Russian Hack Emphasizes the Importance of End User Cybersecurity Training

Weak cybersecurity infrastructure and a lack of end user training make organizations susceptible to cyber attacks. Such was the case in 2015 when Russian hackers seized the Joint Chiefs of Staff email system and “almost brought the U.S. military to its knees,” according to David Martin, CBS News’ National Security Correspondent. Though it’s been more than a year since the hack was announced, it still serves as an important reminder that leaving end users clueless about safe cybersecurity practices leaves the backdoor open to cyber enemies.

The Russian hackers initiated the attack by sending 30,000 emails to a West Coast University. Four of those emails were then forwarded to Joint Staff, and one was opened. Martin explained:

“Within an hour, hackers had seized control of the unclassified email system used by the Pentagon’s Joint Staff, the organization of some 3,500 military officers and civilians who work for the Chairman. In that time, the hackers seized the computer credentials of Dempsey and hundreds of other senior officers — the passwords and electronic signatures they used to sign on to the network. The only way to stop the attack was to take the network down.”

It took two weeks for the Pentagon to replace hardware and software and recover from this vicious data breach.

Cyber attacks have come to be known as weapons of mass disruption,” wrote Martin. Hackers target governments when they want to do irreparable damage to infrastructures and gain access to highly sensitive information.

If the individual who opened the corrupt email had known how to detect potentially threatening links, it’s possible that the entire crisis could have been averted.

Quick Tips for Training End Users in Good Cybersecurity Practices

Provide education on how to spot dangerous emails – It is a company leader’s job to provide end users with the education they need to spot phishing emails, report them, and, most importantly, learn to spot hazardous bait. Let employees know that a phishing email will often be generic and impersonal, have subject lines in all capital letters, claim the recipient has won some type of prize, and include links awkwardly placed mid-text.

Emphasize password protocol – End users need to understand that passwords should be strong, unique, and never shared.

Have an outside source conduct thorough end user cybersecurity training – Training end users in cybersecurity should be high on company leaders’ lists of priorities. Organizational decision makers that are serious about getting end users thoroughly trained in information security may want to consider having an IT training company do the job.

If your end users’ cybersecurity skills are less than rock solid, your company’s back door may be wide open to hackers. Which of these end user cybersecurity training tips will you implement today to protect your company from harm?

Please join Directions Training for a live expert discussion panel on October 26th, 2017. We will teach you the secret to maintaining a highly secure infrastructure. Register here.

Leave a Reply