Where are your greatest threats coming from?: Inside or Outside?

raphael-koh-MX_6QAqaYfQ-unsplash

A recent report from Kaspersky Labs revealed that 90% of cybersecurity attacks are due to human error. That is a staggering number, but it shouldn’t be surprising given the trends we’ve seen recently.

Think WannaCry

Take the WannaCry attack for example. Two months after Microsoft patched the breach, many companies remained vulnerable simply because too few employees restarted their computers to allow the updates to be installed. This caused the attack to dwell in the system despite a threat detection process.

The Zoom Breach

Another attack that took place in the last several months is the Zoom breach. The hack impacted Mac computers and allowed the hackers to have complete access and control to the computer's camera and microphone. Even if the user deleted the app, the hacker could reload it and regain control to see into the daily operations, meetings, and of course, the private plans, of a company. The question remains how many employees have since updated the patch.

FaceApp as a Case Study

Moreover, how often do employees read the fine print before downloading something? Although FaceApp does not directly impact any organization’s cybersecurity, it serves as the perfect case study as to why employees need better security education. The fine print states “FaceApp is allowed to use your name, username 'or any likeness provided' in any media format without compensation and you won't have any ability to take it down or complain about it, reports claim. It also will not compensate you for this material and it will retain the image long after you've deleted the app.” 

You CANNOT complain and it will retain the image long after you deleted the app. That should raise red flags even among the least security conscious of us.  

According to a quote from cybersecurity expert, Ariel Hochstadt, given to MSN news, “Hackers are able to record the websites that people visit and the activities they perform on those websites, but they don't always know who those users are” and “'They also know who this image is, with the huge database they created of FB accounts and faces, and the data they have on that person is both private and accurate to the name, city and other details found on FB.' Yet people are embracing this app with open arms. The same people who impact our organization’s security on a daily basis. 

How to Protect Your Organization from Itself

Often times, enterprises are so concerned with outside threats they forget that non-IT personnel in their own organization can pose a larger threat to their cybersecurity posture, often unintentionally. With 30% of the world’s top 560 websites unsecured, including ESPN.com, BBC.com, Wikia.com, MyShopify.com, Chegg.com and NBA.com, it is far too easy for an employee to unknowingly stumble into a security threat.

Given how many people work in a typical large enterprise, there are endless ways for threats and other malicious communications to enter a network. Faced with limited resources, security operation centers (SOCs) have an uphill battle to keep a network secure. Therefore, a solution to quickly detect and respond to all these seemingly harmless threats must be AI-based to deliver instantaneous results of employee “misbehavior”. It needs to provide a continuous analysis of communications and apply cluster-based machine-learning algorithms indicating serious issues within seemingly innocent processes, such as software updates as an attempt to download malware.  

To learn how to maximize your current cybersecurity technology and better protect your organization from its employees check out SecBI’s demo: https://detect.secbi.com/watch-secbi-demo

Or reach out to our team with questions at info@secbi.com. 

Share with your audience

   

    Related posts

  • AI-based endpoint protection (EDR or AV) can be fooled a.k.a. our AI is bigger than yours

    AI-based endpoint protection (EDR or AV) can be fooled a.k.a. our AI is bigger than yours

    Read More
  • A Better View to Detect What EDRs Miss

    A Better View to Detect What EDRs Miss

    Read More
  • Lucky number seven: Malware Detection after seven years

    Lucky number seven: Malware Detection after seven years

    Read More