Michael Hill | September 13, 2016

#GartnerSEC: End User Threats Beyond the Phish

Speaking at the Gartner Security & Risk Summit in London this week  Wombat Security’s CEO Joe Ferrara explored what lies ‘beyond the phish’, with particular focus on shining some light on the main non-phishing threats that still continue to plague organizations and how they are related to end user knowledge gaps.

Ferrara explained that focus on the end user is two-fold:

“One is about educating and making sure users inside an organization understand the threats that are out there in terms of cybersecurity so they can identify and avoid attacks. The second is driving behavior change, but also measuring it.”

When you’re talking about users, Ferrara added, phishing is the first topic people want to discuss. However, the reality is that there are still various other risks that companies face.

So, aside from falling for phishing scams, where are end users failing in terms of knowledge levels at the moment?

“Using social media is at the top of the list in terms of knowledge weaknesses for end users,” Ferrara said. “They don’t understand how to use social media; they don’t understand the risks involved.”

Users lack the ability to identify fake or malicious social media posts, and people posting and re-posting malicious content is now a huge issue with social media. What’s more, recent research found that only 55% of companies are assessing their users about their knowledge level on social media.

Next up, Ferrara touched on protecting and disposing data securely, arguing that there is an underlying current of end users that think all of the security infrastructure and software out there is going to save them.

“So, they don’t worry about whether or not they’re disposing data correctly, or whether or not they are storing data correctly.”

With regards to working outside of the office, Ferrara said the biggest risks surrounding this come down to employees connecting to public, and therefore possibly insecure, Wi-Fi.

“People don’t understand the risks of connecting to Wi-Fi; they might not understand that they could be connecting to a rogue network. They don’t understand what to look out for and aren’t asking any questions, they’re just logging in and going.”

To conclude, Ferrara urged his audience to measure their users, and that’s the key to gauging their knowledge weaknesses.

“You have to be actively measuring to make a difference. Instead of pounding your head against the wall by not measuring end users, start doing so and understand where you’re successful in the long run.”