There is no such thing as perfect security. We know this to be painfully true as new data breaches make the news every other day. Maybe, in the future, technological advances will pave the way to penetration-proof firewalls that block every threat, but we seriously doubt that day will come anytime soon, if ever.
In the meantime, the first line of defense continues to be humans. Whether at work, at home, or on the road, end-users are the main target of cyber-attacks, and end-users are the only ones that control whether or not those attacks are successful. This is why human firewalls stand alone as the No. 1 weapon to combat cybercrime.
Five Reasons Why Human Firewalls Are Your Best Defense
Because phishing emails are still king.
As often as the words “don’t click on sh*t” have been printed, it seems people are, in fact, still clicking on sh*t. Just last week CyberX released a statement detailing a large-scale cyber-reconnaissance operation that uses sophisticated malware to flip on a PC’s microphone, unbeknownst to the user, and records audio. So far, the cybercriminals behind the attack have stolen 600 gigs worth of data from over 70 organizations.
And you won’t believe how that malware spread: via a phishing campaign of emails that contained infected Word documents. The malware, naturally, hid behind the scenes undetectable by most antivirus and anti-malware scanners, which means the only thing that could have prevented it is a strong human firewall.
Speaking of phishing, it’s tax season. You know what that means…
It means W-2 scams are on the rise. There are already multiple reports of organizations falling victim, such as this one involving a senior community which is estimated to have claimed 17,000 employee’s tax data. The IRS is urging businesses of all shapes and sizes to stay on high alert as these types of scams are expected to ramp up over the next several weeks, just as they do at this time every year.
If you’re unfamiliar, a W-2 scam is similar to a CEO scam where the attackers spoof the email of high-level executives and request tax and wage information for all employees. Since these tax forms include pretty much all the PII (personally identifiable information) a social engineer could dream of, it’s especially important they don’t fall into the wrong hands.
That means, as human firewalls, we need to verify the source of every email we receive and take extra steps to ensure the confidentiality, integrity, and availability of sensitive data is protected at every level.
Because ransomware isn’t going away.
If anything, we should expect more attacks this year. Whether it be shutting down an entire county’s government, including the police department, or threatening to poison water supplies, ransomware is not a fad, and leads the list of the top threats facing both organizations and individuals.
From July to December last year, ransomware attacks doubled. And just to paint the bigger picture of ransomware’s rise as cybercriminals’ top attack method, according to SonicWall, there were 3.8 million attacks attempted in 2015. There were 638 million attacks in 2016. It’s hard to imagine 2017 topping that number, but you could have said that at this time last year too.
Like with all things cybersecurity, the best way to prevent ransomware is by never letting our guard down and always thinking before clicking—top responsibilities of a human firewall.
Because IoT means an internet of hackable things.
Some estimate that there will be around 29 billion connected devices by 2022, 18 billion of which will be related to the internet of things, or IoT. This means that there will be more connected devices by 2018 than mobile phones. If you’re a cybercriminal, you might see this as a profitable venue.
The biggest issue, at least in the immediate future, is the lack of security standards or safeguards for new tech. Companies are so quick to rush out various connected gadgets that security is often given little thought, leaving plenty of doors open for the bad guys.
To make matters worse, people buying these gadgets have the same stubborn philosophy; that of giving security little thought. We learned this last year when Mirai formed a massive botnet by compromising internet-connected devices (such as security cameras and baby monitors) and launching DDoS (distributed denial of service) attacks which shut down the internet for millions of people. As it turns out, many of those devices never had their factory default passwords updated by the end-user. A human firewall, of course, always updates default passwords to strong, unique passphrases, and changes them every now and then.
Because we rely so much on web services. Maybe too much.
Seemingly everything we do these days requires an internet connection and an app. Whether it’s remotely connecting to our computers at work from our homes, or asking Alexa to order supplies in the middle of cooking dinner, we’ve come to rely on web-based services quite a lot.
While the future of technology might be exciting, entertaining, and maybe even a little frightening, the future of cybercrime is growing exponentially with each new advancement. The more things we connect, the more doors we open that leave us, and our privacy, vulnerable.
As much as we’d like to think said future will include extensive upgrades to cybersecurity software or hardware, at the end of the day the responsibility will still fall on the end-user. We’re the ones that need to maintain unique passwords for every account (which is much easier with a password manager), and in general stay alert and in-the-know of modern cyber-attacks. What this means for human firewalls is verifying the source of apps, updating permissions and double-checking security settings on all devices, and maybe realizing that not everything we own needs to be connected to the internet.
How Do You Create Human Firewalls?
If your organization handles sensitive data of any sort, you can bet that you and your employees are targets. And even if it doesn’t, ransomware attackers have no bias. They’ll happily lock you out of your systems and destroy your data. In other words, every business and every home needs human firewalls.
The best way to create them, like most things in life, is with education. Far be it from us to miss an opportunity for a little self-promotion! But in seriousness, security awareness training is the bare minimum your organization should consider for developing strong human firewalls. Everything starts with education. If your users don’t know, then don’t be surprised when they get compromised. We mentioned common sense, but behavior change is the key to preventing successful cyber-attacks.
Of course, security awareness training, regardless of how great it is, still needs to be supplemented with real-life scenarios so you know whether or not your program is getting through to your users. This is why phishing your employees is a great way to take your awareness program to the next level and identify vulnerabilities before cybercriminals do. Phishing your employees works just like real phishing attacks, except the consequences, in this case, result in education and not malware.
Latest posts by Justin Bonnema (see all)
- Incident Response: Time Is Not On Your Side - April 1, 2019
- 5 Traits of Security Aware Parents - March 14, 2019
- Bad Habits of Senior Managers That Put Security of Organizations at Risk - March 1, 2019