Attacking humans is the easiest form of attack. For every person whose credit card has been compromised from an online business, there are many more who have accidentally handed over their information to scammers. There is a reason why you still get the “Nigerian prince” emails: even after all these years, they still trick people!
Even many of the corporate data breaches that have hit the news in recent months have a “human attack” component. Many of these breaches either started with an employee who fell for a phishing scam or resulted from lax security measures. After the Home Depot breach, considered the largest credit card theft in history, it was revealed that security employees were warning management of issues for as many as six years prior to the attack.
As the cost of data gets cheaper, these attacks will only increase. Before personal computers and the internet, attempting a “Nigerian prince” scam would require mailing a large number of letters or placing a large number of phone calls in order to convince a few people to fall for it. The cost to attempt something like this outweighed the reward unless you were willing to invest a significant amount of time and money into the scam. As a result, these scams did exist, but they were relatively uncommon.
Now, it takes very little time and money to set up an online database, craft a nice-looking email, and then send that email to thousands of people at a time. Because of the low cost to set up these types of scams, it takes very few victims to cover the cost of conducting a scam. Regardless of how crazy you think the story sounds, there will always be a few gullible victims that will fall for almost anything.
These points lead me to the premise of this book: if you are going to stay safe online, it is up to you to know how to stay safe. Yes, having good security software helps, but it is much better to know good security practices and allow your security software to function as an additional line of defense. While security software is much better at detecting threats, there is no security software that will keep you 100% safe. Attackers are constantly adjusting their methods to evade the popular security solutions.
Finally, no matter how much effort you invest to keep yourself safe, you must also trust others to also keep your information safe. Although we cannot control the fact that Home Depot’s management was careless about online security, we can control the information that is exposed when such a breach does occur. By implementing good habits, we can limit the amount of damage an attacker can do.
Human tendency makes each of us the weakest link in our own security. We cannot install a security program and expect to stay safe anymore, but education about good browsing habits and security practices can strengthen our safety online.
No comments:
Post a Comment