59°F
weather icon Clear
Las Vegas, NV
Business

When it comes to cybersecurity, employees are weakest link

A Black Hat tech associate works in the network operating center (NOC) during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, In Las Vegas. Richard Brian Las Vegas Review-Journal @vegasphotograph
Alex Stamos, chief security officer at Facebook, gives a keynote during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, In Las Vegas.
A Black Hat tech associate works in the network operating center (NOC) during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, In Las Vegas. Richard Brian Las Vegas Review-Journal @vegasphotograph
Alex Stamos, chief security officer at Facebook, gives a keynote during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, in Las Vegas. Richard Brian Las Vegas Review-Journal @vegasphotograph
A Black Hat tech associate works in the network operating center (NOC) during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, In Las Vegas. Richard Brian Las Vegas Review-Journal @vegasphotograph
Alex Stamos, chief security officer at Facebook, gives a keynote during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, in Las Vegas. Richard Brian Las Vegas Review-Journal @vegasphotograph
Alex Stamos, chief security officer at Facebook, gives a keynote during the Black Hat information security conference at Mandalay Bay, Wednesday, July 26, 2017, in Las Vegas. Richard Brian Las Vegas Review-Journal @vegasphotograph
More Stories
A sign marks the entrance to the Tesla Gigafactory in Sparks in October 2018. (AP Photo/John Lo ...
Tesla to lay off nearly 700 in Nevada as car sales slump
Demolition work continues on the Tropicana hotel-casino as a crew removes concrete and pavement ...
Tropicana was profitable right up until it closed, landowner says
‘Suspects are pretty sly’: Skimming fraud on rise in Las Vegas Valley
Smoke free slot area is seen at the Plaza hotel and casino, on Thursday, June 8, 2023, in downt ...
Smoke-free casino advocates take fight to shareholders
By Todd Prince Las Vegas Review-Journal
July 27, 2017 - 5:21 pm
 

Employee hubris is costing companies — and possibly you — a lot of money.

Some workers are spending less than a minute on their company’s cybersecurity training because they think they know everything, a University of Buffalo associate professor told a Las Vegas audience on Thursday.

Those workers, however, tend to think their colleagues aren’t so cyber sophisticated as they are.

“Everyone thinks they are a genius. They don’t take (the training) seriously,” said Arun Vishwanath, who has been studying for the past decade how hackers and cyberterrorists compromise users. He was speaking at the Black Hat cybersecurity conference at Mandalay Bay.

Phishing attacks are growing and becoming more consequential with nearly every industry now impacted, said Vishwanath. There were 300,000 infections in 150 countries in less than 48 hours, he said. Successful phishing attacks can lead to hackers acquiring customers’ personal information.

Hackers succeed more when they use logos of companies that people trust, such as Google and Amazon, in their phishing emails, he said.

The employee is the weakest link in an organization’s defense line and thus companies are spending billions on traditional training programs to cognitively arm them, he said. However, studies show they have minimal impact.

Vishwanath said 32 percent of employees at a major bank clicked on a phishing link in the weeks following cyber training class. That compared with 35 percent that received no training.

Another form of training that involves cybersecurity specialists sending phishing emails to employees has only slightly better results, Vishwanath said.

“When I talk to security folks, they are constantly lamenting how users are not paying attention,” he told the hundreds of security specialists attending his presentation.

Technology employees are no less susceptible than other workers due to the same hubris problem, he said.

“People who are in information security think they are smarter than they are,” he said.

Companies need to incorporate people’s self confidence as well as their habits into their training programs, said Vishwanath. Many people fall victim to phishing attempts because they are checking their email while walking or talking, he pointed out.

“It is easier for me to get you to click on a link if you are on a mobile device,” he said.

Black Hat, now it its 20th year, attracts more than 15,000 cybersecurity professionals and 290 exhibitors. The six-day show, which features courses and nearly 120 talks on various issues, ends Thursday.

Contact Todd Prince at tprince@reviewjournal.com or 702-383-0386. Follow @toddprincetv on Twitter.

Don't miss the big stories. Like us on Facebook.
THE LATEST
MORE STORIES
recommend 1
Phish to air Sphere finale live from Las Vegas
recommend 2
Phish jams for 3½ hours in Sphere premiere — PHOTOS
recommend 3
Phish jams for 3½ hours in Sphere show — PHOTOS
recommend 4
New Phish single drops ahead of Sphere series
recommend 5
Top 10 things to do in Las Vegas this week
recommend 6
Journey at the Sphere? ‘We would absolutely destroy that place’