Credit: Sean McGrath
In the last week, I saw several articles stating that users are responsible for most ransomware infections. It is a very specious argument in that, yes, a user inevitably has to click on a link or download a file that then is activated and encrypts the hard drive. There are no common worm-like ransomware variants that infect systems without user interactions.
Given that, it is therefore easy to blame users for causing ransomware infections of their own systems. However, the reality is that for the user to infect their system, there are many technical failures, which are due to the IT staff’s actions or lack there of.
I previously wrote how safety principles identify how the work environment creates the safety problems. For example, fork lifts moving throughout warehouses and factories can hit workers not paying attention. You can blame a worker for walking into the path of a forklift, or the driver for driving unsafely. However, it was shown to be much more effective to draw lines on the floor of factories and warehouses to define walkways. Making people wear safety goggles eliminates almost all eye injuries. Defining “Two Person Lifts” alerts workers when an object is considered too heavy for one person.
When organizations begin to look for opportunities to eliminate environmentally created safety concerns, work-related accidents went down by 90 percent. That is a very significant decrease. Of course, this means that there still were injuries resulting from carelessness, failing to follow prescribed guidelines, etc., but it does show what happens when organizations take responsibility for preventing incidents in the first place.
So when I see articles declaring users responsible for most ransomware attacks, I think the people writing the articles and the security professionals who are the source of the articles as the real failures. This is especially true when we are talking about ransomware infections, which require that the system installs the malware.
When I gave a recent presentation on the human exploitation kill chain, I defined how ransomware and other malware has to first reach the user system, and then allow the user to install the malware. Of course, in most cases, the user has to take a purposeful action to install the malware, but consider how the “environment” has to facilitate that user action.
In order for ransomware to infect a system, it must first reach the system. Email and web filters should remove executables (software that will run on a computer), before reaching most users. Even if an executable reaches a user, most email clients and web browsers should prevent the executable from running. Even if the executable runs, a well configured PC should prevent the user from installing software on their system.
Sign up for CIO Asia eNewsletters.