CYBER SECURITY LAW AND POLICY

Crossroads Blog | Institute National Security and Counterterrorism

Current Affairs, wikileaks

Humans Are The Weak Link In Cybersecurity: CRN

Posted by Zach on December 21, 2011 0 Comments

Read Next →

Cybersecurity

Kerry on U.S. International Cybersecurity Policy: Full video

 Actual Indictment

Cyber Espionage

U.S. Charges Chinese Man With Economic Espionage For Stealing Source Code With Intent To Benefit The Chinese Government

CCDCOE

NATO Conference on Cyber Conflict materials now available.

On Dec. 20th, 2011, Jeff Schmidt wrote for CRN on how the weakest link in the cybersecurity chain is humans.  Schmidt argued that for all the high-tech cybersecurity technology we pump out, low-tech social engineering and targeted phising has still allowed for high profile network infiltrations.  Schmidt goes on to cite a disturbing DHS study in which DHS dropped USB's and disks in the parking lots of government agencies and private contractors.  60% of the workers picked up those parking lot USB's and promptly connected them to their computers.  90% of workers used those parking lot USB's when they were imprinted with the company or agency logo.  Of course, the concern being that anything could have been on those USBs, and anyone could have placed them in the parking lot.  According to Schmidt, the first step is to acknowledge that humans are a weak link in the cybersecurity chain.  Check.  However, humans won't be leaving the cybersecurity chain anytime soon…

 

5095992133_1b332fedb5…At least until Skynet goes online.  That would solve our cybersecurity problems. 

Flickr Commons

Moreover, Schmidt finds it frustrating that there is a general awareness of the human weakness in cybersecurity, but no motivation to make the necessary changes.  This gets into a general theme of organizational compliance versus organizational security.  An organization that is compliant with general cybersecurity regulations may not necessarily be an organization that is secure.  To be secure, Schmidt suggests focusing on the people working within the agency or company, and offers solutions including behavorial research and procedural audits.

The source article can be found here.

***

For me, Schmidt's best advice is to simply know your people.  If criminals and foreign governments are spending considerable time conducting social engineering, then agencies and companies should spend considerable time to understand their employees.  I think the ongoing trial of Bradley Manning is a great example of this.  Although Manning wasn't the target of any social engineering, he apparently displayed some behavior that should have raised red flags.  Granted, hindsight is 20/20.  However, if the US Army had picked up on that behavior, Manning may have never had the chance to leak those files to Wikileaks.

***

Have an interesting article, or are just a Terminator sent from the future?  Tweet to @cyberlawblog

Zach

Read Next →

Cybercrime

FBI unable to hire number of computer scientists authorized, according to Inspector General program audit

Cybersecurity

Kerry on U.S. International Cybersecurity Policy: Full video

AppleVsFBI

FBI Director’s Speech at the Symantec Government Symposium 8/30/2016 full text and audio

Leave a Reply

Categories

Archives

Bitnami