Did you know that cybersecurity doesn’t just pose technical challenges? In fact, companies must always keep their eye on the human component of cyber risk too.
In this piece by Christopher Ott on the Rothwell Figg Privacy Zone, it is emphasised that the human element is always vitally important for any cyber defence set up. You simply cannot rely on tech alone.
On August 26, 2020, the United States Department of Justice charged a Russian national for offering $1 million to a Tesla employee in return for them infecting their employer’s network with malware. Egor Igorevich Kriuchkov met with the employee on multiple occasions as part of the recruitment effort. The malware was designed to exfiltrate data from Tesla. The criminal group behind the attack allegedly would then demand $4 million in return for the information. This is a case where a human weakness is being used to infiltrate a technical weakness and whilst pretty shocking, this is not uncommon.
As always, better education and greater awareness are essential, not to mention how important it is to test the human resilience, as well as technical.
- See also: https://amonsocial.alvarezandmarsal.com/post/102eqgc/employees-are-the-key-cyber-control-not-technologyand https://amonsocial.alvarezandmarsal.com/post/102ei2e/cyber-security-not-just-an-it-issue and https://amonsocial.alvarezandmarsal.com/post/102eeso/dont-think-about-cyber-security-as-a-tech-problem
Companies also have to begin planning for cyber litigation now, not later. The preparation on a litigation standing will re-enforce proper workflows and decision-making, even under pressure. Early litigation preparation will also strengthen later arguments that the cyber response process should be considered privileged, which is a burgeoning litigation fight. Those privilege issues should be the subject of a separate discussion. However, to paraphrase digital godfather Benjamin Franklin, smart companies know that one byte of preparation equals one terabyte of cure.