07 Mar, 2024

The Human Factor in Cyber Security: Important but Often Ignored Elements

Cyber security is becoming increasingly important in today's digital age. Businesses and individuals worry about becoming the target of hackers, malware, and other online threats. Various technological solutions and security measures are being developed to combat these threats. However, there is one factor in cybersecurity that is often overlooked: the human factor.

The human factor is both the most important and one of the most neglected elements in terms of cyber security. Because no matter how advanced security measures we take, end users, that is, people, will continue to be the weakest link of the system. The role and importance of the human factor in cybersecurity is quite diverse and there are a few important points to consider:

Risks of Unconscious Use

Many cyber attacks occur as a result of users' ignorance or carelessness. For example, simple mistakes like using weak or repeated passwords, neglecting updates, or opening suspicious email attachments make it easier for hackers. Therefore, cybersecurity training and awareness programs can help users avoid such mistakes.

Insider Threats

Cyber attacks can occur not only from outside but also from inside. One of the biggest threats to businesses is abusive or negligent employees. If an employee intentionally or accidentally accesses sensitive information or engages in harmful activities, serious consequences can occur. Therefore, businesses need to take the necessary precautions to identify and prevent insider threats.

Attack Incidents Carried out by Ransomware Groups by Finding Insiders

Ransomware groups have begun using a new tactic in ransomware attacks in recent years:insider. In this tactic, a member of the ransomware group gains access to sensitive information or systems by tricking or bribing an individual working in the organization. In this way, a ransomware attack can be carried out more easily and quickly.

Some important examples:

  • 2021 Kaseya Attack: The REvil ransomware group is known to have infiltrated more than 1,500 institutions through an employee of the Kaseya software company and demanded ransom.

https://siberbulten.com/dijital-guvenlik/tarihin-en-buyuk-fidye-yazilim-saldirisi-kaseya-hakkinda-bilmeniz-gereken-5-sey/#:~:text=uanakadarfidyetalebi,50milyondolarfidyeistemiti.

  • 2022 JBS Attack: It is known that the REvil ransomware group demanded a ransom of $11 billion through an employee of the JBS food company and received a ransom payment of $90 million.

Cybersecurity and Infrastructure Security Agency (CISA): JBS Ransomware Attack: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

  • 2023 Colonial Pipeline Attack: It is known that the DarkSide ransomware group infiltrated the system through an employee of the Colonial Pipeline company and received a ransom payment of 4.4 million dollars.

https://www.bbc.com/turkce/haberler-dunya-57056048

Path Followed:

  1. Target Identification:The hacker group first selects a suitable target for the ransomware attack. These targets are often companies or organizations that have large databases or sensitive information and are more willing to pay ransom.
  2. Personnel Research:Once the target is identified, the hacker group begins collecting information about the company's employees. This information collection may occur through social media platforms such as LinkedIn or the company's website. The hacker group may also search for employees' personal information, such as their financial situation, family problems or job dissatisfaction, to find an insider to carry out the attack.
  3. Social Engineering:The hacker group may use a variety of social engineering techniques to persuade an insider to infect ransomware. These techniques may include:
  • Phishing: Hacker group poses as being from the company's IT department or CEO to trick the employee and send an email or link containing ransomware.
  • Emotional manipulation: The hacker group may use emotional manipulation techniques such as threats, blackmail, or bribery to persuade the employee to infect the ransomware
  • Establishing trust: Over time, the hacker group can gain the employee's trust and convince him that it is “safe” or “easy” to infect ransomware.
  1. Ransomware Infection: After convincing an insider to infect an insider with ransomware, the hacker group asks the employee to install a file or USB drive containing ransomware on the company computer .

Some reasons to use this tactic:

  • Easier access: An insider can carry out a ransomware attack more easily because she knows the organization's security systems and procedures.
  • Faster spread: Ransomware can spread faster across the organization's network and affect more data.
  • Less detection: Attacks carried out by an insider may be harder to detect.

Here are some suggestions to avoid this tactic:

  • Providing awareness training to employees: Employees should be informed about how ransomware attacks occur and how they can be protected from these attacks.
  • Review of security systems and procedures: The organization's security systems and procedures should be reviewed and updated to protect against insider attacks.
  • Using cybersecurity solutions: Cybersecurity solutions should be used to help detect and prevent ransomware attacks.

Creating a Culture of Security

Cyber security is not just a matter of technology, it is also a matter of culture. It is important for businesses to create a security-focused culture and provide ongoing training and awareness to their employees. Employees should view cybersecurity as an integral part of their business processes. This can help implement and maintain security policies and procedures more effectively.

Collaboration and Responsibility Sharing

Cyber security is not an issue that is the responsibility of just one department. All employees, from managers to cleaning staff, must be aware of security and fulfill their responsibilities. Additionally, it is important for businesses to collaborate on security with their external suppliers and business partners. This can enable industry standards and best practices to be shared and implemented.

Continuous improvement

Since cyber threats are constantly evolving, cyber security measures must also be constantly updated. It is important for businesses to regularly review their security policies and make improvements. It is also important to continually improve education and awareness programs based on users' feedback and experiences. This can enable organizations to become more resilient and adaptable.

In conclusion, technological solutions are of course important in cyber security, but the human factor should not be ignored. Being aware and careful of end users will help businesses create a stronger defense against internal and external threats. Therefore, when creating cybersecurity strategies, it is extremely important to consider the human factor and take appropriate measures.

To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

 

About Content:
In cyber security, the human factor, which is often neglected despite technological solutions, stands out as the weak link in security measures. It should be noted that end users pose a potential risk from hackers and online threats. Details are in our content.
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram