To strengthen internal controls for better cybersecurity against prevalent ransomware and phishing, we need to nip the issue in the bud – human error.
In today’s increasingly digital landscape, the risk of human error is growing day by day, making your employees potential “single points of failure”. A simple click on a malicious email attachment or connecting to corporate resources through an unprotected network could lead to widespread chaos and financial losses.
Even with sophisticated systems and processes in place, many organizations unwittingly rely on systems prone to human error, leading to blame and scapegoating when things go wrong — whether intentional or not.
Strengthening internal controls is critical in today’s cyberthreat landscape, and the weakest link are the people in our organization – often prone to error or simply carelessness or even out of malice.
CybersecAsia raised this issue and more with Sathish Murthy, Systems Engineering Lead, Cohesity ASEAN & India.
Why do you think the ransomware situation in Asia Pacific has not improved for victims?
Sathish Murthy (SM): The ransomware landscape has not only failed to improve, it has actually worsened in scale, sophistication, and the sizable costs attacks inflict on organizations. In fact, according to Cohesity’s 2023 State of Data Security and Management Report, 93% of respondents felt the threat of ransomware attacks to their industry had increased in 2023 compared to 2022. Plus, with a new major cyberattack or data breach unfortunately occurring every other week, organizations now operate in a world where cyberattacks and data breaches are a ‘when’ not ‘if’ reality.
As companies increasingly adopt and integrate technologies including 5G, the Internet of Things (IoT), artificial intelligence (AI), machine learning (ML), and cloud-based applications to enable faster business growth, they generate more data and expand their data footprint – even adding new environments like public or private clouds. This in turn expands their attack surfaces, which malicious actors seek to exploit.
Further, with almost half (46%) of organizations relying on legacy data backup and recovery infrastructure designed for the pre-cloud era, according to our 2022 State of Data Security and Management Report, organizations simply often don’t have the ability to recover their data and restore critical business processes if an attack is successful. This makes these organizations an even more attractive target for malicious actors because they can seek a bigger ransom or even multiple ransoms.
Security and IT teams must also grapple with these complexities against the backdrop of relentless innovation and trialing of new tactics by malicious actors. Already we are seeing AI and ML offer advantages for cybercriminals including being able to probe vulnerabilities, trawl for sensitive information, develop or produce code at speed, and even brute-force crack passwords.
To protect against these turbocharged cyber threats, enterprises need to deploy modern data security capabilities, and where possible those that leverage the power of AI & ML to automate part of the detection and protection process against ransomware threats.
What are some common causes of data breaches in the region? To what extent are people (wittingly or unwittingly) the weakest link and cause of such breaches?
SM: Humans definitely play a direct role in the causes of data beaches both wittingly and unwittingly. Their seemingly innocuous influence on data breaches can range from simply being negligent when it comes to sharing data, storing data, conducting shadow IT practices, having a simple to guess or crack password, or falling victim to phishing attacks like business email compromise.
However, all these areas do not support an effective data security, cyber resilience, or security posture. There are also instances where internal threats to data are posed by consciously malicious employees who deliberately access, misuse, share, and even exfiltrate data by taking advantage of their privileged access to critical and sensitive data; such as Personal Identifiable Information (PII) or Intellectual Property (IP).
Organizations can prevent these attacks with access controls such as MFA, Quorum – which requires at least two parties to confirm major changes or access, Role Based Access Control (RBAC) that helps stop unauthorized access and limits access to role-specific activities, and continuous monitoring.
The other human-related threat vector that can lead to data breaches is third party access to, and utilization of, sensitive and critical business data. These third parties can be everything from partners or strategic alliances, to suppliers, contractors, and even a subsidiary (depending on the legal identity of their entity). For example, a credit check company accessing the personal and financial data of a customer purchasing a utility service or cellular services contract.
To help mitigate the risk of third-party data breaches, organizations need to ensure they don’t share data in a manner that compromises their cybersecurity posture or cyber resilience and which complies with their data access policies by having appropriate access controls applied. However, managing data diligently and effectively in the first place is crucial as data fragmentation and data silos make monitoring access or misuse of data even more difficult.
