Human vulnerability is the most exploited element of IT security systems, with social engineering behind most data breaches.
Recent high-profile cyber-attacks against the likes of M&S, Co-op and Harrods have highlighted flaws in current digital safety methods, however, human manipulation can be a much greater risk than harmful malware.
In the case of attacks like at M&S this can take the form of threat actors impersonating IT helpdesks to enter systems.
“As we have seen with M&S, cybercriminals are increasingly exploiting human vulnerabilities rather than just technical flaws,” commented Barry O’Driscoll, a partner at the law firm Perkins Coie.
“You can invest tens of millions in securing your infrastructure, but it is meaningless if your staff are not adequately trained to identify social risk vectors and fail-safes aren’t in place to eliminate single points of failure.”
Research from American cybersecurity company Proofpoint found that social engineering was behind as much as 70% of breaches globally.
The risk of cyber-attacks coming from those pretending to be colleagues is so great that the National Cyber Security Centre issued guidance to organisations this week urging training and preparation to identify social engineering attempts.
Advice included comprehensive two-step verification, careful reviewing of domains and account names and a review of how helpdesk password resets work.
“Time is critical during a cyberattack, and response delays can compound the damage. Too often, companies invest in incident response and business continuity plans that look good on paper but are never tested,” O’Driscoll added.
“These are decisions that must be considered in advance, not for the first time in the middle of a crisis.”
Read more: UK businesses lost £64bn to cyber-attacks over a three-year period
Register for Free
Bookmark your favorite posts, get daily updates, and enjoy an ad-reduced experience.
Already have an account? Log in
