People want to trust and we’re inquisitive beings. So, we like clicking on links and opening attachments. No amount of security awareness training is going to completely change that basic aspect of our human nature. More than anything else, this is the flaw ransomware exploits.
Ransomware grabs headlines pretty regularly these days. The last few weeks have been a great example of this. When I last checked, a vanilla Google Search on “ransomware” yielded just over 9 million results and over 2.5 million news results around WannaCry, GhostCtrl and many others.
All of us in the security community have shared our perspectives as well. Malcolm Harkins, the Chief Security and Trust Officer at Cylance, was recently interviewed about Ransomware on i24NEWS. At Verodin, we contrasted WannaCry and Petya.
While ransomware isn’t new, ransomware attacks certainly do seem to be increasing in terms of reach and impact. As such, many organizations are scrambling to answer a relatively foundational question, “Are we safe from ransomware?”
In 2017, the Ponemon Institute released a report titled: The Rise of Ransomware. One section of the report focused on employees and claimed that, “Employees are the weakest link in the defense against ransomware.” It’s a bold statement, and, while not absolute, it’s likely justifiable in many cases.
For decades, organizations have implemented security awareness training and security policies. Posters have been put in break rooms. CBTs have been required for new hires. Mandatory lunch and learns with the security team have been enacted.
It’s hard to argue with the fact that people are more security savvy today than they were just one or two decades ago. However, humans haven’t fundamentally changed – we still like to assume the best from people and are therefore genuinely shocked when a document, email, (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Brian Contos. Read the original post at: Cylance Blog