Hello everyone,
I would like to present you two articles about the impact
of human on the IT security:
and
Presented articles were prepared by the International
Association of Privacy Professionals (IAPP). It is a non-profit member
association which provides a forum for privacy professionals to share best
practices, track trends, advance privacy management issues, standardize the
designations for privacy professionals and provide education and guidance on
opportunities in the field of information privacy.
According to the most popular cybersecurity reports there
are still many attacks that exploit human weaknesses (for interested: a report
of Cisco company: https://www.cisco.com/c/en/us/products/security/security-reports.html#~download-the-report).
Such incidents can be divided into three categories:
intentional (malicious), intentional (not malicious) and unintentional (inadvertent).
The most common (more than 96%) are inadvertent incidents. In general, they result
from human error or other accidental actions.
Questions are:
- Have you or your friends met phishing or malware attacks? What were the consequences?
- Do you agree that human is the weakest link in IT security? Why?
- Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
- Has the implementation of the RODO (GDPR) helped you somehow?
1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteWell I guess most of people are affected by phishing or malware attacks even though they might not know about it. I would say I was one of them by at least nothing major happened because of that. I use antivirus software, but to be honest I do not believe that they are worth money we have to pay for them. It is widely known that they only find approximately 30% of all attacks. I had a situation when I downloaded a software and had to reinstall whole system afterwards. And my expensive antivirus software of course did not notice anything bad happening.
2. Do you agree that human is the weakest link in IT security? Why?
Yes I do believe that human is the weakest link in IT security. Still there are so many fake advertisement claiming that ‘you won new phone’ and people despite knowing that it is fake they click such ads. Also they give their’s private data much more often than they should and they should notice when it is absolutely necessary and when not. Most of huge corporation problems where due to human mistake and not physical error. I still can see so many times that people do not log out.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
I think that raising awareness is important, but to be honest, I can’t see major differences. It is important to inform about security policy, since very often leak of such data can completely ruin company. But human is still human and despite many traineeships, they will still do the same.
4. Has the implementation of the RODO (GDPR) helped you somehow?
I believe that it helped me realise where my data is, because very often we do not even have idea about that.
In my opinion, you raised a very interesting topic – the antivirus software. It seems to be very important because on the one hand such a software may protect against malicious software and on the other hand antivirus developers create that malicious software to exist on the market. Thank you for this example.
Delete
ReplyDeleteVery nice topic, however I don't classify 'malicious activity' as 'human error'.
1. Have you or your friends met phishing or malware attacks? What were the consequences?
Well, I have been using Linux for most of my activity, including this very comment, for the better part of 15 years.
There are fewer threats on Linux, however online malware, malicious websites and phishing still apply.
I myself fell victim to the 'Blaster' virus in the early 2000s, on Windows XP. Since then I haven't ostensibly
been 'pwned', but maybe I don't know about it yet. I've had a few moments of terror, when I didn't notice Caps Lock:
'what? was my GMail hacked?' etc.
2. Do you agree that human is the weakest link in IT security? Why?
Well, yes, but this could be said about any other field (military, government, justice, healthcare - just to name a few).
Human is also the purpose of IT security in the first place. It only shows that security in IT is not only about hardware
and software, but must include some timeless knowledge about human nature.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
Yes, it does. Maybe it needs to come in cycles, because some people just lose awareness after some time (so called 'attention span').
So no matter how many times some people are told not to click on random links in spam messages, they still will do it.
4. Has the implementation of the RODO (GDPR) helped you somehow?
There are tradeoffs. For example, when I write to a company to delete my account on their website and the associated personal
data, they are now like 'Sir, yes, sir!'. When I wrote to (name removed, a Polish social media site) asking that long time ago, they were more like 'Kiss our collective (censored), sucker!'
This is a plus. But on the other hand, I now have to agree to something everytime I open a website. This wastes precious time and can cause RSI in the long term.
Thanks a lot for your comment. I agree that the raising of cyber-threats awareness should be done in cycles, maybe periodically. We can laugh at RSI but nevertheless the threats are serious and we are at an increased risk group...
