Was Jeff Bezos the weak link in cyber-safety?

The tabloid appeared to have were given maintain of some very intimate texts and photos he had despatched to his lady friend Lauren Sanchez.

In my record for the BBC World Service programme The World This Week, I recollect why people are frequently the weakest hyperlink in cyber-safety.

Mr. Bezos is the sector’s richest man, constructing his fortune via an agency that is remodeling the way we stay with the innovative era.

His commercial enterprise, Amazon, has cyber-security on the heart of the whole thing it does.

So how come he risked sending distinctly embarrassing photos to his lover’s telephone most effective to peer them hacked and grow to be inside the palms of a tabloid newspaper?

If he could not forestall himself from doing something so stupid inside the first place, the argument goes, clearly his company ought to have furnished him with the world’s most unhackable cellphone?

On Twitter, a person known as counterchekist had the answer to this, saying that all the arena’s money and specialists could not defend a device towards its largest weak point, “the human the use of it”.

In different words, generation can simplest cross to this point. Good cyber-security relies upon on educating human beings no longer to be idiotic.

The idea that the human element is the weakest hyperlink is probably the largest unmarried cliche in the cyber-security enterprise.
Security companies may additionally sell all types of high priced equipment to guard their clients against attacks, however, all too often they may be rendered vain while a person in the business enterprise clicks on a dodgy hyperlink or forgets to put in a crucial software program update.

Look at any of the important cyber-safety incidents of new years and you are likely to find they start with a human making a mistake.

The fault that took down the O2 cell telephone community in the UK for 24 hours in December 2018 was the first idea to had been the result of a hacking assault.

It then emerged that a person had didn’t renew software certificates. “One of the maximum simple structures administration errors you may believe,” a waspish comment on the Computing Weekly website online said.

Jeff Bezos: AMI defends a position on Amazon founder
Football Leaks: ‘Suspected hacker’ detained in Hungary
Hacking the US mid-terms? It’s toddler’s play

The assault which saw hackers – presumed to be from North Korea – take over the pc machine of Sony Pictures and launch all forms of embarrassing statistics started out with emails designed to trick executives into turning in their Apple ID credentials.

And guess what? Some of these human beings used the very identical passwords for his or her Sony account. Hey presto, the hackers had been in.

What is called social engineering is becoming a key weapon within the hackers’ armory. Rather than mounting a few devilishly smart hello-tech attack, they pick out a key man or woman and work out the way to target their weaknesses.
Scammed!

A while lower back, I spoke to a cyber-protection company that specializes in countering so-called spear-phishing, in which a senior government is focused for an attack. They proposed a mission to me. Sometime over the following few days, they could prove that they could idiot me into clicking on a questionable hyperlink in an email.

Hah, I notion. Fat threat. I am very careful approximately what arrives in my inbox anyway and I will be even more watchful now.

A few days later, an email popped up from Jat, the manufacturer of my World Service radio programme Tech Tent. He messages me several times an afternoon. It changed into approximately my Twitter account and study: “You really need to check this,” pointing to a link.

Of route, I clicked, and determined myself on a web page belonging to the cyber-security business enterprise with a message pronouncing: “We got you”.

Somehow they’d spoofed my manufacturer’s email cope with, and so discovered the space in my defenses. After all, anybody trusts their producer.

This all begs the question: if protective your important information depends on making people greater practical instead of the use of all varieties of whizzbang technology, wouldn’t it be higher to hire psychologists as opposed to cyber-security agencies?

They might even be cheaper.

Of direction, the reality is that plugging information leaks is a multi-faceted enterprise.

An corporation needs to make sure its personnel has relaxed gadgets, understand the corporate statistics safety rules, and have a modicum of not unusual feel.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *