Treading water and a fine line

22.10.20 10:24 AM Comment(s) By Jonathan Faurie

The face of the moon was in shadow

I have been talking to my mom this week and she has been struggling to get a major South African financial institution to close my brothers trust account. It took me sending an email to a contact at the institution to get any progress made.


Here is the question, have South African workers (in general) become so complacent about customer service that they don't care about it, or has Covid-19 placed so many companies under pressure that they are treading water with high workloads and reduced staff?


Covid-19 has reduced companies to miniature versions of their former selves when it comes to staff complement. Yet, the workload that they face has either remained the same or has significantly increased in some cases. And this is just on the purely operational side of their business. This is excluding the cyber-security wildcard that every company needs to face whether they have the skills to face it effectively or not.


Significant exposure

Covid-19 made many peoples dreams come true when 70% of the worlds population were forced to work remotely in an effort to contain the spread of the virus. Certain countries in Europe are facing a second round of this as a second wave of Covid-19 because apparent.


Conducting business over unsecure networks is a challenge and a recent article shows that almost half of the worlds companies experienced cyber security incidents during the remote working period.


The article points out that half of all organizations experienced security incidents associated with remote working during the lockdown period, according to a report by Tessian. The Securing the Future of Hybrid Working report also found that phishing remained the most prevalent threat facing employees working remotely. While remote working was a predisposing factor for cyberattacks, the Tessian report found that most employees prefer hybrid working environments, with just 11% exclusively preferring office work.


Tim Sadler, CEO and Co-Founder of Tessian noted in the report that  that while remote working was an option for some employees pre-pandemic, and while some companies are more familiar with flexible working arrangements, not all employees got to experience it because of scheduling and business demands which meant they still needed to physically be in the office. Now, the majority of office workers are working from home. And it’s going to be hard for businesses to justify why their workers need to come into the office every day of the week, post-pandemic.


The report recommended that businesses should adapt to their employees’ needs to guarantee the safety of the organizations’ systems.


Remote working arrangements responsible for increased security incidents

The article added that the report found that 75% of IT decision-makers believed that hybrid or remote working was the future of the workplace. Hybrid working environments allow employees to choose between working in the office or at remote locations of their choice.


However, 85% of IT leaders also believed that hybrid and remote working plans led to an increase in the number of security incidents recorded between March and July 2020.


During this period, a third of organizations experienced ransomware attacks while half experienced a data breach or a security incident.


Insider threats more prevalent in hybrid and remote working plans

The article pointed out that remote working exposed businesses to insider threats, according to 78% of the respondents. IT leaders believed that a remote employee was more likely to use an infected personal device or share sensitive data with personal accounts while working from home.


Data highlighted that insider threats were responsible for 43% of the security incidents recorded. Results for the same period also showed that 27% of the IT leaders reported more security breaches related to insider threats.


There was also a 25% increase in the number of remote workers trying to exfiltrate data from the corporate networks.


Businesses’ security is under threat as employees feel they can get away with riskier behaviors when working away from the office and hackers are taking advantage of the shift, noted Sadler. With remote, or hybrid, working arrangements set to stay for the longer term, businesses need to ensure their staff are able to work safely and efficiently, regardless of their environment.


Reliance on emails responsible for the rise in phishing attacks

The article pointed out that reliance on emails opened an attack surface that the threat actors were eager to exploit. The Tessian report showed that 57% of the remote workforce mostly relied on emails for communication. Another 57% and 67% relied on instant messaging and video conferencing, respectively.  Tessian recorded over 128,000 malicious emails during the past five months compared to 44,000 during the last period.


More than three-quarters (78%) of remote workers said they had received a phishing email while working on personal devices. And 68% admitted to clicking on the malicious links or downloading the attachments contained in such emails.


Consequently, phishing remained the most popular attack method and was responsible for almost half (49%) of all the security incidents.


