CAN EMPLOYEE CYBERSECURITY TRAINING STOP FILE-BORNE ATTACKS?
June 28, 2018
The well documented and widely contentious argument has perhaps been exhausted, but to what result? The two sides still passionately believe employee training either reduces the risk of a cyber attack or is a complete waste of company resources.
The truth is there is no hard statistical evidence to strongly support security awareness training (SAT) or obliviate it entirely. It might very well be true that continuous, engaging training programs do have an effect on employees’ awareness to the possible risks of a file-borne attack. However, the question is not whether or not employees can gain greater awareness of the problem, but whether they are capable of stopping it. Or in other words, does security awareness training work to the extent where employees no longer open socially engineered attachments or click on malicious links? The answer to that question is quite decisively – no.
It only takes a few off-the-bat examples to demonstrate this clearly: from West Point’s 2004 phishing “Carronade” experiment where 90% of employees failed to identify phishing emails even right after completing 4-hour training, to the 2014 eBay hack or the 2011RSA SecurID phishing attack. These are just a few of many examples demonstrating how people are always going to be the easiest route into a targeted network, no matter how well-trained they are. And here is why –
Why security awareness training will never be enough
Security awareness training’s biggest antagonists usually claim it doesn’t work because today’s employees suffer from attention deficiency, or because these training programs are typically boring, they often have no lasting effect, they lack user interaction and involvement, or because they scare employees rather than teach them. But here are the real reasons why these programs can never result in full security compliance –
1.People don’t change behaviors just because they gain more information.
If that were the case, none of us would ever smoke, live an unhealthy lifestyle, or eat ice cream. That’s why increasing awareness will never have a significant or long-lasting effect on companies’ cyber protection, and the ultimate proof is the attack methods cyber criminals are using today: many of the most infamous attacks in recent years contained at some point a sophisticated socially engineered phishing component, which brings us to the second reason why SAT will never be enough –
2. Tricking people is always going to be easier than tricking computers.
The reality of cyber attacks today is that there are so many entry points in the data flow going in and out of the organization, that employees couldn’t possibly have the ability, or be responsible for protecting their company against these modern file-borne zero-day security attacks. Whether via file sharing platforms, through the web, or by opening innocent-looking email attachments, employees are constantly bombarded with documents coming through endless channels, and they cannot be expected to analyze every single one of them to recognize the malicious ones – they simply won’t stand a chance.
Bruce Schneier describes it well: “If four-fifths of company employees learn to choose better passwords or not to click on dodgy links, one-fifth still get it wrong and the bad guys still get in.” In other words, no matter how well-trained, people will never be resilient against sophisticated social engineered exploits.
In short, employees shouldn’t be the company’s gatekeepers; they can’t be the first line of defense against malicious exploits hidden sophisticatedly in documents.
Creating a threat-free file environment
And so, if we can’t rely on the people in the organization to stop falling into the exploited file traps, then the alternative has to be a solution that won’t even let the users make bad decisions because the threshold will not be in their fingertips. If we want to relieve employees from the burden of protecting their network, then we need to focus on securing the entire data flow, whatever the channels. With so many incoming data channels, the only way to create a clean file environment is to disarm documents before they even reach the employees in a completely automated way and without disrupting the company’s workflow.
This is precisely what the File Disarmer is designed for: disarming every single file coming from the web, email, USB port, file-transfer or content collaboration platform before it reaches the organization’s network. The File Disarmer is a patented solution that secures all incoming files from known and unknown attacks using on unique next-generation Content Disarm and Reconstruction technology that cleanses any document from hidden exploits. Once the file is thoroughly disarmed, it is fully recovered and is safe to download, open, save or use, no matter where it came from.