Most businesses in the APAC region have experienced at least one cyberattack from January to October 2022.
Although malware remains the most common vector used, it is unnerving that more than a third of all regional organisations do not have an incident response plan when faced with an attack. Given this background, the loss of crucial data remains the most critical cybersecurity challenge for most companies in the region.
We believe that a majority of cybercrimes happen due to one of the three M’s: Mistakes, Misconfigurations, and Mismanagement. As they say, a chain is only as strong as its weakest link. Malicious actors are fast moving and evolving constantly. It’s always looking for vulnerabilities caused by the three M’s in even the most secure cybersecurity fortresses. The more valuable your data, the more appealing it is to malicious actors.
Mistakes: Human errors behind cyberattacks
It is human to err and human errors were the cause of the bulk of cyberattacks that occurred in the past decade in Southeast Asia as well, according to various researchers. Clever social engineering attacks can expose your users, technical support personnel, and supply chain partners and vendors to system-breaking social manipulation techniques.
In security terms, human error is defined as unintended actions or lack of action by employees and users which cause or spread cybersecurity attacks. For example, a hacker pretending to be an employee can persuasively game a technical support executive to give away a password when the executive is under stress.
Mistakes due to inaction can also lead to high-profile cyberattacks. In 2017, a leading US consumer credit reporting company’s IT team failed to act on a government notice and its own organisational communications regarding a vulnerability in its systems. Eventually, a cyber attacker hacked into the company’s systems and retained access for a full two months, potentially compromising the personal data (including credit card information) of 143 million people, or more than 40% of the United States population.
Another form of human-error-led incidents occur when spear-phishing attacks manipulate employees into opening emails containing malware, which then move laterally through the organisation’s systems.
How to minimise human errors
Continuously updating security policies and training employees in the latest of such policies are essential in reducing or eliminating incidents due to human mistakes. The best way to secure data and reduce internal errors is to allow employees privileged access to systems and data on a case-by-case basis. This means giving them access to only the data they need to complete their work at any moment.
Enforcing a zero-trust security strategy that establishes trust only on the basis of identity and access is essential to the modern hybrid work environment, where the perimeter of the network is not clearly visible and staff frequently access resources in the cloud.
Expert assistance is invaluable while enforcing a zero-trust security policy since it must not only support unimpeded work, but also provide clarity to staff on policies within the security framework surrounding their work environment. In addition, it is essential to always ensure staff access to all the resources they need to accomplish their tasks while maintaining the zero-trust policy.
Misconfigurations let cyberthreats lurk in the system
Misconfigurations that exist in software subsystems or components are yet another human factor that expose organisations to cyberthreats. These errors can happen at any level of the application stack, including web or application servers, databases, network services, custom code, development platforms and frameworks, virtual machines, cloud containers, and storage. Most misconfigurations occur because system administrators often fail to change the default or “out-of-the-box” configurations of applications or devices. Misconfigurations also happen due to people’s negligence or oversight.
Examples of misconfigurations that can lead to cyberattacks include: running outdated software or unnecessary features and services, inadequate access controls (including remote access controls), not keeping up with patches, and faulty hardware maintenance. Cyberattacks due to the cloud misconfiguration of Amazon CloudFormation, CloudTrail, and S3 are also common.
Similarly, misconfigurations can occur in Azure services such as its storage account, virtual machines, and network security groups. Not removing unused or conflicting firewall rules for IRC TCP, TFTP UDP, and RDP/TCP 3389 ports can also cause misconfiguration-based attacks.
Diligence is key to avoid misconfigurations
In order to avoid cyberattacks due to misconfigurations, it is essential to update software regularly and promptly.
The principle of zero-trust security or least privilege access bolsters cybersecurity by ensuring that people have access to only those resources and data that they need to do their work. Cloud misconfigurations often occur due to inadequate access control. So, to limit cloud misconfigurations, it is essential to ensure thorough cloud visibility and centralised monitoring of cloud resources.
Other actions that can mitigate cyberthreats due to misconfigurations include scanning for vulnerabilities, altering third-party default credentials, and centralising log management.
Cloud increases chances of security mismanagement
Cyberattacks due to security mismanagement typically occur when IT security teams rely only on passive or reactive strategies — such as firewalls and anti-malware systems — to manage cybersecurity challenges. These strategies, however, are not enough because hybrid work has driven the increased uptake of cloud services. Mismanagement of cloud data and cloud security is also rife in the industry with the surge in cloud usage.
Although public cloud platforms such as AWS and Microsoft Azure provide a high level of security, those in charge of managing cloud services often lack the skills to operationalise them in an appropriate manner, leading to compromised data integrity and availability, as well as data leaks.
How a managed services provider can help
For most businesses today, the first step to navigate the complexities of managing cybersecurity in their business is to start with awareness and training. It is crucial for businesses to create a security culture that only protects themselves, but also their customers’ data from both internal and external risks.
The term ‘Human Firewall’ best describes this approach with people being the first line of defence against cyber threats. This continuous journey involves educating employees on the risk landscape and their role in protecting the company and its customers, fostering a culture of vigilance and responsibility.
A managed services provider can help create a mature security practice by delivering strategies that defend against intrusion in a timely manner and protect your business. Such a service provider can also deliver the insights to identify and address risks and vulnerabilities, as well as business and regulatory compliance issues.
At the end of the day, partnering with a managed service provider enhances your security investments and ensures proactive incident response. Furthermore, with a strong security culture, businesses can reduce resources on cybersecurity teams so they can deal with complex security challenges.