Blog Posts Process Analysis

“Humanware” Is the Weak Link in Cyber Defenses

Blog: Enterprise Decision Management Blog

Embarrassed emoji

When FICO hosted the Business Continuity Institute Forum covering the South and East of England at our London offices last month, you might have expected technology to top the agenda. But what dominated the discussion among more than 40 business continuity and cyber security experts was not malware but “humanware” — that is, people.

Social engineering remains one of the most effective ways to get past an organisation’s defenses. Most delegates had to concede that their business operations conventions probably led to inadvertent exposure.

Look how easy it is:

At our FICO World conference in 2014, former White House CIO Theresa Payton said that in exercises run by the military in the US every year — where a red team playing bad guys tried to hack their way past the blue team defenders — the red team always won!

Awareness of social engineering and penetration exposure techniques is critical. If you know what the bad guys might try to do, then you have half a chance of spotting and avoiding it. Testing for susceptibility on a regular basis is also important. If authorised testers can find a way in, you can bet someone with mischievous or nefarious intent can do so too.

FICO’s own security team just ran an exercise where employees got an email with the subject line “Package Undeliverable.” The email included a link – but if you clicked on it, and many did, you were notified that you’d been duped!

At our meeting in July, we also heard from industry experts like Pete Wood (CEO of First Base Technologies) and his colleague Rob Shapland on the need and best practices in cyber security defence and the areas of exposure they have seen through their own red team (penetration testing and social engineering) exercises. Dr Jan Collie of Discovery Forensics talked about how to preserve cyber evidence. Dulcie McLerie of Eskenzi PR on how to handle media and publicity issues when faced with a cyber incident.

FICO is taking a much more active role in cybersecurity. We discussed our recent partnership with iboss, and the recent acquisition of QuadMetrics to develop an enterprise security score. Fair Isaac Advisors have been doing work with the award-winning and patented Abatis HDF, which in tests by Lockheed Martin proved “effective at stopping all attempts to write malware to the permanent storage of the device, regardless of system privilege.”

FICO and its partners continue to raise the bar for cybersecurity technology. It’s up to every organisation to raise the bar with its weakest link — its own people.

The post “Humanware” Is the Weak Link in Cyber Defenses appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples