Humans targeted as weak point in IT security

No matter how sophisticated a company’s IT security is, there will always remain a weak point — human beings — according to global VP of security research with Trend Micro, Rik Ferguson.

Mr Ferguson, who was speaking at the European Tech Summit event organised by it@cork, said that social engineering is the basis for most attacks on companies now with workers often tricked into believing that they are receiving emails from colleagues or business associates.

“Attack the individual not the system itself because in many cases the system is very well protected. Individuals are simply too credulous and too willing to help,” said Mr Ferguson.

Looking at the recent example of a security breach at outsourcing company Abtram where an employee used their position to acquire credit card details, Mr Ferguson said that the only way to test against this kind of behaviour is for the company to run dummy scams on itself.

“We have a regular internal training. Internally we send phishing emails and make phonecalls asking for information on employees. We try to scam ourselves and that is the ultimate education because it is benign, but you can identify where you as an organisation need to try harder so that your employees know that right and wrong thing to do.”

He added that he wasn’t surprised by reports from the Kaspersky lab in February that found that Irish government computed had been breached by a MiniDuke attack.

“That any government was compromised wouldn’t surprise me. The only sensible approach now to how you design your security is to operate on the assumption that you have already been breached. Not to operate on the assumption that I am going to build something so strong that nobody can get in,” he said.

The most recent high-profile breach that he had seen was the Polish national police database which held the details of people who had been caught speeding. The hackers began contacting people who were due to pay fines with bogus account details for them to pay the fine into. The only reason that they were caught, Mr Ferguson said was because people began receiving two fines.

More in this section

Budget 2022 Logo

What impact will this  year's budget have on you and your business.

The Business Hub
Newsletter

News and analysis on business, money and jobs from Munster and beyond by our expert team of business writers.

Sign up
Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day. PS ... We would love to hear your feedback on the section right HERE.

Lunchtime
News Wrap

A lunchtime summary of content highlights on the Irish Examiner website. Delivered at 1pm each day.

Sign up
Revoiced
Newsletter

Our Covid-free newsletter brings together some of the best bits from irishexaminer.com, as chosen by our editor, direct to your inbox every Monday.

Sign up