When an agency of the UN, the International Telecommunication Union, approached Kaspersky Lab to conduct research into what became known as the ‘Flame’ virus, it led to the discovery of one of the most sophisticated examples of malware ever devised. Amid the complexity, the investigation uncovered a familiar channel through which the attack vector was engineered: the human factor.
As cybercriminals work to take advantage of an increasingly digital economy, human failings are being used to engineer attack vectors for use in targeted attacks, including those against businesses.
Increasingly, businesses view innovations in IT as very much about allowing employees to better connect with customers, as well as helping drive business productivity. These IT innovations, however, introduce new security paradigms that need to be addressed in order to allow these technologies to work effectively.
Enter the facilitators – the IT specialists. Across the channel, the IT department is seen as the body that interacts with the security environ-ment. Yet what happens when IT departments are so caught up in implementing and maintaining security technologies that they neglect how company staff make use of company networks?
Complexity can be IT security’s worst enemy. Yet regardless of the amount of firewalls, encryption, and anti-malware applied, a highly sophisticated attack will eventually succeed. This is something all of us must acknowledge if we are to effectively respond to a security landscape that includes around 200,000 new malware threats each day.
A recent longitudinal survey by B2B International and Kaspersky Lab found that company security breaches involving human error occur most often in the Asia Pacific (APAC) region. The survey found that the percentage of companies in the APAC region experiencing targeted cyber-attacks against employees stands at nearly double the global average.
These are sobering findings for the Australian channel. They reflect an inward-looking culture that often overlooks the critical outlets through which breaches take place. These endpoints are a company’s primary line of defence and require holistic and innovative threat-response measures which place the user at the heart of this human equation.
Yet we are increasingly seeing that employees are shifted to the periphery of company security policies. This is despite the fact that end-user demand for access to company networks is greater than ever.
Relatively, very little time has been invested by companies on educating their staff with regards to the human dimension of online security.
Companies such as ours spend their organisational life’s blood researching the IT threat landscape. One-third of our employees globally are dedicated to researching these threats, as well as developing technological innovations that help prevent such threats from penetrating business-critical data and crippling company infrastructure.
The buck, however, must not stop there. Ultimately, these security solutions are designed for company networks used by company staff and security awareness must not end at the IT department’s door.
IT administrators need to be able to isolate the nodes in which end user interaction takes place and to provide simple, legible information to staff on how best to interact with corporate networks in the most secure way.
By the time a company’s security solutions are in place, end user interaction within complex network systems should no longer be complicated to staff but instead, understood. Innovation and creativity across the channel are limited if we do not involve the end-user on how to work with the security solution.
In a time when governments are actively looking at legislating mandatory data breach notification laws under the Privacy Act, businesses cannot afford to ignore this key security element. Only by involving staff can we adequately defend against the threats arising from the growth in digital data.
It is about applying a security solution that allows firms to see, control and protect network environments. The challenge of making complex systems less complicated for staff serves as a platform for increased connectivity, security and, ultimately, business productivity.
Andrew Mamonitis is managing director of Kaspersky Lab ANZ
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
