People Remain the Weakest Link in Security

BrandPost By Graham Welch
Mar 11, 20154 mins

A new survey was unveiled last week by the UK consumer association, which reported the top five email scams to be aware of for 2015.

Anyone who checks their spam folder in their email regularly will not be surprised that bank scams, online payment companies and tax rebates top the list of email phishing in the survey of over two thousand adults. Which suggested that 54% of respondents have either personally been scammed or know someone who has been duped by these sorts of cybercrime attacks.

Just this week, Cisco’s Talos Threat Intelligence and Research Team also reported a rise in tax-related phishing attempts in the US as the tax reporting season gets into full swing.

The trouble is we, the computer users, can be made aware of the risks and some simple steps to prevent opening a malicious link. However, we can hardly be blamed as some of them are incredibly sophisticated and are very hard to spot as being fraudulent.

It is not just phishing emails which we are targeted by. Malvertising is also on the rise, where cybercrime gangs take out adverts on legitimate websites and use them to inject malware into unsuspecting people browsing the ad.

The most recent Cisco Annual Security Report (CASR) suggested compromised users are often infected with malicious browser add-ons through the installation of bundled software (software distributed with another software package or product) via these sorts of malvertisments and usually without clear user consent.

The CASR also highlighted how users’ careless behaviour when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure. In 2014, the pharmaceutical and chemical industry emerged as the number one sectors to be targeted in this way.

Of course it is pretty logical that employees are being targeted – after all, insiders have the most unfettered access to critical systems and data so it stands to reason they would be a top route for attacks and data disclosure problems. But all this research illustrates the need for businesses to monitor their systems and data for suspicious changes and activities, regardless of the source. Merely watching network traffic into and out of the network is not sufficient.

It seems people cannot stop themselves clicking on links they receive in emails without even the most cursory check on whether it is a valid link or not. It is an easy step often overlooked that you hover your mouse over the link and see what web address it is trying to send you to.

Cyber criminals are very clever and so they often go to great lengths to disguise their malicious intent by replacing a single letter in a valid web address to trap the unwary, after all looking quickly, it is difficult to spot when what should say: “” is changed to “” or something similar.

Also people are largely trusting in nature. If you get an email from a friend, family member or work colleague with a link, we tend to think it is genuine and trust the content. Yet again we know that cybercriminals can easily mock up an email reportedly from an acquaintance to fool us into believing it to be genuine.

But social media, and other publicly available data enables those same criminals to build up a profile of what interests us and so when they target us, they do so with something convincing which we will be more likely to believe.

This is why visibility across the whole corporate network is critical to managing security. It is not enough to just defend the threat coming into and out of the network; you have to be able to manage the threat across the whole continuum, before, during and after the attack.

By having detailed visibility into malicious activities, it enables businesses to detect, remediate and control malware outbreaks. Network File Trajectory and Device Trajectory allows security teams to quickly determine the scope of an outbreak and track malware or suspicious files across the network and at the system level. That way it is possible to spot how the attack got into the network; where it went from entry and what activities were carried out. This allows speedy resolution and remediation to limit the impact.

People are no doubt the soft underbelly of any organization, and through education and awareness we can try to limit their ability to compromise network security. But equally we have to expect the compromise to still happen, and to have the ability to spot malicious activities happening quickly and deal with it equally quickly to mitigate the risk of serious data loss and compromise.