THE ENEMY WITHIN CYBER-WARFARE

 

Cyber-security is a full time job that requires a full security team and loads of security software and applications just to keep an organization safe. Data breach costs increased from $3.86 million to $4.24 million in 2021, the highest in 17 years (Landau, 2021). A whopping 85% of these cyber-security breaches involved a human element, while only 3% involved vulnerability exploits! This means our worst enemy comes from within when it comes to data breaches. A zero-trust security solution where a user or device remains untrusted until they are verified reduces the cost of an average data breach by $1.76 million. For these reasons, a cyber-security team should engage in these two key areas in their normal day to day operations: monitoring insider activity and the implementation of a zero trust security model.

An insider threat can come from a current employee, former employee, third-party contractor, or business partner (Cybersecurity and Infrastructure Security Agency, n.d.). At some point during their employment, they all have had access to valuable company data, and whether the data breach is executed with willful deliberation, or caused by a simple mistake, these incidents can be proactively combatted. The Cybersecurity and Infrastructure Security Agency (CISA) is an organization that helps organizations to create or improve existing insider threat mitigation strategies (Cybersecurity and Infrastructure Security Agency, n.d.). The four stages to insider threat mitigation are

1. Define insider threats and the threats they pose
2. Detect and identify concerning, observable behaviors or activities
3. Assess the insider for interest, motive, intention, and capability
4. Proactively manage or mitigate the threat before it becomes a security breach

Zero-trust security models have a reputation for being difficult to implement and maintain, but for this very reason, it is by far the most secure security model and most detrimental to would-be attackers. The concept alone of having to do the upfront work to identify and verify all users and devices on the network could seem like a daunting task but ultimately packs the most bang for the buck. For this reason, there’s a five step process that helps with implementing and maintaining the zero-trust model (Palo Alto Networks, n.d.):

1. Determine the critical data, applications, assets, and services to protect
2. Map the way traffic moves across the network to determine what should be protected
3. Architect your unique zero-trust model in a way to protect the identified critical assets
4. Create the zero-trust policy defining who, what, when, where, why, and how users interact with protected data
5. Monitor and maintain the network to include reviewing both internal and external logs in relation to the zero-trust model

The simple implementation of these two key security areas alone could help make a cyber-security team 85% more effective against cyber-criminals. Unfortunately, these counter-measures could prove to be labor intensive. Globally there is an estimated shortage of 72 million cyber-security professionals (Landau, 2021). This fact alone is probably is one of the biggest vulnerabilities in the existing fight against cyber-criminals. Staying ahead of these threats in this cyber-war requires a cyber army. We need to step up the recruitment, education, and training of these cyber-soldiers.  

 

References

Implementing zero trust using the five-step methodology. Palo Alto Networks. (n.d.). Retrieved February 8, 2022, from https://www.paloaltonetworks.com/cyberpedia/zero-trust-5-step-methodology

Landau, S. (2021, December 2). Alarming cyber security facts to know for 2021 and Beyond. CyberTalk. Retrieved February 8, 2022, from https://www.cybertalk.org/2021/12/02/alarming-cyber-security-facts-to-know-for-2021-and-beyond/#:~:text=Threat%20actors%20have%20become%20more,statistics%2C%20figures%2C%20and%20facts.&text=Data%20breach%20costs%20increased%20from,in%20the%20past%2017%20years.

Managing insider threats. Cybersecurity and Infrastructure Security Agency CISA. (n.d.). Retrieved February 8, 2022, from https://www.cisa.gov/managing-insider-threats