Humans remain the most vulnerable part of any cybersecurity plan, and this has been shown over and over again. Rarely do you see a successful attack that solely targets software and/or hardware. In over 90% of cases, the critical failure in security occurs when an employee clicks a bad link, gets phished, or otherwise contravenes cybersecurity best practices. It doesn’t help that employees consistently seek ways to get around restrictive security policies because they’re annoying, stop them from visiting websites that they want to, or just to see if they can. These numbers suppose that your employees are well-meaning if misguided, souls who just want to watch some videos while they’re on the company dollar and not actively malicious.
Malicious insiders, however, caused the majority of successful cyber attacks in 2018 and these attacks occur for a variety of reasons. It’s possible for employees to become compromised due to their activities inside or outside of the workplace, have their personal information Ransomwared, or simply for them to have a grudge against their parent company. Tracking malicious actors is difficult as many of them wait until the last moments to go beyond the normal scope of their duties, and companies have to strike a balance between effective monitoring of employee behaviors vs respecting their employee’s privacy. Companies should regularly test and update their cybersecurity plans and responses, along with ensuring that employees receive frequent education on cyber threats.
Source: Human Error, We Meet Again
The backbone of industry is the Industry Control Systems (ICS) that monitor and run the various pieces of machinery keeping industrial sites running. The value generated by damaging these systems is massive and taking control of an opponents ICS’s would allow you to cripple them entirely without threat to yourself. This is why the cyber arena of warfare is growing so rapidly and because smaller actors can cause damage that is completely out-of-line with their physical threat to their opponents. Some of the most persistent cyber attacks come from North Korea, Iran, and other small nations that wouldn’t normally have a chance at challenging the United States, United Kingdom, or India in a martial contest. Ukraine, in particular, has seen itself under merciless cyber attack by Russia and it has been repeatedly compared to a testing ground for cyber warfare.
Source: Critical Infrastructure Under Persistent Threat
Facebook is under pressure from the recent trove of emails that were released by officials in the EU in response to Facebook CEO Mark Zuckerberg refusing to testify before them. These emails have shown the darker side of Facebook, revealing how they stomped down on competition against apps they had a better relationship with. Facebook has stated that the emails are being selectively picked to paint the company in a bad light. If Facebook had a sterling history of allowing other companies to use their data, then this might be believable. Instead, Facebook has spent the last few years fighting fires that keep breaking out every time anything about their internal operations are revealed.
Source: Facebook defends Mark Zuckerberg’s exposed emails