Risk Management & Human Factors in Business Cybersecurity

One source of danger that must not be neglected in the development of an IT security strategy: is the human being. But it’s just not the typical “link-clicking” employee that needs to be considered here, but other human flaws and strengths that enable successful attacks.”

Ask IT security experts where a company’s biggest vulnerability lies, and the top answer is “the human factor.” In fact, this cannot be dismissed out of hand, because we’re humans and man-made technology is intertwined, and mistakes are rarely purely attributable to technology.

Ultimately, anyone can become a victim of a cyberattack, with the degree varying individually depending on the employee and position. Nonetheless, attackers are often savvy IT professionals who use technology to gain access to organizations. A security strategy that considers both user and technology factors is, therefore, a top priority.

Configuration Errors

For many companies, cloud transformation is accompanied by a culture change that creates hurdles for IT security. If, for example, restrictions are rejected due to paternalism, the security team is often only informed about innovations in the infrastructure after the fact. That’s why it’s not surprising that the cause of virtually all cases of foreign intrusion into the cloud is a human-induced misconfiguration.

As IT environments become more complex, even well-trained staff with great expertise have difficulty in preventive fault identification. Support can be provided by technical solutions that help prevent such errors in the cloud, such as a “cloud security posture management” system.

READ:  Cracks in The Ransomware Ecosystem

Lack of Transparency

IT security has grown organically in most cases. In line with the classic “best of breed” approach, solutions from different providers were deployed in various areas. This was intended to create an infrastructure that was as complex as possible and prevented unauthorized persons from gaining access. But not only does the expertise of companies grow with experience, but cybercriminals also expand their knowledge. This is because they are familiar with these complex IT environments and find ways to attack, especially due to the lack of transparency in administration.

Due to the complex structure of security, it is often unclear where solutions end and whose responsibility begins. Experienced attackers can thus penetrate multi-layered infrastructures almost unhindered. That is why companies today have to invest a lot of effort and time in administering the architecture of their IT security.

This is becoming more and more costly, analogous to the size of the data volume, which is growing due to different systems. XDR solutions (Extended Detection & Response) and SIEMs (Security Information & Event Management) offer support here.

“Lateral Movement” Due to Lack of Patching

A common feature that is evident in successful cyber attacks is a lack of security updates. While this vulnerability is usually not a starting point for an attack, it serves to spread within a network, the so-called “lateral movement.” This is because the defense against unwanted access from the outside is often granted by means of Intrusion Prevention System (IPS) technology.

READ:  What Is Ransomware And How It Works?

However, if an attacker has already penetrated the internal network, missing or incomplete security updates leave nothing in his way. In fact, it is usually not the fault of individual employees that causes this situation, but staff shortages and the resulting overwork. The scarce resources are concentrated on the most urgent tasks and these are usually external protection.

The more complex the IT architecture, the more difficult it is to guarantee complete security. Even excellent automatisms in the patch processes cannot cover everything with the vast number of applications and configuration options. Added to this is the integration of (Industrial) Internet-of-Things devices, which cannot be strategically included in updates.

This impacts the number of systems that need to be patched. The logical consequence is that infrastructures are often vulnerable to attack, especially if an intruder has already gained access. Supporting IT security can be host- or network-based IPS approaches (“virtual patching”).

Email Hygiene Is More Important than Ever

risk management human factors -

Email hygiene refers to blocking dangerous attachments such as executable files or macros. In fact, 91 percent of global cyberattacks occur via email. To eliminate this risk, sandboxing technologies and other techniques can be used to check URLs in emails. Because explicit activation is often required in mail security options, and the ability to check URLs in e-mails is vendor-dependent, employees must be educated about possible dangers, regardless of the security standard.

READ:  Set Up Open Source Firewall pfSense

Access Data as A Gateway

According to Trend Micro’s annual cybersecurity report, the number of cyberattacks increased by more than 20 percent last year compared to 2020. Among them, credential theft, or “credential phishing,” emerged as a popular approach. Many companies had to quickly provide or expand home office solutions during this period, which is why remote access was set up using regular user data. As a result, it became routine for employees to regularly enter their access data to verify themselves. This made phishing tactics particularly difficult to detect. Collaboration tools such as Microsoft 365 represented a large attack surface. The user data obtained there granted attackers quick access to company servers. Some protection can be created at this point through multi-factor authentication.

This is why you should always assume the worst

The ongoing goal of IT security remains to fend off attacks as reliably as possible. The challenge is that complex infrastructures provide a large attack surface, so it is virtually always possible for professional cyber criminals to identify an entry point. That’s why companies must be aware that they can expect a successful attack at any time. Preventive investment in tools and processes that detect and stop the attack as quickly as possible is therefore out of the question.