Educate End Users
By Mison Riggins, Cybersecurity SME / Tech Writer, Inspired eLearning
We hear of nuclear, religious, and political wars on the news every day; however, news of the raging cyberwar is becoming more prevalent. Since it is waged on the invisible battle lines of cyberspace, the average end user has no idea that there is even a war going on much less how to protect themselves. The main frontline defense strategy against this all-pervasive war is to go beyond just security awareness: To educate, train, and equip end users with the knowledge and skills to defend themselves and their organizations’ networks.
Understanding the threats we face
Social engineering, phishing, and adware are all methods attackers use to try to trick us into giving them information to launch further attacks. Not only are we faced with targeted social engineering and phishing attacks, but we are also bombarded with faceless attacks by bots through social media, click baits, laced ads, fake apps, and so on.
By gaining admin login credentials through social engineering, attackers do not have to go out of their way to hide their tracks. They already have easy access into a company’s network that traces back to an official admin user. Depending on the end goal, this could be a one-time hack attempt, but often, it is an initial access point to install a backdoor. When the “cyber battle” commences at a later date, the information gleaned through this backdoor and will have given an “enemy”
considerable advantage. In general, regardless of position, best security practices dictate that these administrator permissions should only be granted on a needs basis. “Admin Rights” is like having the combination, key, and palm scan to open the vault at the National Security Bank. You do not hand the keys to the kingdom to just anyone. Since executives are especially targeted, they also need cybersecurity training and restricted “needs only” access.
Moreover, we have already witnessed weaponized social media attempts with Russian military operatives assuming fake identities and trolling 126 million Americans through
Facebook to influence political votes. Singer (2018) goes on to describe the “combined tentacles of Russia’s massive online army” as being made up of four groups:
- Thousands of sock-puppet accounts, where Russian human agents pose as trusted commentators and online
- Tens of thousands of automated bots manipulating search algorithms to drive overall online
- Legions of “fellow travelers” driven by partisan reasons planted inside the target countries.
- A plethora of “useful idiots” who echo out propaganda and
How do we as organizations fight against cyber warfare tactics? How do we equip our end users with the defense mechanisms against an attack?
Cultivating a security-conscious society
Organizations can install the best security devices and products, but it all boils down to the end user’s ability to recognize and thwart threats. “All security products are only as secure as the people who configure and maintain them” (Vacca 2017). Only end users can learn to avoid the pitfalls of drive-by downloads, clickbait, and targeted phishing attacks. Only end users can employ security strategies to help protect their own as well as their organizations’ digital assets.
By raising our collective “cyber-maturity” level, we can stand on the frontlines of defense against the cyberwar that is an invisible tangled web around us. It starts with the individual— we must evoke a change in our very mindset concerning cybersecurity. Dr. Eric Cole, renown online security expert and “cyber ninja,” points out that we as Internet users must take responsibility for our own protection by implementing security if we want to win in cyberspace (2018, Ch. 1).
Cybersecurity is not just for conglomerates or the government. Access to Internet-capable devices is starting at earlier age groups, so the importance of security and secure online practices must be ingrained at every age level from the primary school student to the boardroom executive. We need to dispel the
mystery shrouding the inner workings of the digital age so that we can protect our private data, our homes, and our workplaces. In short, we need to cultivate a security-conscious society.
Building a cybersecurity training program
Organizations can kick-start this movement by mandating their employees at all levels to attend regular workshops and online training sessions. Additionally, CEOs and CISOs should be encouraged to invest in cybersecurity training for their employees. Meaningful and relevant training will make a lasting impact. “If you do it correctly, user awareness training can go a long way in educating employees on why security is important and what they can do to help resolve the problem” (Cole 2018).
So, what can we do to protect our digital assets from the threats of cyber warfare? The first line of defense is educating end users with cybersecurity learning solutions. Then, end users can gain knowledge and skills to recognize hidden threats and wade through the “landmines” of malicious links and manipulations of social engineering attempts. We need to cultivate cybersecurity- conscious society with lessons that also include the benefits of hardening systems and other security measures we can implement to protect the integrity and availability of our digital assets.
The bottom line: All the security products in the world cannot work effectively without proper configurations and maintenance by end users. Therefore, education and training to build a security-conscious society are one of the key layers of a well-rounded defense strategy.
Cole, Eric. 2018. Online Danger: How to Protect Yourself and Your Loved Ones From the Evil Side of the Internet. New York, New York: Morgan James Publishing. Accessed March 19, 2018.
Singer, Peter W. 2018. “The 2018 State of the Digital Union: The Seven Deadly Sins of Cyber Security We Must Face.” War on the Rocks. January 30. Accessed February 20, 2018.
Vacca, John R., ed. 2017. Computer and Information Security Handbook, Third Edition.
- Cambridge, MA: Morgan Accessed February 20, 2018. https://www.elsevier.com/books-and- journals/book- companion/9780128038437.
Weise, Elizabeth. 2017. “Russian Fake Accounts Showed Posts to 126 Million Facebook Users.” USA Today. November 1. Accessed February 20, 2018.
https://www.usatoday.com/story/ tech/2017/10/30/russian-fake-accounts- showed- posts-126-million-facebook- users/815342001/.
About the Author
Mison Riggins, with certifications in CHFI and SSCP, is a Tech writer by day and a slayer of cybersecurity ignorance by night. Her contributions span from the engineering department to the content development house for Inspired eLearning, a leading provider of the most effective Security Awareness eLearning solutions. Mison can be reached online at mison.riggins@ inspiredelearning.com and at our company website https://www.inspiredelearning.com/