The Human Element of Cyber Security

By Pam Fuchs
Director of Information Technology CU Solutions Group
It’s no surprise that financial institutions continue to view cyber security as one of the
top priorities in 2017. The number of lurking threats to security continue to mount, and cyber criminals are opportunistic as ever - they are eager to strike where defenses look weakest, and all it takes is one success for them to win big. For the rest of 2017 and beyond, it seems that social engineering is the path of least resistance.
Companies are working feverishly to shore up the human element of their security apparatus. Traditionally, employees have been seen as the most vulnerable part of any security strategy. After all, hardware is predictable, people aren’t. Now, there has been a shift in philosophy as companies move to making people the foundation of any cyber security defense. In 2016, common email scams such as “spear phishing” rose a whopping 55% from the previous year, now accounting for more than 90% of all cyberattacks last year. These attacks are not only directed against individuals, compromising employee login credentials and financial accounts, but also against large organizations that were seemingly well-prepared.
All it takes is one weak link in the chain.
“A major bank will fail as a result of a cyber-attack in 2017, leading to a loss of confidence and a run on that bank,” professor Richard Benham, chairman of the UK’s National Cyber Management Centre, told the BBC at the start of this year.
Whether or not this prediction holds to be true, the implications are worrying. This mirrors the current climate of unease for financial institutions in the UK, which are still reeling from the € 2.5 million hack of Tesco Bank last November.
WHAT IS SOCIAL ENGINEERING?
You may know it better as phishing, baiting, or hacking - although strictly speaking, it’s not entirely hacking in the traditional sense. Social engineers are con artists. They don’t target firewalls or other technical defenses, but rather one of the most vulnerable parts of an organization: its people.
In light of recent high-profile cases where employees at major companies fell prey to social engineering, credit unions are increasing their vigilance on this type of threat. Social engineering fraud can deal a serious financial blow, tearing down an organization’s reputation and causing a loss of faith among its customers and employees. Similar to what some see as “traditional’ hacking, social engineers seek and exploit weakness in an organization’s systems, and they can be highly effective. Even companies with large and dedicated cybersecurity measures can fall prey to these schemes.