The First Line of Defense against Cyber-Crime
September 30 2017
What is the first line of defnce against Cybercriminals?
We as IT professionals are continually innovating, researching and creating new and powerful software to block cyber threats from businesses and individuals.
However, software is limited by fragility and timelessness, in that no matter how intelligent or innovative a security software is, it will eventually become dated due to the cyber-criminal community innovating and developing methods to overcome it.
For this reason the most effective weapon against cyber-crime is usually education. The reason being that almost all forms of cyber-crime require the victim to participate in some way to be effective. If the victim doesn’t open the scam email the malware cannot spread, if the victim doesn’t sign their details into the false form the hacker cannot gain the information they need. If the victim keeps their social profiles private and their public information limited the identity theft is much harder.
Consider for example the following case scenario. One of the first and most effective tactics was leaving a USB outside of an office or medical centre, where someone was likely to find it.
The hope being that someone will find the usb, insert it into a computer or workstation and infect the entire business. This was essentially an early form of social engineering in that it preys upon people’s goodwill, curiosity and predisposition to want to help others be reunited with lost property.
Research carried out by Google in 2016 (who partnered with the University of Illinois Urbana-Champaign and the University of Michigan), found this kind of tactic to be particularly successful. After leaving 297 USB’s scattered around the Urbana-Champaign campus, around 48% of the USB’s were plugged into a computer by someone, many within an hour of being dropped. 16% of which were entered into a PC without any kind of antivirus scanner in place.
Here the lesson is simple. The research shows how easily hackers can take advantage of unsuspecting, good willed and curious people. As well as how incredibly important it is to educate your customers on the dangers of cybercriminals, their common practices and tactics.
By simple educating people on how to be aware of cybercriminal tactics, this type of social engineering (and indeed most types of cyber-crime) can be easily flanked.
Which is why the best and in many cases least expensive defence against cyber-criminal actions is education and not a specific software.
By educating your staff on how to be diligent towards cyber-crime is more or less timeless. Aware staff and employees are much harder to trick, less vulnerable to social engineering and far less likely to expose the organisation in any way.