Subscribe

Users the weakest link in security chain

Lauren Kate Rawlins
By Lauren Kate Rawlins, ITWeb digital and innovation contributor.
Johannesburg, 19 May 2016
Craig Everson, EMEA technical director at Rapid7.
Craig Everson, EMEA technical director at Rapid7.

Attacks targeted at users pose a dangerous and growing risk to organisations, as end-users are the weakest link in the security chain.

Craig Everson, EMEA technical director for Rapid7, speaking at ITWeb Security Summit 2016 at Vodaworld in Midrand, said new ways of attacking end-users are invented by cyber criminals every day.

Everson defined a user-based attack as any attack that involves a user for the initial compromise or breach of a network.

In the latest Verizon Data Breach Investigations Report, use of stolen credentials and phishing are the first and third on the list of top threat actions. Only four years ago, they were at number nine and 17.

Everson said anyone can be phished if it is done correctly.

By exploiting a user's weak or stolen credentials or getting a user to click on a malicious link within an e-mail, attackers can easily gain access to the network and remain undiscovered for a longer period of time, Everson pointed out.

End-user attacks cannot always be prevented, but a good network will detect threats and respond early with an incident response programme.

Everson noted prevention and detection are equally important. These programmes need to be focused around end-users.

He said people in organisations who report "phishy" e-mails to IT should be praised. This will create a culture where users won't feel embarrassed to point out potential weak points.

User behaviour analytics tools should be used to detect any suspicious user patterns which could indicate a user-based attack.

"You don't always need to have the best security, as long as it is better than the person down the street. High walls will keep attackers out long enough for them to give up and go elsewhere. It also gives you better visibility of what is coming."

Other tips include varying processes at every layer. "The same approach used eight times is sometimes actually only one layer."

Everson said working against user-based attacks requires continuous learning combined with the ability to adapt when needed. "Without proper understanding you waste time, resources and budget."

Share