More on security

Following on from last week’s blog entitled Insider threats and smf, I recently got a press release from application security SaaS company Indusface giving some figures to the problem that organizations are facing from their own employees. It’s not just that there are a very small minority of employees who seem intent on bringing their company down by deleting data or launching ransomware attacks, there also seems to be a huge pool of people who inadvertently give away information, or open malware, or click on ‘dodgy’ links that leave companies wide open to serious attacks by bad actors.

The people at Indusface have used global search data from AHrefs to find the world's top five questions and concerns about cyber security in the workplace. The data from AHrefs, which was correct as of October 2024, can be found here. They have then come up with their own suggested answers to those searches.

I’d like to start with the question that came in fourth place, which was “What percentage of breaches are human error responsible for?” There were similar searches on “Human error cyber security”

Their answer was: “According to data by Indusface, 98% of all cyber-attacks rely on human error or a form of social engineering. Special engineering breaches leverage human error, emotions, and mistakes rather than exploiting technical vulnerabilities. Hackers often use psychological manipulation, which may involve coaxing employees to reveal sensitive information, download malicious software, or unknowingly clicking on harmful links. Unlike traditional cyberattacks that rely on brute force, social engineering requires direct interaction between attacker and victim.

“Given that human error can be a major weak link in cyber security, the best way to prevent these attacks is to put in place education and training on the types of attacks to expect and how to avoid these. That said, implementing a zero-trust architecture, where requests for every resource are vetted against an access policy, will be paramount in stopping attacks from spreading even when a human error results in a breach. Also, make sure that the applications are pen tested for business logic and privilege escalation vulnerabilities so that the damage is minimized.

“Basics such as standard best practices across the board, secure communications, knowing which emails to open, when to raise red flags, and exercising extreme caution when accepting offers will go a long way in preventing human errors that lead to breaches.”

Let’s look at the other search terms in the top five. In first place, with the most searches, was. “Why is cyber security training so important for business?” There were similar searches for “Cyber security for business”.

The answer from Indusface was: “With data breaches costing businesses an average of $4.45 million globally in the last year (according to IBM’s Cost of a Data Breach Report 2024), it raises the question of just how critical it is for organizations to provide employees with comprehensive training on what constitutes sensitive data and how they can protect it, as well as what is at stake if they do not adhere to the policies.

“And training doesn’t have to be monotonous, for example set up phishing email simulators to engage the team and allow them to see the potential dangers in action. These simulations show how quickly and easily attacks can happen, helping employees develop practical, hands-on skills for spotting suspicious activity.

“Cybersecurity threats evolve constantly, so training should be regular, not a one-time event. Regular training and guidance will ensure that employees receive tailored guidance on securing their work equipment, home offices, use of VPNs, and recognizing the unique threats posed by both in-office and home working environments.”

The second most frequent searches were “How is AI used in cyber security?” or simply “Cyber Security AI”.

Indusface said: “The biggest problem with security software, especially website and API protection is the prevalence of false positives. False positives are when legitimate users are prevented from accessing an application. So notorious is this problem that 50%+ of businesses worldwide have implemented Web Application and API Protection/ Web Application Firewall (WAAP/WAF) solutions and left them on log mode. This means that attacks go through the WAF and they are at best used as log analysis tools after a breach.

“Effectively using AI can help with eliminating or reducing false positives to a bare minimum and encourage more businesses to deploy WAFs in block mode.

“The other problem with security software is letting an attack go through. These are also called false negatives. Using AI on past user behaviour and attack logs can effectively prevent any attacks that don’t conform to typical user behaviour.”

Third in their list was “How can you protect your home computer?” and “Home cyber security”. They suggest that by 2025, according to a Forbes’ article, approximately 22% of workers will work remotely. They go on to ask, with such a significant increase in remote roles, how can employers ensure their employees' home computer remains protected?

Their answer was: “Remote working means people are working in less secure environments and their devices are more exposed to data breaches both digitally and physically. Many remote workers are using the same device for professional and personal use, or even accessing company data on devices shared with other household members.

“Employers should ensure strong password management, including using automatic password generators that create extra secure passwords, and never duplicate these across accounts. Multi-factor authentication also provides a secure method of verifying your identity, making it harder for hackers to breach any accounts. Limiting what could be accessed on official devices is also important in thwarting attacks.

“That said, installing endpoint security software like antivirus, and keeping it updated, should be enough to protect most computers, unless you fall victim to an advanced phishing attack.”

The fifth most popular searches were, “What are the top 3 targeted industries for cyber-attacks?” and “Top industries cyber-attack”.

Here’s what Indusface said: “According to EC University, manufacturing, professional / business, and healthcare are the top 3 targeted industries.

“The manufacturing sector leads the world in cybercrime incidents according to Statista (2023). Attacks on the industry range from halting production lines, to the theft of intellectual property, and compromising the integrity of supply chains.

“The professional, business, and consumer services sector has also become an attractive target for cybercriminals due to its heavy reliance on sensitive data. Confidential client information and business insights are often targeted, leading to significant financial losses and damage to brand reputation, and client relationships.

“A breach in the healthcare industry can have dire consequences, from compromising sensitive patient data to disrupting critical medical services. Given the high value of medical records on the black market, there is an urgent need for stronger cybersecurity measures to protect both patient privacy and the integrity of healthcare systems.”

I thought it was useful to get another view on the ongoing issue of keeping your mainframe – and any other platforms your organization supports – safe from breaches. And keeping your employees alert at all times to potential threats.