Cracking the Human Code in Cybersecurity

There is an urgent need for organizations to adopt comprehensive cybersecurity strategies.

Asian economies have been widely recognised for their readiness in adopting digital technologies, often leapfrogging their Western counterparts. But the gold rush towards digital transformation has made the region a progressively fertile ground for cybercrimes, with an unsurprising 15% uptick in cyberattacks in 2023. With the evolving sophistication of threats and barrage of sensitive data coursing through our data-driven economy, this has made combatting cyberattacks more challenging than ever.

While cyber security teams have their hands full constantly updating their defences with the latest tech such as AI, they often continue to overlook a critical vulnerability: the human element. The age-old warning of Aesop’s fable of a wolf in sheep’s clothing rings true in this context, with hidden threats often lurking among an organisation's assets. In this context, an organisation's Security Operations (SecOps) team acts as the shepherd, working tirelessly to guard the herd against cyber wolves. However, unknown to them, a disguised threat may be hiding amongst their ranks. It only takes one hungry wolf in sheep’s clothing – an insider threat or a cyberattacker with insider credentials – to blend in and find the opportune time to wreak havoc. This challenge is particularly pronounced in our cyber world, where a single successful cyber infiltration can result in catastrophic disruptions to businesses.

The rise of remote work and a bring-your-own-device culture has not helped the cause. With an organisation’s weakest link being its employees, a growing trend towards remote work aggravates the plethora of endpoints cyberattackers can now target. Compounding this issue, 40% of Asia-Pacific employees have also expressed a strong preference for remote working – which essentially means that there is potentially a 40% increase in employees being targeted through unassuming schemes such as phishing emails and social engineering tactics.

So this begs the question, what can organisations do to prepare for when – not if – the bad day comes?

Start with the Endpoint

The unfortunate reality is that many breaches result from well-intentioned employees seeking to satisfy customers and deliver timely results.

For instance, a marketing manager faced with tight campaign deadlines might opt to download marketing materials from a third-party website onto their work devices, inadvertently introducing potential malware or other security risks to the company’s network. Likewise, a customer service representative could be pressured to access sensitive customer information from their personal device to resolve a customer complaint, making it susceptible to unauthorised access.

Based on a recent study we undertook, 62% of organisations in Singapore reported suffering a loss in sensitive data last year, with a jarring 70% attributing this to unregulated data access within their organisations that violate data policies. Granted people are the lifeblood of any organisation, but with the growing importance and quantity of data, everyone has the potential to be a weak point in a business’ cybersecurity posture.

Ransomware is also evolving and getting more complex each day. For example, remote encryption – one of the newest ransomware attack vectors on the block – is increasingly being used to compromise endpoints by encrypting data on other devices on the same network. To address this, organisations should review their endpoint security and policies around unmanaged devices to ensure that endpoints are sufficiently protected. The more devices that go unprotected or under-protected, the greater the risk of remote ransomware.

That said, no approach is 100% effective, and it only takes one compromised device for such an attack to be successful. It is now imperative for companies to embrace an “assumed breach” mindset, where detection, response and recovery capabilities are prioritised and done proactively to safeguard systems and data.

The inevitable breach

This mindset begins with recognising that cyber attackers can circumvent all perimeter defences. With this understanding in mind, businesses can prepare themselves for the inevitable D-day moment when a ransom note appears on the screen.

A fundamental step towards adopting this mindset is to implement a Zero Trust data security model. With this approach, trust is never implicit, and access to information is strictly limited to the least privilege necessary. As such, this significantly curtails the attacker’s ability to manoeuvre through the network, systems and storage – even in cases of compromised user credentials.

A Zero Trust data protection strategy must include logically air-gapped, truly immutable and access-controlled data backups, that can be transformed into proactive defences against attackers with  regular threat monitoring and hunting of mission-critical and sensitive data. Another critical step in this direction for faster data recovery and business service restoration is being able to swiftly identify compromised data and safely restore it to a clean state.

Fortifying cyber defence systems requires a multi-pronged approach incorporating proactive measures, continuous vigilance and innovative solutions. While it is paramount to implement cyber security defences to stay ahead in this ongoing battle against cyber adversaries, being prepared with a robust Zero Trust cyber recovery and data protection strategy is equally essential in cracking all codes of cybersecurity.

This assures that even if the wolf infiltrates the herd, akin to the fable, it will not last till dinner.