Pub. 5 2016 Issue 6

l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s 10 I F I WERE to ask you to list your top security threats, how would you respond? No doubt many would mention cybersecurity, seemingly the hottest topic at banking conventions and forums as well as with examiners. A Google search for “top cybersecurity threats” produces lists like these: • Machine-to-machine attacks, headless worms, jailbreaking the cloud, ghostware, and two-faced malware (http://cnb.cx/1mLqnto) • Extortion Hacks, Attacks That Change or Manipulate Data, Chip-and-PIN Innovations, IoT Zombie Botnet, More Backdoors (http://bit.ly/29QcMeg ) • IoT: The Insecurity of Things, Sophisticated DDoS Attacks, Social Media Attacks, Mobile Malware, Third- Party Attacks (http://bit.ly/1ybzJmf ) Some of the aforementioned items might be in your own list and, like me, you may not even be familiar with some of these threats. How would you answer if I rephrased the question: “What is your weakest link in security?” You Are the Weakest Link! Well, YOU may not be the weakest security link but your employees probably are. In a CIO.com article aptly named “People Remain the Weakest Link in Security,” Graham Welch makes this statement: “People are largely trusting in nature. If you get an email from a friend, family member, or work colleague with a link, we tend to think it is genuine and trust the content. Yet again, we know that cybercriminals can easily PHISH OR BE PHISHED! By Keith Laughery, CISA, CISSP, CoNetrix