While the human mind is responsible for the great technological cyber achievements of storing, accessing, understanding, and protecting vast amounts of data, it also represents the greatest vulnerability placing these achievements at risk.
The growing role of cyberspace in modern society has opened up new threats that come in the forms of:
- A data breach of employer, customer, or shareholder information
- Andustrial espionage involving a loss of trade secrets intellectual property
- Financial crimes
- The disruption of business or government operations
In fact, the Ponemon Institute’s report “2016 Cost of Data Breach Study: Global Analysis” (June 2016) estimates that in the next 24 months, companies have a 1 in 4 probability of a material data breach involving 10,000, or more, lost or stolen records.
Regardless of its technical sophistication or, in some cases, its simplicity, cybercrime is a “new means to old ends”, often made possible by human nature itself.
Social Engineering: An Effective Attack Methodology
A recent (November 2016) cybercrime analysis produced by Stratfor’s “Threat Lens” estimates that 91% of effective hacking attacks are structured around a social engineering approach that begins with a phishing or spear-phishing e-mail. While these attacks, which gain entry at the employee desktop, leave trace evidence within the Windows® log files, linking these entries in real-time to cyber threats, remains an impossibility for a vast majority of cybersecurity solutions. As result, phishing style attacks are relatively easy to deploy and have remarkably high penetration success rates.
The technical issues aside, the common denominator in these attacks is human nature. Phishing attacks gain entry by exploiting the human desire to; please a coworker or superior, avoid criticism, address human curiosity, or place trust in a message because of whom the message appears to come from.
Despite extensive investments in layered security, perimeter defenses, employee training… and more, the human component in cybersecurity remains the most vulnerable element that cyber criminals are likely to exploit. That’s because statistics show social engineering has the highest probability of cybercrime success.
So how do organizations eliminate human vulnerability within their network? Put simply, they can’t.
That’s why noted technology analysts and cybersecurity visionaries believe that the next frontier of cyber defense rests upon cybersecurity solutions that utilize a combination of behavioral analytics, artificial intelligence, and virtual supercomputing. Increasingly, the emphasis in cybersecurity is shifting toward technologies that detect successful intrusions on the network BEFORE they can have harmful impacts on the enterprise.
On a personal note, Red Lambda is proud to be a leader on this cyber technology frontier. With cybersecurity becoming increasingly important to our nation’s economic and military stability, the Red Lambda team continues to develop innovative solutions that strengthen our defenses against cybercrime and nation-state cyber incursions.
While cybersecurity innovation will continue into the next decade the weaknesses of human nature will likely remain as the largest vulnerability to protecting cyber assets. Going forward, organizations will need to increasingly shift their cybersecurity focus on more effective detection technologies capable of identifying threat-induced anomalies in real-time, allowing them to implement immediate threat mitigation responses that prevent data loss and business disruption.
At the end of the day, we can’t change human nature, but we can create technologies that stop cyber attackers who intend to exploit it.