Johannesburg, 15 Feb 2022
Security threats in today’s digital world are exponentially on the rise. By definition, such threats are negative actions or attacks facilitated by existing vulnerabilities in an organisation, which can result in security risks, depending on the value of the assets being attacked.
These vulnerabilities can exist in businesses in a number of ways – from unpatched systems to legacy applications and from relaxed access control policies to inattentive employees.
Thus, says Alan Hawkins, GM for Cyber-Security and Software at Tarsus Distribution, from a security strategy perspective, utmost care should be taken to strengthen all the links in the security chain.
“The security threats can be broadly classified into external and internal threats. External threats refer to someone outside the company attempting to exploit system vulnerabilities through the use of malicious software, hacking or sabotage. Internal threats, on the other hand, refer to someone from within the company trying to exploit a system in some way, in order to either cause damage or to steal data. Though the dangers posed by both external and internal threats are severe, internal threats are known to contribute to more than 60% of cyber attacks,” he notes.
“Insider threats can be malicious threats that come from unscrupulous people who have authorised access to, or knowledge of, the company’s resources. These would include personnel, facilities, information, equipment, networks and systems.”
They can also be unintentional acts of negligence by employees. The weakest link in any security chain is always your people, continues Hawkins. Insiders are a frightening threat to organisational security, because they are authorised users with legitimate access to corporate resources, with approved trust levels. The dangers here, he adds, include leakage or loss of intellectual property, personnel details or customer information – resulting in reputational and financial damage and potential legal consequences.
Asked what he thinks the most likely areas of the business such criminals would attack, he indicates that this would depend on the nature of the business and the persona of the attacker/attacking organisation.
“For example, in critical infrastructure entities like utilities, transportation, emergency services and the like, the areas of business targeted will be related to the nation’s safety, with the aim of creating an economic impact and potentially endangering the lives of citizens. In such instances, the attackers tend to be state-sponsored. We know of examples like the Chinese cyber attack on Moderna, the Taiwan CPC attack, the Israeli water systems attack, the Iranian cyber attack on New York dam and the Russian cyber attack on the Ukrainian power grid.
“On the other hand, in financial companies, the business areas attacked will be related to the value of the data it hosts and its digital footprint. These attacks are mainly profit-driven criminal activities and include identity fraud, ransomware attacks, theft of financial records and more. The threat actors may either be an organised cyber criminal group or an individual black hat hacker.”
As for the most likely ways for insiders to be exploited, Hawkins states the most common way is through social engineering attacks like phishing, baiting and pretexting. The criminals use psychological manipulation of human feelings, like curiosity or fear, to trick users into making security mistakes or giving away sensitive information. It is something that is harder to defend against, as it relies on human error, rather than vulnerabilities in the system.
So how does a business protect itself from such threats? Hawkins points out that the necessary steps need to be taken from three perspectives – people, processes and technology.
“Security awareness training is the best possible manner in which employees can be educated about unintentional acts that may create insider threats. There should be policies like zero trust in place to limit the access of even privileged employees. Since the intentional and unintentional acts are both by legitimate users, it is very important to deploy user behaviour analytics (UBA) security technology that will differentiate bad behaviour from normal behaviour.”
He explains that UBA technologies can be differentiated based on whether they are using supervised machine learning or unsupervised machine learning. Organisations should always select a UBA technology that is based on unsupervised machine learning, he adds, to monitor user behaviour. Further, it should also be tightly integrated with the company’s security operation centre and its security, orchestration, automation and response (SOAR) approach.
“Ultimately, every enterprise, regardless of the nature of its business, is susceptible to cyber attacks, as long as it has a digital footprint. The focus needs to move towards cyber resilience, which is the ability of an organisation to enable business acceleration by preparing for, responding to and recovering from cyber threats. In a digitally transforming world, it is vital to be a cyber resilient business in order to be able to rapidly adapt to known and unknown crises, threats, adversities and challenges,” he concludes.
Share