The cybersecurity threat landscape

With the prevalence of 24-hour connectivity and modern advancements in technology, threats are evolving rapidly to exploit different aspects of these technologies. Any device is vulnerable to attack, and with the Internet of Things (IoT) this became a reality. The IoT has seen increased usage of digital communication and the increased transfer of data via digital platforms increases the risk of data interception by malicious individuals. Pervasive surveillance through digital devices is also a recent threat with the increased use of smartphones. Governments can now engage in digital surveillance of their citizenry with the excuse of providing security against potential terrorist threats. Criminals can also do similar tasks to the detriment of the targeted victims. In 2014, ESET, an internet security company, reported 73,000 unprotected security cameras with default passwords.

In April 2017, IOActive found 7,000 vulnerable Linksys routers in use, although they said that there could be up to 100,000 additional routers exposed to this vulnerability.

In 2018, Marriott Hotels disclosed that 500 million customers’ data was leaked, and in April 2020 they disclosed another data breach affecting 5 million customers.

In 2019, First American Corporation a real estate title insurer, disclosed quarters of a billion mortgage deal documents, including bank account numbers, tax records, Social Security numbers, wire transaction receipts, and driver’s license images.

In 2020, Fire one of the largest cybersecurity companies in world , disclosed that they had been hacked, likely by a government, and that an arsenal of hacking tools used to test the defenses of its clients had been stolen.

April 2021, Facebook disclosed one more data leakage this time 540 of its users data , including Mark Zuckerberg’s data…

Cybersecurity and COVID-19

The cybersecurity landscape is always evolving and presenting new challenges, but since the COVID-19 global pandemic began, the cyber landscape has shifted at rapid speeds, leaving IT security professionals around the world scrambling to adapt to the new threat landscape. This has driven the IT world to adopt innovative methods of managing the business resilience and digital needs of a fully remote workforce, for example, with the use of video conference technology.

One of those technologies is Zoom: free, accessible, and easy to use. Zoom’s user base rocketed from 10 million in December 2019 to 200 million by the end of April 2020. This rapid increase caught the attention of security researchers, who found many security issues that have cast a shadow over the product.

Of course, Zoom is not the only company to feel the pinch during the pandemic. Cybersecurity threats have heightened during the crisis, as cybercriminals look to take advantage of companies that haven’t adopted the best practices of this rapid change and, as a result, are not operating as securely as they usually would.

When a company CEO asks what the vulnerabilities in a home device have to do with their company, the Chief Information Security Officer (CISO) should be ready to give an answer. The CISO should have a better understanding of the threat landscape and how home user devices may impact the overall security that the company needs to enforce. The answer comes in two simple scenarios, remote access and Bring Your Own Device (BYOD).

While remote access is not new, the number of remote workers is growing exponentially. 43% of employed Americans report spending at least some time working remotely, according to Gallup, which means they are using their own infrastructure to access a company’s resources.

Compounding this issue, we have a growth in the number of companies allowing BYOD in the workplace. This use of unmanaged devices is opening doors for adversaries, who have shifted quickly to exploit the newly increased attack surface and overstretched IT resources. This rapid shift in the threat landscape has left organizations scrambling to scale their security systems to meet the rise in the use of personal home networks, handheld devices, and apps beyond the scope of the enterprise environment.

Keep in mind that there are ways to implement BYOD securely, but most of the failures in a BYOD scenario usually happen because of poor planning and network architecture, which lead to an insecure implementation.

What is the commonality among the previously mentioned technologies? To operate them you need a user, which is the greatest target for attack: human error is the weakest link in the security chain. For this reason, old threats such as phishing are still on the rise. This is because they attack the psychological aspects of the user by enticing them to click on something, such as a file attachment or malicious link. Once the user performs one of these actions, their device usually either becomes compromised by malicious software (malware) or is remotely accessed by a hacker.

Understanding the attack surface

In very simple terms, the attack surface is the collection of all potential vulnerabilities that, if exploited, can allow unauthorized access to the system, data, or network. These vulnerabilities are often also called attack vectors, and they can span from software to hardware, to a network, and to users (which is the human factor). The risk of being attacked or compromised is directly proportional to the extent of attack surface exposure. The higher the number of attack vectors, the larger the attack surface, and the higher the risk of compromise. That’s why many organizations prioritize attack surface management to identify and mitigate these risks effectively. It ensures their systems are protected against potential threats.

