Human vulnerability is the greatest risk to cybersecurity – UKTN
Bookmark your favorite posts, get daily updates, and enjoy an ad-reduced experience.
Already have an account? Log in
Human vulnerability is the most exploited element of IT security systems, with social engineering behind most data breaches.
Recent high-profile cyber-attacks against the likes of M&S, Co-op and Harrods have highlighted flaws in current digital safety methods, however, human manipulation can be a much greater risk than harmful malware.
In the case of attacks like at M&S this can take the form of threat actors impersonating IT helpdesks to enter systems.
“As we have seen with M&S, cybercriminals are increasingly exploiting human vulnerabilities rather than just technical flaws,” commented Barry O’Driscoll, a partner at the law firm Perkins Coie.
“You can invest tens of millions in securing your infrastructure, but it is meaningless if your staff are not adequately trained to identify social risk vectors and fail-safes aren’t in place to eliminate single points of failure.”
Research from American cybersecurity company Proofpoint found that social engineering was behind as much as 70% of breaches globally.
The risk of cyber-attacks coming from those pretending to be colleagues is so great that the National Cyber Security Centre issued guidance to organisations this week urging training and preparation to identify social engineering attempts.
Advice included comprehensive two-step verification, careful reviewing of domains and account names and a review of how helpdesk password resets work.
“Time is critical during a cyberattack, and response delays can compound the damage. Too often, companies invest in incident response and business continuity plans that look good on paper but are never tested,” O’Driscoll added.
“These are decisions that must be considered in advance, not for the first time in the middle of a crisis.”
Read more: UK businesses lost £64bn to cyber-attacks over a three-year period
Bookmark your favorite posts, get daily updates, and enjoy an ad-reduced experience.
Already have an account? Log in
Registered in England & Wales at 124 City Roads, London, England, EC1V 2NX
–
Company No. 14998441
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
Already have an account? Log in
Human vulnerability is the most exploited element of IT security systems, with social engineering behind most data breaches.
Recent high-profile cyber-attacks against the likes of M&S, Co-op and Harrods have highlighted flaws in current digital safety methods, however, human manipulation can be a much greater risk than harmful malware.
In the case of attacks like at M&S this can take the form of threat actors impersonating IT helpdesks to enter systems.
“As we have seen with M&S, cybercriminals are increasingly exploiting human vulnerabilities rather than just technical flaws,” commented Barry O’Driscoll, a partner at the law firm Perkins Coie.
“You can invest tens of millions in securing your infrastructure, but it is meaningless if your staff are not adequately trained to identify social risk vectors and fail-safes aren’t in place to eliminate single points of failure.”
Research from American cybersecurity company Proofpoint found that social engineering was behind as much as 70% of breaches globally.
The risk of cyber-attacks coming from those pretending to be colleagues is so great that the National Cyber Security Centre issued guidance to organisations this week urging training and preparation to identify social engineering attempts.
Advice included comprehensive two-step verification, careful reviewing of domains and account names and a review of how helpdesk password resets work.
“Time is critical during a cyberattack, and response delays can compound the damage. Too often, companies invest in incident response and business continuity plans that look good on paper but are never tested,” O’Driscoll added.
“These are decisions that must be considered in advance, not for the first time in the middle of a crisis.”
Read more: UK businesses lost £64bn to cyber-attacks over a three-year period
Bookmark your favorite posts, get daily updates, and enjoy an ad-reduced experience.
Already have an account? Log in
Registered in England & Wales at 124 City Roads, London, England, EC1V 2NX
–
Company No. 14998441
To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
