The Human Element: The “Trigger” on Cyber Weapons

Chapter
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)

Abstract

This chapter discusses the protection of businesses from cyber penetrations using the lessons and principles of defending firms against competitive intelligence operations. Although popular culture could lead one to believe that cyber penetrations are all about devices and software exploits, the reality is that the human element plays a pivotal part. In our high-tech society, cyber penetrations all too often rely on low-tech approaches, which can often easily be foiled by alert employees and contractors. Without employee and contractor gullibility, it would be difficult to impossible to penetrate a well-crafted cyber-security system. Like the first reported swindler who conned people in to giving them their watches, today’s con artists are focused on big prizes—information. This chapter examines data and the methods businesses can use to identify what is critical to their operations, and some simple, yet effective ways to protect it. These approaches are used in competitive intelligence and state that regardless of the high-tech environment in which corporations operate, cyber penetrations are often facilitated by low-tech approaches via the human element.

Keywords

Attack vector Best practice Confidence trick Cyber penetration Data breach Hacking Hostile penetration Phishing Social engineering Vital information asset 

References

  1. Ambrose E (2016) The hidden dangers of free public Wi-Fi. August 3, 2016. http://www.aarp.org/money/scams-fraud/info-2016/dangers-of-free-public-wifi-ea.html?intcmp=AE-MON-CONP-SPOTLIGHT-SPOT1-FWN-TM816-TKOVR. Accessed 19 Apr 2017
  2. Bayuk J, Healey J, Rohmeyer P, Sachs M, Schmidt J, Weiss J, Joseph (2012) Cyber-security policy handbook. Wiley, HobokenCrossRefGoogle Scholar
  3. Berman J (2017) Don’t wait for the Bait. Smart Meetings, April 2017. http://www.smartmeetings.com/technology-news/98427/dont-wait-bait-prevent-phishing. Accessed 13 July 2017
  4. Braucher J, Orbach B (2015) Scamming: the misunderstood confidence man. Yale J Law Umanit 27(2):249Google Scholar
  5. Bremmer I (2017) The real cost of ‘forced transparency’. Time, March 16, 2017, p 14Google Scholar
  6. Chameleon Associates (2017) The method to the madness of criminal intent. February 9, 2017. https://chameleonassociates.com/cyber-security-methods/. Accessed 30 Mar 2017
  7. Cooper BL (2017) Google: office inbox receives 6.2X more phishing and 4.3X more malware than your 779999Inbox at home. February 24, 2017. https://www.linkedin.com/pulse/google-office-inbox-receives-62x-more-phishing-43x-malware-cooper. Accessed 14 Apr 2017
  8. Downing D, Covington M, Covington M, Covington C (2009) Dictionary of computer and internet terms, 10th edn. Barron’s Educational Series, Inc, HauppaugeGoogle Scholar
  9. Enslin v. The Coca-Cola Company et al. US district court for the eastern district of Pennsylvania., No. 2:14-cv-06476. Opinion 31 Mar 2017Google Scholar
  10. George Washington University, Center for Cyber and Homeland Security (2016) Into the gray zone—the private sector and active defense against cyber threats. October 2016. https://cchs.gwu.edu/sites/cchs.gwu.edu/files/downloads/CCHS-ActiveDefenseReportFINAL.pdf. Accessed 19 Apr 2017
  11. Google (2017) Targeted attacks against corporate inboxes—a gmail perspective RSA 2017. https://www.slideshare.net/elie-bursztein/targeted-attacks-against-corporate-inboxes-a-gmail-perspective-rsa-2017. Accessed 14 Apr 2017
  12. Hackett, Robert, Jeff John Roberts (2017) The future of online security. Fortune, May 1, 2017, pp 75–76Google Scholar
  13. Identity Theft Resource Center (ITRC) (2015) Data breaches increase 40 percent in 2016, finds new report from identity theft resource center and cyberscout. http://www.idtheftcenter.org/2016databreaches.html. Accessed 12 Apr 2017
  14. Kaspersky Lab. Social engineering. https://usa.kaspersky.com/resource-center/definitions/social-engineering. Accessed 13 Apr 2017
  15. Lazarus A (2016) What you need to know to secure your IoT devices. December 7, 2016. https://www.consumer.ftc.gov/blog/what-you-need-know-secure-your-iot-devices. Accessed 19 Apr 2017
  16. Makuch B (2017) Cyberwar—season 1. Viceland Network, Mar 2017. https://www.viceland.com/en_us/show/cyberwar
  17. McGonagle JJ, Vella CM (1998) Protecting your company against competitive intelligence. Praeger, New YorkGoogle Scholar
  18. Mitnick KD, Simon WL (2002) The art of deception. Wiley Publishing, IndianapolisGoogle Scholar
  19. O’Brien C (2016) Oops: DNC continued to email passwords after they knew they’d been hacked. Townhall, Posted: 14 Sept 2016 10:00 AM. https://townhall.com/tipsheet/cortneyobrien/2016/09/14/oops-dnc-continued-to-email-passwords-after-they-knew-theyd-been-hacked-n2217948. Accessed 24 Mar 2017
