Employees need regular refresher in cybersecurity
We need to get in front of computer users on a monthly basis to reinforce basic and fundamental aspects of cybersecurity.
Information about a cyber threat analysis experiment conducted in 2011 by the Homeland Security Department has recently come to light and reveals the extent to which computer systems are exposed. The DHS experiment was designed to see how hard it was for a cyber attacker to corrupt workers and gain access to computer systems. To make that determination, DHS workers covertly dropped computer CDs and USB thumb drives in the parking lots of government facilities and private sector contractors.
There are a few key findings from that experiment which all of us should find very troubling. Of those who picked up the CD or thumb drive, 60 percent plugged them into an office computer. That number increased to 90 percent if the drive or CD case had an official looking logo.
As many of you might remember, in fall 2008 it was an infected thumb drive found near the Pentagon that resulted in computer and network issues in the Pentagon and theaters of active operations.
Nearly two decades ago studies were conducted that indicated users were the weakest link when it comes to computer security. It appears the DHS study has confirmed that not much has changed.
The only way to address these issues is a continuing program that combines training with threat awareness communications. We need to get in front of computer users on a monthly basis to reinforce basic and fundamental aspects of cybersecurity. This is now a necessity for all systems that access sensitive or classified information.