DHS Test Shows Humans are Weakest Link in Cybersecurity

Image: .shock

In a test to evaluate how easy it would be for hackers to social-engineer employees and gain access to computer systems, the Department of Homeland Security found the human factor to be the weakest link in cybersecurity, Bloomberg reports.

DHS staff secretly dropped computer discs and USB drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into work computers to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.

“There’s no device known to mankind that will prevent people from being idiots,” Mark Rasch, director of network security and privacy consulting for Computer Sciences Corp. told Bloomberg.

While costly firewalls often succeed in blocking viruses and other malware, Rasch said human error can quickly nullify those efforts.

“Rule No. 1 is, don’t open suspicious links,” he said. “Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2.”

Methods such as spear phishing rely on human weaknesses like trust, laziness or even hubris. In the RSA hack earlier this spring, hackers sent employees phishing emails with attached Excel spreadsheets titled “2011 Recruitment Plan.” The file contained malware that exploited a zero-day flaw in Adobe’s Flash software to install a backdoor that gave hackers an entry point to sensitive information

Rasch said spear phishing is evolving into what he calls whale phishing: Targeting senior-level executives whose computers may have access to far more sensitive information than rank-and-file workers.

Hackers often target technology executives because they have access to large amounts of information and they tend to believe they are better protected from hackers than their staff, Rasch said.

A full report on the DHS study will be published this year, said Sean McGurk, director of the department’s National Cybersecurity and Communications Integration Center.

You may also be interested in...

Red Hat’s David Egts: Open-Source Training, ‘Sense of Mission’ Could Help Agencies Address Cyber Skills Gap

David Egts, chief technologist for Red Hat’s North American public sector, has said there are several options …

HHS, Industry Aim to Help Health Organizations Mitigate Cyber Threats With New Publication

The Department of Health and Human Services has released a four-volume document that outlines 10 …

Cloud-Based Identity Tools, Mobile Device-Based Authentication Among Cyber Market Trends to Watch in 2019

Some of the trends in the cybersecurity market to watch in 2019 include the availability …