Users are the Weakest Link – What IT Needs to Do About It
The recent breaches at the Massachusetts Institute of Technology (MIT) further reinforce the fact that users can be an information security program's weakest link. How did this breach occur? As described in media coverage surrounding the debacle, a user within the MIT Network Operations Center (NOC) received an email containing a malicious link. The user subsequently clicked on the link and from there the attack proceeded. In its simplest terms, hackers exploited the user to redirect all traffic destined to any MIT URL to an external site, outside of MIT's control.
MIT regained control of its systems within hours and kept the total visible impact to just a few days - the length of time it took for DNS records to be updated across the globe. But that's not the point. If information security programs are dependent on users (or employees), there are only two remedies: users need to become more aware or security needs to remove the threat to their users.
This deliberate attack stemmed from a simple phishing email to a user. What we don't know is how many users within the MIT NOC received the email and how many did not click on the link. The lesson here? It only takes one user to lead you to a compromise.
Security departments across the globe need to invest resources to protect their employees against phishing attacks. The top three solutions to reduce risk include:
- Repetitive user training with published metrics with a goal of behavior modification
- Effectively blocking malicious emails from entering the network
- Proven technologies that block the user from reaching malicious websites
Until users become aware of suspicious links and attachments within an email, it is absolutely essential that security teams implement protective measures. In this dynamic threat landscape, investing resources in shoring up the weakest links should be the primary focus of all information security professionals. All other efforts might just be considered busy work.