Your staff: the weakest link in cybersecurity

Seemingly regular newspaper headlines claiming that attackers have obtained the data of million customer accounts or sensitive data might be sensational and grab much attention, but are they that far removed from the situations of the organisations that most of us work for?

The reality is that while these sort of high-profile attacks grab media headlines, the majority of businesses around the world also face cyberattacks and their networks will be compromised - either by professional cybercrime gangs or in this case the actions of a well-meaning insider.

Every year organisations around the world spend millions of dollars on internet security designed to stop cybercriminals getting into their networks and while cyberattacks are undoubtedly a major threat, research from technology analyst firm Forrester suggests that one of the biggest threats actually comes from company insiders.

According to Forrester, company insiders were the top source of breaches in the last 12 months, with 36% of breaches stemming from inadvertent misuse of data by employees.

Of course this should not be a surprise to anyone - after all, insiders have the most unfettered access to critical systems and data so it stands to reason they would be a top route for attacks and data disclosure problems. But this research illustrates the need for enterprises to monitor their systems and data for suspicious changes and activities, regardless of the source. Merely watching network traffic into and out of the network is not sufficient.

It seems people cannot stop themselves from clicking on links they receive in emails without even the most cursory check on whether it is a valid link or not. It is an easy step - often overlooked - that you can hover your mouse over the link and see what web address it is trying to send you to.

Cybercriminals are very clever and so they often go to great lengths to disguise their malicious intent by replacing a single letter in a valid web address to trap the unwary. At a glance, it’s easy to mistake ‘www.thisisvalids.com’ or similar for ‘www.thisisvalid.com’.

Cybercriminals know that people are largely trusting in nature. If you get an email from a friend, family member or work colleague with a link, people tend to think it is genuine and trust the content. In turn, cybercriminals can easily mock up an email reportedly from an acquaintance to fool people into believing it to be genuine.

Through social media and other publicly available data, criminals are able to build up a profile of what interests us and so when they target us, they do so with something convincing that we will be more likely to believe.

This is why visibility across the whole corporate network is critical to managing security. It is not enough to just defend the threat coming into and out of the network; you have to be able to manage the threat across the whole continuum - before, during and after the attack.

By having detailed visibility into malicious activities, businesses can detect, remediate and control malware outbreaks.

People are no doubt the soft-underbelly of any organisation, and through education and awareness we can try to limit their ability to compromise network security. But we equally have to expect the compromise to still happen. The ability to spot malicious activities can help deal with them and reduce the risk of serious data loss and compromise.

*Ammar Hindi is Managing Director, APAC at Sourcefire, now a part of Cisco.