in

DHS Test Shows Humans are Weakest Link in Cybersecurity

DHS Test Shows Humans are Weakest Link in Cybersecurity - top government contractors - best government contracting event
Image: .shock
DHS Test Shows Humans are Weakest Link in Cybersecurity - top government contractors - best government contracting event
Image: .shock

In a test to evaluate how easy it would be for hackers to social-engineer employees and gain access to computer systems, the Department of Homeland Security found the human factor to be the weakest link in cybersecurity, Bloomberg reports.

DHS staff secretly dropped computer discs and USB drives in the parking lots of government buildings and private contractors. Of those who picked them up, 60 percent plugged the devices into work computers to see what they contained. If the drive or CD case had an official logo, 90 percent were installed.

“There's no device known to mankind that will prevent people from being idiots,“ Mark Rasch, director of network security and privacy consulting for Computer Sciences Corp. told Bloomberg.

While costly firewalls often succeed in blocking viruses and other malware, Rasch said human error can quickly nullify those efforts.

“Rule No. 1 is, don't open suspicious links,“ he said. “Rule No. 2 is, see Rule No. 1. Rule No. 3 is, see Rules 1 and 2.“

Methods such as spear phishing rely on human weaknesses like trust, laziness or even hubris. In the RSA hack earlier this spring, hackers sent employees phishing emails with attached Excel spreadsheets titled “2011 Recruitment Plan.” The file contained malware that exploited a zero-day flaw in Adobe's Flash software to install a backdoor that gave hackers an entry point to sensitive information

Rasch said spear phishing is evolving into what he calls whale phishing: Targeting senior-level executives whose computers may have access to far more sensitive information than rank-and-file workers.

Hackers often target technology executives because they have access to large amounts of information and they tend to believe they are better protected from hackers than their staff, Rasch said.

A full report on the DHS study will be published this year, said Sean McGurk, director of the department's National Cybersecurity and Communications Integration Center.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity News

mm

Written by Admin

Arizona Police Take Action after Hack Attack
Boeing Receives Study Contract from US Navy - top government contractors - best government contracting event
Boeing Receives Study Contract from US Navy