Security professionals spend a lot of time trying to plug the technical security gaps in their organization’s IT infrastructure. We find and fix software vulnerabilities, tighten our network security controls, and monitor the latest malware samples and exploits to try and ensure a hacker can’t leverage them against our systems. However, if you look at most of the advanced network breaches over the past few years, they have one thing in common –and it’s not technical. They all started with spear phishing, which is a social, user issue.
Prediction video link: https://www.youtube.com/embed/YBu61EYZXms
Let’s hypothetically assume you could fix every technical security problem a network faces. Your software is perfect, your network only allows the things you want, and your access controls only let people you know access the things they need. Would this prevent all attacks? No. Rather, bad guys would simply change their focus and instead try to trick one of your trusted users into doing something they shouldn’t, in hopes of gaining that user’s privileges.
Cyber criminals have realized this over the last few years, as our defenses have gotten more advanced. To counter our technical defense, they have increased the reconnaissance capabilities and started to target our specific users with very convincing and customized social engineering. Next year, we believe this trend will grow; and many of the breaches will start with a targeted attack on your organization’s users.
Visit our WatchGuard security predictions site
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply