Securing Human Endpoints Through Cyber Situational Awareness
“People are nothing more than another operating system,” Lance Spitzner, training director for the Securing the Human program at the SANS Institute, once remarked. “Computers store, process and transfer information, and people store, process and transfer information. They’re another endpoint. But instead of buffer overflows, people suffer from insecure behaviors.”
Cyber situational awareness is the key to minimizing the effect of human error on an organization’s cybersecurity posture. In the past, the domain of endpoints was restricted to devices such as PCs, laptops and smartphones. Nowadays, many experts consider human beings themselves to be the most vulnerable and highly targeted endpoints of all.
To compromise a user’s device, a cybercriminal must first compromise the user by exploiting human nature. This is the driving principle behind the social engineering schemes that facilitate many of today’s most pervasive attacks.
The Weakest Link in the Cybersecurity Chain
Humans are considered the weakest link in the cybersecurity chain because their nature often leads them to exhibit noncompliant behavior. According to Verizon’s “2016 Data Breach Investigations Report,” cybercriminals continue to exploit human nature with sneaky tactics such as ransomware and phishing. The report noted that in 63 percent of intrusions, attackers leveraged weak, default or simple passwords to gain access to data.
Cybercriminals commonly deliver malware through fraudulent, misleading emails purporting to contain family photos, important documents or retail offers that are too good to be true. Many organizations deploy phishing filters, advanced firewalls, network access controls and endpoint scanning tools to mitigate this threat, but no technology can account for human error entirely. These solutions can protect against only known malware designs, which is why fraudsters continue to tweak malware code to bypass the most advanced security tools.
A company that includes 1,000 employees with poor online hygiene has 1,000 insecure endpoints. A threat actor could easily design a malicious email campaign to deliver malware through one of those human endpoints. IT teams must secure each individual endpoint, human or otherwise, while cybercriminals only need to crack one to infect the entire system. If humans are the primary targets of cybercriminals, they ought to be prepared, informed and weaponized as the first line of defense.
Human Endpoints: The First Line of Defense
Securing human endpoints requires a comprehensive strategy that focuses on cyber situational awareness, suspicious incident reporting, risk monitoring and risk appraisal.
Cyber Situational Awareness
Cyber situational awareness is the ability to identify, process, and comprehend information in real time. Awareness is different from training in that it is continuous and integral to daily learnings.
The first step in building an effective defense strategy is to gather as much knowledge about the threat as possible. This enables the security team to prepare for attacks and makes it more difficult for fraudsters to gain access to the network. It also empowers human endpoints to exhibit caution before opening email attachments from unknown senders, sharing passwords with actors impersonating system administrators or inserting unknown USB drives into network devices.
Over time, users learn to differentiate between genuine and malicious emails and activities. Since threats are not constant, organizations should provide employees with daily cyber situational awareness education covering the latest developments in malware, vulnerabilities, threat intelligence, security alerts and best practices. This awareness goes a long way toward establishing a security foundation strong enough to withstand even the most deceptive threats.
Incident Reporting Platform
Once a culture of security awareness is firmly in place, the next step is to establish an actionable platform for reporting suspicious activity in real time. Such a process would hold employees responsible for identifying malicious activities and incentivize them to detect and report incidents. Moreover, it increases the eyes and ears of the organization and bolsters collective human intelligence. Artificial intelligence might be the next big thing in cybersecurity, but human intelligence is irreplaceable.
Cyber Risk Monitoring
Each human endpoint represents a cyber risk proportional to his or her online hygiene and behavior. Traditionally, organizations have not gauged cyber risk related to employee actions. Given the increase in the frequency, lethality, potency and intensity of these cyberattacks, however, IT teams should monitor every individual user profile and compile information into a cyber risk index. This index can calculate a score based on each user’s role, location, system entitlements, understanding of security practices, situational knowledge and red team performance. An employee’s system access levels should correspond to this score.
Performance-Based Appraisal System
IT teams should adopt both persuasive and coercive measures to reduce the cyber risk associated with an individual user. Organizations must endeavor to link appraisal with cyber hygiene. It is imperative to motivate employees to align with the organization’s cybersecurity culture.
Strengthening Human Endpoints
Cyberattacks will continue to target human endpoints as long as these employees remain the weakest link in the cybersecurity chain. The success or failure of the attacks depend on user awareness. Human endpoints must be every bit as ingenious and sophisticated as the cybercriminals targeting them. A security culture driven by cyber situational awareness is the best line of defense against these malicious actors.