The article added that voice phishing (Vishing) and SMS phishing (Smishing) were responsible for 24% and 29% of the security incidents recorded respectively. Overall, phishing was responsible for 30% of all ransomware-related security incidents recorded during the period.


Mitigating the risks associated with remote working

The article pointed out that, given that this hybrid working model may be for the longer term and perhaps the new normal for businesses, security teams will need to adapt and implement robust and sustainable security controls.


An important first step is educating people the threats they could face and providing training on safe remote working behaviors – something nearly a third of companies said they did not do at the start of the lockdown period this year, recommends Sadler.


IT teams also need greater visibility into the employee behaviors that could compromise cybersecurity. A previous Tessian study found that employees feel as though they can get away from unsafe data practices when working remotely because they aren’t being watched by their IT teams. IT teams need insight into their riskiest and most at-risk employees in order to tailor training and policies and improve people’s behaviors over time.


Businesses should also deshame the reporting of mistakes by creating a security culture that encourages employees to report their mistakes to the IT team, as well as reporting when they receive malicious emails. Otherwise, these mistakes will continue happening – and IT teams are none the wiser about how or why security incidents are happening.


Lastly, businesses need to ensure new security solutions and policies do not hinder employee productivity. People want flexibility, and all too often security can disrupt their workflow and stand in the way of them getting their jobs done. Security solutions that sit in the background, silently learning the behaviors of each individual employee over time so that they can detect and alert people to threats as and when they occur, will be invaluable to stopping people making mistakes that compromise cybersecurity.


Low hanging fruits

Like South Africa, many countries around the world depend heavily on small and medium businesses (SMBs) to drive their economy. However, it is these companies that are most at risk to cybercrime.


The article points out that Research Reveals Key SMB Cybersecurity Trends SMB cybersecurity concerns include skills gaps and the safety of remote workers’ devices.


While COVID-19 has brought huge disruption and uncertainty this year, cybersecurity still remains a top priority and focal area for small and midsize businesses (SMBs). At least, that’s what our new research reveals.


Channel Futures has just released its second annual cybersecurity report, Creating Opportunity From Adversity: The State of SMB Cybersecurity in 2020, which draws upon responses from 700 IT and business decision-makers in SMB organizations across the United States, the United Kingdom, Canada, Australia and New Zealand. This year’s findings show us how SMBs are becoming more cybersecurity-conscious, and are driving new levels of investment in cybersecurity to protect their businesses tomorrow. Let’s dive into some of the key takeaways and potential opportunities for MSPs.


 Key Findings

The article points out that a lot has changed in the past year, but one thing that has remained constant is how cybersecurity continues to be top of mind across the SMB community. In fact, 86% of SMBs say that cybersecurity is within their top five priorities for their organization. This is also reflected in how SMBs are investing in cybersecurity. Almost three-quarters (73%) of SMBs plan to invest more or much more in cybersecurity in the next 12 months. And this investment is mainly driven by perceived risk: 60% of SMBs claim they will invest more in cybersecurity because it reduces risk for their organization.


This year’s research also highlights how there’s a widespread cybersecurity skills gap among SMBs. Over half of SMBs surveyed (52%) agree they lack the in-house skills necessary to properly deal with security issues, and 57% report lacking cybersecurity-specific experts in their organization.


The article adds that this evident skills gap, however, is helping drive the adoption of outsourced services—creating more opportunities for MSPs. Almost six in 10 SMBs (59%) believe that all or a majority of their cybersecurity needs will be outsourced in five years’ time, and 49% of SMBs find more cybersecurity expertise as an added benefit of working with an MSP.


New Cybersecurity Trends in 2020

So, what is different and new from last year? For one, cybersecurity expertise—or, more importantly, the lack of it—can have serious consequences for MSPs in an increasingly competitive market.


The article points out that more than nine in 10 SMBs (91%) say that they would consider either using or moving to a new MSP if they offered the “right” cybersecurity solution. But what does that “right” solution look like? Well, 68% of SMBs say it’s confidence in an MSP’s ability to respond to security incidents, while 58% say it’s confidence to minimize damage or loss. For SMBs focused on finding the right offering, the odds may favor MSPs who can reinforce confidence in their capabilities and their cybersecurity offering.


