No matter how sophisticated a company’s IT security is, there will always remain a weak point — human beings — according to global VP of security research with Trend Micro, Rik Ferguson.
Mr Ferguson, who was speaking at the European Tech Summit event organised by it@cork, said that social engineering is the basis for most attacks on companies now with workers often tricked into believing that they are receiving emails from colleagues or business associates.
“Attack the individual not the system itself because in many cases the system is very well protected. Individuals are simply too credulous and too willing to help,” said Mr Ferguson.
Looking at the recent example of a security breach at outsourcing company Abtram where an employee used their position to acquire credit card details, Mr Ferguson said that the only way to test against this kind of behaviour is for the company to run dummy scams on itself.
“We have a regular internal training. Internally we send phishing emails and make phonecalls asking for information on employees. We try to scam ourselves and that is the ultimate education because it is benign, but you can identify where you as an organisation need to try harder so that your employees know that right and wrong thing to do.”
He added that he wasn’t surprised by reports from the Kaspersky lab in February that found that Irish government computed had been breached by a MiniDuke attack.
“That any government was compromised wouldn’t surprise me. The only sensible approach now to how you design your security is to operate on the assumption that you have already been breached. Not to operate on the assumption that I am going to build something so strong that nobody can get in,” he said.
The most recent high-profile breach that he had seen was the Polish national police database which held the details of people who had been caught speeding. The hackers began contacting people who were due to pay fines with bogus account details for them to pay the fine into. The only reason that they were caught, Mr Ferguson said was because people began receiving two fines.
© Irish Examiner Ltd. All rights reserved