Just to give you the extent of an attack surface and its exposure, let’s look into MITRE’s Common Vulnerabilities and Exposures (CVE) database, here: https://cve.mitre.org/cve/. The database provides a list of cybersecurity vulnerabilities that have been targeted in the past, to make organizations aware of them should they use the same software or hardware systems. It has 108,915 CVE entries at the time of writing, which have been identified over the past few decades. Certainly, many of these have been fixed, but some may still exist. This huge number indicates how big the risk of exposure is.

Any software that is running on a system can potentially be exploited using vulnerabilities in the software, either remotely or locally. This applies particularly to software that is web-facing, as it is more exposed, and the attack surface is much larger. Often, these vulnerable applications and software can lead to the compromise of the entire network, posing a risk to the data it is managing. Furthermore, there is another risk that these applications or software are often exposed to: insider threat, where any authenticated user can gain access to data that is unprotected due to badly implemented access controls.

An attack surface may be exposed to network attacks that can be categorized as either passive or active, depending on the nature of the attack. These can force network services to collapse, making services temporarily unavailable, allow unauthorized access to the data flowing through the network, and other negative business impacts.

In the event of a passive attack, the network might be monitored by the adversary to capture passwords, or to capture sensitive information. During a passive attack, an attacker can leverage the network traffic to intercept communications between sensitive systems and steal information. This can be done without the user even knowing about it. Alternatively, during an active attack, the adversary will try to bypass the protection systems using malware or other forms of network-based vulnerabilities to break into the network assets; active attacks can lead to the exposure of data and sensitive files. Active attacks can also lead to Denial-of-Service (DoS) type attacks. Some common types of attack vectors are:

  • Social engineering scams
  • Drive-by downloads
  • Malicious URLs and scripts
  • Browser-based attacks
  • Attacks on the supply chain (which are becoming increasingly common)
  • Network-based attack vectors

To find out more about this topic, I would highly recommend that you download and read Verizon data breach reports: https://enterprise.verizon.com/resources/reports/dbir/.

What follows is a relevant excerpt, which indicates the various factors that shape an organization’s attack surface:

“Errors definitely win the award for best supporting action this year. They are now equally as common as Social breaches and more common than Malware, and are truly ubiquitous across all industries. Only Hacking remains higher, and that is due to credential theft and use, which we have already touched upon. Misconfiguration errors have been increasing. This can be, in large part, associated with internet-exposed storage discovered by security researchers and unrelated third parties.”

According to the Verizon breach report, hackers’ tactics and motives have not changed much over the last 5 years, with 63% of breaches launched for financial gain, and 52% of breaches featuring hacking. Ransomware attacks account for nearly 24% of attacks involving malware, and breaches continue to take a long time to be detected, with 56% taking several months or longer to be discovered. And typically, by the time the breach has been discovered, the damage has already been done.

With every passing day, the network of connected devices is increasing, and, while this growth of connectivity continues to grow bigger, the risk of exposure is also increasing. Furthermore, it is no longer dependent on how big or small businesses are. In today’s cyberspace, it is hard to establish whether any network or application is prone to attacks, but it has become extremely important to have a sustainable, dependable, and efficient network system, as well as applications. Properly configured systems and applications will help reduce the risk of attack, but we might not ever be able to eliminate the risk of attack completely.

A Business Leader’s Six Core Duties

The responsibilities of a company’s top executive are extensive and nuanced. You should be conscious that even if you lack a certain amount of flare, your confidence and will to succeed in business will more than compensate for it. Alternatively, even if you have all the ability in the world, your chances of success are considerably diminished if you lack faith in yourself and your abilities. The good news is that you may take concrete and tested methods to gain the self-assurance you need to be successful in your business ventures and profession. Regardless of the business, sector, or type of organisation, at least six functions must be performed.

The top Six core duties of a business leader

Providing overall leadership and guidance.