Delete1. Have you or your friends met phishing or malware attacks?
ReplyDeleteWhat were the consequences?
All people who currently use computers connected to the
Internet are exposed to such attacks. With the exception of
those who have a well-secured intranet or computers not
hooked up to any network, for example, to process sensitive information.
Both I personally and many of my friends have been repeatedly
exposed to this type of attacks. I believe that only consciousness
and responsibility can save a man from problems.
No free or paid software will save us. If it ends only and only
re-installation of the system is good. Often, this type of software
even damages the computer or removes data so that it can not be recovered.
That's the loss of data that met me!
2. Do you agree that human is the weakest link in IT security? Why?
Yes, man is the weakest link in any IT system. It's people who save
passwords in strange places, set weak passwords and many other
things to break into IT systems. Machines work straight. With
them is yes or no. Man still has: - maybe, - or, - why!
And that's what causes security weakening.
3. Does the raising of cyber-threats awareness among computer
users or employees really make sense? Why?
Of course! We need to make people aware of cybercrime and
cyber attacks. This is especially true for older people
who are just starting their "adventure" with computers and
the Internet.
But "cyber" is not only such attacks, but also attempts to take
control over strategic devices. And what about BitCoins ....
4. Has the implementation of the RODO (GDPR) helped you somehow?
Implementation of the ROPE in the Polish reality is currently a
big problem. People overinterpret the provisions of this law.
The creators had another assumption writing it ;-) But as
always it came out as it came out and what ....
Today, when you buy in Lidl, Biedronka or any other alcohol store,
we can tell the cashier: "I will not show proof because RODO -
and this is the processing of personal data!".
Yeah, of course – you can say it but you won’t receive the coveted bottle of alcohol… However, I agree that we have a problem with the interpretation of this regulation.
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteI or my friends didn't meet with phishing or malware attacks. My computer is protected by special software that detects suspicious websites and any threats that may infect my computer. The tool that checks the security of a given page informs me in the form of an icon if the given link is safe.
2.Do you agree that human is the weakest link in IT security? Why?
I agree that human is the weakest link in IT security. Human isn't perfect. Even the best security won't protect your computer when people don't think what to do. Antivirus informs us about the threat and we ignore it because fg. we want to use the program. We think it's a false alarm.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
I think it makes sense. Not knowing about certain threats is a source of danger. The richer the person with knowledge about security the more prudently he will approach security issues and avoid them in the future. When eg. receives an email from an unreliable sender will know how to behave to avoid the danger of infecting your computer with a virus.
4. Has the implementation of the RODO (GDPR) helped you somehow?
Not especially. It may be a little easier to fight with companies advertising the product or offering pots for sale. Browsing the pages has become a bit more troublesome because information about data processing and options to choose from are displayed. However, such a price can be paid if you have more control over your data.
In my opinion that informing about personal data processing is really tiring but I suppose it could be solved in another way. Such information should be available but in the place provided for it and easy to find for who is looking for it, not for everyone who displays the website.
DeleteHave you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteFortunately I have not been a victim of phishing attack. One of my freds was victim of identity theft and the consequences was pretty harsh for him.
Do you agree that human is the weakest link in IT security? Why?
For sure human is the weakest link in any security system. Human could make mistake, could compromise the confidentiality of information or commit much more careless actions
Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
Awerens os possible thread make large difference, but in current times the level of information security threats is so low that basically any campaign or movement seems to be really important.
Has the implementation of the RODO (GDPR) helped you somehow?
I do not think so. Forcing companies not to keep data does not mean that these data are secure
Thank you. Asking about regulation, I thought about your personal feelings. The security of personal data is another issue - it was not the main purpose of that regulation.
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteProbably everyone who has an email has met with phishing. I try to warn and educate people in my environment, and I haven't met a person who had big consequences because of this.
