The Human Problem of Cybersecurity

Posted by ewatk003 on

BLUF: Humans cause all security problems in cybersecurity and do not have the ability to
manage them, unless we train and inform people to protect the companies.

The Creation of Human Threats

In 1971, the “Creeper Virus” was created. It was the first virus ever created and even though it did not create any harm, it was the foundation for all malware today (Schneider). Malware was created by humans and always is but is sometimes seen as a more automated function; regardless, all cyber threats start with humans. This is shown better in bigger businesses where phishing or whaling is present, but you can even see this in your day to day life with scam calls or texts and some people do not have the knowledge to ignore them.

Phishing and Whaling

Most people think of cyber attacks as cyber criminals hacking into systems with no “help” from the people they are hacking, but that is not entirely true. Most of the time hackers use social engineering to get information they need in order to hack into whatever they want. In a way, they need human psychology to gain access (. The most basic form of this is phishing or whaling. Phishing and whaling are very similar and the only difference is whaling focuses on higher authorities like CEOs, but they do the same thing. Usually when it is a company, they are communicated through email and usually by a higher authority or “trusted” outside source. They then can ask about a document they need to look at and when the victim clicks the link, it can take them to a fake website where they have to login to access the document, but that information gets sent to the hacker instead and they use that login. It is a very easy attack once you have gotten someone that is naive enough to get the information from.

The “Perfect” Solution

In a perfect world with unlimited money we could implement all the security protocols we ever wanted and have unlimited employee training, unfortunately that is not feasible. Now if I was a CISO first of all I would implement role based access control just so I could easily control the roles of my employees so that no one could have unauthorized access. I would also implement employee training on how to detect phishing or a scam, what to tell about the company, what to post on social media about the company, and what to do in a scam situation. Ideally I would also have the training have to be redone every three months just so they would stay informed.

Conclusion

Human security is key to protect from cyber attacks. All cyber attacks start from human error, so we need to inform humans about how to be safer on the internet. In a corporate space we would need to implement employee training about scams, phishing, and whaling. Role based access control would also be implemented to lessen the risk of an insider attack. In order to be safer in a workspace we need to tackle the human errors first.

References

Schneider, J. (2024, November 25). The history of malware. IBM.
https://www.ibm.com/think/topics/malware-history

Cyberbitsect. Why is Cybersecurity About Human Behavior. Cyberbitsect.
https://docs.google.com/document/d/1QplIrfcKlmkSOuKt9i0Kte72kYrukFeCm1wj9Dxp
nGU/edit?tab=t.0#heading=h.iafeicx83xq5

Leave a Reply

Your email address will not be published. Required fields are marked *