As an integral member of a swiftly growing startup, Matthew oversees the company’s systems. Thanks to automation, he can devote his attention to optimisation and offering technical assistance to his colleagues, rather than intervening to deal with problems that arise.What are the human factors in Cybersecurity?
When Matthew got a notification from his cloud service provider about potential financial charges, he was stunned. After investigating the matter, he discovered that the company had surpassed their monthly budget in just 24 hours. This unanticipated scenario caught him off guard.
Matthew has received a notification that an unauthorized person has obtained access to his company’s cloud computing services and has been running programs without consent. To put it differently, Matthew’s enterprise has fallen prey to a cyber assault, a fate shared by 30,000 other websites every day.
According to studies, the cost of cyberattacks is expected to exceed $3 trillion by 2023, with the possibility of losses reaching $10.5 trillion by 2025. This increase is attributed to the growing popularity of remote working and cloud computing.
Companies are investing more in cybersecurity measures and implementing DevSecOps to construct systems that are less susceptible to vulnerabilities. However, advancements in technology appear to have a dual effect, as stronger defences lead to the creation of more sophisticated tools to circumvent them.
A system’s level of security is only as strong as its most vulnerable point, which makes designing with security in mind a complex undertaking. Every oversight or glitch could give rise to an array of potential vulnerabilities.
The human factor must be considered when addressing cybersecurity. Unlike software, people cannot be enhanced to fix vulnerabilities. As a result, we are susceptible to being targeted for exploitation by savvy social engineers.
Techniques for Social Manipulation
It is unsurprising that the actuality of cyberattacks differs significantly from how they are typically depicted in the media. The likelihood of a group of brilliant hackers intercepting a transmission and writing code quickly is as remote as that of an 80s action hero walking into a building and triumphing over adversaries using martial arts alone.
Phishing and man-in-the-middle attacks are two of the most prevalent forms of cyberattacks, with the goal of tricking the victim. This can be accomplished with limited technical knowledge of computer programming.
It is easier to acquire credentials from an insider than to attempt to hack into an account. When network access can be obtained in this manner, it is unnecessary to search for potential vulnerabilities.
Internal scams can catch those who are affected off guard since they are not always prepared for them. Social engineering may be successful since it exploits people’s cognitive limitations and their conviction that others are inherently honest. As a result, our susceptibility to these attacks is rooted in our inherent cognitive limitations and our natural tendency to trust.
In the past, when USB sticks were common, hackers would distribute them as a means of promoting deceitful businesses. If an employee unwittingly inserted one of these devices into their computer, it would give the hacker access to the individual’s device, as well as the ability to infiltrate the entire corporate network.
It is hard to fathom that individuals distributing free promotional materials could be part of a global network of cybercriminals. Most companies employ advertising to promote their brand, and hackers depend on the fact that their actions will go unnoticed.
It is logical to presume that most individuals are cautious of dubious emails or phone conversations. Regrettably, criminals understand that there is still a possibility that one person out of a hundred may not perceive the potential danger. It is crucial to remember that even a minor breach in security, such as an unprotected USB drive, can have severe consequences.
Once again, technological progress has brought about unanticipated difficulties. For instance, the advent of Discord, a social networking and chat platform for gamers, is worth examining. Connecting with like-minded individuals and participating in group activities can be extremely enjoyable.
Discord is recognised for its adaptability, but it can also be a potential source of security hazards, such as remote access Trojans. Precautions should be taken to prevent employees from inadvertently downloading malware when using the platform, even if they are accessing it from a trusted source on a work computer.
I am protected against such incidents occurring to me.
Believing that something like this could never happen to you is conceivably the greatest risk. Allow me to share a brief story, if I may.
As a frequent consultant for a nearby tour operator, it is my duty to send ticket sales data to a particular airline every three weeks. The airline has introduced a web-based platform that allows agents to sign in and provide the necessary reports.
A representative requested my help in uploading the required files due to the complex user interface. The program encountered more difficulties than anticipated, including a “page not found” error. Although the program uses a widely used framework, it is disadvantageous since it always displays debugging information.
The server’s 404 page delivered more than the typical “page not found” message; it presented a detailed debugging report, including the source code, server’s routing table, and other pertinent information to assist in comprehending the server’s architecture. It is crucial to note that the application is planned to store confidential information such as financial records and personal details.
It is vital to note that deactivating debugging mode is a crucial guideline before deploying to a live environment. As a result, I have sent an elaborate email to the site administrator, firmly emphasising the possible risks of leaving the option activated.
Following several days of waiting, I received reassurance that the risk was low since only a limited number of people had access to the web application. However, as someone who was not an agent but still had knowledge of the software, I was an exception to this assurance.
The error originates from users typing random text into the address bar of a web browser. This carelessness can harm a security system since disregarding a possible threat because it appears harmless can have devastating consequences.
Creating Your Own
It is advisable for all staff members, regardless of their responsibilities, to participate in a security workshop to guarantee that they have a comprehensive understanding of essential security measures. This can assist in avoiding potential security mistakes.
Establishing a security policy framework and encouraging its implementation is crucial. Regrettably, behaviours that prioritise security are not typically acknowledged. Individuals who exemplify conduct that promotes a safe environment are seldom recognised, whereas those who make errors are frequently rebuked.
To sum up, human input is as crucial to cybersecurity as it is to physical security. Although technology is advantageous, it can only advance as far as our current methods permit.
