New threats emerge all the time. Here’s how to stop them. Recent events have exposed a number of kinks in the armor of enterprise-level cybersecurity the world over. Suddenly, organizations that had invested billions in securing their networks and buildings are faced with threats from large-scale remote work. Firewalls, physical security and device management were effective when employees were at work, but not now. Gene Yoo, CEO of Los Angeles-based cybersecurity firm Resecurity, says, “Remote administration channels are one of the key targets of compromise for threat actors… attacking businesses globally. Remote access is a ‘must-have’ feature in today’s COVID-19 era, providing significant benefits for enterprises of all sizes and ability to retain their employees and work processes… Besides cyber threats, the regime of working from home creates other risks — including insider threats as the employees become more easily accessible by targeted surveillance and espionage.”
From dark web networks to state-sponsored groups, cybercrime has long outgrown its traditional image. Now, the myth of the lone wolf who carries out complex operations alone has all but disappeared. As cybercrime methods have become more sophisticated, so has the structure of the organizations behind them. In fact, cybercrime groups have grown so large and so profitable that some analysts have dubbed them “the world’s third-largest economy.’’ Obviously, to repel and dismantle such complex threats, security operations have also expanded, becoming a collective effort. And while some teams are large enough to cover entire countries, the most common and important type of security team remains the security operations center, or SOC. Whether internally managed or outsourced, the main functions of a security operations center are the same. A SOC has to monitor, detect and respond to cybersecurity incidents, as well as protect a company’s digital assets, from business and employee data to intellectual property. SOCs have now become vital to modern enterprises, and the market is expected to reach $1.1 billion by 2024.
As businesses grow in their cloud journeys, so too do their costly SaaS subscriptions, and when employees leave, many still have access to multiple accounts. Companies big and small are making the trek to the cloud in droves, but the quest for rapid innovation carries with it risks and responsibilities that come with ever-growing SaaS subscriptions and who has access to those accounts. The Sociable caught up with Ben Johnson, a former NSA agent and current CTO of SaaS application security firm, Obsidian Security, who outlined how companies are vulnerable to exploitation and some very simple steps on how companies can cover their SaaS. According to the Obsidian CTO, most of the breaches that occur come from people logging in, not breaking in, to SaaS accounts.
Social engineering scams seeking to deceive companies into making wire transfers to fraudulent bank accounts continue to plague companies. According to the FBI, social engineering fraud costs businesses billions of dollars each year. On top of the lost funds, social engineering scams can lead to substantial investigation costs and even litigation. Many businesses trust their crime or fidelity insurance policies to protect them from social engineering losses. Insurers, however, take the position that such policies do not cover all social engineering scams. Depending on the type of social engineering scam or how it happens to play out, insurers may deny coverage, depriving the policyholder of valuable insurance protection.
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention. A few weeks ago, news broke of a massive security incident at Twitter that affected some of the world’s most influential politicians, celebrities, and companies. High profile individuals — including Jeff Bezos, Elon Musk, and Joe Biden — tweeted scam-filled messages requesting Bitcoin transfers to millions of followers. The result? Despite pushing a fairly blatant scam, the hackers quickly received hundreds of transfers from people all over the world, totaling north of $100,000. Twitter said in response to the incident: “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”
With the number of COVID-19 cases in flux across the U.S., and autumn approaching fast, the work-from-home workforce now appears more permanent than ever, with many companies not expected to bring employees back until at least 2021 and possibly beyond. And as employees settle into the reality of home office work, the conversation about securing those employees, protecting their data and guarding against threats (both external as well as internal) needs to be part of an organization’s long-term planning. While many enterprises excelled at getting employees the equipment and resources they needed in March and April, a long-term WFH situation requires serious strategic thinking about how organizations can provide security to their staff at a time when cyber-threats are increasing and cybercriminals and hackers have a bigger attack surface to target.
New research into insider threats from security automation platform Securonix shows that 60 percent of data exfiltration incidents are carried out by employees identified as ‘flight risk’, in other words that are about to leave the business. We spoke to Shareth Ben, director of insider threat and cyber threat analytics with Securonix, to find out more about insider threats, flight risks and how companies can protect themselves. BN: What type of organizations are most at risk from insider threats and what type of information are insiders typically looking to obtain? SB: Organizations that experience the highest number of insider data exfiltration incidents tend to be in the pharmaceutical, financial and IT industries, as these types of companies tend to have the most valuable intellectual property.