CYBER SCAPE AFRICA | Q2
2019
We’re not
just
humans.
We are
assets!
source https://towardsdatascience.com/ai-the-future-of-technology-and-the-world-86f59d0cf720
The Human Factor in Cybersecurity.
Recently at BSides Cairo, during Q&A after my talk
on social engineering and a human factor in
security, I was asked by a gentleman why his
company would need a social engineering and
physical security test if his company already had
the newest, well configured, tools, and a hardened
network. If on every layer we find a human element, then
we need to start treating security holistically,
where our users are our assets and treated as part
of our threat landscape with their own
vulnerabilities that we need to count and know
how to remediate, like with any other asset in our
network.
What a great question! It tells me a lot about the
state of this gentleman’s mind, and his company’s
security. It also lets me open the discussion to why
the human factor is important in security. The insider threats, like inadvertent insiders, who
are the insiders in your company who unwittingly
compromise the environment, were reported by
IBM X-Force Threat Intelligence Report 2019 as
the most relentless threat that will continue to
rise in 2019.
I’ve heard people calling humans the 8th layer of
the OSI model. And, while I think it’s important to
start bringing the human element into the realm
of our security models, I would say that the human
element lies in every layer of the OSI model –
humans are the ones putting all the cables, hubs
and repeaters into our networks. They are also
installing and configuring switches and bridges.
Humans are the ones architecting services,
configuring them, deploying them, maintaining
them, and finally, humans are the ones ceasing
those services. They are also the ones coding,
testing, maintaining, and engaging with the web
applications.
And this should simply be part of your threat
landscape. As Ira Winkler says in his talk, The
Human Exploitation Kill Chain, there are 10
opportunities to stop phishing attack and only 2 of
them are user related.
Before an email with malicious content reaches a
user, for instance, our perimeter devices should be
configured to their full potential in order to filter
those emails out – our email servers and email
clients should detect, filter, and quarantine
phishing emails.
21