The human firewall has a soft spot: you

For all the talk about the importance of new security technologies, the importance of staff buying into corporate security strategies is often underestimated. In every case, the predictable result is the same: a strong technological barrier whose effectiveness is immediately compromised once a legitimate user, with legitimate access to internal resources, clicks on a phishing email designed to load malware onto their computer.

You'd think employees had learned by now not to click on suspicious emails, but statistics show that organizations continue to be compromised in this manner – confirming that threat actors are getting better at their work every day. Today's 'spear-phishing' attacks have honed earlier broad-brush attacks to a fine art, targeting individuals with emails that incorporate personally relevant information that is often extremely convincing – and often sourced directly from the target's LinkedIn or Facebook profiles.

Filtering such emails is extremely difficult because they don't seem outwardly malicious, and asking users not to click on these emails is a futile exercise for the same reason. Yet with more malware in circulation than ever, it's crucial for CSOs to help their employees kick their dangerous habits – and start helping build a corporate security strategy that relies on more than just hope.

Instead, organisations should consider following the example of companies like Dell SecureWorks, which not only educates its employees to ignore suspicious emails but to also confirm with “known” senders that they indeed sent the email in question, before clicking on an enclosed link or attachment. Dell SecureWorks also regularly tests its employees’ resolve by peppering them with carefully created phishing emails designed to catch them out.

“Security awareness training is absolutely paramount when trying to ensure that your employees are not going to click on email links or attachments, even if they appear to be legitimate and relevant,” Simon Ractliffe, Dell SecureWorks’ ANZ director and general manager, explains.

“Our organisation does sample spear-phishing exercises on its own staff and I'm nervous about clicking on anything from any group that I'm not familiar with. We're being driven to be incredibly security conscious – and when you hear about some of the recent of the cyber cases, ,it's understandable why. Phishers are becoming so clever and targeted that they go straight for you.”

The message is getting through – to IT executives, at least – with a recent survey of 2400 CIOs by Robert Half Technology finding that 54 percent of the respondents were planning to enhance employee training on security issues within the next 12 months.

This was the most frequently cited security improvement planned for the coming year, followed by 41 percent who said they would add tools or enlist third-party vendors to improve their IT security.

These results reflect the growing acknowledgement that users remain as important as technology when it comes to improving overall IT security. Ractliffe believes this 'human firewall' is going to become even more important over time, as threat actors continue to refine their dark art and user-awareness training “absolutely goes off the dial in terms of being front of mind.”

A growing track record of breaches due to human error is reinforcing the importance of having an effective human firewall in place. Most recently, the alleged $1 billion-plus theft by the 'Carbanak' cyber gang, from banks in 30 countries, was attributed to poor staff training that resulted in banking staff unwittingly succumbing to spear-phishing attacks. Indeed, low-tech attacks can often still be frighteningly effective: in one study, researchers could view sensitive information just by looking around an office – 88 percent of the time.

Plugging the gaps

While enlisting humans to the IT security defence has become critical, the human firewall requires constant attention, testing, and improvement for one very simple reason: it is built around humans.

“'To err is human' goes the old maxim,” Ractliffe says. “And humans err lots!'

“You've got to know that everything is working 100 percent,” he continues, “even though you know that with any security defence involving humans, a mistake or two is bound to be made.”

“Even the folks with the best training and intentions can get tripped up. You're pressured for time, have a weak moment, and you see something that sparks your interest just for that second. You click, and suddenly you're in trouble.”

Experience with new strains of malware such as the CryptoLocker and CryptoWall ransomware has shown infections to be insidious and potentially catastrophic. If malware does slip past the best human and technological defences, one of the most important countermeasures is to respond to it in a timely and effective manner. At first glance, this might seem to be easy, but today's threats are carefully designed to work in such a stealthy way that infections often go for weeks or months before being detected.

Indeed, a recent survey of malware infections found that it takes a median of 205 days for an organisation to detect a security breach – far longer than any reasonable security remediation protocol would allow.

“A lot of executives are still not up to speed on how important timeliness is when it comes to responding to a cyber incident,” Ractliffe says. “But if they have a hacker that's on an existing system, whenever new information gets logged back to their core systems, the hacker knows about it immediately – and it's likely to be exfiltrated within minutes of it hitting your server.”

“These intruders are not just targeting the company at a particular time,” he added. “They are likely to be actively monitoring the flow of company information utilising malware that is resident on the network. When it comes to malware, they really are watching you – but a lot of people haven't quite grasped that yet.”

For this reason, organisations are increasingly augmenting their human firewalls with analysis systems, expertise and tools – whether delivered as managed services, or hosted in-house – which can assist in shortening the time to detection and action.

Endpoint-protection tools, for example, can monitor traffic to and from a range of devices in real time and, if anomalies are detected, immediately pull a device off of the network until the matter is thoroughly investigated.

“We're seeing significant interest in a combination of those very clever technologies which can now sit on the endpoint, combined with 24x7 monitoring, detection and response,” Ractliffe explains. “We can pull that device off the network immediately if we see that it has been compromised. Then we can run an incident response exercise, discovering how the endpoint was infected, what the full scope of the attack is, how best to eradicate the threat and lastly, help the client prevent the attack from happening again. The client can make a very clear decision on what they want to do about it.”


Dell SecureWorks CYBERINSIGHTS SURVEY - Go into the draw to win a GoPro Hero 3 Black Edition or to the equivalent a $500 Visa card voucher.

Start Survey Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags security technologiesDell SecureWorksCryptolockerLinkedInIT Securitysecurity strategiescyber gangmalwarecyber securityFacebook'Carbanak'Simon RactliffefirewallCryptoWall ransomware

More about DellFacebookindeedRobert HalfSecureWorksTechnologyVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place