Practical cybersecurity springs from the little decisions we make every day.
While almost all data breaches are inspired by malicious intent, their successful execution (almost always) involves seemingly harmless and unintentional actions of insiders within organizations. The drivers of cybercrime include some of the following:
- i). The well-meaning system administrators who fail to promptly apply patches from application vendors or for some reason just run new scripts on the production environment without the first sandbox testing them.
- ii). Employees who unsuspectingly yield to social engineering ploys specifically spear-phishing resulting in loss of credentials, money, and corporate data to their adversaries following a breach.
- iii). Malicious insiders who indulge in fraudulent activities for personal gain.
- iv). And the many people who just sleep on the job, become reckless with the administrator privileges they get assigned and cause breaches that are not easy to trace back.
- v). The top 5 cyber-attack vectors are a) Phishing; b) Malware (Viruses, and worms); c) Malicious Insiders; d) Weak or compromised login credentials; e) breach of trust relationships in system interconnections
- vi). The top 5 cyber vulnerabilities are a) sensitive data exposure b) security misconfigurations c) broken access control d) cross-site scripting (XSS), components with known vulnerabilities and e) other vulnerabilities
The above key finding speaks to business leaders NOT to allow their organisations (and employees) to be the weakest link in the cybersecurity chain.
If you are a financial institution, do not be the weakest financial institution. If you are a CEO or CFO, you do not want to be the least knowledgeable about cyber. When everyone else is vulnerable, your only safety lies in not being the weakest. Understand the cyber risks, and keep abreast of the attack vectors, the methods. Invest in real-time threat intelligence and make it hard for hackers. Assign a budget for cybersecurity, craft a strategy to complement the digital agenda strategy, and execute.
If you are strong enough, the hackers will quickly move on to other targets. After all, there is a world of easy pickings out there.
If you look after an SME, a financial institution, or a government entity, you are hunted!
The cyber-attack surface has significantly broadened to include enterprises that do not prioritize the implementation of solid information security programs and neglect the use of licensed endpoint network protection and other defensive cybersecurity tools.
Remember, no one is too good to be great. You can improve daily and win.
Copyright Summit Consulting Ltd, 2020. All rights reserved.