2. Do you agree that human is the weakest link in IT security? Why?
People will always be the weakest link in IT security. Even if we implement the most advanced security systems, they will ultimately be operated by people. And a high level of security and user-friendliness usually do not go hand in hand. In this case, people like to go the easy way and use, for example, very simple passwords.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
Raising user awareness always makes sense. This may not prevent all possible dangers, but maybe some users will be more careful, the red lamp will light up and before they click on something they will consult someone else first.
4. Has the implementation of the RODO (GDPR) helped you somehow?
Yes, I like the fact that companies have to report personal data breaches. Thanks to that I know that my account data could be taken over and I can take care of security by changing my password.
You mentioned a very important problem: conscious clicking. How many phishing attacks would be unsuccessful if users had previously advised a competent person. It is a simple method and, paradoxically, it can’t be enforced in reality...
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteThere were similar problems with me, and with my friends. The complete rollback of the Windows OS helped me solve this problem. Also, my computer was infected with an adware virus, but a topic on the Internet helped me solve this problem.
2. Do you agree that human is the weakest link in IT security? Why?
All that one person created could be hacked by another person, but what alternatives do we have?(If we are talking about antivirus). But the infection of the computer depends on the fact that we download programs from unverified sources, do not use antiviruses and much more. Computer infection depends on the actions of the person himself.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
It all depends on the person. I think awareness can only reduce the chance of cyber threats.
Yes, I work with user data, and we have a lot of RODO courses.
Adware is a curious topic. On the one hand we have a malicious software that displays ads to us - on the other hand we use antivirus software with adware license. The only difference is that in the latter case we agreed to ads.
DeleteQuestions are:
ReplyDeleteHave you or your friends met phishing or malware attacks? What were the consequences?
I think that we meet phishing and malware attacks on a daily basis. I was easy to spot years ago, when ive got some strange emails asking for my data to win something. Ofcourse I was aware of that so I have not experienced any consequences. It was also easier to met some malware attacks. Nowadays everyone has antiviruses and is aware of such kind of attacks so methods of attacks are more sophisticated.
Do you agree that human is the weakest link in IT security? Why?
I agree with this statement. There are two reasons of that. First of all humans create security. If there is some mistake in a security it is because of human mistake. We can create various kind of security tests but if a test does not contain some perspective then software may e not secure. We cannot avoid humen mistakes. Second reason is user of a software. If he or she do not use secure password, dont use it at all or share it with others then no matter how secure is software it may be hacked very easy.
Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
Yes everyone should know about cyber-attacks. We use computers on a daily basis so we should know how to use it safely. No metter what we are doing if we are artists, scientist, teachers or whaterver we are in danger of cyber-attack. If we teach kids at school how to be safe when passing a street we should also teach them about cyber-security.
Has the implementation of the RODO (GDPR) helped you somehow?
I think that RODO make us know how ofthen we share our data and where is stored. Everyone remembers the amount of e-mails we have got when RODO come into force. This is proportional to the places where we share data.
I totally agree with your opinion. The worst thing that users do is improper handling of their password. Apart from keeping them in commonly available places, they are often disclosed to third parties, which is unacceptable.
DeleteIn my previous workplace there was a hacker attack. It happened when the accountant opened an e-mail with a false invoice. The attachment turned out to be infected with a virus. The result of the virus activity was encryption of her computer. Luckily, in that company, computers were created temporary backup of data. This backup was always made after work, after 3 p.m. She opened this malicious file at 9 am. Because it was morning, it had no consequences - the virus did not encrypt any data that would not be secured. The technical support was very surprised by the fact that the virus file was not stopped by the firewall on the server and by the antivirus software that is installed on the accountant's computer. But, as the saturation showed, the security software also failed. The only exception to the rule is the man is the weakest link. It happens that it does not work according to fixed schemes, as is the case with the algorithm. Additionally, man makes his decisions spontaneously, as in the case of opening a malicious file by an accountant. And last but not least, the most important issues. A nun can be easily deceived and manipulated by the distant turns out to be the weakest link. The best way to do all this is to subscribe to a sentence, one of the most famous Hacker. Kevin Mitnick said: "You can never protect yourself 100%. What you do is to protect yourself as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.
