced newcomers to try their hand at illicit
digital activity. Deploying a basic security information and event
management (SIEM) solution and an endpoint security solution will scare
those hackers off. Those tactics can even scare more experienced hackers
into trying another target.

The reason why is simple. Hackers are human. Humans tend to look for the
easiest option and routes when faced with a problem. Hackers obey this
principle more than anyone. A hacker could spend hours and hours bypassing
and concealing themselves from an enterprise’s security information and
event management (SIEM) solution. Alternatively, they could simply move on
to a different enterprise with a far weaker SIEM solution or no
cybersecurity platform whatsoever. In all but the rarest cases, hackers
will pick the latter option.

The overall point of this article—the grand theme behind it—is that we need
a shift in the discourse surrounding digital threats to improve the
relationship between employees and cybersecurity best practices. Focusing
on how inevitable breaches are in all of our discussions may only be
encouraging employees to act recklessly. A change in how we discuss the
problem and the solution might make all the difference: “Breaches can be
devastating, but if we follow best practices, we can stop all but the most
serious hackers.”

This new attitude needs to be reinforced via educational efforts, and it
needs to be the attitude encouraging employees to learn how to recognize
phishing attacks or how their digital activities can affect your
enterprise’s digital safety. The change in attitude, as well as more
effective educational approaches, could make the training efforts more
effective. Hope breeds hope, just as hopelessness breeds more of itself.

Hacks and breach attack may plague your enterprise. Phishing might clog
your email accounts. Your network might be bombarded. But with knowledge
and with positivity, your employees and cybersecurity can work in tandem
for you. Your employees can hold the line for your SIEM solution to do its
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180503/e37289c2/attachment.html>

More information about the BreachExchange mailing list