By Malcolm Orekoya, Senior Technical Consultant at Network Utilities
In the security world the ability of any system to proactively or reactively deal with a security threat is highly reliant on the systems sensors, that is, the ability for the systems to detect threats. This detection process can be based on a myriad of characteristics, heuristics, behaviours etc. that make it possible for the system to differentiate between what is normal and what is abnormal in the context of the type of traffic that system processes on a daily basis. Once the threat is detected the system can then react to it by performing some sort of mitigating action.
The success of security initiatives relies on the implementation of layered security defences, and at a high level the major layers of infrastructure networks most widely considered are the endpoint (or host) layer, the application layer and the network layer. All the detection systems such as firewalls, intrusion preventions systems (IPS), distributed denial of services (DDoS) systems, anti-virus, web application firewalls (WAF) etc. deployed at these layers rely on early detection of abnormal activity in order to function optimally. But why is the human layer seldom considered when it comes to detecting abnormal behaviour on the network? Especially when it pertains to the type of threats that specifically target human vulnerabilities, such as malware, advanced persistent threats (APT) and phishing.
The one constant factor that exists at all currently considered layers of security is the human element. It is often said that humans can be the weakest part of any security system and this can be, for example, because people are capable of making configuration mistakes. So to counter this, training is provided to individuals who manage these systems in order to minimise the risk of such mistakes. However training is seldom considered to educate people on how to detect abnormal activities in their interactions with day to day systems such as emails, browsers and websites. How does an employee detect the difference between an email with a legitimate attachment and a malicious one? Or a legitimate website and a phishing website? Education is the answer; or rather Educate, Test, Review, Repeat might be a better sequence of activities to combat this.
The idea here is to educate people on these threats and its various guises, test their understanding and responses to the education, review the results of such tests and then repeat the entire cycle periodically over and over again. Do not simply assume that everyone within your organisation should know how to spot and react to phishing attacks. We assume most people that work within the IT team do but it is easy to fall victim to what are nowadays very sophisticated and deceptive phishing attacks.
From a defence in depth security perspective, the end goal here is to cover all bases by creating a human sensor network within your organisation, where the human element becomes an integrated part of your security systems sensors ability to detect threats. In many cases we already enable people to become part of the organisations security alert system, for example, in offices where an unrecognised person can be stopped by anyone, anywhere within the office premises if they are walking around without an identification badge visibly displaying who they are.
Over the last couple of years there have been numerous publications that have highlighted that the wide spread infection of endpoint devices by malware and growth in cyber espionage have increasingly featured phishing. This is due in part to the lack of effective awareness and training being provided to the humans that are essentially the first point of attack for phishing activity. By transforming this first point of attack into an effective detection sensor you are creating a network of human sensors, which can hugely reduce the number of people that fall victim and subsequently reduce the success percentage of phishing campaigns. Usually in a more cost effective and efficient manner than most other technologies out there.
Want to know more? Please get in touch via firstname.lastname@example.org and visit http://www.netutils.com/phish5.php to find out how proactive user security training can help you stay protected.
As Senior Technical Presales Consultant at Network Utilities Malcolm consults and advises on specialist IT Networking, Security and Service Management requirements.