And, of course, we’d be remiss if we didn’t mention COVID-19 and the impact that it has had on both MSPs and your clients. We’ve already experienced how the pandemic has resulted in an increase in cyberattacks, but it did not significantly impact respondents’ views toward prioritizing cybersecurity. Yet, with new environments, such as remote workforces, this also brings new concerns for SMBs: 79% are worried about their remote devices or remote employees being breached.


The article adds that, if we look at the silver lining, these expanding remote workforces can also present new areas of growth for MSPs. And this theme of new opportunities is a common one in this year’s research. There’s an increased market opportunity for MSPs who participate in ongoing cybersecurity training, who stay up to date on the latest threats, and who can instill confidence and build closer relationships with clients. MSPs who can master the balance among people, processes and cybersecurity technology will be strongly positioned for growth–not only post-pandemic, but for many years ahead.


On the one hand, SMBs are under pressure trying to come to terms with this challenge which is a headache. On the other hand, there is no excuse for these companies as cyber security protocols do not need to be complicated.


SMBs are not immune to cyber-attacks, in fact they’re often deliberately targeted by hackers as they regularly fail to prioritise or invest in cyber security and are viewed as an easy target.


The article points out that the UK National Cyber Security Centre reports that if you’re an SMB, then there’s around a 1 in 2 chance that you’ll experience a cyber security breach. In recent surveys SMBs state that lack of cyber security personnel (74%) and lack of budget (55%) remain the biggest challenges to improving cyber security. These two key challenges can be addressed by focusing on the following areas:


Security Leadership and Resources

The article adds that the majority of SMBs are aware that cyber security is a critical focus area, although 74% of SMBs do not have sufficient in-house expertise to deal with security issues and keep up with the ever-changing cyber security threat landscape. It can be a struggle to recruit dedicated cyber security resources and expertise due to the high cost and scarcity of good candidates and a dedicated permanent cyber security resource may be overkill for what is actually needed.


A number of businesses have overcome this problem by using a third party Virtual Chief Information Security Officer (vCISO) service. This on-demand security leader operates as an integrated member of the team to provide cyber security leadership and support, define the security roadmap, drive key security initiatives forwards and help manage security incidents. This is achieved via a combination of scheduled and flexible time tailored to the organisations requirements, delivered over a few days a month or on a more regular basis. Importantly, the organisation only pays for the time and effort required.


The article points out that this outsourced vCISO can help SMBs rapidly improve their cyber security posture including identifying the key cyber issues and risks that could impact on their business, implementing cost effective cyber security controls and effectively dealing with cyber security incidents should they occur.


Employee Education and Awareness

The article adds that many organisations are over-confident in their investment in traditional IT security controls and overlook the contribution their employees could make in improving the security of the organisation. IBM reports that 95% of cyber-attacks involve human error and yet 7 out of 10 businesses do not invest in cyber security awareness training. Phishing attacks remain the most common and successful method used by hackers against SMBs.


Expecting employees to have cyber security knowledge and the ability to keep up with a rapidly evolving cyber security threat landscape is both unfair and unrealistic. Providing employees with the knowledge and understanding of the cyber threats that they are frequently exposed to including phishing, ransomware, malware, social engineering and accessing insecure networks will help them become a security asset and the first line of defence against cyber security attacks.


The article adds that, getting this right involves changing the culture and behaviours within the organisation, not just increasing awareness. The best way to achieve this is through implementing an Information Security Education Awareness and Training programme. This should include phishing simulations and tailored online training and awareness campaigns that reflect the cyber threat landscape in which the business operates. The programme should be delivered in a continuous manner with the right level of detail to reduce any impact on the day job.


