The Weakest Link is Getting Weaker

The end user is the weakest link in the security chain, and as new generations enter the workforce the awareness of security risks decreases.

A study by security researchers has found that only 14% of Generation Y (adults aged 18-24) rate identity theft as their top security risk.

The company says:

The fact that 18-24 year olds have different attitudes towards security and are much more open about putting their personal details online, heightens their vulnerability to theft.

Cyber criminals are focussing a lot of attention on social media sites because they are such a target rich environment, while at the same time they often have the least security measures in place to prevent their users from becoming victims of an attack.

This  month Facebook users were subject to a massive spam run that sent fake password reset messages to millions of users.  The attack is intended to infect the victim’s computer with a Trojan horse to steal passwords, data, and put the computer under the control of a botnet.

These types of blended attacks are also becoming more personalized, using the information about themselves that people make public, as well as more targeted, as seen in the Google hack in which specific individuals were targeted due to their proximity and relationships with the key people who would have access to the data sought by the attackers.

One security professional writes:

“Obviously, the security risks abound in this area and it is up to security professionals to embrace new working ways whilst still ensuring that organisation’s information is protected.”

So what can organizations do about it?

Identify and Understand

To deal with any risk it must first be identified and fully understood so that effective measures can be introduced to mitigate it.  A thorough understanding of new threats to businesses is the first step to take.

Implement Solutions

Once the risks have been understood the business must take ownership of them.  Instead of relying on third parties like Facebook and Twitter to protect users, implement solutions that will protect your business.

Educate Staff

Technology can only solve a part of the problem.  Completely blocking useful web services that employees rely on for communications could do your business more harm than good.

Instead use a combination of technology and end user education.  Teach employees about the risks that they face when using social networks and other web services, particularly when they are discussing the company or sharing business information.

Just as cyber criminals use blended attacks businesses must use blended solutions that can protect them without removing the valuable ways that new generations are using the web.