Let's Look at Our Cybersecurity Inside the Business

Many people have approached me asking what is the worst threat in cybersecurity and without thinking or thinking about it, I am sure that it is the human factor, of course this can be intentional or not, however, this factor is closely linked to ignorance, to the little knowledge that is had on this topic.

This is the position that I take in the face of this type of attack surface, this poorly managed factor can leave us completely uncertain as to how it will happen, because we already know when, sooner or later, a breach will happen to us due to this cause, and we not it is about being pessimistic, it is a reality in all companies, some do not give importance to it, others I do not know why they hide it, and others delegate it to third parties, but what do you think, it keeps happening.

In my experience in information technology security management, I consider internal threats as a persistent and extensive problem, therefore, from my perspective as an IT manager, it is to have a security plan, with information and procedures to mitigate or eradicate these insider threats to the extent possible, whether intentional or not.

What do we need?

Training, induction and monitoring of user doubts, training our IT force to prepare an event of magnitude that stops the operation, awareness, creating a lot of awareness from managers to the last point where data is consumed within the company.

When it comes to cybercriminals, the focus is very much on external threats and individuals actively trying to cause harm, whether it's infecting a system with malware or encrypting files to extort money from their victims, of course it's understandable that the most attention is paid to this, since the threats that these cybercriminals pose to organizations is significant, it involves a lot of money; so much so that many of them and their illegal activities are considered the natural evolution of traditional crimes, simply that in a digital and online version, much more robust than what happened before, however, the human being became the link weaker in system security and many describe it as a phenomenon of the 21st century, which cannot go away, therefore it must be mitigated.

However, we must understand that threats are not only external, internal threats, which for many years were misunderstood, are just as problematic as their external counterparts, and more and more companies are beginning to recognize the damage that could be caused from within.

“It is said that the worst cyberattacks come from within the company”

A survey even suggested that the greatest threat to an organization's cybersecurity program is constituted by employees, said article prepared by Nuix in 2015, reported that the surprising majority of respondents, since that time, imagine 93% consider human behaviour as the number one threat to your security, however, what is interesting is that it is a growing concern, since the previous year the same survey showed a lower indicator of 88%.

This is also observed in Latin America, given that around 50% of small and medium-sized companies named internal fraud as one of the most ignored incidents since the beginning of computing, and with the rise of the Internet and collaborative environments, intensified.

From this, we can extract positive and negative aspects:

It is good that the threat is taken seriously, however, it is worrying that the incidents are greater than previously believed.

In reality, it is clear how unprotected our mobile computers and not to mention desktop computers remain, when at work we use the different types of social networks, which are prone to being violated due to their deficient security system, in some companies it is considered a cybernetic space dedicated to leisure, where the information that we place there also endangers us as human beings, since it is infested with criminals, paedophiles, kidnappers, and we make it very easy for them, publishing details of our possessions, routines, tastes, weaknesses, which are used in social engineering.

"So, at home you also have to educate yourself and prevent"

Although a cybercriminal does not have passwords, accesses, or knowledge of any kind about the network to which they are going to access, several of the company's employees do, which suggests that, in theory, someone with motives can attack the network of the company where you work is as simple as it is, entering a username, a password and executing certain commands to do the damage you want.

This is very relevant, as indicated in cow92, approximately 80% of all fraud, theft, sabotage or accidents related to computer systems are the responsibility of employees or former employees of the company to which said systems belong.

So, the most important protection of internal data must take place on the company's own computers and servers, even when there are already strict controls for access to sensitive data, the reality is that anyone can access the databases, process controls or even customer relations, for this reason it is necessary to manage well-structured roles and privileges, not provide passwords or users.

It is symptomatic that the many companies with thousands of computers and servers maintain old operating systems for home use, due to the cost of acquiring business operating system licences, what is the effect? Since vulnerabilities are generated by the obsolescence of operating systems and coupled with this the withdrawal of support for the brand, as well as no longer having critical security updates, old threats that are still transiting the network have space in these environments.

Unintentional cyberattacks

This type of threats that are classified as cyberattacks, is a real headache for computer security experts and those responsible for these areas, in chaos theory, everything works very well, however, in this case the user does not intend to do any harm, simply due to lack of knowledge, they make a mistake that most of the time brings serious consequences, for example:

It turns out that it is combined with poorly structured profiles, every time you create an account for a new user or give privileged access to certain areas of the company's internal systems, you are opening the door to someone who at any time through human error, It could put your entire network in danger, because it is not clear to what computer resources you will have access to due to your profile, of course there are users who are too curious and look for you everywhere to see how far they can go.

