weather icon Partly Cloudy

When it comes to cybersecurity, employees are weakest link

Employee hubris is costing companies — and possibly you — a lot of money.

Some workers are spending less than a minute on their company’s cybersecurity training because they think they know everything, a University of Buffalo associate professor told a Las Vegas audience on Thursday.

Those workers, however, tend to think their colleagues aren’t so cyber sophisticated as they are.

“Everyone thinks they are a genius. They don’t take (the training) seriously,” said Arun Vishwanath, who has been studying for the past decade how hackers and cyberterrorists compromise users. He was speaking at the Black Hat cybersecurity conference at Mandalay Bay.

Phishing attacks are growing and becoming more consequential with nearly every industry now impacted, said Vishwanath. There were 300,000 infections in 150 countries in less than 48 hours, he said. Successful phishing attacks can lead to hackers acquiring customers’ personal information.

Hackers succeed more when they use logos of companies that people trust, such as Google and Amazon, in their phishing emails, he said.

The employee is the weakest link in an organization’s defense line and thus companies are spending billions on traditional training programs to cognitively arm them, he said. However, studies show they have minimal impact.

Vishwanath said 32 percent of employees at a major bank clicked on a phishing link in the weeks following cyber training class. That compared with 35 percent that received no training.

Another form of training that involves cybersecurity specialists sending phishing emails to employees has only slightly better results, Vishwanath said.

“When I talk to security folks, they are constantly lamenting how users are not paying attention,” he told the hundreds of security specialists attending his presentation.

Technology employees are no less susceptible than other workers due to the same hubris problem, he said.

“People who are in information security think they are smarter than they are,” he said.

Companies need to incorporate people’s self confidence as well as their habits into their training programs, said Vishwanath. Many people fall victim to phishing attempts because they are checking their email while walking or talking, he pointed out.

“It is easier for me to get you to click on a link if you are on a mobile device,” he said.

Black Hat, now it its 20th year, attracts more than 15,000 cybersecurity professionals and 290 exhibitors. The six-day show, which features courses and nearly 120 talks on various issues, ends Thursday.

Contact Todd Prince at tprince@reviewjournal.com or 702-383-0386. Follow @toddprincetv on Twitter.

Don't miss the big stories. Like us on Facebook.
Wynn Resorts to do away with valet parking fees

Wynn Resorts Ltd. will soon offer free valet parking at Wynn Las Vegas and Encore — a move experts say could help the company attract visitors within driving distance of Las Vegas.

Auto workers strike against GM in contract dispute

More than 49,000 members of the United Auto Workers walked off General Motors factory floors or set up picket lines early Monday as contract talks with the company deteriorated into a strike.

OxyContin maker Purdue Pharma files for bankruptcy

The company that made billions selling the prescription painkiller OxyContin has filed for bankruptcy days after reaching a tentative settlement with many of the state and local governments suing it over the toll of opioids.

New Jersey casinos woo bettors with new sportsbooks

Now in its second year of allowing sports betting, the state has seen sports wagering surpass expectations, and Atlantic City casinos are upping their game with new sportsbooks.

Price gap between new and resale homes nearing $100k in Las Vegas

The median sales price of a newly built single-family house in Southern Nevada was around $389,450 in July, compared with $295,000 for a previously owned one, a gap of almost $94,450, according to data from Las Vegas-based Home Builders Research.