Innovation Highlights

Cybersecurity Update: Hacking Humans and Managing the Threat Surface

Spread the love

“I’m not really worried about cybercrime; our organization isn’t big enough to be a target.” If I had a dollar for each time I heard someone say that, I’d be a very rich man.

The reality is that no one can escape the threat of a cyberattack. Today’s cybercriminals operate from a global stage working with an entire ecosystem of tools and services designed to disrupt legitimate business and sell off valuable data to the highest bidder. This is a growing multi-billion dollar industry that didn’t exist 15 years ago. Company size won’t protect your organization. Life in the 21st century simply requires you to be proactive and prepared when it comes to security.

Cybercriminals operate in two distinct ways: targeted and untargeted attacks. Targeted attacks are just what they sound like. They take aim and precisely strike a victim that has something specific the hacker wants to steal or hold for ransom. These are many of the major breaches that often make headlines.  For these types of cybercrimes, there is often a complex set of techniques the attacker will use to get to their target. The 2015 nation-based attack on Sony Entertainment is an example of this type of warfare.

An untargeted attack takes a broad, automated approach out into the cyberworld and sees what it catches, a “dragnet” approach. This can impact an organization of any size, even a single individual. In this situation, the criminal is just trying to get to and exploit whatever they can find. They might lock your computers and only provide access after you pay a bitcoin fee. They could steal data and back out of your network without you being aware until much later.  It is paramount to be prepared for either style of attack by managing your threat surface.

One cybercrime approach that may seem less glamorous, but no less effective is social engineering, also known as the art of hacking humans. Many of the attacks we see today have nothing to do with technological tweaks or complicated technology, rather they are straight-up cons gone digital. The cybercriminals are manipulating humans in an old-fashioned way, persuading them to take action over the phone or via email. Weaponized email can convince you to click and open a file or link to unleash malware onto your network.  A telephone call claiming to be from the IRS demands thousands of dollars be wired for taxes owed. For financial institutions, attackers are spoofing a client’s email address to authorize wires out of the client’s account.

Rolta|Advizex’s proven approach to cybersecurity is designed for today’s threat landscape and will continue to organically evolve for years to come. Rolta|Advizex has always looked at the big picture when it comes to security. Business can’t be impacted by our security recommendations. We help our customers always stay vigilant, keep an eye on the threat landscape, and keep business moving at internet speed. Think of it as keeping an eye on your mobile devices and sensitive data in the same way you’d keep an extra tight hand on your purse or wallet when walking in a big city.

It is easy to feel your organization isn’t likely to be a target of a cybercrime and maybe it isn’t on the radar for a targeted attack but remember that many criminals are opportunistic. The Internet of Things (IoT) has put smart devices in virtually every room of our homes. Many business professionals connect their personal devices to their company’s network and vice versa. The routes to access corporate data have never been so diverse.  A company’s security plan must be paying attention to what employees are accessing and the vulnerabilities in those applications, systems, networks, and processes. This is where Rolta|Advizex’s data-centric security delivers real value.

Our approach protects your most sensitive data by layering security throughout 5-layers in your stack: Data, Identity, Network, Platform, and Governance. For a complete overview of our Data-Centric Security Model, including best practices for success, I encourage you to listen to our Data Security Webinar. Our layered approach to security enables us to protect your assets even as new threats and approaches are introduced and upset the security landscape.

It is important to realize that you can’t protect everything all the time. A unified security strategy combines what’s possible with what’s really important. For your most valuable data, that means it should be encrypted at all times and accessed only by authorized personnel. Encryption is a key component of security, but people tend to feel that encryption is complicated. At Rolta|Advizex we know that encryption is actually easy when the right tools are used. Our security solution incorporates the encryption tools from Thales eSecurity. Thales offers what we consider the best encryption technology in the industry that will literally encrypt anything. Additionally, they are experts at key management, which keeps all your encryption keys together so that you don’t have different encryption keys stored in 14 different places. If the cybercriminals manage to break through all your security layers and get to your data and they’ll find it encrypted, which makes that data useless to them.

Another key factor in a security plan is managing your threat surface. Using file access to manage your data to least privilege cuts down who has access to your data and the chances that it could be accessed and ransomed by a cybercriminal. Varonis Systems has one of the coolest ransomware combatting mechanisms on the market today. A record is kept of how individuals normally use files, establishing a normal behavior for each user. If a cybercriminal gains access to files and uses them in a way that is different than “normal,” Varonis will immediately lock down the account. Anywhere sensitive data is stored, Varonis can help manage who has access to that data and learn the “normal” behaviors of each user and use that information to respond immediately when something that is not normal occurs. Once again shutting down opportunity for cybercriminals.

Cybercriminals are not taking a vacation, and neither is Rolta|Advizex. Our security experts are vigilant, so you don’t have to be, and our security model is built in such a way that new threat approaches are stopped in their tracks. ▪