Sunday, October 19, 2014

How do we achieve 100%?

I nearly always drive when I travel. I hate to fly. I drive because before or after a busy week, the time on the road lets me think, without the constant interruption of email, phone calls, etc. This is some of my most productive thinking time. I like to play audio books. Yesterday it was Moby Dick --I like the classics.

Yesterday, during my eight hour drive, one of the things that I thought about over and over, was a conversation I'd had with a security manager at one of the government agencies during the week. We talked about his small team, and the need for analysis, and as the conversation continued, he brought it back to the user. Here's what he said. It stuck with me...

Users get literally seconds to decide whether or not to click that email. They've gotten really good at recognizing run of the mill spam, and sometimes even catch the more advanced phishing, but still, our job is to give them the tools to help them during those few seconds. And if they make the wrong choice, then we need to be able to protect them. They really do try and do the right thing, but the emails can look very real. What are they to do? They rely on us.

So on the heels of yesterdays (blah) blog that I posted before hitting the road, I wanted to take a moment and address this very simple, but at the same time, very complex thought process.

This manager told me the story of an overzealous retired Air Force cyber guy who walked the halls, telling people, one at a time, that they needed help. He did threat briefs, helped users, and built a program --one office, one person at a time. Every office apparently has their own systems administration team, and none want to be 'that guy' who let their boss be embarrassed by having him or her click on spam. So they do an amazing amount of education and awareness. But again, it's not just the 90% that we must consider. And while it sounds unreachable, identification and mitigation of 100% of malicious emails must be the goal.

So how does that happen? Today, it doesn't. I've heard of email 'detonation' services that click on every link. DLP in this space is largely ineffective. Rule based systems have to little flexibility.

So I put this to you...

Thoughts? How do we achieve 100% guarantees of user protection in their email? How do we protect a diligent user when when they make the wrong choice?

Post a Comment