Baltagi: End-Users are now the source of most breaches
Cyber criminals ‘exploiting employee behaviour’
DUBAI, May 22, 2017
Browser-based attacks and social engineering are now the two most powerful techniques targeting organisations, a report said, highlighting that both techniques prey upon users as their initial point of entry.
“Cyber criminals are going after the weakest link- the employee. Unfortunately for organizations, this means that even after they have invested heavily in IT security technologies, poor security awareness among employees can still result in their systems being breached,” explained Ned Baltagi, managing director, Middle East & Africa at SANS Institute, a top provider of cyber security training and certification.
“Social exploits are becoming more sophisticated than ever before and even employees with the best intentions, can severely compromise the cyber security of their organisations,” he added, commenting on SANS Institute’s recent survey titled ‘SANS 2017 Endpoint Risks and Protections’.
While users represent the top target leveraged by attackers, vulnerabilities such as misconfigurations or software flaws were also commonly leveraged in attacks against the endpoints, ranking as the third most common source of significant compromise, according to survey respondents. Such vulnerabilities have been responsible for a number of large-scale attacks including the very recent and infamous WannaCry which is considered to be the most successful ransomware campaign to date.
According to the survey, 53 per cent of respondents have knowledge of impactful compromises starting at their endpoints in the past 24 months. And that total doesn't include the 37 per cent who don't know whether they've been compromised or not during that timeframe.
Of the 53 per cent of significant breaches that respondents knew about, just 48 per cent were detected through endpoint detection and response (EDR) solutions. The remainder of detections were not directly from endpoint solutions, and included such sources as log analysis, security information and event management (SIEM) system alerts, cloud-based monitoring, and even third-party notification.
"The farther from the endpoint a breach is discovered, the more time it has to pivot from system to system and increase the impact of the breach," said SANS analyst G W Ray Davidson who authored the report.
“As organizations develop sufficient maturity, they should automate remediation activities as much as possible, because the scope of a breach can quickly outpace remediation efforts.
"Organizations must devote more resources to user education and to monitoring activities that result from user behaviour. The insider threat is no longer just the malicious actor with unauthorized access; well-intentioned but naive employees can be just as dangerous,” he added. – TradeArabia News Service