  20. O’Brien C (2017) Assange: Podesta’s Password Was ‘Password’. Townhall. January 4, 2017 12:00 PM. https://townhall.com/tipsheet/cortneyobrien/2017/01/04/assange-podestas-password-was-password-n2267069. Accessed 24 Mar 2017
  21. Palmer A (2016) How to ensure your mobile data is secure at meetings. (interview with Terver Roald), March 23, 2016. http://www.successfulmeetings.com/Strategy/Meeting-Strategies/How-to-Secure-Your-Mobile-Data-at-Meetings/?t=head&cid=eltrMtgNews. Accessed 30 Mar 2017
  22. Prunckun H (2015) Scientific methods of inquiry for intelligence analysis, 2nd edn. Scarecrow Press, LanhamGoogle Scholar
  23. Risk Based Security (2017) Data breach quick view report: 2016 data breach trends—year in review. January 2017. https://pages.riskbasedsecurity.com/hubfs/Reports/2016%20Year%20End%20Data%20Breach%20QuickView%20Report.pdf. Accessed 24 Mar 2017
  24. Roberts JJ (2017) Fake SEC emails target execs for inside information. Fortune. March 7, 2017. http://fortune.com/2017/03/07/sec-phishing/. Accessed 13 Apr 2017
  25. Rubin C (2016) Before You Use the Public Wi-Fi, Read This. Entrepreneur. November 2016.https://www.entrepreneur.com/article/283943. Accessed 6 Apr 2017
  26. Ruffini A (2017) Stay safe and enjoy the event. Incentive. 10 January/February 2017Google Scholar
  27. Schiff JL (2017) How to fend off cyberattacks and data breaches. March 29, 2017. http://www.csoonline.com/article/3186389/cyber-attacks-espionage/how-to-fend-off-cyberattacks-and-data-breaches.html. Accessed 30 Mar 2017
  28. Sjouwerman S (2017a) Dominos still falling 3 years after Yahoo data breach. Reading Eagle, Business Weekly, 7. March 28, 2017Google Scholar
  29. Sjouwerman S (2017b) New phishing attack works 90% of time. Reading Eagle, Business Weekly, 7, April 11, 2017Google Scholar
  30. Sjouwerman S (2017c) Pew survey finds Americans weak on online security issues. Reading Eagle, April 18, 2017Google Scholar
  31. Sjouwerman S (2017d) Scam of the week blends CWO Fraud, W-2 phishing. Reading Eagle, February 14, 2017Google Scholar
  32. Snell E (2017) Employee healthcare data security awareness top industry threat. Health IT Security, April 18, 2017. http://healthitsecurity.com/news/employee-healthcare-data-security-awareness-top-industry-threat. Accessed 4 May 2017
  33. Stowell HG (2017) Teller trouble. March 1, 2017. https://sm.asisonline.org/Pages/Teller-Trouble.aspx. Accessed 30 Mar 2017
  34. Symantec (2016) Internet security threat report. Volume 21, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed 12 Apr 2017
  35. Tolman WH (1909) Social engineering. McGraw Publishing Co., New YorkGoogle Scholar
  36. Toren M (2014) 5 No-brainer tips to avoid getting hacked. Entrepreneur.com. February 17, 2014. http://www.nbcnews.com/id/54235589/ns/business-small_business/t/no-brainer-tips-avoid-getting-hacked/#.WPEn2IjyuUk. Accessed 14 Apr 2017
  37. US Federal Communications Commission. Cyberplanner. https://www.fcc.gov/cyberplanner. Accessed 13 Apr 2017
  38. US Federal Trade Commission (2011) Computer security. September 2011. https://www.consumer.ftc.gov/articles/0009-computer-security. Accessed 19 Apr 2017
  39. US Federal Trade Commission (2015) Malware. November 2015. https://www.consumer.ftc.gov/articles/0011-malware. Accessed 19 Apr 2017
  40. US Internal Revenue Service (2016) Protect your clients: security summit partners warn tax pros of cybercriminals, launch new awareness tips. IR-2016-163. December 7, 2016. https://www.irs.gov/uac/protect-your-clients-security-summit-partners-warn-tax-pros-of-cybercriminals-and-launch-new-awareness-tips. Accessed 19 Apr 2017
  41. US Small Business Administration (n.d..) SBA Cybersecurity for Small Businesses. https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-businesses. Accessed 30 Mar 2017
  42. Vella CM, McGonagle JJ (2017) Competitive intelligence rescue: getting it right. Praeger, New YorkGoogle Scholar
  43. Walsh B (2017) A safer, smarter grid. Time, April 10, 2017, pp 30–32Google Scholar
  44. Washington Post (2017) Hack claims he’s released new episodes of netflix series. Reading Eagle, April 30, 2017, p A6Google Scholar
  45. Wilson M, Hash J (2003) Building an information technology security awareness and training program. US Department of Commerce, National Institute of Standards and Technology. October 2003. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-50.pdf. Accessed 6 Apr 2017
  46. Winkler I (2017) Why awareness needs to teach scam detection and reaction. March 2, 2017. http://www.csoonline.com/article/3176531/security-awareness/why-awareness-needs-to-teach-scam-detection-and-reaction.html. Accessed 19 Apr 2017

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.The Helicon GroupBlandonUSA

Personalised recommendations