April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

End-user awareness is the missing link in cyber security

Megan Horner

Nobody can argue that cyber security and data privacy have become hot topics this year. The buzz has been felt world-wide, as people strategize on both offensive and defensive aspects. When cyber security is mentioned, many reflexively jump to thoughts of firewalls, complex passwords and malware protection.

But, one of the most important and often overlooked security defenses is end user awareness. It requires everyone working within a sector to use their due diligence to ensure the integrity of that network’s infrastructure. Educating all employees provides a more holistic and long-lasting solution.

Simply installing the latest product on a machine isn’t a full-proof plan. Threats are where you least expect them and a recent “mock breach” mounted by Digital Locksmiths, a security services company, proves just that.

Digital Locksmiths were recently hired by a large manufacturing firm to ensure that all bases were covered when it came to potential security vulnerabilities. They started their assessment by attempting to hack into the company’s infrastructure, using common modes, such as eavesdropping, password cracking, DoS attacks and sniffing. The network was impenetrable, but they didn’t stop there. Instead, they chose another – often ignored -- route. Armed with a smile and a buttoned-up shirt, Terry Cutler, their lead ethical hacker, entered the facility posing as an innocent passerby with an urgent need to use the restroom. The receptionist smiled and buzzed him into the facility. Once inside, Cutler grabbed two programmed USB keys from his pocket and dropped them on top of the toilet paper holders located in each stall. Then he headed back to his office where, as he expected, the USBs had been brought to life by unsuspecting employees who might have just opened up their company to a massive breach. 

Social engineers manipulate people using tricks and tactics, so they are basically spoon-fed confidential information. This is the main reason end-user compliance is so important.

The example shared above is known as “baiting,” a physical tactic where a device is placed in a location where it is sure to be found and the attacker simply waits for a curious onlooker to pick up the device and plug it into his or her PC. One of the most common types of social engineering attacks, phishing, also happens to be one of the simplest. It involves sending an email from what appears to be a legitimate source requesting verification or prompting a responsive action. A real example, which Digital Locksmiths once used, was to search for corporate employees on Facebook, LinkedIn and Twitter. Cutler then searched for a common interest and sent an intriguing message like, “I noticed you’re into fishing, have you tried out this sonar gadget to help your catch?,” along with a link to an exploit code. When an attacker sends this kind of credible link, once it is clicked, the attacker will be able to pull out screen shots, monitor keyboard strokes and even take an encrypted username and password to be used in what’s called a “Pass the Hash” attack. 

Many companies employ over-worked, under-paid and under-trained system administrators. The lack of educated users and admins can lead to the downloading of infected files. Information security is a complex and specialized field, which means that it is crucial that governments and civilians receive specialized cyber security training. This training is extremely low cost, when compared to the financial pain companies may have to endure have if their network becomes vulnerable to attackers.

Megan Horner is the marketing coordinator for TrainACE. She can be reached at:

[email protected]


Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...