Securing Against Growing Cyberattack Vectors
The results of the 2018 Unisys Security Index™ survey reveal that, globally, consumers are more concerned about online threats such as identity theft and bankcard fraud than physical threats like terrorism and natural disasters. This fear is not without justification.
In 2018 alone, we witnessed several high-impact breaches across multiple industries including healthcare, financial services and travel and transportation—699 publicly disclosed breaches with a total of 1 billion records, according to the Privacy Rights Clearinghouse. Cybersecurity breaches result in personally identifiable information (PII) theft, financial loss and reputation damage.
In an ever more connected technology ecosystem, the attack surface is expanding, with a drastic increase in attack vectors—the path by which a hacker can gain unauthorized access to a device or network. Traditional fixed perimeter security measures are insufficient in protecting this increasingly porous environment.
To Err Is Human
According to the EY Global Information Security Survey 2018–19, 34 percent of organizations see careless or unaware employees as the biggest vulnerability. Let’s look at some of the popular attack vectors that compromise insiders.
- Social engineering: Relying heavily on human interaction, this approach manipulates people to gain access to devices or networks. Examples include phishing and pharming. Phishing is an attempt to acquire sensitive data such as passwords by disguising as a trusted individual, mostly via email, while pharming redirects traffic to a fake website where user information is compromised.
- Drive-by: A drive-by cyberattack targets users through their web browsers, installing malware on their computers as soon as they visit an infected website. It can also happen when a user visits a legitimate website that has been compromised by hackers, where they are infected directly from the site or redirected to a malicious site.
- Man in the middle (MITM): When an attacker alters the communication between two users, impersonating each to manipulate the victims and gain access to their data. Users are unaware they are not talking to each other, but instead communicating with a malicious entity. MITM attacks can occur when not communicating over secure sessions or using public, unencrypted networks.
Across all of these attack vectors, data theft is the most common outcome. This activity can go undetected due to insider involvement, legacy systems, unnoticed suspicious log activity, penetrable network architecture, weak perimeter security and architecture compromises. In many cases, timely containment can minimize damage.
Four Behaviors to Watch
Since many attack vectors exploit human behavior, it’s important to understand high-risk behaviors to take preventive actions. To differentiate behaviors, consider evaluating risks based on awareness and intent. Four behavior categories to watch are good citizen, weak link, vandal and mole.
- Good citizen: With high awareness and good intent, this is the ideal technology user. Good citizens are vigilant, understand the signs of a hacking attempt and actively work to protect themselves and the organization’s data and systems. For example, they examine an email sender and address or URL for authenticity, recognize websites with potential viruses and update device software regularly.
- Weak link: The weak link has good intentions, but low awareness about cybersecurity risks. These users are typically soft targets that succumb to phishing attempts, even though there’s no intent to steal data or gain unauthorized access for themselves. For instance, this user can’t identify a suspicious email or doesn’t use appropriate email certificates.
- Vandal: A vandal is an insider with malicious intent and low awareness. Possibly a disgruntled employee or insider intentionally ignoring security protocol for personal gain. Vandals are ignorant troublemakers with an intent to cause financial or reputational damage to an organization.
- Mole: The most dangerous attack vector comes from a mole. An insider threat, armed with the knowledge of hacking tactics and driven by the intent to steal data or gain unauthorized access to devices and systems to cause harm to an organization or gain financial benefit.
Most technology users have good intentions, where increasing awareness and training on attack vectors as well as bolstering defenses against attacks will have significant impact. As technologies advance, more good citizens will become weak links without continued education on evolving attack vectors.
However, when there’s a vandal or mole on the inside—and it only takes one—there’s a strong chance of a harmful insider threat, which is hard to prevent. Since it is not easy to recognize these users, organizations are shifting to a Zero Trust model—which aims to solve the problems of an overly trusting fixed perimeter system by assuming that the entire IT ecosystem is compromised. This is where it becomes important to isolate the critical.
Reduce the Attack Surface by Isolating the Critical
Considering it’s a matter of “when” not “if” a cyberattack will occur, containment is as essential as prevention. A key aspect of containment is creating micro segments to protect key assets, even—and especially—after a breach. Unisys Stealth® helps you build isolation into the design of your infrastructure, so that protection through containment is a proactive, not reactive measure.
Security is all about knowing who to trust. Defining digital trust based on user identity, isolating the trusted from the untrusted and further segmenting the trusted into communities of interest (COI) reduces the attack surface and prevent lateral threat movement. Stealth™ uses identity-driven microsegmentation to isolate the critical, authenticating each server endpoint into the appropriate COI, encrypting traffic on the network and concealing those endpoints from insider and outside threats.