Author: Maya Schirmann, VP Marketing, XM Cyber
Many CISOs consider zero-day threats to be one of their chief concerns. However, others believe that even the most sophisticated adversaries are using surprisingly unsophisticated means to wreak havoc, meaning that zero-days are actually being employed less frequently.
By 2025, more than 85% of successful attacks against modern enterprise user endpoints will exploit configuration and user errors, rather than make use of advanced malware, revealed Gartner’s The Long-Term Evolution of Endpoints Will Reshape Enterprise Security report released in May.
Dave Hogue, the technical director of the US National Security Agency’s Cybersecurity Threat Operations Center, seems to agree.
“Some 90% of incidents are caused by human error, while 93% could have been prevented if best-practice measures had been followed,” he stated.
It seems like the bad guys no longer need to put in the money-consuming effort necessary to construct elaborate new attacks, because they are patient and know they can sneak through companies’ defenses and move laterally from breach points to their “crown jewels” just by taking advantage of poor IT hygiene.
No Zero-Days in Two Years
The NSA has revealed that its cybersecurity unit has not had to deal with a zero-day cyberattack in two years. In the meantime, attackers have been able to exploit bad practice and human error to cause harm.
“We have not responded to a zero-day attack in 24 months. They are attacking the edge, or hardware and software updates… they are taking advantage of bad security practice,” Hogue added.
196 Days to Identify a Data Breach
A more than six-month gap between when a breach happens and when it is first identified might seem awfully slow. Last year, it took organizations 196 days, on average, to detect a breach, according to the 2018 Cost of Data Breach Study by the Ponemon Institute.
It turns out that security complexity can affect the time to detect and contain a data breach. Too much complexity can impact the ability to respond to data breaches.
Disruptive technologies, access to cloud-based applications and data as well as the use of mobile devices (including BYOD and mobile apps) increase the complexity of dealing with IT security risks and data breaches, added the study.
Basic Steps to Address Trivial Mistakes
Even as technology evolves and the tools used by both cyber criminals and cybersecurity professionals change, the tactics employed to carry out cyber attacks remain similar, with criminals targeting widely known security vulnerabilities and taking advantage of human error. A lot of attacks would have been prevented by techniques that had been out there for ages, such as whitelisting applications.
Even the SingHealth data breach, Singapore’s largest cyber incident, could have been prevented if basic steps like conducting routine risk assessments and improving staff awareness on cybersecurity had been implemented.
Indeed, Singapore’s July 2018 personal data breach of 1.5 million patients, including Prime Minister Lee Hsien Loong, was caused by bad system management, a lack of employee training, and other major flaws, according to the 454-page report released in January 2019 by the investigation committee.
Tips to Improve Poor IT Hygiene
XM Cyber has picked out three wise tips to improve your IT hygiene and reduce the risks of your company joining the year’s feared list of breach victims. For more tips, read the full article Top 10 Tips to Spring Clean Your Cybersecurity.
Use Multi-Factor Authentication
It’s currently the best way to add an extra layer of security to your online accounts. Usually, it involves sending a unique code sent to your smartphone that you enter along with your password. Or you can generate an individual code, via your phone using apps. It’s also done using something you have like a special USB key with a unique token or using biometric data from an iris scan or fingerprint. It’s important to say that multi-factor authentication is relevant only during the login phase. It doesn’t help protect your device in other attack phases.
Educate your Employees
Protecting your systems from online threats starts with educating your employees. Ironically, this aspect of IT security, which is usually one of the easiest and cheapest to implement, is often among the most overlooked. Training and educating your employees, no matter the size of your business, should be one of your top priorities. That may include internal campaigns against phishing attacks (e.g. sending reminders about suspicious links and attachments) and several other topics. Be creative and, overall, communicative.
Harness the Power of Purple Team Automation
What if you could see your organization through the eyes of the attacker? Simulate, validate and remediate attack paths to your critical assets with a fully automated breach and attack simulation (BAS) platform. XM Cyber’s HaXM continuously exposes attack vectors, above and below the surface, from breach point to any organizational critical asset. HaXM by XM Cyber operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the cyber attackers.