Humans: Threat or asset in a cyber breach?
The notion of “we the people” may serve as a hindrance to maintaining cyber security. Recent news has covered threat activity from nation states and hackers outside the US, but what about insider threats that could be taking place right in the workplace cubicle beside you?
Minimizing the human threat
According to a recent study from best-practices insight and technology consultancy company CEB, more than 90 percent of employees admit they violate policies that are designed to prevent breaches and noncompliance. How do we help minimize the human factor in a cyber breach? At the recent IBM Insight at World of Watson 2016 conference, I had an opportunity to hear conversations and attend sessions on cyber security. From that experience, I gleaned 10 key quotes from experts in this area that encapsulate the human side of cyber security.
"When you put people together with bits and bytes, you have to have something that is collectively smarter than any individual to help defend against cybercrime". —Morgan Wright, Cyber Terrorism and Cyber Crime Analyst
Technology has opened numerous doors, from the Internet to the Internet of Things and its connected devices, sensors and self-driving cars. However, those open doors create security gaps that can give rise to cyber crimes. Earlier in 2016, IBM CEO Ginni Rometty said, “Cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
“Convenience is the reason most cyber security breaches occur. There’s no such thing as secure single-factor login.” —Shahid Shah, CEO at Netspective Communications, and Cybersecurity and Risk Consultant
We do live in a right-now world in which 10 seconds may even be too long to wait for anything. Because of this need for right now, we opt for instant versus secure, where we may even forgo a step to get immediate answers, results and responses.
“We don’t want it to be that every time there is a little bit of rain there is a massive problem…we need to do the basics, patch things appropriately, passwords, two factor and so on….” —Tyler Carbone, COO at Terbium Labs
According to a recent ISACA report, 52 percent of global IT and security professionals are most concerned about social engineering among the top three threats for their organizations in 2016. The insider threat was a close second at 40 percent. Simple things such as “123” passwords and employee mistakes contribute to exposing an organization to a breach.
Maximizing human collaboration
The adage “knowing is half the battle” is especially poignant considering the pockets of vast knowledge trapped within individuals, organizations and even countries. Many entities hoard critical security information that could possibly make a difference if it were shared widely—not just knowledge with regard to security gaps, but insight on fixing problems. Cheri McGuire, chief information security officer at Standard Chartered, said it best: “Cyber is a 'team sport,' and we need to work together—it’s not a competitive differentiator.”
“The way IBM looks at security is the same as our bodies—it needs to work like an immune system of coordinated abilities.” —Patrick Vandenberg, Program Director, IBM Security Product Marketing, at IBM
“Cyber criminals lead the way with collaboration...they share just about everything.” —Christopher Meenan, Director, Security Intelligence (QRadar) Product Management and Strategy at IBM
“Ethical hackers need to do more knowledge sharing.” —Shahid Shah, CEO at Netspective Communications, and Cybersecurity and Risk Consultant
Cyber criminals seemingly have the upper hand in the cyber war. They hone in on vulnerabilities with sophistication and speed, often lounging undetected in networks for months. How do we fight these cyber criminals? The private sector, public sector and citizens alike need to lock arms and work together.
Augmenting human understanding
Cyber criminals continue to exploit gaps in new technologies to wage war in cyber space. Organizations need to deploy advanced technologies such as advanced analytics, enterprise insight analysis and cognitive computing to stymie cyber threats. By exposing hidden connections and patterns buried in the enterprise and third-party and public data sets, organizations can enhance the way they counter and mitigate cyber threats.
“What is changing security? Collaboration, cloud and cognitive.” —Marc van Zadelhoff, General Manager, IBM Security, at IBM
“With cognitive security, we teach Watson the language of security, which enables us to marry unstructured data with human understanding..” —Jeb Linton, Chief Security Architect and Head of Cognitive Security, IBM Watson Group, at IBM
“Multisource intelligence needs to be a key part of our protection strategy.” —Mike Kehoe, Program Director for Worldwide i2 Sales at IBM
“Advanced threats are human-led threats. We need to enable humans on the defender’s side to better understand and detect these threats.” —Bob Stasio, Senior Product Manager at i2 Enterprise Insight Analysis
Cyber criminals are exploiting technology. We need to take away their advantage, not just by creating smart devices, but also by creating secure devices. We also need to leverage the vast array of technologies we have to train our employees and empower them to outthink threats and create a safer planet.