weather icon Clear

When it comes to cybersecurity, employees are weakest link

Employee hubris is costing companies — and possibly you — a lot of money.

Some workers are spending less than a minute on their company’s cybersecurity training because they think they know everything, a University of Buffalo associate professor told a Las Vegas audience on Thursday.

Those workers, however, tend to think their colleagues aren’t so cyber sophisticated as they are.

“Everyone thinks they are a genius. They don’t take (the training) seriously,” said Arun Vishwanath, who has been studying for the past decade how hackers and cyberterrorists compromise users. He was speaking at the Black Hat cybersecurity conference at Mandalay Bay.

Phishing attacks are growing and becoming more consequential with nearly every industry now impacted, said Vishwanath. There were 300,000 infections in 150 countries in less than 48 hours, he said. Successful phishing attacks can lead to hackers acquiring customers’ personal information.

Hackers succeed more when they use logos of companies that people trust, such as Google and Amazon, in their phishing emails, he said.

The employee is the weakest link in an organization’s defense line and thus companies are spending billions on traditional training programs to cognitively arm them, he said. However, studies show they have minimal impact.

Vishwanath said 32 percent of employees at a major bank clicked on a phishing link in the weeks following cyber training class. That compared with 35 percent that received no training.

Another form of training that involves cybersecurity specialists sending phishing emails to employees has only slightly better results, Vishwanath said.

“When I talk to security folks, they are constantly lamenting how users are not paying attention,” he told the hundreds of security specialists attending his presentation.

Technology employees are no less susceptible than other workers due to the same hubris problem, he said.

“People who are in information security think they are smarter than they are,” he said.

Companies need to incorporate people’s self confidence as well as their habits into their training programs, said Vishwanath. Many people fall victim to phishing attempts because they are checking their email while walking or talking, he pointed out.

“It is easier for me to get you to click on a link if you are on a mobile device,” he said.

Black Hat, now it its 20th year, attracts more than 15,000 cybersecurity professionals and 290 exhibitors. The six-day show, which features courses and nearly 120 talks on various issues, ends Thursday.

Contact Todd Prince at tprince@reviewjournal.com or 702-383-0386. Follow @toddprincetv on Twitter.

Don't miss the big stories. Like us on Facebook.
Toys R Us plans a small comeback with 2 stores this year

The first two new Toys R Us stores — one in Texas, the other in New Jersey — will open in November as part of a small comeback of the defunct iconic toy chain in the U.S.

Top 5 most expensive Las Vegas home sales — PHOTOS

Las Vegas may be crammed with cookie-cutter stucco houses, but there are also plenty of mansions around the valley with wine cellars, game rooms, gyms, movie theaters, and other pricey amenities.

Las Vegas among cheapest places to live for millennials

To determine the 50 most affordable cities for millennials, GOBankingRates analyzed over 700 cities with at least 50,000 residents and a millennial population of 21.6% or greater. Factors included the three-year change in each city’s millennial population, the overall cost-of living index, the median monthly rent and the median home list price.

G-7 finance chiefs issue stark warning about Facebook’s Libra

Finance chiefs from the Group of Seven rich democracies issued a stark warning on Thursday that cryptocurrencies like Facebook’s Libra should not be allowed before “serious regulatory and systemic concerns” are put in check.