For business management solutions email us or call 020 3004 4600

Why IT security is much more than encryption and antivirus

If you think security is simply a matter of having a good password, encryption and anti-virus software, then think again.

Security encompasses a broad range of issues. By looking at the bigger picture you’ll stand a better chance of keeping your data secure and security breaches to a minimum. Having up to date anti-virus and the latest encryption algorithms are only part of the solution, with the rise of social engineering.

What are Social Engineering Attacks?

Social engineering is really one of the oldest tricks in the book. They are attacks that are designed to exploit human error. A ’con’ really. Social engineering attacks centre around scam tactics – baiting, scare tactics and phishing. They’re all designed to take advantage of your emotive responses.

Eliminating human error is key to tackling social engineering and preventing security breaches. According to IBM’s ‘Cyber Security Index’, 95% of all security incidents involve human error*. The same report goes on to say, ‘double clicking an infected attachment or unsafe URL’ is the primary source of security breaches.

Strengthening the human firewall

In response to social engineering, industry experts have moved quickly to provide security awareness training to ‘strengthen the human firewall’ and to educate people on how to handle everyday situations where security breaches could occur.

For example, an element of security awareness training involves simulating phishing – to test and educate employees in identifying phishing emails. Typically; the results are fed into a reporting tool, that’ll collate all of the information so you can identify who needs to receive more training.

Security awareness training

Security awareness training also covers baiting – a type of attack that creates a scenario where the victim thinks they will benefit from complying with a request. This can come in the form of the promise of an item or service when certain actions are completed or even a physical device loaded with malicious software. Training usually encompasses educating staff to takes measures to identify problematic scenarios and actually testing staff like the situation outlined below.

The scenario was a White Hat attack, orchestrated by Steve Stasiukonis in 2006. To test his client’s staff security awareness; Steve and his team infected dozens of USB sticks with a Trojan virus and distributed them throughout his client’s premises. As his client’s staff found the sticks, their curiosity got the better of them and they plugged them into their computers. This activated the Trojan, which contained a key logger and Steve gained access to an array of personal details.

The case for security awareness training

According to a study conducted by PwC, 42% of those surveyed believe that security awareness training played a part in deterring potential cyber-attacks. Clearly there is benefit to strengthening your human firewall.

IT security and support expert, Christo van Zyl of Advantage Business Systems argues: “In the case of security breaches, prevention is always better than cure. When consulting with clients, I always stress the importance of adopting a robust security strategy. It should be multi-faceted, encompassing the latest technologies and critically embrace stringent security awareness training.”

If you’re concerned about your security strategy or thinking of refreshing it, get in touch with our Managed Services team on 020 3393 0849 or fill in our contact form.

* Sources: https://www.darkreading.com/operations/careers-and-people/is-security-awareness-training-really-worth-it/d/d-id/1317573