Without data classification, immutability, and encryption organizations put themselves even further on the backfoot because they won’t know what data they have and where it is stored, their data backups can be tampered with, and their data will be able to be read by unintended or unauthorized parties.
Can you share some examples where employees were the cause of a major cyber incident?
SM: As today’s digital landscape is increasingly being defined by the ‘when’ not ‘if’ reality of cyber-attacks, it is imperative for all businesses to proactively prioritize cyber resilience, which is the ability to continue business operations despite suffering an adverse cyber event, and establish comprehensive strategies for data recovery, remediation, and the restoration of core business processes.
Recent examples of attacks that were caused by phishing and internal threats include those which affected Uber, Capital One, and Tesla.
In the case of Uber, an unfortunate employee fell victim to a social engineering attack where the attacker posed as a corporate IT representative and pressured the employee to share their password via a text message. The attacker was then able to access Uber’s internal systems, including information resources for employees and even security vulnerability information. Whilst the hack did not impact customers directly, according to all reports, it did impact Uber’s brand reputation and their share price fell by over 4% when the news of the hack was made public. In a separate incident,
Capital One, a financial company, had over 100 million customer records accessed, including 80,000 linked bank details, by a former Amazon engineer who used their insider knowledge to exploit a misconfigured firewall in Capital One’s cloud server.
At Tesla, a former employee sabotaged their company systems, including their Manufacturing Operating System, and sent sensitive proprietary information to unknown third parties.
Beyond just education, how can organizations minimize human errors for better cybersecurity?
SM: Effective data security and protection requires organizations to get the best from their people and technology capabilities or platforms. To help improve the human factor in this equation, organizations’ best tactic to level-up en masse can be to educate employees on data sensitivity, how to securely manage and store data, how to recognize malicious threats like phishing, and prevent shadow IT practices.
Beyond this whole-of-workforce approach, organizations must ensure they leverage data security and recovery technology that allows them to detect threats to data, protect their data against these threats, and respond to or recover from cyberattacks.
A zero-trust approach to data security and management stands at the heart of this, as it encompasses an evolving set of data protection paradigms that focus on authenticating and authorizing users for access or changes to a platform. Core capabilities to operating under this approach include:
- Multi-factor authentication (MFA): As it provides strong authentication of users to thwart unauthorized changes to assets like data. By requiring users to identify themselves with more than mere login credentials and enter a response only they can provide (such as a mobile phone challenge or time-based one-time password), MFA bolsters security as it undercuts attempts by threat actors to leverage brute force tactics to steal passwords and usernames.
- Granular role-based access controls (RBAC): That enable organizations to grant the least privilege required for users to do their job. This minimizes risk and prevents them from overreaching into areas beyond their responsibilities and minimizes risk in the event a digital identity is compromised.
- Quorum: This prevents unilateral changes within administrative accounts to a platform so that no single user, rogue admin or compromised account can affect sensitive operations. With quorum, user requests to change settings or administrative functions require multiple approvals before taking effect.
Beyond this approach and its relevant capabilities, organizations benefit substantially from having AI & ML powered anomaly detection that alerts IT and Security teams to uncharacteristic – and likely – malicious changes to data, such as new files being added, files deleted, or changes to size and format.
Monitoring user behavior anomalies is also crucial with audit trails, which identify areas of non-compliance by providing information for audit investigations, and audit logs that capture user activity for logins and logouts when accessing data, user changes to data or data properties, and when jobs are scheduled. Better yet, some of the leading modern data management and security technology providers have now enhanced the power of these features by integrating AI and ML.
Organizations undoubtedly have a cybersecurity, cyber resilience, and data security challenge that gets harder each day. However, by maximizing the benefits of access controls and modern data security capabilities, especially those supercharged by AI and ML, organizations can better manage their internal users’ access to data and their third party access to data, while upholding the security of their data and protecting it against any internal or external threats. These organizations will also be able to remediate and recover faster if an attack is at all successful because they’ll have limited the blast radius.
