Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Don't Blame Users for Data Breaches
Experts Say Users Not To Blame for Security Breaches
Experts Say Users Not To Blame for Security Breaches
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Recently, IBM Security researchers took the lid off an active campaign using a variant of the Dyre banking malware. So far, the malware has swiped over $1 million from its enterprise victims.

Dubbed The Dyre Wolf, IBM senior threat researcher John Kuhn said the variant shows a “brazen twist” from past Dyre malware strains because it adds sophisticated social engineering tactics that could circumvent two-factor authentication.

“From an initial infection via the Upatre malware through a spear-phishing email to a distributed denial-of-service (DDoS) attack, the criminals carrying out this latest string of attacks are using numerous sophisticated techniques,” Kuhn explained in an IBM security intelligence article. “However, social engineering and the resulting banking credentials theft is the focus of this new campaign and is ultimately what is used to illicitly transfer money from victims’ accounts.”

A Non-Tech Savvy Audience

So who’s to blame? The user or the enterprise? Philip Lieberman, president of identity management software developer Lieberman Software, told us the attack was very well targeted and hit a generally non-tech savvy audience outside the United States.

“Unfortunately the same advice goes about not clicking on links or opening attachments when you are not expecting them. The statistics are generally in favor of the attackers in this and most other cases that will reward them handsomely for their efforts,” Lieberman said. “I expect that attacks will pick up outside the USA as criminals exploit the generally poor security of EMEA-based individuals and companies that are hamstrung by their governments' regressive privacy policies that protect criminals.”

IT Needs To Innovate

So, then, is it the end user’s fault for clicking? We turned to Richard Blech, CEO of digital security solutions firm Secure Channels, to get his thoughts. He told us if the definition of technology is the application of scientific knowledge for practical purposes, especially in industry, why are we blaming the user for not knowing enough?

“Technology leaders need to stop blaming the user for inadequacies and ‘needing training.’ Our duty in the technology industry is to provide options for the user, based on innovation not blame,” Blech said. “By forcing the user to call in with the Dyre malware, it is basically the human being breached by forcing them to engage with the nefarious entity.”

As Blech sees it, instead of allowing the hacker the access, enterprises should set technology to multi-factor authentication and simplify the process at the same time. He’s calling for innovation around multi-factor authentication, including tokenized identity using binary and biometrics resources that avoid outdated, easily hacked, and easily forgotten alphanumeric passwords.

“The hackers may be able to hack the human, but they cannot hack the heart. Designing authentication based on emotional memory rather than rote will simplify the burden for the user,” Blech said. "This explains the differences between IT and TI -- technical innovators use technology to design and make changes that enhance the life of its users, not train them to accept complacency.”

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.