Maksim Kabakou - Fotolia

Security Think Tank: Don’t blame employees – give them secure working environments

What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches?

We must stop blaming employees for security breaches when all they did was to click on a link or open an attachment that was delivered to their work-provided mailbox.

The recent Verizon data breach investigations report shows that more than 90% of successful data breach incidents involved phishing attacks. Apparently, user awareness programmes are not delivering value.

While managers may be proud to announce a 50-80% reduction in click-through following cyber security awareness exercises, the problem is that the odds are stacked against information security managers. The human operating system is inherently insecure, and criminals need only one employee to open a link or an attachment to get a foothold.

Cyber security controls must work in harmony to prevent the cyber criminals’ objective of successfully taking control of a victim’s network and messing with its data.

The correct security architectures should ensure that employees do not even need to make a decision about opening an attachment or a link. Legally, one could argue that users are indemnified from incidents caused by them while working with emails in their work email mailbox. In the end, it was the organisation itself that delivered these emails to them.

Here is a list of controls, in no particular order, that we would recommend and that we implemented at Jirasek Security:

  • Enforce SPF, DKIM and DMARC. Ask your email provider if they hard-fail when these email controls fail their tests. Also, test your SPF: “run host -t TXT <your domain>” to see how your SPF is set up. Ours is “v=spf1 include:spf.protection.outlook.com -all”. Note the -all delivering hard-fail for SPF checks.
  • Use a reputable cloud-based email provider, one that has a proven high success rate in protection. We recommend Google for Work or Microsoft Office 365 (with additional Advanced Threat Protection subscription).
  • Install secure anti-malware proxy or a next-generation firewall on your boundary defence to capture web browsing and other user-generated traffic. This investment will ensure that users browsing malicious websites do not get infected with malware, at least when there are in your offices.
  • Monitor and report the number of attacks on your organisation and individual users.
  • Remove admin rights from accounts users for day-to-day work. If required, create them a separate account that has admin rights for exceptional cases (and monitor its use).
  • Harden your operating systems, email and web browsers as a priority. There are numerous hardening guides, and we would recommend using either CIS benchmarks or directly operating system supplier advice.
  • And finally, if anything still gets through, have a process to deal with these less frequent incidents

We have seen that by using the above controls, the risk to organisations is reduced significantly. Come on – you can do it. ....................................................................................................... ....................................................................................................................................

This was last published in June 2017

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close