Elections, Cybersecurity and Human Nature – Why This Matters to Corporate Security
Update: since we published this blog, the following news broke: “Suspected Russian cyber-crime group, APT 29 or Cozy Bear, are suspected in a series of spear-phishing campaigns aimed at compromising US organisations.” The threat is real.
The elections are over but our cyber security may be in more trouble than ever before.
- Relying on human beings to keep your company safe isn’t a solid strategy.
- You need to remove the human factor because that’s a variable you can’t control.
Regardless of where you come down on the US Elections, there are some things that are clear. Our elections were influenced by Nation State attacks. Simon Crosby (@simoncrosby), our co-founder and CTO has spoken at length about the role of bots sharing misinformation about both candidates – influencing voters who don’t bother to do their own research. In fact it even influenced people in the media who perpetuated the false claims.
In addition, we know Russia played a part in hacking candidate’s servers to expose information with an eye toward influencing the election, potentially putting one of the most powerful aspects of America – our peaceful transfer of power – at risk.
How does this relate to cyber security in your organization?
Essentially it strips us down to brass tacks. Humans take action without necessarily thinking. Regardless of who you are, the probability that all of us have done this is high. Maybe 100%. And that means if you are betting on humans to keep your business secure that is a bad bet. It’s based on a stack of assumptions that are potentially flawed:
- Your team puts the company’s interest ahead of their own. For example. if someone gets an email that says they are being subpoenaed, of course they are going to click on it.
- Your team listens to what you say and cares about it. You hear edicts all the time, do you follow them all? We are inherently rule breakers; when’s the last time you drove over the speed limit or didn’t recycle?
- Your team is incapable of making a mistake. Even your most dedicated, committed employees are not without flaws. My favorite scene in Mr. Robot is when the hackers drop USB drives in the prison guard parking lot and one of the officers picks it up – and because we are all curious – inserts it into his work computer and the malware is transferred. He knew better and yet, he goofed up. It happens.
What can you do to neutralize human behavior?
Use a cyber security solution that eliminates human error. With Bromium, we control for human nature – the desire to click on that link, open that attachment, plug in that USB drive, share something funny and visit websites that might be NSFW. Since all of these things open in a micro-VM, if there’s something bad trying to happen, it’s contained. It can’t infect your network and maybe even more importantly, it will inform your security intelligence so you know what attempted to breach and failed.
In a blog about human nature and security, Simon explains, “Bromium maps trustworthiness into technology to help each endpoint to defend itself, monitor its own health, and quickly share threat information with other endpoints creating a kind of society of endpoints that can better protect themselves.”
We consider ourselves game changers when it comes to security. Our customers have launched more than one billion micro-VMs and have not reported any breaches. We’d love to take you through a risk assessment and put our technology on the line. Let us know when you’re ready. We’d love to show you how it works.