by Milica D. Djekic
Cyber incidents are something that would occur so frequently and it’s not the question if anyone would be breached, but rather when that would happen. In other words, we must accept that someone could track us, get into our devices or networks or simply read our e-mails. The main point here would be if we get any level of readiness to respond to these situations. So many businesses would invest a lot of funds into a cyber defense, but we would never be safe enough. The threats would progress with their solutions and techniques, so we should get aware of them and get prepared on how to cope with those concerns.
In other words, the cybercrime underground would get more and more sophisticated and the common people would not fully understand their role in, say, the first line of defense. We would say that the organization’s staffs are the first line of defense for a reason they are in a position to prevent so many hacker’s attacks even happen. It’s quite clear that the cybercrime would be the great load to the global economies and if we know that such criminality would cost us trillions and trillions of dollars per a year, it’s quite obvious why the employees with some business should take their roles in such a matter so seriously.
The fact is if we talk about the social engineering being so closely correlated with so challenging phishing campaigns, we should know that there are no technological solutions which could cope with these problems fully – so, the majority of employers would rely on the carefully designed education and training sessions. On the other hand, the outcomes of these activities are quite alarming! The statistics would suggest that more than 90% of staffs would respond to the phishing e-mail within the first few hours after receiving so. The phishing e-mails would commonly get correlated with some kind of phishing links, so it’s not surprising at all that the vast majority of people would simply make such a click without thinking about any consequences, so far.
So, the story is as follows. The employer would pay for the quite expensive course about prevention of, say, social engineering or phishing attacks and its employees would so happily attend those sessions in order to learn something new. The things look good, right! You would pay to get prevented from harm and you would expect that you would get some benefits back. The truth is that the statistics is quite disappointing. Almost all people sent to that training would make the same mistake as they never attended any similar session before. Something got wrong here, right! Either those expensive courses got useless or those staffs got some difficulties to cope with such lessons. What is the fact? The truth is those training sessions are usually approved by the expert’s community and the lecturer would so honestly transfer his knowledge to his attendees. In other words, the guys doing such a business got certain credibility and many people would trust them. Also, they would normally highlight the significance of the good defense, but it appears no one would listen to those advice. Why? The people coming to those sessions would not take so seriously their role within their organization and they would use those common activities for socializing and making new contacts. It’s not the point to blame anyone in this situation, but rather to think hard how to overcome such a scenario. So many people living in the developed economies would be blessed with the high standard life and they would not care a lot about tomorrow believing the system would offer them all they need. This is not any sort of criticism to those guys, but rather an open discussion suggesting that everyone should take responsibility and think about how to protect and improve his surroundings.
In addition, the people coping with the social engineering attacks should know that they would not appear as disobeying or rude if they make some questions on in order to confirm something and there is nothing bad to say No! if you feel less confident about someone’s, say, phone call. The point is the people should take responsibility for their actions, but before they do so they should feel completely confident about their roles. The employees would choose to get nice, helpful and obeying for a reason they would believe that they would avoid any sort of complaint if they appear as less kind in front of someone insisting on some confidential information. Everyone got right to say “No!” and if your staffs feel confident to act like so that would only be the advantage to the employer. Also, if anyone complains that you did not want to share some information with him, you can always say that you did not feel enough confident about that person and that’s the lesson you have learned at your training session. In other words, it’s so important to know to explain the reasons of your actions and if that’s the fact – you would not be in trouble anyhow. The confidence comes with experience and it’s quite recommendable to try to sharpen your minds thinking about some situations and attempting to resolve them. The 21st century began with the terrorism and even our today is quite concerning, so the entire humankind should get aware of the importance to stay together and combat against that evil for our tomorrow, for our kids!
So, the key perspectives of this discussion are the responsibility and confidence that comes from the lessons being learned in practice. It seems that the modern time needs the active players, not only the passive posers – so, our advice would be act more and observe less. Sometimes the observations could get help in the sense of gaining the experience and situational awareness, so maybe we should use the mix of both. Before you make any step on you should think hard about the possible impacts and once you make your decision on – you would get in position to play actively.
About the Author
Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” is published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the Bri ghtTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Her fields of interests are cyber defense, technology, and business.