Breach is the Word
Is The Second Half of 2023 Your Time to Shine?
The last three years have proven that most of what we understand to be correct can be changed in days. Those restful days of small and incremental changes to the environment in which we operate are gone. We live in the time of hyper connected, rapidly changing events that we have no control over and even less chance of predicting. Whether it is global events such as war, pandemics or local events like flooding or massive inflation; the perfect storm of uncertainty has pushed us into the world of heightened risk and increasing attack surfaces.
Uncertainty drives many things including the ability of cyber criminals to use our fear to spread their attacks and tempting our trusted people to lean towards the dark side. We have seen a large number of insider driven attacks, many of which are accidental or negligent but a growing number of these start with the compromise of a trusted user. When seen as a victimless crime, many take the bait and provide access intentionally. The time of the super malicious insider is with us.
Without visibility and the capability to understand intent, you will only know something has been going on when your name is shining in the lights of breach notifications. Not the kind of shine most people are working towards.
Gaining insight from a comprehensive cyber resilience framework, driven with a user centric view is a key element of a successful program. One part of this program is the visibility you should have around user interactions with the primary components of your insider risk management, incorporating activity of the user, email, data, machines and the web. When you gain a full view you can easily identify indicators of intent to help you make better decisions to stop and prevent the insider risk from becoming a malicious insider threat.
The continued rapidly changing world of work has fuelled continued rise in successful attacks launched from around the world. The cyber gangs do not worry about your industry, they do not care about how good you and your business are, they care only about profit.
If you are not working with visibility, then perhaps the second half of 2023 will be your time to shine. The time to show up in articles, breach websites and have all your data shared online.
What’s that? It won’t happen to you? You have nothing worth stealing?
One of my favourite phrases is that there are two kinds of businesses out there:
Those who have been compromised and those who do not know they have been compromised.
Which one are you?
There is little argument that cyber threats are now the biggest risk to the modern business. The attacks continue to grow in volume and sophistication. New vulnerabilities are exploited before they are patched and the cyber gangs move faster than vendors. Even when there is a patch, most businesses have no formal program to implement these into their environments.
The modern business is failing to keep up – with the difficulties encountered in simply running the business, rising costs and uncertainty most do not even know that the vulnerability is there or that there is already a bad apple sitting within their digital environment.
Every single day we find compromised and leaked information, compromised accounts and this is across every industry and in businesses of all sizes. Do not think that you are too small or too big to be affected.
The J2 CSC team constantly identify organisations that have open and accessible platforms and do zero monitoring to identify anomalies and detect compromise. This is the same as having an intruder in your home, but you do not see them because you do not bother to turn on the lights. Without consistent management of your cyber resilience program and enforcement of basic controls all we need is one detail.
The attackers walk right in through the front door because you leave it open. Businesses of all sizes are at fault using default passwords or not fixing a previously known breach. Access to critical systems is easy when you have the information. All you need to do is ask, then login – not hack.
Less than 28% of businesses force the use of MFA and many of those who do, never register the device for MFA to the accounts either. If it is one click for you to access your data, then it is also that simple for the criminals.
Once they have your email system – they own all your information. Perimeter and gateway security is vital but if you don’t see what is happening internally you could be bleeding without seeing the wound. An internal bleed can also be fatal.
You need visibility to give you the capability to identify problems when they occur and destroy the threat before you bleed out. We are hyper connected and it is pointless to throw more money at different solutions if they are not part of a combined cyber resilience program. It is not effective to close all the windows, but leave the front door open.
In the cyber war, we cannot focus on only one area of the assault. Understand that you are not untouchable. Nobody is.
Stopping attacks is impossible – but you can reduce cyber risk with a structured cyber resilience program that gives you defence in depth and provides the ability to detect when an attack starts. If you can be alerted at the start of the attack you can take action before it is too late.
Using ongoing and consistent monitoring, vulnerability analysis and mapping real usage will let you know where you need to apply the bandages to stop the bleed.
Identify, neutralise, remediate and then investigate. Then start all over again. The number of threats will continue to increase - visibility and agility is the only way.
Or keep doing things the way you have always done it. Then you can be assured that the second half of 2023 will be your time to shine, but not necessarily in a good way.
- Created on .
- Hits: 107