ReplyDeleteRodo will not protect us from hacker attacks. Rodo allows you to systematize who is responsible for our data, how our data is transmitted and by whom. In my opinion, leading Rodo turned out to be a very good decision. Thanks to that we know how many companies and corporations have sold our data. But that's all. If someone steals our data and uses it, nothing can be done with it anyway.
DeleteSo your company faced a ransomware attack via phishing. Nowadays it’s a very popular method of attack and efficient, too. Of course you are right about the purpose of introducing RODO – it won't protect our personal data against hacker attacks.
DeleteHi Damian,
ReplyDeleteThanks for important subject.
As for your questions:
1. Actually, personally I had no such case in my history. But I can give an example I’ve read about:
On Thursday, March 16, 2017, the CEO of Defense Point Security, LLC — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.
I find it interesting that a company which obviously handles extremely sensitive data on a regular basis and one that manages a highly politicized government agency would not anticipate such attacks and deploy some kind of data-loss prevention (DLP) technology to stop sensitive information from leaving their networks.
2. Human is the weakest element of IT security strategy for two reasons. First of all, because this is human, who is responsible for the rules the IT system works. I mean not only programmers and systems architects, but also companies’ management, the board etc. Apart from that, this is also man, who takes care of service and proper acting of all the procedures in the IT systems – here I mean current everyday human staff responsible for system’s maintenance.
3. In my opinion rising cyber-threats awareness among people really has sense, because they can be more careful then. On the other hand, implementing more limits can bring unexpectedly opposite effect - because it provokes appearing more and more ideas in this respect. Then “negative” feedback effect can appear (the phenomena known from physics lesson in high school, giving opposite than snowslide effect). More solutions, care, plans we prepare - less free we are….
4. I am very sorry, but it only has complicated everything. I am writing this as a lawyer conscious, that any other country in Europe has such sophisticated regulations. Polish legislator is the best one…
Best regards, Marta
Thank you for that example. It’s really funny… In any case, this situation shows how effective hacker attacks can be. It is nice to have the opinion of someone who knows RODO not only from the user's side, but also from the law side.
DeleteI probably haven't experienced any malware attacks or at least not any serious one.
ReplyDeleteI agree that human is the weakest part of any security system. I've read a book about social engineering in the context of penetration tests. The book described many case studies (probably fictional but I'm sure there must have been similar situations in the real life) where attacking well designed security systems by exploiting a human mistake seemed really simple.
Raising awareness of cyber-threats is definitely beneficial, Probably many people simply don't know that for example plugging in unknown USB stick is risky.
Implementation of GDPR didn't help me in any way. It's rather annoying, especially that people/companies often add their own interpretations to these regulations and it's becoming a comedy.
Yes, mentioned book may present real situations. I know some curious examples of a company that conducts security audits and they are exploiting human errors. It always works.
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteI saw a few phishing emails in my box, but I never respond to it and I never lose anything. In case of malware, once or twice I by mistake istalled some Adware, but it wasn't danger one and after using some antyvirus I got rid of them.
2. Do you agree that human is the weakest link in IT security? Why?
Yes, human is the weakest link and usually you can find a prove in top 10 most popular password list. If someone use 'passwors' or 'holiday' as a password to some important software then the answer is pretty clear.
3. Does the raising of cyber-threats awareness among computer users or
employees really make sense? Why?
Yes, becouse of point 2. :) Generally for most users the phising and dangerous software treats are obvious, but cyber security is like a chain and a chain is only as strong as it's weakest link.
4. Has the implementation of the RODO (GDPR) helped you somehow?
It help me to find out, who have my personal data and for what pourpous he use it. After few emails about using my private data I unsubscribe myself from some not needed webpages or vendors.
Yes, I agree. Creating passwords by users is a difficult topic. Despite the existence of lists of dictionary entries users still use them forgetting the basic principle that the password should primarily have the right level of complexity.
DeleteHave you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteI share Cezary's opinion that a lot of people are affected by phishing or malware attacks, and they usually don't know about that.
