While there has been a growing awareness of the human factor in cybersecurity, too little is being done to mitigate this cyber risk. IT security can only ever be as good as technology’s person.
It is of essential importance to sensitize employees through training and prepare them for possible dangers. Attacks via social engineering and phishing work particularly well on users who are not well prepared for this type of attack.
Understand social engineering as a deceptive subliminal influence to gain valuable information. In other words, it is targeted manipulation. The cybercriminals then often take the form of an acquaintance or mimic the trustworthy handyman. They can also pretend to be bank employees or even the fire department. In this way, the perpetrators can gain trust by covert means – and then, in a second step, obtain valuable information such as data. In social engineering, the victims are used for criminal purposes.
In concrete terms, a social engineering attack can start via email or a message via social networks. A phishing email that lures users to a fake website and entices them to enter private data is also a form of social engineering attack. Authorities and state institutions can become victims of social engineering just as much as companies or private individuals. There are many types of social engineering: Data, information, or money do not always have to play a role. The victim can also be tricked into installing malware on computers or overriding security functions.
A classic example is this: the cybercriminal poses as the company’s system administrator. He calls the switchboard and claims that he needs the password to fix a system error. The unsuspecting victim believes the story and wants to help increase security. So the victim thinks they are doing the right thing by revealing the password. Depending on the victim’s level of authority, the damage caused by social engineering can be significant!
As already mentioned, phishing is also a form of social engineering attack: the victim is deceived to fish data. Here, too, the attackers disguise themselves as trustworthy sources such as a company’s house bank. The victim is supposed to be tricked into giving out sensitive information or installing malware.
Email is still the most popular vector for phishing. But fake websites are also conceivable, as are chat tools, phone calls, or messages via social media. There have already been cybercriminals who disguised themselves as non-profit organizations to obtain the payment data of those willing to donate through appeals for donations. Especially in the corona pandemic, supposed information about the virus is used as an opportunity to click on links to alleged Covid-19 information.
Awareness: Employee Sensitization
As already explained, precautions for IT security are only as reasonable as the person who uses these technical means. It is of the utmost importance for a successful IT security strategy to recognize that employees must be part of this security strategy. Employees who are unaware of the dangers of phishing will continue to click every link, putting valuable information directly into the hands of cybercriminals. Employees who are aware of the risks act much more cautiously.
There must be a security awareness of cyber risks to achieve this – this is also called “awareness.” This security awareness enables employees not only to recognize cyber threats but also to remain capable of acting. In principle, it can be seen that security risks are efficiently reduced in companies that rely on awareness training . Or the other way around: Trained employees are the core of safe companies. Understand security awareness as an essential building block for your organization’s information security.
Cyber Risks: The Corporate Network
In addition to the human factor, the corporate network is the second relevant aspect of cyber risks. The company network also includes all devices connected to it. This is not just about avoiding shadow IT but also about keeping all devices in the network and their software up to date, correctly configuring and monitoring them. Let’s look at this in detail:
Apply Patches Promptly
Word has gotten around, but update fatigue still prevails here and there: Security-related patches should be installed as soon as possible. Ideally, update processes are automated. Nothing can be forgotten, and the software used in the network is always up to date.
Firewalls & Monitoring
The firewall is a security system that protects against unwanted network access. Modern routers are usually equipped with firewall functions. Hardware firewalls sometimes also make sense in company networks: They protect the network from the outside world but are much more extensive than router-internal firewalls. Firewalls are also helpful in dividing large corporate networks into smaller segments. In this way, you create controlled transitions. For example, it is possible to separate HR management from accounting or devices you have brought with you from the company network (keyword: shadow IT).
Network monitoring helps to keep track of increasingly complex network infrastructures. In this way, the smoothest possible IT operation can be striven for. Organizations that holistically monitor their networks uncover hidden issues impacting infrastructure security and performance. Insight into the entire network, including all interfaces, ensures no blind spots in the infrastructure that can cause potential cyber risks.
Multiple Attack Vectors
Cybercriminals are increasingly using multi-vector attacks. So they no longer look for a vector that they specifically attack but carry out different attack vectors either alternately or simultaneously. This means that protection must also extend to all possible vectors for companies.
Data is increasingly being outsourced to the cloud. This also makes sense: It can be accessed from anywhere, so that information that is required across departments is always available – utterly independent of the work location. Here it is important to act cautiously in several respects: On the one hand, the use of US cloud providers is not GDPR-compliant or only with additional configuration. On the other hand, access to cloud data should also be restricted: Sales, for example, do not have to access the pay slips of their colleagues. As always, it is essential to grant meaningful access permissions. With its anti-spam cloud Headwall , Net at Work has proven that the cloud and shared knowledge can also increase collective security. The anti-spam cloud relies on swarm intelligence and provides double protection.
Artificial Intelligence: AI For More Security?
Artificial intelligence (AI) and related machine learning (ML) are a trend in cyber security and among cybercriminals! On the IT security side, AI and ML help discover anomalies more quickly. Areas of risk can be better predicted, resulting in an efficient cybersecurity plan. In contrast to manual monitoring methods, AI or ML-based algorithms monitor millions of events every day. This leads to pattern recognition, allowing malicious activity to surface more quickly.
AI can also process vast amounts of data in parallel – this has the advantage that violations are detected and flagged on day zero. The ML mechanism matures with the daily growing number of use cases so that at a certain point, it exceeds human capabilities. Due to this fast learning curve, AI understands and analyzes user behavior down to the last detail. This makes it possible to recognize incidents before they even happen. Through self-healing processes, damage can be contained successfully and without great effort. Automations lead to routine procedures.
AI can therefore be used to collect data and insights to identify potential threats more quickly. However, AI also enables a faster response to threats. AI can also help, for example, to analyze the behavior of ransomware attacks before a system is encrypted. In this way, AI systems can prevent harmful activities and, for example, isolate them in the network so that their toxic effect is limited.