The majority of information security centers on technical attacks and corresponding technical defenses. However, human interaction can circumvent just about every technical countermeasure that brilliant engineers devise to protect vital systems and valuable information, either accidental or intentional. In fact, Microsoft’s latest Security Intelligence Report shows that cybercriminals are ditching the old strategy of exploiting software vulnerabilities, choosing instead to rely on deceit and deception.
According to Microsoft, one of the most common deceptive tactics involve luring victims with downloads by bundling malware with legitimate downloadable content such as software and videos. While deceptive downloads are one of the most prevalent tactics used worldwide, ransomware has also become another popular deceptive practice, where the malware pretends to be an official warning from a well-known law enforcement agency. It then proceeds to accuse victims of committing a cybercrime, demanding a fine in exchange for regaining control of their computer.
Worst of all, there are ways to access your information even without your clicks. Social engineering is a huge threat to national security these days, magnified by the Internet age – where an infinite volume of information is as close as the nearest browser. For example, automated password reset mechanisms are the norm on any account page; they are quick, economical and convenient for both the user and the issuer. But, social networking sites have made it easy for bad guys to guess the answers to common “personal security questions” such as your high school mascot, your mother’s maiden name, pet’s name, etc.
In light of the new threats, it’s so important to adequately protect yourself by keeping software up to date, only downloading from trusted sources, running an antivirus and constantly backing up essential files. But remember: the human remains the weakest link in the information security chain, so don’t forget the training! Even the most well-intentioned humans can be easily tricked into doing something dangerous.