Is hacking humans easier than hacking machines? – IT News Africa

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa.

When it comes to cybersecurity, technology is not enough.

Yes, that’s the basis. But this is not enough to mitigate the growing threat of cybercrime. The reality is that even with the best security systems, firewalls, endpoint protections, and zero-trust frameworks, without a robust and agile security culture, the business is at risk.

The Dark Reading 2021 Strategic Security Survey found that approximately 48% of security professionals believe that users who violate policy are likely to be the primary cause of a major breach in the future. This sentiment finds an echo in a web computing and the KnowBe4 study which examined the culture of cybersecurity and its impact on the South African organization.

“Having a strong cybersecurity culture – one that constantly educates people, recognizes the threats they face and keeps security front and center – is imperative,” says Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa.

“The survey found that social engineering is on the rise and 41% of companies believe they should be doing more to build security awareness within the company and its culture. remote and hybrid working, and businesses are under immense pressure to stay compliant and secure.

When people work from home or from multiple locations, they are more vulnerable to attempts at social engineering. These are becoming more sophisticated and frequent these days, and the impact they can have on the business is significant, such as being ransomed by cyber extortionists.

The problem is that people are, well… people. The distracted executive climbs into his Uber, is late for the airport, clicks on an email that’s a clever phishing attempt that’s hard to detect on a mobile device.

Stressed out multi-tasking worker clicking on a text message telling him he’s about to lose his bank details if he doesn’t log in right away. These are all emotion-based attacks that catch people off guard, even those who have been rigorously trained.

“People fall for these scams because they’re distracted, busy, stressed, or tired, and they make a mistake that can cost them and their business dearly,” says Collard.

“These are the same reasons why people also fall in love with simulations – they’re multitasking, they’re busy. They are overwhelmed with information and noise, which impacts their ability to think clearly and recognize threats.

Herbert Simon, psychologist and economist, coined the term “attention economy” and described it as the “bottleneck of human thought”. Although he coined the term in the 1970s, it has never been more relevant than it is today, with human beings receiving about five times more information per day than they did in the 1980s. .

It’s not just busy and tired, it’s cognitive overload. Which brings the conversation back to the importance of building an immersive safety culture within the company.

“Yes, hacking humans is easier than hacking machines, but we can reshape that narrative by focusing on training and messaging that reinforce security protocols and approaches,” Collard says.

“If people are properly trained, they are harder to hack. Before clicking on the link or starting to enter their login information, they will stop. They will verify the credentials of the website. They will ask the right questions. This moment of reflection is what makes all of the training interesting, and it’s one of the reasons why 89% of respondents said safety culture was important to their operations.

Creating a culture of safety taps into the invaluable potential of human intelligence and awareness. It empowers people by giving them the tools they need to assess situations more effectively and make informed decisions about emails, clicks, and actions.

This is the flip side of the psychological coin so well used by cybercriminals because they now know they are being manipulated and they have the skills to recognize that manipulation.

“The phishing email will arrive, the person will be ready to click on the link, and then something about the tone or style of the message will give them a reason to pause and check the link or acknowledge it for that that he is, said Collard.

“This is precisely what happened recently at a manufacturing company when someone tried to change their bank details, the training paid off.”

Ultimately, creating a culture that reminds people of potential threats and suspicious interactions is a proven way to defend against cyberattacks and create an aware and empowered workforce. It’s not just a firewall made up of smart people making the right decisions, but it gives people the confidence they need to be productive and safe no matter where they work.

Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter

James G. Williams