We all know that technology is made by people and for the people but bad technology is made by intelligent people to harm unaware people.
Have you ever thought that at the far end of a malware attack there are very sophisticated programmers and at the opposite end there are people who barely know what a virus is and don’t know how to operate a computer safely?
Malware usually does not target those who are in between, that is, people who are able to pay attention to how to stay safe online.
The human factor in cybersecurity plays a huge role and it is usually replaced by the expression “users’ education”. Companies are nowadays spending millions of dollars educating people about the risks involved in a cyber attack.
The target of a hacker is to find out where users are most vulnerable and access their network.
Read my articles about:
THE PORTS OF ENTRY OF A MALWARE CAMPAIGN: LEARN WHERE HACKERS GAIN FOOTHOLD
Elements that define users’ risk: what type of human behavior determines that the user is at risk?
Ransomware is a such serious infection in that it can not only steal information from single users or corporations but it can also weaken the infrastructure of services used every day. Attacks are getting more sophisticated than ever: think about the ransomware installed in the IT admin tool Kaseya that spread across the networks Kaseya and other IT admin were managing. It took weeks to remediate the issue, patch software and networks to finally get rid of the infection. Hackers hide in the most unthinkable places and wait for their prey to come out: unbelievable.
Regular training that shows the latest tactics used by attacker is the best way to prevent networks from getting infected. As I often said, security is a process and not a one time task; the evolution of malware and its tactics should be used as a source of knowledge to educate system administrators and users on the dangers of a such fast moving environment, where scopes and targets can rapidly change.
Unfortunately, as computers are getting more secure and giving hard time to hackers, mobile threats are now on the rise. Hackers know that we all use more our mobile phones than computers to conduct business and make payments. Text messages with infected links can grant access to our contacts and send spam messages using our phones, unbeknownst to us. Persuasive messages range from package deliveries notifications to amazon purchases.
The role of the cloud is also to be mentioned here. Hackers are using the cloud to host their malware and to create suspicious applications that can collect users behaviors before crafting an attack. This type of spyware is very sophisticated and is usually defeated in a corporate environment by whitelisting only a restricted number of applications users can use. For residential users, however, things can be a little bit more complicated as their digital behavior is more permissive, but it will be sufficient to say at the moment that users should only download apps on their phones from the App Store and Google Play.
The pandemic has also made more difficult to track data loss prevention and in 2021 we have seen an increase in insider threats. This table provided by Proofpoint shows that protecting computers and laptop’s USB ports can prevent hackers from leaking information to muddy environments:
I have posted an article with an interesting video detailing instructions on how to secure USB devices on Windows 10, but the main requirement is that, in order to do that, the machine needs to run Windows 10 Pro and not the home version.
Human factors matter more than the technical aspects of an attack. Cyber criminals always look at what can be leveraged and access that can be exploited. Regular training can help users spot malicious emails and bad links contained in bogus websites.