George Grachis, CISA, CISSP is the ISSM, Information Systems Security Manager for Satcom Direct, a Global leader in satellite communications for air, land and sea. He is also Board member of ISSA, ISACA, InfraGard and the Space Coast Technology Council’s Cyber Committee. His recent article in Computerworld discusses the importance of including users as part of the security perimeter. Mr. Grachis observes:
. . . we have new and better technology that keeps getting exploited. Microsoft, Adobe, Apple and now Android are slinging out patch after patch. Attacks still include hacktivism, cyber espionage, cyber-crime, and cyber warfare. Oh, now we have more ransomware; it surged in Q2 of 2013. Contrasting more of the 2010 Verizon data breach report to the latest, you will see that over 80% of attacks were not highly difficult. Verizon also states in the 2012 report, regarding Human Sensors: “once again, end users represent the most effective means of detecting a breach internally.”
We agree with the importance of human sensors. The limitation of the human sensors is — they are human. Study after study has demonstrated that in an operational environment users are easily tricked by social engineering methods. In Why do people get phished? the researchers established that when people process email they are habitually responding to perceived relevance and urgency clues — this is not a careful, thoughtful, deliberative process. The spearphishing attacker researchers his targets to create powerful urgency clues and perceived relevance to deceive the victim. This is the layer of protection provided by Iconix — we let IT give users simple visual indicators so that users can make better email processing decisions.
Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.