The Cybersecurity Agenda: Pandemic-Driven
What can we do about insider threats? This is one of few questions from Enterprise IT News, that Yuri Zaharin, country manager for Malaysia at Exclusive Networks, answers during an email interview.
EITN: Please share about state of cybersecurity, where main threats come from?
Yuri: Cybersecurity is becoming an increasing priority as countries and companies around the world face growing cyberthreats, and Malaysia is not immune to this. According to the Malaysian police, 9,215 commercial crime cases have been recorded nationwide involving losses amounting to RM717.2 million between January to April 2020. Additionally, cybercrime has surpassed drug trafficking as the most lucrative crime, and 70 percent of commercial crime in the country can be classified as cybercrime cases. Rapid ICT development will only increase cybercrime in Malaysia, and it is important that companies engage experts and third parties to protect their systems.
Cyberthreats can come from within the company, via an employee or a vendor who has access to the company’s systems and information. It can also come from external sources such malicious software, also known as malware, or phishing attacks, where a hacker attempts to steal data by disguising itself as an email.
We are also seeing an increase in the number of hackers targeting social media. Hackers are taking peoples’ social media posts – such as their LinkedIn posts – and using them to build a highly targeted, convincing impersonation of a senior executive and then targeting them with phishing scams.
EITN: What are the future threats you foresee, and what should companies do to protect themselves?
Yuri:: The cyberthreat landscape is continually evolving. In the future, attackers could exploit the same technologies that we use to make our lives more efficient and steal data.
For example, hackers can use the predictive ability of Artificial Intelligence (AI) to profile communication patterns and initiate phishing attacks that mimic human behaviours. It can also be used to identify and break password patterns more easily. Another area of concern involving AI is data manipulation, where cyber criminals manipulate the information that is being fed into legitimate AI algorithms, producing bad or inaccurate decisions for businesses as well as reducing the algorithm’s ability to detect threats properly.
Cloud infrastructure is also a vulnerable area, since employees have become more reliant on cloud services to work, share and store information while working from home. However, server applications and cloud storage are not always well protected. The consequences of this may be disastrous as one compromised area of the cloud infrastructure may expose other areas downstream, allowing hackers to quickly infiltrate entire networks.
For companies to protect themselves, they first need to raise the awareness of cybersecurity among employees. Educating and getting them to implement basic cyber hygiene such as using strong passwords and changing them regularly, as well as ensuring that employees working remotely use company-regulated hardware, instead of their personal laptops or phones, which may not be as secure.
In addition, companies can improve their endpoint protection systems and make sure that these tools are up to date. Firms such as Exclusive Networks provide solutions that merge cloud and cybersecurity tools which help companies protect themselves across a disparate organisation.
Companies should also consider using AI-enabled endpoint protection systems such as CrowdStrike’s Falcon platform which use advanced technologies to proactively detect threats within networks and across devices to block attacks.
EITN: Do you see any pandemic-induced threats currently, or in the near horizon?
Yuri: Cyber criminals have been capitalising on the Covid-19 pandemic to launch attacks that compromise and disrupt systems and networks around the world. According to the CrowdStrike Work Security Index, there has been a 100 times increase in malicious cyber attacks during the COVID-19 pandemic. The Malaysian Armed Forces (MAF) recently confirmed that its network was the target of a cyber attack by hackers attempting to steal information from the government.
Companies are especially vulnerable to cyber attacks, as Internet of Things (IoT)-enabled devices are becoming much more prevalent in our daily lives. They become potential areas for unwanted intrusion. Our domestic appliances, such as smart fridges and air-conditioning units, that are connected to the internet, can become data collection points for cyber attackers which can be easily exploited.
This is a growing cause of concern as a significant number of employees now work from home. They may connect their IoT-enabled applications to laptops and other devices that are linked to business servers, increasing security risks.
EITN: Are AI-based solutions enough to counter AI-based attacks?
Yuri: While AI-based solutions are immensely useful in detecting and stopping attacks quickly and efficiently, a company’s first line of defence is always its employees. While technology can help filter malicious content, it alone cannot stop humans from unintentionally clicking on the wrong links that allow hackers to infiltrate their systems.
To counter this, it is crucial for organisations to ensure that there is continuous end-user education and communication. Employees should be given the necessary cybersecurity tools and provided with company-approved devices to work, as well as have quick and ready access to IT support when needed. These best practices should be implemented under the directions of the company’s leadership so that the security measures are standardised throughout the organisation.
EITN: What can we do about insider threats?
Yuri: One-way companies can weed out rogue employees and vendors is to use User Entity Behaviour Analytics (UEBA), a cybersecurity process to detect insider threats, targeted attacks and financial fraud.
Instead of tracking devices or security events, UEBA tracks a system’s users and their behaviours. It detects anomalies in human behaviours which indicate potential threats. For example, if a particular user regularly downloads 10 MB of files every day but suddenly downloads gigabytes of files, the system would be able to detect this anomaly and sound alerts immediately. Many quality cybersecurity solutions will include UEBA within their software.
EITN: Can you share some comment about Solarwinds and about red team tools by a vendor being compromised?
Yuri: These breaches are timely reminders that no company is immune to cyber risks or being hacked. As technology evolves, so does cyber crime. To complicate things even more, in an effort to become more productive, companies are integrating more disparate systems and relying more on third party vendors, which only increases the risks.
Security compromises are unavoidable; we can only do so much to minimise the impact. The key to such a breach is what we do to prepare for it and what happens during one.
Ironically, the most proactive cyber security strategy is one that assumes that the organisation is actively targeted and may already have been compromised. It is not enough that companies use trusted and secure cybersecurity tools to guard their critical and sensitive data. Businesses should have their risk assessments done and policies and framework ready to deal with the worst-case scenario. This will help minimise disruptions and resolve issue effectively and swiftly when an actual security breach occurs.
Vigilance is also key. This is a task not only for the company’s tech team but should also be practiced by every employee. They should be aware of basic cybersecurity measures such as not clicking every e-mail attachments and links they receive. We also recommend regular training and education programs for all staff by experts who can update them on the latest tools and techniques to protect their accounts.