Phishing is still very popular. A lot of people use a computer very fast, and they don't read all the information that they should on a website. It's a reason why hackers like phishing as an easy way to get more information from uses.
I know nobody who has a problem with phishing or malware attacks.
Do you agree that human is the weakest link in IT security? Why?
Yes, I agree. We know viruses, but we think it is somewhere on the Internet - not in our computer system. However, I think we are safer now than a few years ago. Computer operating systems are secure because of the firewall system, internal security systems etc.
We don't use very often good antivirus software, and we don't configure this. We misuse our devices way when we are in travel or public place. We don't understand that using computers in an open Internet is very dangerous for us.
Does the raising of cyber-threats awareness among computer users or employees make sense? Why?
Yes, it makes sense. Even computer scientists don't understand all possibilities of hacking attacks. There is a reason why all of us should be involved in the pieces of training. Companies should organise pieces of training for employees about cyber-threats awareness as well.
Has the implementation of the RODO (GDPR) helped you somehow?
Art. 30 GRPR provide much information about technical and operational requirements for controllers and processors as well. Many companies changed security approach and created new internal access regulations. I think it improves data protection.
I think the information about this who and how to proceed with my data support me and I have a better awareness about the security of my data in any places I provided them.
Thank you for your answers. Good example of threat – an open wireless network. In this situation, unfortunately, we do it at our own risk.
Delete1. I have never encountered such attacks. However, once in a while, you can hear about incidents as a result of which confidential data is stolen from the corporation. I think the reason for such incidents are mostly unintentional human errors, rather than real hacker attacks.
ReplyDelete2. Yes, I agree, man is the weakest link. Antivirus software is made by people. Network security is also supervised by people. It is the person who decides what content the user will have access to and what type of content will be considered inappropriate. People also create and send out viruses to cause problems to others. Other people inadvertently download malicious software by entering unauthorized links.
3. Yes of course. The awareness of computer users with different types of threats should be increased. Not every Internet user is aware of all the dangers in it. Still a large part of users do not have anti-virus programs installed (including some of my friends). It can be argued that carefully selecting what is being clicked on the internet, for example, no e-mails or links from strangers, it is one hundred percent safe.
4. Yes and no. On the one hand, it is good to know who and where stores my data. On the other hand, the RODO is very cumbersome and you have to be very careful to observe it, for example at the university, when I have to tell each student individually to get an assessment so that his colleagues will not hear it.
This is a curiosity. It seems to me that it is just impossible. There is no time enough to tell it to every student separately. In my opinion, in this way, we lose the opportunity to mobilize other students or possibility of student cooperation or we are simply destroying their community.
DeleteHave you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteLuckilly no, but to be honest I have only three, maybe four, friends which are interesting in cubersecurity so rest of them could just don't know about it ;)
I know how easy is that attack (we simulate that in our privace network and I have to say that this type of attack is really easy to prepare-on web we have many tutorials step by step and ready to use exploits).
Do you agree that human is the weakest link in IT security? Why?
Of course. The answer is...because most of the system wouldn't be hacked if anybody from employees don't make any mistake (click in link/ insert USB driver...).
Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
It is necessary! And I have to say that when we show our prepared phishing attack for colleague they was just scary how easy they can lost everything...files, privacy, control.
Has the implementation of the RODO (GDPR) helped you somehow?
I'm sure I get fewer phone calls from pot sellers who "will change my life" :D
Well, welcome to the club :) I have also problems with “whatever” sellers… Sometimes I feel like RODO is not a reality in Poland...
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteWe get affected by phishing and malware attacks all the time. Though very often we're not aware of it. Antivirus software systems are not working as perfectly as they should in theory. They're not detecting everything that the should be detecting. And even you bought all most expensive antivirus progammes in the world, malware will always find a new way to enter your computer and steal your data.
