In a large American city recently police officers raced to a home after a 911 call. At the scene, a frantic citizen shouted to them that inside the house a murder was imminent. As the officers opened the front door to enter, they were surprised by a man who ran past them. To their dismay, he jumped into a running police cruiser and sped away. Dumbfounded, they called for backup. They found the car abandoned within 30 minutes, but the perpetrator had escaped on foot. He is still at large.
Fortunately, the car thief was no hacker, just a guy who needed a swift get away and the running prowl car was handy.
Imagine if the perpetrator were a hacker and he stole the car with the purpose of changing arrest records or worse. Inside the car, he would have found a laptop logged into the city’s police dispatching application, the state-wide criminal database and other highly sensitive systems. The 30 minutes he had the car would have been plenty of time to change criminal records, insert malware, viruses or ransomware, or download protected confidential information.
Always remember that there is NO defense against a hacker who has access to a connected, logged in device. It’s the easiest way to breach your systems.
Securing network connected devices should be the first fundamental of cyber security. Doing so means managing the biggest risk to your digital assets: the end user.
That’s right, you and me. We leave laptops and desktop PCs logged in because it’s easier than re-entering the password over and over throughout the day. We write down our passwords on a Post-it note and hide it under the keyboard. We leave secure NFC key fobs at home. And of course, we complain about the burden the IT folks put on us in the name of security. “What’s wrong with using the last four digits of my social security number as my password!” we ask. We, the users, are the weakest link.
To protect yourself and your organization you must employ security methods that your users will embrace. Otherwise, your most secure and sensitive information is open to anyone who can sit in front of a network device.
Biometrics provide greater security and user adoption. Consider such tools as part of your cyber security policies and methods. Face recognition, voice command, fingerprint and palm prints, iris scan and even heart rate monitoring applications are being deployed to thwart the risk of the end user leaving an unattended logged in PC.
Make sure your cyber security policies, methods, and tools account for internal threats as well as outside evil. After all, to some people, a running police car is an invitation, not a deterrent.