Technology is transformative. Over the past 50 years, we have seen massive, unprecedented changes in the way we work and live our lives. However, technology, like everything, has its downsides – and security is one of them. Thales’s 2019 report on cybersecurity shows that cybersecurity problems aren’t getting any better. They found that pretty much all companies (97%) use data with transformative technologies. Over the lifetime of a company, 61% of them will suffer a cyber-breach.
The issue is that many of the threats that turn into security incidents occur due to mistakes, and often these mistakes are simple and avoidable. In this article we’ll present some of those security mistakes that are easy to make, but also easy to prevent.
Security Mistakes and How to Prevent Them
When we think of cybersecurity threats, we often picture a hacker in a hoodie typing away at a keyboard in the dark. However, IBM research has shown that about 60% of security incidents are being caused by our own people. This is called an ‘insider threat’. Backing up this data, Netwrix found that around 58% of organizations blames security incidents on insiders. Kaspersky research shows similar results, namely that 52% of businesses claim their staff are the biggest risk to IT security. In short, it’s safe to say that the real danger to our online security isn’t necessarily a malicious black hat hacker trying to get to our private documents (although those can be a pain as well), but the people you work and live with.
Insiders are often not malicious in intent. CA Technologies found that 51% of insider threats were accidental, caused by negligent and careless behavior. If anything, this shows that knowledge, in this case, is safety. Once you know what to look out for, your security already stands much stronger. So what areas are causing these security incidents? We’ll be sharing four common mistakes made by insiders.
Password sharing and privileged access
What’s the problem? Access control is at the heart of many security incidents and data breaches. According to Centrify, 74% of data breaches are down to abuse of access privileges. This could be something as simple as sharing a password with a colleague. It could also be caused by a spear phishing attack that focuses on a specific target with high level access privileges. Once access is gained, it allows the abuser to steal data, leak proprietary information, infect networks, and generally cause havoc.
How can it be fixed? There are a number of ways in which you can lock down privileges and control access more strictly:
- Use two-factor authentication (2FA) wherever possible.
- If possible, use a risk-based approach to controlling access. For example, apply tighter controls if someone is attempting access from an external Wi-Fi connection.
- Use security awareness training to ensure that employees know not to share passwords.
Clicking on a phishing link (or downloading an infected attachment)
What’s the problem? Phishing is still the number one way in which malware infects networks. Moreover, it’s becoming ever more difficult to spot phishing emails and spoofed websites. According to Proofpoint, there was a 76% increase in phishing attacks in 2018, with 83% of security professionals reporting that their organization experienced them. Phishing emails that lead to spoof websites to infect machines or steal data also increasingly often manage to trick victims into thinking they’re safe. By now, over half of all phishing spoof sites uses HTTPS to show they are ‘secure’.
How can it be fixed? Phishing is a form of social engineering that tricks people into doing a specific thing, like clicking on a malicious link. One of the best forms of protection against phishing is education. Employ a security awareness firm to carry out training for your employees to spot signs of phishing. This may include phishing simulations exercises. Moreover, one should be aware that a website working with HTTPS isn’t necessarily a legitimate website.
Sharing sensitive data in Cloud-based collaboration portals
What’s the problem? Many organizations now routinely use Cloud-based collaboration portals to share information and work on projects. An increasing number of data leaks, often of a highly sensitive nature, occurs via these collaboration portals. A recent example is the finding that demonstrated over 100,000 GitHub repositories had leaked security or API keys. Another similar issue was found on the Slack collaboration portal. Slack has also been criticized for security vulnerabilities that allowed session keys to be hijacked and used to log into user accounts, giving the hacker access to messages, files, etc. This vulnerability is fixed now, but the case demonstrates the fragility of online collaboration using sensitive information.
How can it be fixed? Be extra careful about what data you share on an online collaboration portal. Moreover, it’s wise to closely consider which privileges you give to users on such portals. Disgruntled employees could potentially use privileges to leak information about your organization. This is especially true when they leave your company. Therefore, you should always make sure you remove access to portal accounts promptly when a person is due to leave.
What’s the problem? Emails are notorious for leaking sensitive and even embarrassing information. Email leaks can be both accidental and malicious. An accidental one that made the headlines was a recent UK government email about the post-Brexit EU Settlement Scheme. The email, unfortunately, used CC rather than BCC and so alerted others on the email as to who was applying for this status. Although accidental, this email leak was a huge breach of privacy.
How can it be fixed? Accidents happen, especially when someone is in a rush. Most of us have probably used CC when we should have used BCC at least once in our lives. Security awareness training can help make employees more aware of the possibility of accidentally emailing out sensitive information. However, you can also use technical measures such as Data Leak Prevention (DLP). This type of solution uses specific rules to look for keywords and phrases or search for specific attachments. It can subsequently quarantine them or check them for potential security issues.
Can We Stop Security Mistakes From Happening Completely?
An interesting statement from IBM in 2018 sums up what we are dealing with when it comes to online security, mistakes, and possible breaches:
“You’re more likely to experience a data breach (27.9%) of at least 10,000 records, than you are of catching the flu this winter.”
It’s almost impossible to prevent mistakes from happening. In a busy workplace with staff trying to collaborate with each other across platforms that may reach out to the cloud, keeping our business data safe isn’t easy. We can, however, mitigate risk. Our staff may be a weak point, but they can become our best protection, too. Making employees aware of how a simple action can cause a security incident is a good place to start. Shoring this up with key technologies like two-factor authentication and Data Leak Prevention can augment your efforts. Mistakes will likely always keep on happening, but you can alleviate their impact by educating everyone in the business and using your assets smartly.