THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
Securing the human variableWhen it comes to IT Security, it is a huge struggle to keep the enterprise network safe and secure. Nevertheless, if you add in the human factor, then you might as well throw all your hard work and effort out the window. Don’t get me wrong, humans can be trained, but will they keep what you teach them the next time a phishing email comes into their email? First Line of Defense When we look at all the attack vectors that can be compromised in an organization, by far the largest is the human factor. The user is the one person who is the focus of all of our efforts in securing the network. Yet, they can easily undo all of it with the click of a mouse or some misguided web surfing. So what are we to do with the one variable that has a mind of its own (sort of)? We can’t get rid of them (as much as some of us would really like to) or prevent them from accessing the network altogether. However, we can give them the tools and knowledge to help defend their network. We can do this in several different ways. Nevertheless, the focus needs to be on providing them the knowledge to make the right decision at the right time in order to prevent a possible attack on your network or a compromise of a critical system. "The reason that humans fail at IT Security is that we are creatures of habit and we are driven by emotions and the physical need to for social interaction." Why Humans Fail The reason that humans fail at IT Security is that we are creatures of habit and we are driven by emotions and the physical need to for social interaction. This is then the target of what attackers will look at compromising in order to get past your safeguards. Whether it is the phishing email asking to be passed along to the executive, or the need of your social media service to verify your account information, and they threaten to block your account. All of these threats have one thing in common, they prey on the need of the end user to please their boss by providing the information, or the need to connect with others, so they verify the account as asked. With phishing emails remaining the top threat vector for malware in all organizations. We can’t simply eliminate this factor, but we can educate them to make better decisions. Whatever the drive to click on an email or site that looks legit, we need to work with the end users to protect our networks and prevent the continued growth of malware. Whether it is the newest ransomware, or the latest advanced-persistent-threat (APT), the end user will be your eyes and ears at the perimeter of your network. This will provide you an early warning if you have a serious compromise or a heads up on a new way to try to get past all of your security measures and applications. Humans Are Good
As an IT Security Professional, you want to be both a resource for you end users as much as a repository of best practices that is always available to dispense your wisdom at a moment’s notice. Here are some ways in which you might want to use to educate your user base on IT Security best practices:
Human Training Requirements Understanding when a good time would be to educate new employees or users on the best practices and policy requirements should be done on a periodic basis. Several different compliance standards require that a training program be developed and adhered too. The following times should be utilized to bring your new employees up to speed on your IT Security posture:
Team Effort A key factor in helping your end users understand the potential impact that a compromise can cause is that they are a part of your IT Security Team. Being a member of a team means, you are a team player and you don’t want to see your team fail. Reporting incidents though, your reporting channels and having your end users reach out and let you know about what types of spam or questionable email they might be getting. Will go a long way in preventing an outbreak or an attack on your systems. While they will not be able to give you the specific information you may be looking for, they can help you track down where a possible threat may be coming from. Summary While the human variable is the most frustrating of headaches that IT Security Professionals will have to deal with on a daily basis. It falls to us to make sure that they are prepared to sit behind the keyboard and help you to protect the enterprise. We need to give them the knowledge to help us in our efforts to combat potential threats. Whether you are the target of a motivated attacker or just a compromised website that downloaded a backdoor into your end users system. Their extra pair of eyes on what is coming into the network can mean the difference between preventing a threat, and becoming a victim.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|