Will the Colonial Pipeline Attack Change User Behavior?
After the Colonial Pipeline ransomware attack, a rapid change in user behavior should be expected. However, this may not be the case.
How Will User Behavior After the DarkSide Attack?
Recent ransomware attacks upon infrastructure targets like the Colonial Pipeline have certainly elevated the profile of cybercrime. Justice and policing agencies are giving it far more attention. Companies are taking more steps to avoid the possibility of a ransomware attack.
The mainstream press, not just the IT and security press, are constantly running stories about malware, ransomware, and cybercrime. This has raised awareness of the problem to something that is now very much in the popular consciousness.
Prime-time news stories highlight the dangers of phishing, and tell harrowing stories of individuals and small businesses destroyed by cybercrime after falling victim to social engineering trickery.
Will Users Wise Up?
The obvious conclusion would be that higher awareness would bring about a rapid change in user behavior. Being fed a steady diet of news about the various ways in which people were hoodwinked by various email scams, users would become far more cautious about their own email, website, and security habits.
Sadly, the facts don’t bear this out.
Research on social engineering from security awareness training vendors such as KnowBe4 indicates that people continue to be fooled by phishing emails in more or less the same percentage as before.
More than 10%, and some studies say 1 in 3 users are prone to be fooled by phishing. All it takes is a moment of inattention and the person clicks on a malicious attachment or link. Even smart people get fooled sometimes.
Malicious Cyber Strategies
To make matters worse, the bad guys continually adjust their tactics. As one particular tactic works well, it gets used a lot and then eventually plays itself out through over-use. The old scam emails from Nigerian banks wanting to pay you millions were once hitting just about every mailbox. People are wise to it. You rarely see it, these days.
The criminals moved on to other approaches such as email subject lines promising lurid details about celebrities or taking advantage of the headlines of the moment.
Another common tactic has been to use logos from corporations, banks, the IRS, FBI, or other government bodies posing as official communications. The idea is to fool the recipient into entering passwords or banking details.
Slightly altered email addresses are another ploy. One letter is added or subtracted from the email address, so it looks correct at first glance. Criminals sometimes infiltrate the email system of one employee and use it to send malicious content to other employees posing as being an urgent survey from the IT, finance, or HR. Such attacks are often effective.
Some users are alert to these scams and spot them instantly. But many continue to be fooled by them, even at an executive level.
When, Not If
Based on the propensity of some users to be tricked into clicking on malware, the unfortunate reality is that no matter the headlines, no matter the raised awareness, breaches will happen.
Phishing scams will help bad actors to gain entry. Effective security awareness training can bring down the percentage of users who click on bad links or attachments. But it won’t bring it to zero.
How Syxsense Can Help
Such actions must be supported by ever-vigilant IT and security personnel using automated security tools. The organization must continually scan the network for vulnerabilities, unusual patterns, anomalous traffic, and new threats. Patches must be kept up to date with priority given to those with the highest threat level.
Syxsense Cortex simplifies complex IT and security processes with a drag-and-drop interface. Pre-built templates keep organizations secure and without needing large teams, specialists, or scripting.