dotmagazine: Why is human fallibility such an important factor in IT security?
Detlev Weise: Technology is made for people. This means that every IT innovation is touchable by humans. Untrained, it is a simple attack vector, but trained it is the strongest defense in the fight against cybercriminals. Our research shows, for example, that in initial untrained tests, 37.9 percent click on a simple phishing link, as shown in our latest KnowBe4 Benchmarking Report. It is important to understand that almost every successful attack on businesses uses phishing as part of the attack.
dot: With increasingly sophisticated social engineering attacks, is it possible for us to keep up, or have we already lost the battle?
Weise: The struggle is only lost when we give up, but that will not happen. Just as social engineering is evolving, so are we in IT security. It is precisely because these attacks look deceptively real that it is becoming all the more important to provide employees with help and teach them the signs of a fake email to make the company more secure. To do this, it is crucial to shape a security culture, because only then is business as usual possible. In our recently published "What Keeps You Up At Night Report 2020", it is clear that only 61 percent of respondents said they had implemented an effective security culture.
dot: How can security awareness within companies be encouraged, without it resulting in staff deleting important emails out of fear of the consequences? Where do you need to draw the line between being careful and being over-careful?
Weise: Basically, you cannot be too careful. If an employee is unsure whether an email really comes from the person or institution in question, there are logical other communication channels besides email. Our tool PhishER, together with the Phish Alert Button, helps exactly here. A supposedly risky email – from a security perspective – is not deleted, but with a simple click is sent to quarantine until an administrator in the company classifies it as safe. The great thing is that this does not only happen for the one email on a single account – rather, everyone who received this email is protected.
dot: How different is the level of security awareness in different parts of the world, and how can this be managed for companies with international branch offices and a multicultural workforce?
Weise: It is clear that the understanding of security is differently developed in the many different regions of the world. However, the Covid-19 epidemic has reminded every company that IT security is crucial.
Basically, we are on the right track, although the end of the road has not yet been reached. We have had the experience that security awareness can only be sharpened if there is a corresponding understanding. For this very reason, our media material on our platform is available in many different languages. We have also placed special emphasis on signaling an intercultural understanding of the respective culture.
dot: Will human error will remain a major vulnerability for IT systems in the long term?
Weise: This problem will haunt us for a long time to come. The human being is very important in operational processes and is therefore also a target of attack. I am convinced that especially with the younger generations, who have grown up with IT systems, this problem will also decrease. But it will never disappear completely. We should focus especially on the here and now, because the vulnerabilities are real and current. We should do the best we can to further develop the current tools and create a strong barrier against cybercrime in the long run.
Detlev Weise founded exploqii in 2014 as a co-founder and has been a sought-after partner and service provider for well-known companies for more than 10 years. Since May 2018, the Berlin company has been a subsidiary of the KnowBe4 family. After two more years as Managing Director, Mr. Weise has been acting as Senior Adviser and is on the advisory board of exploqii - a KnowBe4 company since July 2020. Prior to this, he was Managing Director for video producers and online marketing agencies in Germany and internationally.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.