The Current Threat Landscape
The global cybersecurity landscape is complex and constantly changing, with new vulnerabilities and threats emerging almost daily. We have come a long way in implementing Zero Trust Architectures, implementing advanced artificial intelligence (AI) algorithms, firewalls, intrusion detection systems and more to protect our organizations. However, it is surprising to find that most security incidents are not just the result of sophisticated hacking techniques, but are often aided by human error.
Human errors, such as falling for phishing emails, weak password practices or accidental data leaks, can leave an organization's robust network vulnerable. These mistakes are not just limited to younger staff; Even executives are victims of these attacks. Clearly, no one is immune, which makes human factors an urgent concern for all organizations. For example, the recent MGM Resorts breach was the result of simple social engineering. The threat actor tricked the help desk employee into resetting a password without sufficient information.
The Cost of Negligence
Neglecting the human factor can result in considerable financial losses, damage reputation and cause a loss of customer trust. Sometimes the damage is irreversible. Following an incident, organizations often realize that they could have prevented the breach if they had invested in appropriate security measures focused on the human factor.
Strategies to Reduce Human-Origin Risks
In a world saturated with cyber threats, focusing only on technological solutions is the same as building a fortress but leaving the gate unprotected. In fact, Rupal Hollenbeck, President of Check Point, often says that cybersecurity is really about “people, processes and technology – in that order”. By increasing awareness and understanding of the human factor in cybersecurity, organizations can build a more robust and comprehensive defense against cyber threats.
As Country Manager at Check Point Software Technologies in Portugal, I advocate the integration of human-centered strategies into your cybersecurity approach. Don't forget that the most effective security strategy is one that takes into account the vulnerabilities of machines and humans.
Throughout my career, I have seen CISOs make certain changes to reduce this risk, including:
- Phishing Attacks: The art of deception is a hacker's best tool. Employees often fall victim to emails or messages that appear genuine but are designed to collect sensitive information or install malware. Most organizations keep their defense limited to corporate email and ignore the biggest threat vector around Mobile Threat Defense - protecting employees from falling victim to a texting or smishing attack across different messaging apps or of personal email running on the same mobile device. In fact, the average cost of a phishing breach is $4.76 million. It is clear that this aspect needs to be a focus for better protection.
- Cyber Training: Most organizations conduct a one-time phishing exercise to meet compliance needs and forget that cyber threats are constantly evolving. Employees must continually update their defenses against these threats. Regular training in cyber “good hygiene” is very important to reduce the chances of human error causing a breach. The good news is that there are many training options - from virtual escape rooms to phishing games and advanced cybersecurity courses.
- Credential Management: Security leaders across industries have the difficult task of ensuring their organization's digital assets are protected. One of the main aspects of this task is password management. Here are some recommended best practices.
- Zero Trust Architecture: Adopt a zero trust model in which no user or system is trusted by default. Everyone must undergo verification and authentication, regardless of their location in relation to the network perimeter.
- Single Sign-On (SSO): Consider implementing SSO solutions to reduce the number of passwords an employee has to memorize. However, make sure that the SSO solution itself is extremely secure.
- Multi-factor authentication (MFA): Implementing MFA adds an extra layer of security, typically involving something the user knows (a password) and something the user has (a mobile device to receive a unique code in an authentication app or message text).
- Periodic audits: Conduct regular audits to ensure password policies are being followed. Many modern systems allow administrators to see whether users are reusing passwords or not changing them often enough.
- Account lockout policies: Implement an account lockout policy that temporarily locks out accounts after a certain number of failed sign-in attempts. This can prevent brute force attacks, but must be balanced so as not to unintentionally block legitimate users.
- Deadlines and changing passwords: Regularly requiring users to change their passwords can prevent attackers from gaining prolonged access to an account. However, this measure must be balanced, as very frequent changes can lead to poor password choices.
Non-technological changes or improvements to reduce risk
Based on available industry data and surveys, CISOs and CEOs also take advantage of the following non-tech solutions to protect their organizations:
- Implement a change control/management system: The importance of implementing a change control system with various levels of approval cannot be overemphasized. In an era of complex cyber threats, the human element often becomes a vulnerability. A multi-level approval process allows us to add layers of scrutiny, involving multiple roles from technology experts to executives, effectively reducing single points of failure. This approach minimizes the risks associated with human error and ensures alignment with our cybersecurity strategies. It serves as a vital check and balance system, making our cyber defense more resilient and adaptable to the evolving threat landscape.
- Culture of accountability:
- Reward programs: Implement reward programs for reporting vulnerabilities or potential risks;
- Transparency: Maintain an open dialogue about the importance of security.
- Supplier risk management:
- Due diligence: Perform due diligence before onboarding new suppliers. Make sure they meet your organization's security standards;
- Continuous monitoring: Regularly audit vendor security compliance.
- Legal framework:
- Non-disclosure agreements (NDAs): Obtain legal contracts to protect sensitive information;
- Regular audits: Ensure compliance with data protection laws and industry standards.
- Incident response plan: In the constantly evolving landscape of cybersecurity threats, it is no longer a question of whether a security incident will happen, but rather when. This makes having an effective Incident Response Plan (IRP) and an in-house Alert Team essential for any organization that takes its cybersecurity posture seriously.
Valdemar Vieira Dias The opinion of...