GUEST ESSAY: Here’s how and why ‘trust’ presents an existential threat to cybersecurity

By Mark Guntrip

Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises.

Related: Deploying employees as human sensors

Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.

This neglect is not only a threat to personal data, but also a threat to corporate security. As we continue to live a majority of our lives online, there are many ways that both consumers and enterprises can better protect themselves against hackers.

According to our survey, the majority of consumers (77 percent) are confident they can identify, and report suspected malicious cyber activity despite general apathy toward proactively securing their devices and personal data.

Confidence gap

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). When it comes to protecting themselves and their devices, few are practicing the basics:

•Only 21 percent use email security software

•Only 33 percent consistently use two-factor authentication (2FA)

•Only 28 percent don’t use repeated passwords•Only 20 percent use a password manager

The gap between confidence in oneself when it comes to cybersecurity hygiene and actual implementation of protection against cybersecurity threats leaves much room for bad actors to execute successful malware and ransomware attacks.

Blurred lines


The hybrid workforce is here to stay, along with the blurring of work and home. Most people have work email, files, messages and more on personal devices, and use corporate devices to shop or stream content (our research says 56 percent of consumers engage in personal activity on a work device). This, combined with expanding attack surfaces due to the infinite number of networks being used by employees, has created the perfect storm.

Bad actors today enact Highly Evasive Adaptive Threat (HEAT) attacks with more frequency and success. Enterprises are scrambling to find better and more effective ways to secure their data and decrease the number of breaches occurring.

But since many employees are apathetic toward implementing security practices and prevention methods, it becomes a more and more daunting task for cyber professionals.

While cyber experts cannot save everyone from ransomware or other forms of threats, there are plenty of preventative ways for both consumers and enterprises to try and stop attacks before they occur.

Both consumers and enterprises can better protect themselves by:

•Enabling 2FA

•Using strong passwords (random combinations of letters and numbers are best) and storing them securely in a password manager

•Not using repeated passwords

•Reporting suspicious communications

•Installing security software and ensuring all your devices are running the latest software

•Backing up = files to a cloud or offline location regularly

•Not responding to, clicking on links or opening/downloading attachments from any number or email you don’t know (we promise your CEO isn’t really texting you about how your bonus will be paid via gift card you can download by clicking on that weird looking link)

What needs to get done

For corporations, additional steps that should be taken include:

•Having cloud security that spans web and email to prevent ransomware and other attacks

•Setting up systems to require 2FA for all employees

•Ensuring employees review security protocols as part of training and development

•Enforcing strong password requirements for email and other applications

Bad actors are not going away anytime soon, and we can predict that in 2023, we’ll see even more threats and attacks than in years past. Still, there are many ways that consumers and enterprises can protect their data and educate one another on the very real threat that these invisible enemies are. The more awareness raised about cybercrime and malicious activity, the more we can do to try and prevent attacks from occurring before it’s too late.

 About the essayist: Mark Guntrip is senior director of cybersecurity strategy at Menlo Security, a Mountain View, Calif.-based web security vendor that provides secure, cloud-based internet isolation.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone