TAG Cyber Law Journal
Reviewing 2018 And Predicting What’s Ahead In Cybersecurity
January 1, 2019
By David Hechler
CyberInsecurity News: One of the things that you were talking about early last year was vendor vulnerability—that is, vulnerable to cyberattacks. And that was going to be a big issue.
Daniel Garrie: I think it was a big issue. It continues to be a big issue.
CN: Spear-phishing was a problem then, and it continues to be now. You noted the difficulty that companies were having training employees. Has progress been made there?
DG: You’re talking about changing behavior. You’re really trying to correct human behavior, and it’s extremely challenging to do that, because it’s innate in our behavior to reply to email.
Until you can get people to stop replying to email, spear-phishing is going to be successful. Companies are training diligently, but it’s going to be hard to use training to replace the reality that people like the ease and convenience. When you’re busy on a Friday and someone sends you something saying, “I need this wire sent,” you want to hit reply. Until you turn that capability off, there’s no way around it. So I think you’ll see companies in some instances turning off people’s ability to reply to email in the common way in order to mitigate the risk. This can be an effective approach. Law & Forensics has seen this strategy deployed successfully on multiple occasions. But it is not a magic bullet, and continued vigilance and training are necessary.
To read the full article, go to TAG Cyber Law Journal