If you think about it, many of the security incidents that companies deal with are a direct result of human behavior. Take phishing emails, for instance. You can put in all kinds of perimeter protection like firewalls, but that only does so much. Those who use phishing (or spearphishing) email as a form of attack aren’t worried about firewalls. They know that at some point the perimeter security will break down, and it will be that email versus the most vulnerable link in the security chain: the human being reading that email. According to an EnterpriseAppsTech article, the bad guys are targeting the weakest link on the network, and more often than not, that weakest link is an employee:
Since the target of these attacks is actually the user, it is the user that needs to be the first line of defense. Security awareness training, then, is the best defense against these attacks. The more end users are made aware of the risks, the more they will be able not to act in an impulse when pressed for information and will be able to evaluate better each request.
You might be thinking, “I already know this, so why are you talking about it?” Fair question. It’s because I read this very interesting piece on TechCrunch that explained why the next generation of cybersecurity has to focus on behavior recognition. Rather than focus on perimeter and internal security, the article says, we need to do a better job of predicting the behaviors of cybercriminals, and it provides a number of examples for the different technologies that are out there to assist with sniffing out behavior patterns:
Take the relatively new startup BioCatch, which received $11.6 million in funding over three rounds. BioCatch’s technology works to identify patterns of user behavior in certain applications, creating user profiles that can then be matched to subsequent visits.
For example, if you visit an e-commerce platform and move your cursor in a certain pattern, or type at a certain speed, BioCatch will be able to determine, on future visits, whether or not the user with your login credentials is actually “you.” Account takeovers, remote access (RAT), and MitB malware attacks could all be potentially thwarted by this approach.
This is a good place to start, but it is only the start. Teaching behavior recognition has to be an integral part of cybersecurity-professional education and training. But – and here’s where we get back to our conversation about phishing email – we also need to do something about the behavior patterns of the weakest links. I would be willing to bet if you listened in closely to the conversations of your employees for a week or month, you would be able to point out exactly the ones who are your biggest threats. Why? Because these are the people who will exhibit curiosity about issues without restraint or they’ll openly talk about the foolish things they do online. And the more you know about the folks who are your biggest risks, the more you can do to target training to shut down that vulnerability.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba