Posts

The Weakest Link On Your Security Can Be Humans After All.

Updated: Apr 29



A Short Demonstration

I have had an interesting conversation with a security guy in a condominium building. I told him I can show him that anyone's security can be compromised. I promptly acted on demonstrating to that person how his phone has a big vulnerability.

I reached out and ask him "politely" if he wants to see, to which he agreed.


"Let me show you something that can really leak your info to the Internet." I said.

He handed his phone to me. I told him if he can unlock it for me so I can show him.


"Here you go." while unlocking it with his PIN in front of me.


"And that is how you make yourself vulnerable." while astonishingly dumbfounded as I quickly revealed to him that it was a part of the demonstration.


"Here you go." while unlocking it with his PIN in front of me.

Real-World Example


Even you think you have the best security in place, everyone can still be a victim of social engineering techniques by a person who is good at it. As the example of recent news regarding certain customer support personnel becoming a victim of such technique, effectively letting a third-party have access to the thousands or millions of private user information, any companies cannot be fully secured unless they are aware of all the loopholes that you can be attacked.


With these incidents, what matters to you most that you'll lose or diminish is consumer and business "trust". The reputation of your business might plummet down, however that is not the main story. The biggest impact would be on your customers, or users. Their information that got stolen may be used against them, putting their personal assets and potentially well-being in possible danger.


What Should You Do?


As part of security, it is imperative that anyone who can hold authorization credentials for important assets, have excellent training and have the highest discipline in regards to security. Even a company's own employee can be vulnerable.


To minimize or remove such loopholes, we can use technology, or implement technologies to add layers and improve your "security gates".


  • Make sure employees use a Multi-Factor Authentication method.

  • Make sure that employees are fully aware of risks and security controls.

  • Create a more carefully designed system so you do not need to expose too much information to a single person.

  • Perform regular drills and training, including simulations.

  • If possible, limit access to assets by controlling which or what IP can connect to your systems.

  • Employ third-party auditors to make sure loopholes and vulnerabilities are monitored.

  • Create a rapid response team that can quickly evaluate security breaches and damage control at slight irregularities.

The above examples are some of the necessary first steps any organization needs to do to create a safer and secure environment.


Conclusion


Having a trusted team of highly disciplined engineers is necessary to safeguard your system and assets from potential vulnerabilities anyone faces in this internet age.

In the end, the trade-off of features, availability, and accessibility, impacts overall system security.

As such, careful planning and contingency plans need to be in place to make sure you save your business future headaches.




13 views