Cyber security needs the human touch
21 June 2016 • Author(s): Dr John McCarthy, Cyber Security Specialist
Many of us believe that cyber security is full of highly complex technical issues and is beyond our understanding without some study of the topic. In many ways this is true.
Transmission Control Protocol/Internet Protocol (TCP/IP) rules based within firewalls housed in sophisticated network architecture can be complex and need a skilled person to manage them. Some of these firewalls are very expensive and are useless if they are not constantly updated. Companies can spend tens of thousands of pounds on these systems which offer state-of-the-art protection.
However, many of these systems can be easily bypassed; rendering the entire security system in place virtually useless. A simple attachment to an email containing malware could be sufficient to breach your systems. And once inside your IT network the hackers could then do untold damage and cause you major problems.
Many of you, I’m sure, are saying you would not be so crazy as to open an email attachment containing malware. But this is in fact one of the most common ways to break into a network. What makes it so easy for the hackers is the lack of education and training most users have about cyber security. If we all knew about the perils of cyber security, we would be far more cautious and stop many of the attacks happening.
To make the issue more complex we have been encouraged to embrace social media in our workplace and to write about our hobbies and interests. This makes the Phishing attempt (that’s the name of the email with malware attached or containing a malicious link) so much easier. For example, I love to dance Tango – it is a passion of mine and it’s simple to find this out by looking at my social media pages. So if I was to receive an email about a Tango event, for example, it would be far more likely to spark my interest than a generic email and I would therefore be far more likely to open it.
Education and training is the only real solution to this problem. This, and the understating of the value of a password to hackers and why we should not write them down on a post it note under our keyboards, is also important should be part of our basic training in the work place. If we offered this training to staff we would see a dramatic reduction in basic cyber security errors and make the hackers life so much harder. There is no doubt we need complex technological protection such as firewalls for our networks but we also need to embed understanding in our staff. Doing this makes our network far more secure at a fraction of the cost of the complex technology we put in place to protect us.
About Dr John McCarthy
Dr John McCarthy PhD BSc (Hons) MBCS is a renowned authority on cyber security strategy, development and implementation and is an Airport Cyber Security Fellow for ServiceTec Global Services.
Dr McCarthy is frequently invited to sit on expert panels and appear as a speaker at well-known security events including International Airport Review’s own Airport Security and Airport IT events. Past appearances have included talks on ICT Security in the Modern Airport, Security in the Digital Age and SCADA threats in the Modern Airport. He has also been a member of International Airport Review’s Editorial Board since January 2014.
Dr McCarthy is also a leading expert on social engineering awareness training and best practice.