The results of the 2018 Unisys Security Index™ survey reveal that, globally, consumers are more concerned about online threats such as identity theft and bankcard fraud than physical threats like terrorism and natural disasters. This fear is not without justification.
In 2018 alone, we witnessed several high-impact breaches across multiple industries including healthcare, financial services and travel and transportation—699 publicly disclosed breaches with a total of 1 billion records, according to the Privacy Rights Clearinghouse. Cybersecurity breaches result in personally identifiable information (PII) theft, financial loss and reputation damage.
In an ever more connected technology ecosystem, the attack surface is expanding, with a drastic increase in attack vectors—the path by which a hacker can gain unauthorized access to a device or network. Traditional fixed perimeter security measures are insufficient in protecting this increasingly porous environment.
To Err Is Human
According to the EY Global Information Security Survey 2018–19, 34 percent of organizations see careless or unaware employees as the biggest vulnerability. Let’s look at some of the popular attack vectors that compromise insiders.
Across all of these attack vectors, data theft is the most common outcome. This activity can go undetected due to insider involvement, legacy systems, unnoticed suspicious log activity, penetrable network architecture, weak perimeter security and architecture compromises. In many cases, timely containment can minimize damage.
Four Behaviors to Watch
Since many attack vectors exploit human behavior, it’s important to understand high-risk behaviors to take preventive actions. To differentiate behaviors, consider evaluating risks based on awareness and intent. Four behavior categories to watch are good citizen, weak link, vandal and mole.
Most technology users have good intentions, where increasing awareness and training on attack vectors as well as bolstering defenses against attacks will have significant impact. As technologies advance, more good citizens will become weak links without continued education on evolving attack vectors.
However, when there’s a vandal or mole on the inside—and it only takes one—there’s a strong chance of a harmful insider threat, which is hard to prevent. Since it is not easy to recognize these users, organizations are shifting to a Zero Trust model—which aims to solve the problems of an overly trusting fixed perimeter system by assuming that the entire IT ecosystem is compromised. This is where it becomes important to isolate the critical.
Reduce the Attack Surface by Isolating the Critical
Considering it’s a matter of “when” not “if” a cyberattack will occur, containment is as essential as prevention. A key aspect of containment is creating micro segments to protect key assets, even—and especially—after a breach. Unisys Stealth® helps you build isolation into the design of your infrastructure, so that protection through containment is a proactive, not reactive measure.
Security is all about knowing who to trust. Defining digital trust based on user identity, isolating the trusted from the untrusted and further segmenting the trusted into communities of interest (COI) reduces the attack surface and prevent lateral threat movement. Stealth™ uses identity-driven microsegmentation to isolate the critical, authenticating each server endpoint into the appropriate COI, encrypting traffic on the network and concealing those endpoints from insider and outside threats.