People and Security Flashcards

What is considered the weakest link in Cybersecurity?

People

Why are people considered the weakest link in cybersecurity?

• 1. Humans make mistakes

• 2. Humans forget

• 3. Humans love shortcuts

• 4. Human performance varies

• 5. Humans can be manipulated more easily than machines.

BYOD Policy

Bring Your Own Device - policies that allow employees to use their own devices to conduct business rather than relying on company-issued devices

What Benefits do BYOD policies bring?

• Reduced hardware cost

• higher productivity

• More convenience for employee

• More attractive job offerings

What security concerns do BYOD policies bring?

• Reliance on the employee to handle the device (and data) correctly.

• Devices are carried out of the workplace, and into a greater variety of locations.

• Variety of activities conducted on the device.

• Risk of device being lost.

• Compliance concerns.

What are 3 ways the human element of organizations can be strengthened?

1. Increase employee skill and awareness

2. Reduce opportunities for misuse

3. Create a positive workplace culture

How can a workplace protect itself against intentional insider threats?

Digital Warning Signs and Behavioral Warning Signs

What are some example of Digital Warning Signs

• Accessing or downloading large amounts of data

• Accessing sensitive data not associated with their responsibilities.

• Making repeated requests for data outside their job function.

• Using unauthorized storage devices.

• Data hoarding; keeping copies of sensitive information

• Emailing sensitive data outside the organization.

What are some example of Behavioral Warning Signs

• Displaying disgruntled behavior toward co-workers.

• Violating organizational policies.

• Frequently in office during off-hours

• Discussing resigning or seeking new opportunities

User Behavior Analytics

Establish a profile of “normal” behavior and a threshold for what is considered abnormal; create alerts for any abnormal behavior

User Rights Management

Monitors the activity of privileged users to identify the frequency with which certain privileges are used; can identify when privileged are used excessively, inappropriately, or infrequently

Alert Prioritization

Categorizes alerts generated by behavior analytics, intrusion detection systems, etc. to prioritize which anomalies are most critical

What is Social Engineering?

The art of convincing people to take certain action or accept certain beliefs. It is applied in almost all domains in which humans play a significant role

What two scales does social engineering work at?

Individual Scale and Societal Scale

Social Engineering - Individual Scale

Any goal oriented interaction between people

Social Engineering - Societal Scale

Any goal oriented organization or management of people

Three categories that social engineering attacks fall into

• Phishing attacks

• Physical social engineering

• Mass social engineering

What are some common identifying qualities to phishing emails?

• Poor grammar/ word selection

• attachments, links, or shortened URLs

• vague salutations

• sense of urgency

• unusual domain

What are some common physical social engineering attacks?

• Shoulder Surfing

• Tailgating / Piggybacking

• Pretexting

• Baiting

Shoulder Surfing

Standing near a target to directly observe sensitive info. such as passwords

Tailgating / Piggybacking

Entering a secure location by following someone with legitimate access

Pretexting

Engineering a scenario (A pretext) for interacting with the target so as to obtain info. from them

Baiting

Leaving malware-infected devices (ex. a USB drive) on site so that an unwitting target will connect them to a workstation

What are two examples of Mass Social Engineering?

Disinformation Campaigns and Algorithm Funneling

Disinformation Campaigns

Organized efforts to intentionally spread false info or suppress true information. Successful disinformation can have a significant impact on discourse and public opinion

Algorithm Funneling

Can occur in social media sites and similar services, where algorithms designed to drive engagement create echo chamber and reinforce polarizing behavior.