Stopping Cyberboom : Mitigating User error presented at BSidesTampa 2020

by Ira Winkler,

Summary : The most devastating attacks predominantly begin with some form of user action. A user clicks on a phishing message. A user goes to a malicious website. A user puts a malicious USB drive on their system. Etc. The commonly recommended solution is more and better awareness, which doesn't account at all for malicious users. This is like saying that if a canary die in a coal mine, you need to find healthier canaries. The fundamental problem is not a lack of awareness, but that users have the ability to initiate a loss. What is therefore required is a methodology that involves analyzing where the ability to initiate the loss comes from, stopping the initiation of the loss, and then mitigating the potential loss before it is initiated. This is what counterterrorism, safety, and accounting practitioners do in their professions. It is time for the cybersecurity profession to realize that a user action, error or not, is just the proximity of where the loss becomes visible. Addressing the proximity of the loss does not address the root cause of the loss, or the failure to mitigate that loss.