Web Analytics
  • Secure Channels

InfoSecurity Magazine Quotes Richard Blech

Richard Blech On Breaches, Combatting the Human Element

According to research from CompTIA, malware and hacking are serious concerns for nearly half of all companies; but, the human element in security trumps all—companies report that it’s the largest factor behind security breaches.

That element can take many forms.

“Regarding human error, there is a big difference between making mistakes and being tricked by the threat into taking some action which ultimately leads to you being compromised,” said TK Keanini, CTO of Lancope, via email. “Most individuals face the latter and as our lives become more and more publicly visible in social networks, these phishing tactics grow more and more sophisticated.”

More training is the clear answer, but companies struggle with understanding how to make an investment in training that will pay off. Only 54% of companies offer some form of cybersecurity training, typically done through new employee orientation or an annual refresher course. But there are few metrics to evaluate the effectiveness of that. And businesses readily acknowledge that they would like to see better content in their security training.

Another dimension to combatting the threat lies in monitoring and analytics. Whether it’s an outside hacker breaking into the network in an attempt to get privileged user credentials (e.g. hijack an account) or a malicious insider user, their activities leave several “visible” traces.

“Users, as they interact with IT systems, leave a recognizable fingerprint which can be detected and learned,” explained Péter Gyöngyösi, product manager with BalaBit, in a note to Inforsecurity. “Users log into the same applications, do the same things while working and access similar data. Organizations must close the blind spots, by uncovering risks that many DLP, IAM and SIEM tools cannot identify, and examine their users’ behavioral patterns. These ‘learned’ profiles can be compared in real-time to the actual activities of a user to detect anomalies and differences in behavior.”

Of course, the higher privileges a user has, and the bigger the difference with one’s everyday user profile is, the more prioritized the security risk should be.

“Once anomalies are detected and prioritized, counter actions could be applied to stop an ongoing attack or to investigate the event further,” he added.

Richard Blech, CEO of Secure Channels, noted that encryption is an important part of the picture as well.

“During a time of epidemic proportions of breaches I find it odd that ANYONE needs to be ‘convinced’ that they need to encrypt their data,” he said. “So let me be really clear … either encrypt your data from the start or plan to lose it or pay to get it back. The job of technology is to design systems to protect us from human error. The only sophistication the hackers have over us is their ability to encrypt our data first (apparently ransomware hackers are better decision makers than the rest of us) and move faster without the cumbersome system of corporate glue to get in their way.”

Find the original article here.

For more articles featuring Richard Blech at the Secure Channels Inc. website.

#Irvine #CyberSecurity #hacking #RichardBlech #cybersecurity #Breach #malware #patentedencryption #SecurityBreach #SecureChannels

Secure Channels BRINGS to market data encryption, cryptographic protocols, and access control/ privileged access/ user authentication technologies in the form of licensable tools, end user platforms and purpose-built solutions, SERVING software & application developers, hardware OEM and device manufacturers, and enterprise organizations, WHO place a premium on cybersecurity, risk reduction, and operational performance benefits or competitive differentiation provided, ALLOWING them to replace, augment, or introduce to new cryptography into their products or environments, PROVIDING material and measurable cybersecurity protections, risk reduction and data breach mitigation.

Secure Channels Inc. 

2102 Business Center Drive, Suite 130  |  Irvine, CA 92612  |  T: (949) 208-7525  |  E: contact@securechannels.com

Follow us!

  • Facebook
  • LinkedIn
  • Twitter

Copyright © 2020 Secure Channels Inc. All rights reserved