January 18, 2017 By Anuj Goel 3 min read

“People are nothing more than another operating system,” Lance Spitzner, training director for the Securing the Human program at the SANS Institute, once remarked. “Computers store, process and transfer information, and people store, process and transfer information. They’re another endpoint. But instead of buffer overflows, people suffer from insecure behaviors.”

Cyber situational awareness is the key to minimizing the effect of human error on an organization’s cybersecurity posture. In the past, the domain of endpoints was restricted to devices such as PCs, laptops and smartphones. Nowadays, many experts consider human beings themselves to be the most vulnerable and highly targeted endpoints of all.

To compromise a user’s device, a cybercriminal must first compromise the user by exploiting human nature. This is the driving principle behind the social engineering schemes that facilitate many of today’s most pervasive attacks.

The Weakest Link in the Cybersecurity Chain

Humans are considered the weakest link in the cybersecurity chain because their nature often leads them to exhibit noncompliant behavior. According to Verizon’s “2016 Data Breach Investigations Report,” cybercriminals continue to exploit human nature with sneaky tactics such as ransomware and phishing. The report noted that in 63 percent of intrusions, attackers leveraged weak, default or simple passwords to gain access to data.

Cybercriminals commonly deliver malware through fraudulent, misleading emails purporting to contain family photos, important documents or retail offers that are too good to be true. Many organizations deploy phishing filters, advanced firewalls, network access controls and endpoint scanning tools to mitigate this threat, but no technology can account for human error entirely. These solutions can protect against only known malware designs, which is why fraudsters continue to tweak malware code to bypass the most advanced security tools.

A company that includes 1,000 employees with poor online hygiene has 1,000 insecure endpoints. A threat actor could easily design a malicious email campaign to deliver malware through one of those human endpoints. IT teams must secure each individual endpoint, human or otherwise, while cybercriminals only need to crack one to infect the entire system. If humans are the primary targets of cybercriminals, they ought to be prepared, informed and weaponized as the first line of defense.

Human Endpoints: The First Line of Defense

Securing human endpoints requires a comprehensive strategy that focuses on cyber situational awareness, suspicious incident reporting, risk monitoring and risk appraisal.

Cyber Situational Awareness

Cyber situational awareness is the ability to identify, process, and comprehend information in real time. Awareness is different from training in that it is continuous and integral to daily learnings.

The first step in building an effective defense strategy is to gather as much knowledge about the threat as possible. This enables the security team to prepare for attacks and makes it more difficult for fraudsters to gain access to the network. It also empowers human endpoints to exhibit caution before opening email attachments from unknown senders, sharing passwords with actors impersonating system administrators or inserting unknown USB drives into network devices.

Over time, users learn to differentiate between genuine and malicious emails and activities. Since threats are not constant, organizations should provide employees with daily cyber situational awareness education covering the latest developments in malware, vulnerabilities, threat intelligence, security alerts and best practices. This awareness goes a long way toward establishing a security foundation strong enough to withstand even the most deceptive threats.

Incident Reporting Platform

Once a culture of security awareness is firmly in place, the next step is to establish an actionable platform for reporting suspicious activity in real time. Such a process would hold employees responsible for identifying malicious activities and incentivize them to detect and report incidents. Moreover, it increases the eyes and ears of the organization and bolsters collective human intelligence. Artificial intelligence might be the next big thing in cybersecurity, but human intelligence is irreplaceable.

Cyber Risk Monitoring

Each human endpoint represents a cyber risk proportional to his or her online hygiene and behavior. Traditionally, organizations have not gauged cyber risk related to employee actions. Given the increase in the frequency, lethality, potency and intensity of these cyberattacks, however, IT teams should monitor every individual user profile and compile information into a cyber risk index. This index can calculate a score based on each user’s role, location, system entitlements, understanding of security practices, situational knowledge and red team performance. An employee’s system access levels should correspond to this score.

Performance-Based Appraisal System

IT teams should adopt both persuasive and coercive measures to reduce the cyber risk associated with an individual user. Organizations must endeavor to link appraisal with cyber hygiene. It is imperative to motivate employees to align with the organization’s cybersecurity culture.

Strengthening Human Endpoints

Cyberattacks will continue to target human endpoints as long as these employees remain the weakest link in the cybersecurity chain. The success or failure of the attacks depend on user awareness. Human endpoints must be every bit as ingenious and sophisticated as the cybercriminals targeting them. A security culture driven by cyber situational awareness is the best line of defense against these malicious actors.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today