2. Do you agree that human is the weakest link in IT security? Why?
Yes, because human beings often do certain things impulsively, without thinking, spontaneously. What's more we're not paying attention to the fact what we are doing with out private data. We are flooded with programmes, applications, loyalty card to various shops and everyhere we are to reveal our personal data and we're doing it even more than willingly. We're not thinking about the possible problems and dangers that we might be facing in the future due to our recklessness.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
Raising awareness and spreading knowledge about cyber-threats is really important and it does make difference, because one can eliminate the most obvious human mistakes resulting from one's recklessness. But still it doesn't mean that we'll be safe, the company's data will be secured. There will always be malware the existence of which we won't be aware of.
4. Has the implementation of the RODO (GDPR) helped you somehow?
It made me realise how many companies took advantage of my personal data without my knowledge and true consent.
There is no doubt that ensuring security always depends on user's prudence. This factor is undoubtedly irresistible. We can only raise the awareness of users through continuous training and giving them practical tips.
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteI’m facing a phishing awareness test performed by my company from time to time, but I never experienced that kind of attack at my private account.
2. Do you agree that human is the weakest link in IT security? Why?
Yes I agree that people are the weakest link in IT, they are often not aware of the consequences of their activity in the web, and in many cases their curiosity win with the rationalism. But on the other hands this is human nature, and the antivirus software are developed to prevent that kind of threat so from this perspective the antivirus software are the one that fail.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
Of course that kind of awareness among computer user is very important, it will not prevent them from all of the cyber-threats, but it will reduce the probability of phishing and other common type of the cyber attacks.
4. Has the implementation of the RODO (GDPR) helped you somehow?
No, I don’t see how RODO could help my protect my privacy but I am forced to re-sign all of the consents I agree for in a past, on each site over, and over again. In my opinion there is more fuss about it and nobody know how to make use of it.
In my opinion antivirus software will never be perfect. Ultimately, everything depends on the human being. He starts with the decision about having an antivirus and ends with ignoring warning alerts about danger.
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteI don't really recall any such attack. Also don't think any of my friends talked about it. Maybe it is just too embarassing for them to admit.
2. Do you agree that human is the weakest link in IT security? Why?
I agree. Not only from philosophical point of view that behind every link of security chain is some decision made by humans. Also - as stated in articles - unintentional or inadverent data breaches are majority.
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
One one hand it does, especially for unintentional incidents. On the other hand, this is arms race, and maybe more aware users will face more elaborate phishing attacks?
4. Has the implementation of the RODO (GDPR) helped you somehow?
Helped me? I don't think so. There was a wave of emails from data controllers (no surprises there) and now just new kind of popups on the sites I visit for the first time.
Thanks a lot for sharing your thoughts. I agree that confessing to the situation that you have been the victim of a phishing attack is not easy. This is due to the fact that the ultimate responsibility for such an act lies with yourself.
Delete1. Have you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteYes, I have met both phishing and malware attacks and fortunately they had no consequences. Nowadays, phishing and malware attacks are inherent part of the Internet. Sometimes I see suspicious emails in my email box. They include information like “We need some details to do something” or “ if you do not give us some details, we will block your account”. I don’t respond to these emails and I think that most of people do not respond as well. The consciousness of society is getting better and people are aware of consequences and they are prudent. As for malware attacks, they can appear in downloading software or computer games. Last month, I downloaded a free software and it contained a malware. Happily, my antivirus detected it and I deleted it. My friends had similar experience with phishing and malware attacks.
2. Do you agree that human is the weakest link in IT security? Why?
Definitely, I agree that the human is the weakest link in IT security. People often use the same passwords to log in social media, email box, bank account and etc. Part of them use simple passwords like “12345”, “qwerty”, date of birth or name. Moreover, some of them keep passwords in unsecured place. They think that they cannot be victim of attack but they are wrong. The second issue is that that people do not pay attention for URL address. The institutions like banks have Hypertext Transfer Protocol Secure (HTTPS) in URL address. There are cases where hackers redirect connection to URL address without HTTPS. The third issue which is worth attention is fake links where you can see message like “ You win something, please click there”. The last issue which I want to consider is fact that people do not log out. I am an academic teacher and when I finish classes with students I sometimes see that some of them did not log out. The human is fallible and will be fallible so I think we should learn how to live with fact that human is the weakest in IT
3. Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
In my opinion, raising of cyber-threats awareness among computer users or employees makes sense. Increasing the humans' awareness is very important and it would help people to protect their data themselves of cyber attacks more efficiently. I think we are not able to prevent cyber-threats from our live completely, but the appropriate education in IT scope certainly improve overall level of computer security.
