Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 8 MINUTES AGO.
You are here: Home / Data Security / Don't Blame Users for Data Breaches
Experts Say Users Not To Blame for Security Breaches
Experts Say Users Not To Blame for Security Breaches
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
07
2015
Recently, IBM Security researchers took the lid off an active campaign using a variant of the Dyre banking malware. So far, the malware has swiped over $1 million from its enterprise victims.

Dubbed The Dyre Wolf, IBM senior threat researcher John Kuhn said the variant shows a “brazen twist” from past Dyre malware strains because it adds sophisticated social engineering tactics that could circumvent two-factor authentication.

“From an initial infection via the Upatre malware through a spear-phishing email to a distributed denial-of-service (DDoS) attack, the criminals carrying out this latest string of attacks are using numerous sophisticated techniques,” Kuhn explained in an IBM security intelligence article. “However, social engineering and the resulting banking credentials theft is the focus of this new campaign and is ultimately what is used to illicitly transfer money from victims’ accounts.”

A Non-Tech Savvy Audience

So who’s to blame? The user or the enterprise? Philip Lieberman, president of identity management software developer Lieberman Software, told us the attack was very well targeted and hit a generally non-tech savvy audience outside the United States.

“Unfortunately the same advice goes about not clicking on links or opening attachments when you are not expecting them. The statistics are generally in favor of the attackers in this and most other cases that will reward them handsomely for their efforts,” Lieberman said. “I expect that attacks will pick up outside the USA as criminals exploit the generally poor security of EMEA-based individuals and companies that are hamstrung by their governments' regressive privacy policies that protect criminals.”

IT Needs To Innovate

So, then, is it the end user’s fault for clicking? We turned to Richard Blech, CEO of digital security solutions firm Secure Channels, to get his thoughts. He told us if the definition of technology is the application of scientific knowledge for practical purposes, especially in industry, why are we blaming the user for not knowing enough?

“Technology leaders need to stop blaming the user for inadequacies and ‘needing training.’ Our duty in the technology industry is to provide options for the user, based on innovation not blame,” Blech said. “By forcing the user to call in with the Dyre malware, it is basically the human being breached by forcing them to engage with the nefarious entity.”

As Blech sees it, instead of allowing the hacker the access, enterprises should set technology to multi-factor authentication and simplify the process at the same time. He’s calling for innovation around multi-factor authentication, including tokenized identity using binary and biometrics resources that avoid outdated, easily hacked, and easily forgotten alphanumeric passwords.

“The hackers may be able to hack the human, but they cannot hack the heart. Designing authentication based on emotional memory rather than rote will simplify the burden for the user,” Blech said. "This explains the differences between IT and TI -- technical innovators use technology to design and make changes that enhance the life of its users, not train them to accept complacency.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.