- Donald E. Hester
Patching People, the Weakest Link
"A recent Bitglass report identified phishing as the best method for data exfiltration, and also identified some of the biggest enterprise security blind spots."
Updated 6 OCT 2017
Humans are the weakest link. This has been a security maxim since ancient times. The question is how do we address this issue? It seems like we should double our efforts on this front and yet we still have, at best, an anemic response to this threat. Collectively it seems like we need to have a better response and yet I see half-hearted attempts to address the issue because it seems too difficult to get people to think before the click, or think be for they answer. I think we need to rethink security awareness programs. In many of my classes, I have suggested this would be an excellent task the marketing department and not the IT department. I also think we need programs like national programs with public service announcements like Smokey the Bear. So pervasive was the campaign with Smoke the Bear that he and his message is now ingrained into our culture. We need the same thing now. Just not a turtle which seems to signify security equals slow. Look up Dewie. We need a cyber safety message that becomes a part of our culture and we need it yesterday. Everybody knows Smokey the Bear and everyone knows his message, how do we replicate? The federal government should spearhead the program. Hollywood should bake the message into movies and TVs. This is the surest path to a meaningful response to a very real threat. Could we make the old maxim that humans are the weakest link null and void? Maybe if we work together we professionals with the requisite skill sets. By the way, October is Cyber Security Awareness Month. Reference Who is Dewie? TechRepublic "Phishing is the Easiest Way to Steal Sensitive Data, Hackers Say," by Connor Forrest, 19 SEP 2017: http://www.techrepublic.com/article/phishing-is-the-easiest-way-to-steal-sensitive-data-hackers-say/ Anti-Phishing Workgroup: https://www.antiphishing.org IT World Canada, "Campaign advice for CISOs for Cyber Security Awareness Month," By Howard Solomon, 29 SEP 2017: https://www.itworldcanada.com/article/campaign-advice-for-cisos-for-cyber-security-awareness-month/397065 DHS, National Cyber Security Awareness Month, https://www.dhs.gov/national-cyber-security-awareness-month
CNBC, "Top Cybersecurity CEO Says Hackers Know Humans, Not Computers, Are 'Weakest Links'" Elizabeth Gurdus, 20 SEP 2017: https://www.cnbc.com/2017/09/20/mimecast-ceo-hackers-know-humans-not-computers-are-weakest-links.html
Dark Reading, "70 Percent of U.S. Employees Lack Security and Privacy Awareness"
Dawn Kawamoto, 3 OCT 2017: https://www.darkreading.com/vulnerabilities---threats/70--of-us-employees-lack-security-and-privacy-awareness/d/d-id/1330031