AG Weekly: Network Security Pt. 1 - The Human Element

Rich Watts
Jan 25, 2019 8:05:00 AM

Transcription:

Why Is Network Security So Important?

Network security is very personal to me because , the fact is, I've personally been the victim of a data breach. My own data has been lost, and I know what it means to me and how concerned I am to have my data out there. And having my own personal experience with data loss drives me to ensure AvantGuard never experiences the same thing. So from a business perspective, the data breach can mean millions of dollars in cleanup and restoration, not to mention the loss of customers. It's the number one thing I worry about, and it's something that definitely does keep me up at night.

The Human Element In Network Security

In a recent study that I read from IBM, it indicated that 95 percent of all data breaches were because a human made a mistake. In the most recent data breach summary by Verizon, 90 to just over 92 percent of the vector that is used to breach a network is email. So users are clicking on things that they shouldn't be clicking on and that's a major concern.

 

Exploring The Human Element

Because email is certainly a vector that that can be used to entice a user to click on a link, take them to a malicious web site, click on an attachment that that might have a virus, or take someone to a Web site that looks like a Google login. They prompt the user to give a username and password, which is all a bad actor needs in order to gain access to a machine or your username and password. They do this to take advantage of an unpatched system, and once they've got access into your network or your system itself, they get a lot of control.

The Hacker's Motivation

It's interesting to consider how the motivations to breach a network have changed. When I was early on in my I.T. career, they wanted to make as much of an impact as they could. Essentially, they want to take down an entire network or create an impact in such a way to make the news. Now it's totally different.

It's a money making process. For the most part, what they want is to take the computing power of my computer and use it. If they can use my computer in addition to one hundred thousand others just like it, then they have the power to initiate a denial of service (ddos) attack, or use the systems to do crypto mining and try to make money. If they can do that all undetected, then they can continue to have that resource at their disposal to do any of those things.

How To Develop A Human Firewall

Given all of this, I think it's critical for any business to make sure that as business leaders are training on any policies within the company, to make sure that their users are a firewall between the bad stuff that's on the Internet and the company. It's crucial that your employees know these things, that you're training them how to identify the bad actors. As part of your training, they learn to identify little clues within emails, and become more aware of how these bad actors try to get into your network.

As we coach and train our team, we frequently send test phishing emails to make sure that that our users are consistently practicing these skills. We try to do everything we can to make sure that they are as ready to face the threats that are very real as they need to be.

Patching Vulnerabilities

With all the best efforts to train your users to be careful about what they're doing on the Internet or with their email, the fact remains that mistakes still do get made. There's definitely a technical gap that exists between making sure that we are also responding to these threats with things like implementing quality endpoint security, making sure our systems are patched, and that we're scanning our systems for vulnerabilities.

––––––––––––––––––––––––––––––––––––

Ready For Part 2? Click below to watch it now

network security, pathing software

Get Weekly Updates About More Stories Like This:

You May Also Like

These Stories on Technology

No Comments Yet

Let us know what you think