Con Men: the Human Side of "Cyber" security
Cyber Security: what's so "Cyber"?
Is "Cyber" a misnomer? Does the security of your corporate intellectual property, data, and trade secrets, rely only on computer/network engineers? The technical issues are important. The engineers are worth their weight in gold--for dealing with the technical issues.
The latest FBI report on losses due to "cyber" attacks on business email:
- Email phishing attacks are still the most favored attack vector by criminals, more than doubling year over year.
- Socially engineered COVID-19-related threats specifically targeted remote workers.
- Business email compromise remained the costliest cyber threat - by far - with thieves getting $1.8 billion last year
In most of these attacks con men convinced people to give up sensitive information--login info, passwords, or other access info. The art of the con is as old as humans. Does it matter that these con men fooled people online, or in an email? Is protecting your humans from con men really a "cyber" issue?
Social engineering, phishing are just con men working their age-old tricks.
Human weaknesses, human motivations, humans being humans. These are the issues that you must acknowledge and deal with. Unless you have no humans in your business, the Human Side is the most important vulnerability in the "cyber" equation.
Would you take your car to a psychologist to change the oil? Would you rely on a marriage counselor to upgrade your laptop to the latest operating system? Should you rely on network engineers to deal with the Human Side of security? Who's on your team?
Thoughts?