Stop blaming your users

I know the statistics – I hear the stories – I speak about it all the time.

The Insider Threat is real and most cyber-attacks are a result of someone who is already inside the firewall. The user is the biggest threat to the business. We all know the song.  

J2 Software’s 12 years of insider threat knowledge and intelligence confirms these figures. It is the truth. The trusted user is the one that causes the most damage. It is all their fault so STOP blaming them.

Huh, sorry what now?

Yes, it is time to stop blaming the user. I know this sounds strange, we know that the user is the problem in virtually every breach. I can also confirm that in almost all those cases the breach happens because users either:

1. Have not been shown what to look out for
2. Do not understand the risk
3. Have unmonitored and unverified access to systems

Let me dwell on this for just a second - If a person is not aware that there is a risk, does not know what it looks like and has not been told how to prevent it – why do you still blame them?

I think it is high time that IT and security professionals stop blaming the user because in virtually every situation it is these professionals who have not adequately empowered their users to be part of the fight against the rising tide of cyber-attacks.  We all need to look in the mirror and ensure that the user has the knowledge and understanding of what to look out for and ensure there are sufficient tools in place to compliment total visibility and user awareness to fight the growing threats together.

The user is on the front line and is the one who will receive the email with malicious content or be directed to transfer payments by a spoofed attacker pretending to be the CEO or the one to get the mail to change bank details. It is the user who gets these on top of their already busy work day.

With no awareness, visibility and no support from the professionals – it is like giving a man a knife and sending him into a gun fight.

Powerful solutions are important, visibility is critical and the inclusion of the end user is a massively important step in ensuring cyber safety for your environment.

This is the time for a NO-BLAME approach. When the user knows what they need to look out for and are supported, they will join the fight.

Real visibility provides such amazing insight into actual behaviour which in turn allows us to ask: “why are you doing things this way” or “how would you respond to this?” Rather than assigning blame and punishment – find out the why?

In the last few days we have seen these benefits in action - we can call this a massive win at a customer. A newly styled email-borne attack snuck into one of our customer’s user’s inbox. It was well crafted, addressed to him, highly targeted and completely researched. It was an exceptionally devious attack.

The first email came from what appeared to be the CEO, instructing them to interact with a new entity. Minutes later the second email arrived from this third party to begin with instructions on how to move ahead.

Our hero end user was not duped, knowing the policies, procedures and armed with cyber security awareness, the attack was destroyed before it even began. The attack type, mail address and formats have been included to ensure prevention in the future and added to our library of threat intelligence.

The truth is that if this was sent a year ago – we would not have had this result. They would have been breached and they would have lost the money.

Over the last year we have done a large amount of work with our client. This included a few new solutions, training, reporting and just as important - the ongoing awareness of threats disseminated to the end users. Clear, open and honest communication along with good governance and policies ensured that the threat was killed before it even started.

Make sure that instead of playing a continuous blame game, your users are part of the program. With informed users, you have a bigger platoon and we can all win.

We won the battle this time but we will not be complacent. The war continues.

John Mc Loughlin