As part of #CyberSecurityAwarenessMonth, we’re taking a look at the key reasons for continued cybersecurity breaches with our Practice Director for Security, Andy Bates.
Why do cybersecurity breaches still happen even though processes are in place? What are the key reasons for process failure? Despite bigger security budgets and improving performance, cybersecurity processes fail far too often.
UK businesses have heeded cybercrime warnings from security experts and economists. Leaders have been dedicating larger budgets and resources toward cybersecurity and beginning to feel the positive effects. This progress is fantastic to see.
A recent PwC survey found that the number of organisations falling victim to cybercrime has reduced by 10%. From 42% in 2020 – a year of unprecedented cybersecurity exploits – down to 32% in 2022.
These figures are indisputable evidence that hard work, strategy, and investment in cybersecurity works. And as a constantly moving (and highly intelligent) target, remaining vigilant and focused on security will help avoid progress stalling. After all, cybersecurity processes fail unnecessarily still, and even a small amount of downtime or data loss can be painful.
Here, we examine three common reasons why cybersecurity processes fail.
1. Misuse – accidental or intentional
You may know of the infamous IBM statistic that 95% of cybersecurity breaches boil down to human error. It gives us a good idea why cybersecurity processes fail – but that’s far from the full story.
Expanding IT estates and digital transformation inspire new technologies, processes, and solutions. Without robust training, there’s ample opportunity for employees to make skills-based errors that can (innocently) expose an organisation to a data breach or security vulnerability.
On the other hand, is the relentless targeting of end-users with social engineering. A user may think a decision is sound, which is actually disastrous. The case for continuous cybersecurity awareness training has never been more compelling. To account for the full scope of risk, combine simulation testing with coaching.
And then, there’s the not-so-innocent intent. It can be uncomfortable to reconcile, but employees can – and do – compromise security on purpose. From accessing data for financial gain to engineering disruption for personal leverage, sometimes security failures are an inside job.
Malicious insiders have been notoriously difficult to police. After all, users need seamless access to the necessary tools and data to do their jobs. With the advancement of Identity Management solutions, balancing productivity and security is becoming a lower risk. We hope to see this translate into a reduction of malicious insiders and incidents where cybersecurity processes fail.
2. APPLICATION VULNERABILITIES
Gaining unauthorised access to business applications is a significant achievement in cybercrime. In fact, application compromise is a key reason why cybersecurity processes fail so frequently.
By gaining control, threat actors can bring down an entire organisational operation, holding it to ransom for the highest price. As such, significant effort goes into learning the intricacies of critical business apps. Areas to monitor include typical vulnerabilities, patching schedules, common integrations, and user behaviours.
And this isn’t a one-off project for threat actors. It’s a continuous, routine, and meticulous undertaking which can put cybercriminals a step ahead of security administrators.
With entire IT infrastructures to manage, keeping up with agile threat actors, whose resources are channelled solely into the exploit, is no easy feat. Even a slight delay in patching or updates can result in a security incident or near-miss. As such, app vulnerabilities are a key cause of security process failure.
3. EXPANDING SHADOW IT
Shadow IT can often be the culprit behind why cybersecurity processes fail. It occurs when users begin using IT infrastructure without the visibility and control of technical teams.
Even with solid endpoint permissions, network monitoring and communicated best practices, unauthorised usage can slip the net. With the post-pandemic proliferation of SaaS, home networks and devices making it easy to go off-grid, shadow IT is a constant prospect.
We must note that users are almost always well-meaning. They seek solutions to help them get more from the working day. But, in doing so beyond the purview of IT, the security attack surface expands incognito. Services that manage endpoint inventory, identity and permissions, network activity and compliance are essential to strong security processes.
With shadow IT, there’s one inevitability – that company data will be used incorrectly or non-compliantly. Threat actors can quickly identify unencrypted traffic and use it as a backdoor into wider IT infrastructure.
At this point, your corporate security processes should kick in and block an attack. But how much insight and data could be gathered in the meantime? New solutions are available that search for unknown endpoints, workloads and traffic. So, although you can’t control private traffic, you can isolate it from your infrastructure and promptly instruct your users.
Concerned about your security posture? Spending more time keeping up with security threats than you are developing your business? Speak to Node4 about defending your business from advanced cyberthreats.