October marks Cyber Awareness Month, a time to focus on the complex and increasingly sophisticated cyber threat landscape.
At Integreon, I lead the CISO, CIO, and Product Engineering organization. Cybersecurity is of paramount importance and at the core of everything we do. Using a sports car as an analogy, cybersecurity is like the brake in the car, which sets the limits on how big an engine we can put into a sports car. Sound cybersecurity practices are therefore a vital innovation accelerator. Because we are passionate about AI/GenAI, we have come to be passionate about cybersecurity, knowing it is the foundation for operational excellence and customer trust.
According to Check Point Research, cyber attacks globally increased 30% YOY in Q2 2024, reaching 1,636 attacks per organization per week. Threat actors using AI to write code for malware and security vulnerabilities created by remote work are two factors attributing to increased cyber incidences. How can you best defend your organization against this growing threat?
Today, defending against cyber threats requires a highly collaborative approach, involving not just a select few cybersecurity professionals, but everyone across the organization. It all starts with raising awareness and extends to implementing and enforcing best practices. Ultimately, companies must rely on humans acting responsibly and maintaining vigilance.
Strategies for protecting against or mitigating a cyberattack include both human and system factors.
Human factors include:
1. Digital Hygiene: Good digital hygiene involves several important habits. First, it’s crucial to avoid reusing passwords across multiple accounts to minimize the risk of unauthorized access. Additionally, sharing devices with others can expose sensitive information, so it’s advisable to limit device access to only trusted individuals. Finally, using only secure Wi-Fi networks can help prevent potential security breaches and unauthorized access to personal and other data.
2. Human Behavioral Hacking: Tactics can include phishing emails which pose a significant threat and can be extremely sophisticated in nature. A large portion of the emails that reach corporate inboxes are either phishing attempts or spam. Despite the presence of advanced anti-phishing and anti-spam tools, malicious emails still slip through the cracks. In the aftermath of a company experiencing a cyber incident, hackers have even been known to call employees posing as IT helpdesk personnel to gain control over the end user’s PC.
Threat actors are upping their game using advanced tools. Phishing emails are harder to detect as they now infrequently contain red flag spelling and grammar mistakes. Instead, they are sophisticated in appearance and well-written, often personalized and generated with the help of AI/GenAI tools.
System factors include:
1. Application Failures: Database corruption can lead to the loss of critical data, system downtime, and potential financial implications for businesses. Therefore, it is crucial to regularly backup data, implement robust security measures, and conduct routine maintenance to mitigate the risks associated with such failures.
2. Industry Incidents: Like the CrowdStrike service disruption early this year and the telecom carrier DNS outage, these events resulted in significant downtime and exposure for businesses worldwide.
3. Hardware/Infrastructure Failure: The most challenging scenario for an infrastructure failure is when an organization’s system is partially down yet remaining with a system “heartbeat”. This makes diagnosis and recovery decisions more difficult. Generally, the more automated and lower cost the recovery option is, the faster and easier it is for the operations team to take decisive action to maintain business continuity.
Actions to protect against and respond to the threat landscape include:
1. Reducing the Attack Surface. This is the security boundary once breached can lead to data loss. Identity and network access points are common security boundaries. When you have more account or account authorization active than minimally necessary, you enlarge the attack surface. This is why the account of an offboarded employee should be expeditiously removed. By the same token, when you create network topology, you want to control the access points, especially those that are externally facing so that there are fewer entry points for an attacker to gain access into your network. Controlling network access can be done physically or through software or a combination of both. In summary, you want to make the security boundary as small and as controlled as practical to minimize the attack surface available to hackers.
2. Mitigating vulnerabilities before hackers can exploit them.
3. Minimizing the impact when a cyber incident occurs, otherwise known as minimizing the “blast radius”. For example, when a server is comprised, it does not necessitate bringing the other servers down. By using techniques such as zoning and subnetting you can limit the impact that a single comprise can have on your overall technology landscape.
4. Creating resilient recovery options often requires having additional recovery instances. Prepare ahead by identifying risks, backing up data, and establishing response protocols.
System resiliency tools and strategies have greatly improved over the years. However, the human factor continues to be the area of greatest vulnerability. As systems become more secure, AI/GenAI has made humans an even softer target for threat actors. Addressing it requires a collective effort and daily vigilance.