Recommendations to prevent internal computer attacks

Control or disable USB ports

A flash drive or USB is a potential threat to the computer security of the company network, since it can contain any type of file, so it is recommended to control the USB ports, which could prevent hundreds of incidents, remember USB are auto-executable, that's where the danger lies.

Control Internet access

By having full access to the Internet from the company's devices, pages full of viruses can be accessed and computers can be infected, which is why user browsing on the Internet should be limited as much as possible.

Log control

Let's consider this, before granting permission to any user to sensitive parts of the system, you should consider what type of access you need and restrict permissions within the system as much as possible through profiles and authorizations, I recommend a confidentiality agreement for staff and continually review the log record to see if you have tried to enter places that do not belong to you.

Antispam and others

Many think that it is obvious to install an antivirus, however, it is also essential to activate a good antispam that reduces the risks of suffering an attack by means of junk email that arrives every day in user mailboxes, we can include it in the EDR an antimalware, antiransomware.

Monitor personal devices

I know that this can be very complicated, however, it is increasingly common for employees to use their mobile phones, tablets and personal computers in companies and they are allowed to do so, in addition, they connect to the corporate network, this is a very bad practical if there is no separation of services and especially access, for this there are different tools that allow you to control and notify when an employee is connecting from one of their devices and using the internal network, and can access environments that put the security of the company's computer resources at risk.

Make constant investment in information security

It is important to constantly renew the computer security model, since attacks are increasingly sophisticated and our security may become obsolete.

Cyberattacks are a threat in permanent latency, and professionals in the IT area know that well. In fact, I would like to tell you about a study by Kaspersky Lab, which indicates that 86% of CISOs worldwide think that cyberattacks Cybersecurity violations are inevitable, hence it follows that companies must implement efficient information security plans and, above all, measurable over time to monitor their performance and detect events to correct and strengths to enhance.

There are various cybersecurity metrics, and they vary from one company to another depending on their level of risk aversion and their business needs, however, in any information security report, we must consider the following indicators:

Number of incidents per period

It can become the most important metric of all information security indicators, since it makes direct reference to suspicious activities and threats that affect the company, in this way, it is necessary to implement the actions to follow to maintain security levels in optimal conditions, of course, it is important to divide this indicator into sub-metrics that provide more specific information, severity levels and types of incidents, such as malware infection, unauthorized access, destructive attacks, persistent threats, etc.

Number of Devices NOT identified in the internal network

IoT devices and those that are owned by workers represent a risk to the cybersecurity of companies, since it is unlikely that they have strong antivirus systems and updated patches, in any case, it is necessary to identify, quantify and, where appropriate, even block them to investigate its origin.

Average time to resolve an incident

This indicator shows us the effectiveness of the company's cybersecurity protocols, let's remember that when this is delayed, it has an impact, and it is well known in the business world that time is money and, the later the team resolves a vulnerability or threat, the greater the impact for the company, it is equally important that the record provides information on how long it took the team to resolve each cyber incident, from the moment it was detected until the final report was presented.

Statistics of known vulnerabilities in internal and external systems

This is no longer just a recommendation, monitoring is a mandatory standard for the area of information technology, constantly reviewing the network system is one of the best practices, it must be constant, as well as the systems to detect vulnerabilities and quantify them. It is essential for the cybersecurity plans of any company, since the results allow determining the level of weakness or failure in the protection systems and defining the actions to follow to strengthen computer security in general and reduce the risk of attacks.

Cost per Incident

It must be present in every computer security report because it is the metric that allows us to understand the cost of cybersecurity failures, it is always necessary to make the monetary representation, since it will show the cost of the events, before those of prevention and mitigation In this way, it must be remembered that the cost per incident goes beyond the resources invested in resolving an attack, so the indicator must take into account the consequences derived from it, such as the impact on productivity, eventual damage to brand image, etc.

I want to mention that the points that I have presented and recommended are only some of the main information security indicators, since the IT strategic plan must integrate even more controls, especially if any methodology is being followed or, if applicable, an ISO certification.

Let's not forget that it is necessary to note that statistics indicate that 95% of cybersecurity violations are due to human errors, so I recommend training in cybersecurity for all employees, regardless of the level of incidents and vulnerabilities of their position in the organization, this is essential, since computer security is not only in the IT area, it is for all those who make up a company, since the techniques of cybercriminals to detect vulnerabilities and take advantage of them are more sophisticated every day, and We can't trust each other, ever.

Greetings, your friend