With cybercrime at an all-time high, achieving an adequate cybersecurity posture within the workplace is as important as ever. Cybersecurity comprises the people, processes and technology that, taken together, maintain IT systems and applications that are free from threats. A culture of cybersecurity will instill attitudes and behaviors that will help to keep organizations more secure. This article discusses the importance of workplace cybersecurity and introduces five ways to maintain secure workplace environment.
So Far, 2019 is Shaping Up to Be a Busy Year for Hackers and Cybercrime Syndicates
The World Economic Forum Global Risks Report 2019 (14th Edition) stated that 2019 would have a higher than average number of cyberattacks. In fact, the report listed data breaches and cyberattacks as two of the Top 5 Global Risks in Terms of Likelihood. The first half of 2019, the US already had its share of high impact data breaches. There were no less than 3,800 disclosed data breaches for the first six months. October alone was riddled with a high number of cyberattacks – in the US and abroad.
In April of 2019, MongoDB exposed the private information of 275 million Indian citizens. In May, the American Medical Collection Agency suffered a data breach that impacted the patient data of 20 million individuals. The breach exposed medical and financial data. Also, in May, 139 million Canva users had their data compromised in a targeted hack by the GnosticPlayers that left email addresses, geographic locations, names and passwords wide-open on the Dark Net.
As we close out the year, here are ThreatModeler’s top five tips for securing your organization’s workplace environment.
Beware of Insider Threats
The Capital One data breach that compromised the data of 106 million customers was an insider job. Insider threats can come from anyone, including current and former employees, contractors, vendors and partners. There can be three types of insider threat bad actors:
Malicious insiders – bad actors inflict harm from within an organization
Negligent insiders – personnel that make mistakes, are careless or disregard policy, increasing an organization’s information security risk
Infiltrators – outsiders, such as former contractors, who gain unauthorized internal access to inflict damage
Bad actors that partake in insider threats leverage information they have about an enterprise’s practices, including IT infrastructure and cybersecurity structure. Cybercriminals involved in insider threats may attempt to commit fraud or sabotage. To protect against insider threats, an organization should harden (strengthen) their cybersecurity defenses. For example, security teams can implement endpoint security (includes desktop computers, DLP, more frequent authentication and rotating passwords), improve end-to-end defenses, enhancing logical access controls. An organization can set and enforce strict cybersecurity policies, restrict authorized access to an “as needed” basis and implement a network monitoring strategy.
Prevent Social Engineering Attacks
Social engineering occurs when hackers target people and manipulate them to disclose confidential or sensitive information. Social engineering hackers anticipate that a person will behave in an expected way and, if the predictable behavior is triggered, the hacker plays off of the response and takes advantage. A bad actor, for example, will create a social engineering campaign that convinces people to click on a link to a bad website or download a bad attachment, which can inject malware onto their system.
Examples of Social Engineering Attacks
Phishing is a tactic used where cybercriminals send out emails that appear legitimate, but are actually fake ploys to lure victims to engage in a certain activity. An example includes filling out forms and submitting private and/or confidential information.
Hackers may also target victims with a more sophisticated form of social engineering known as the pharming attack. Hackers will manipulate the victim to click on a link to a legitimate website and, when they click on the link, they are redirected to the cyber attacker’s bad website. Hackers can use the information to compromise private data or for financial gain.
Signs that you are being targeted by social engineering or a phishing scheme include emails sent from unrecognized email addresses, messages not addressed to a specific person, or errors in the email communication itself. Security awareness training will help personnel to identify social engineering tactics and prevent them. The right tools, such as SPAM filters, will help. Keeping your IT infrastructure patched and up-to-date with the latest software versions will also keep it more secure.
Enforce Access Restrictions Based on Least Privilege
A surefire way to reduce the amount of threats that can increase security risk is to restrict user access to systems and applications. The principle of least privilege limits employee access to IT applications and resources based on a legitimate need in order to achieve a certain purpose. Limiting the amount of access to IT information and resources will reduce the probability that restricted, sensitive data will fall in the hands of the wrong people.
Foster a Culture of Cybersecurity With Awareness Training
Employee-related errors occur when they do not follow internal compliance policies. Organizations are better off creating and delivering training programs. When employees live and breathe a culture of cybersecurity, they will be more careful about how they conduct themselves. IT administrative rights will be restricted to key personnel in IT, operations and security. A staffer trained in an efficient cybersecurity program will exhibit behaviors that are careful and mindful of threats and vulnerabilities, such as:
- Avoiding insecure or unauthorized websites
- Never leaving devices, such as laptops or mobile devices, unattended
- Using strong passwords, never sharing passwords and using multi-factor authentication
Threat Model to Better Understand Your Attack Surface
As more and more organizations become versed in DevSecOps, they are finding that shift left security is an improved approach over DevOps, where security was considered during the deployment stages and later. Threat modeling is an activity that uses process flow diagrams to map out an IT infrastructure’s attack surface. Attack vectors are the vulnerability points through which a hacker can travel in order to invade and compromise an object. Attack vectors exist throughout the attack surface.
Automated solutions such as ThreatModeler enable security teams to take complex IT applications, flatten them and visualize them for a holistic view of the entire attack surface. As the threats to your IT infrastructure become more apparent, your DevSecOps team can assign security requirements to exert more granular control and better secure your attack surface.
When you threat model, consider the people and processes. Keep in mind the places where interactions occur and frame it within the context of the employee and customer. Security requirements would:
- Follow policy guidelines
- Consume the corporate infosec training
- Ensure secure practices for logical access control are adhered to
ThreatModeler allows for intuitive threat model building. Out-of-the-box, ThreatModeler comes with AWS and Azure components pre-mappped and ready for deployment. To learn more about ThreatModeler and how the leading platform can help DevSecOps teams to build a secure IT environment across your enterprise, schedule a demo with our threat modeling team. You can also contact us to speak with a threat modeling specialist.