Businesses must be able to envision where they will be in three to five years. The process of conceiving the vision may appear straightforward on the surface. There are some factors to consider, including your competition and technical advancements, shifts in consumer preferences, and your existing position in the market.

Choosing the Right Approaches.

Following a clear understanding of your long-term goals, you may begin picking the best ways to get there. This could be seen as a means to an end, a way to get from here to there. The purchase of companies, development into new markets, and technological advances are all possible avenues for growth.

Making a Plan Come True

If you’re a board member of a huge company, you’ll need to strike a delicate balance. Making things happen without taking on all of the work alone is essential. In principle, this might seem like a cinch, but in fact, it’s a major challenge.

Setting the Right Priorities and Goals.

The framework you establish must allow you to realise your vision and put your strategies into action. Please keep it simple and not overly complicated at the same time. This becomes increasingly challenging as the size of the organisation increases.

Assisting Others in Getting Inspired

Being able to articulate your goals is critical. The ability of the leader to motivate and inspire others in the organisation is a vital aspect in whether or not the goal is reached. There will always be sceptics in any organisation, and you’ll need to persuade them.

Human Resource Management

People development must be a top priority if the company is to continue to grow. When it comes to discovering and developing the most brilliant employees, the top companies have processes in place. Creating a steady supply of new talent is essential to long-term advancement and success.

Self-Motivation

In order to motivate themselves, leaders with high degrees of self-awareness must have taken the time to study what makes them tick. As a result, they are well-versed in the theory of motivation and have figured out what motivates them personally.

An effective leader must be able to manage a variety of competing priorities. If you want to be a successful leader, you must master all of these standard leadership functions.

Top 10 Business Leader Mistakes When Trying to Inspire

Pay attention to the people around you.

Trying to encourage and motivate my team when I’m not fully engaged and inspired myself is a pitfall I’ve fallen into myself. Recognizing this in ourselves is an excellent place to start. Some coaches can help, but you might want to start by becoming more conscious of your impact on people first!

Pay attention to what’s happening outside of your control.

In the same vein as number 1 above, a business leader must be wholly focused on the circumstance or challenge at hand to achieve success. Leaders need to strike a balance between their introspection and their attention to the needs of those around them so that they can weigh their impact on a particular scenario or individual before making a choice.

Concentrate on the truth

They appreciate that the feelings and impressions of employees, clients, and other stakeholders can be just as essential, if not more significant, than the facts of a particular issue. This is why good leaders don’t simply focus on the points. When a choice must be made, they weigh all the options.

Not in touch with their inner motivations and desires

A lack of self-awareness can make it challenging for business leaders to inspire others. It is essential to know how to tap into your source of inspiration to motivate your employees.

Give no meaning or importance to what they are trying to express. 5

The current economic climate necessitates a bold, intentional strategy. Because they have a clear sense of how their work contributes to the greater good, employees are more likely to be motivated by a sense of purpose in what they’re doing.

Insufficient effort to learn about the individuals and what drives them

A combination of this and the prior error can have the greatest impact on employees. It is a lot easier to know what motivates, inspires, and engages employees if you spend some time getting to know them. To avoid making assumptions about other people, it is crucial not to assume that their goals and drivers are comparable to your own.

Rather than focusing on the long-term goal, focus on the short-term.

Don’t lose sight of the big picture when you’ve got a lot of short-term chores to complete. These are vital in monitoring and progress, but they might drive corporate executives to focus on the urgent rather than the important.

Forget that it’s a long-term process, not a one-time problem.

For many people, a task is perceived as a measure of success rather than development because of error number 7: the performance of that work. To keep employees motivated and engaged, the process of sharing and receiving feedback must be a constant one.

Be someone they’re not by pretending to be someone else.

It’s challenging to get the most out of others if you try to change yourself to achieve what you want from them. On the other hand, leaders must be agile and adaptable to meet the needs of different people and situations. As a result, effective leadership is a delicate balancing act, in the same way that a chameleon continuously adapts to its environment yet never loses its identity.

There’s no fire in my belly for this.

The subject, what needs to be done, or what leaders are attempting to accomplish can all inspire a person’s passion. The infectiousness of a leader’s passion and energy is a powerful motivator for their followers.

Exit mobile version