4. Has the implementation of the RODO (GDPR) helped you somehow?
RODO has not helped me immediately. For example, RODO can help to find out who stores my personal data. I do not find the acts of RODO very interesting, although I noticed that people tend to overinterpret RODO in Poland. When I read the newspaper, sometimes I can read some absurdities about RODO. As far as my teaching practice at the university concerned, I noticed that some of my colleagues do not want to check an attendance list in common way, as it is not in accordance with RODO regulations!
I agree that because of RODO we behave crazy. Most likely because we misinterpret it. Thank you also for the example with not logging out. It shows human weaknesses - often we do not focus on our privacy and we lose it.
DeleteThis comment has been removed by the author.
ReplyDeleteHave you or your friends met phishing or malware attacks? What were the consequences?
ReplyDeleteI - personally - have never been a subject to phishing, but I heard about a lot of cases when people fell for that kind of deception. For example, one woman got an e-mail, considering all of her basic data, saying that she inherited about 500.000 dollars after her deceased ancestor. The surname was the same as hers. The mail supposedly came from the American lawyer, it contained the logo of the real lawyer, contact infos etc. After she replied, the alleged lawyer asked her to give some money for starting the procedure of transfering money for her Polish bank account. On the next few weeks there appeared one problem after another, all of them demanding higher and higher sums of money from her. Eventually she paid 100.000 zł before she came to the Police! And I know there is a common criminal practice to fake an e-mail allegedly coming from the bank, saying about the changes in the bylaw, and demanding giving some data before the person can check what differences this change will cause. After that the infos go straight to the thieves, who then uses it for cadging the bank loan on the fake name.
Saying about the malware attacks it is pretty common. I found a lot of times - when I was still using the Windows - some Trojan horses on my computer. Also everyone heard about Anna Kournikova virus or CryptoLocker.
Do you agree that human is the weakest link in IT security? Why?
Of course I agree with this statement. First of all it has to be said that all of the IT security is creating by people, so only them can be blamed for eventual mistakes or lack in the security. There are people programming the security systems and any of lupos are coming from their incompetency. Sometimes it is caused by lack of skills, sometimes it is coming from nowadays abilities, which are limited by the current knowledge. Sometimes even it is the effect of purposful behaviour - when the mistakes are written in the code in order to make it possible for someone outside of the company to use such programme to hack into the system and make some changes.
Does the raising of cyber-threats awareness among computer users or employees really make sense? Why?
In my opinion it is crucial to ensure even the smallest level of security. In these days, when almost every company is dependent on computer system, it is really important that all the epmloyees know the basic ways to protect the system during the work-hours and after that. Informations that are used in the job can't be easily hacked. And when there is a usual company, not the IT one, in many cases employees don't know anything at all about cyber security. So it is necessity to raise among them cyber-threats awareness. The same we can say about people in their homes, using the Internet - they also should know how to protect data created on their computers.
Has the implementation of the RODO (GDPR) helped you somehow?
In fact I can say that RODO politics for me only make things more difficult. I think that the general idea of it - protecting the personal data - is right, but it is not implements properly. There are all of the inocvenient restrictions - such as neccessity to accept on many pages Privacy Politics or receiving tons and tons of e-mails about changes coming from RODO - but in fact all of the companies still uses data against the clients will and find loopholes to break the rules coming from RODO and not bearing any responsibilities for that. So to be honest, I can't say that the RODO helped me in any way.
Thank you for your answers. I have also met a similar e-mail as that woman. It was an offer to store money which was supposed to be a large share but only after the own contribution. Fraudsters are not sleeping…
Delete