This programme will provide employees with a heightened understanding of cyber security threats and empower them with the knowledge of how to spot, avoid and report them, reducing exposure to cyber security attacks and breaches.


The article points out that the impact of a successful cyber-attack on an SMB business can be devastating in terms of cost, business downtime and disruption, reputational damage, and loss of confidence in the business from customers, partners and suppliers. Some SMBs, due to the nature of their business, may also be exposed to potential legal and regulatory censure.


Deploying cost-effective cyber security resources and educating staff can help SMBs reduce cyber risk and exposure to cyber-attack.


Use a valuable ally

Because skills are a problem, many SMBs are using artificial intelligence to help them fight cybercrime. The problem with this is that this is far from fool proof!


The article points out that three cybersecurity experts explained how artificial intelligence and machine learning can be used to evade cybersecurity defenses and make breaches faster and more efficient during a NCSA and Nasdaq cybersecurity summit.


Kelvin Coleman, the Executive Director of the National Cyber Security Alliance, hosted the conversation as part of Usable Security: Effecting and Measuring Change in Human Behavior on Tuesday, Oct. 6.


Elham Tabassi, Chief of Staff Information Technology Laboratory, National Institute of Standards and Technology, was one of the panelists in the “Artificial Intelligence and Machine Learning for Cybersecurity: The Good, the Bad, and the Ugly” session.text


“Attackers can use AI to evade detections, to hide where they can’t be found, and automatically adapt to counter measures,” Tabassi said.


Tim Bandos, chief information security officer at Digital Guardian, said that cybersecurity will always need human minds to build strong defenses and stop attacks.


“AI is the sidekick and security analysts and threat hunters are the superheroes,” he said.


Here are three ways AI and ML can be used in cybersecurity attacks.


Data poisoning

The article points out that Tabassi said that bad actors sometimes target the data used to train machine learning models. Data poisoning is designed to manipulate a training dataset to control the prediction behavior of a trained model to trick the model into performing incorrectly, such as labeling spam emails as safe content.


There are two types of data poisoning: Attacks that target a ML algorithm's availability and attacks that target its integrity. Research suggests that a 3% training data set poisoning leads to an 11% drop in accuracy.


The article adds that with backdoor attacks, an intruder can add an input to an algorithm that the model's designer does not know about. The attacker uses that backdoor to get the ML system to misclassify a certain string as benign when it might be carrying bad data.


Tabassi said that techniques for poisoning data can be transferred from one model to another. 


"Data is the blood and fuel for machine learning and as much attention should be paid to the data we are using to train the models as the models," she said. "User trust is influenced by the model and the quality of the training and the data that is going into it."


The article points out that Tabassi said the industry needs standards and guidelines to ensure data quality and that NIST is working on national guidelines for trustworthy AI, including  both high-level guidelines and technical requirements to address accuracy, security, bias, privacy, and explainability.


Generative Adversarial Networks

The article points out that Generative Adversarial Networks (GANs) are basically two AI systems pitted against each other—one that simulates original content and one that spots its mistakes. By competing against each other, they jointly create content convincing enough to pass for the original.


Nvidia researchers trained a unique AI model to recreate PAC-MAN simply by observing hours of gameplay, without a game engine, as Stephanie Condon explained on ZDNet.


Bandos said that attackers are using GANs to mimic normal traffic patterns, to divert attention away from attacks, and to find and exfiltrate sensitive data quickly.


"They're in and out within 30-40 minutes thanks to these capabilities," he said. "Once attackers start to leverage artificial intelligence and machine learning, they can automate these tasks."


The article adds that GANs also can be used for password cracking, evading malware detection, and fooling facial recognition, as Thomas Klimek described in the paper, “Generative Adversarial Networks: What Are They and Why We Should Be Afraid.” A PassGAN system built by machine learning researchers was trained on an industry standard password list and was eventually able to guess more passwords than several other tools trained on the same dataset. In addition to generating data, GANs can create malware that can evade machine learning-based detection systems.


Bandos said that AI algorithms used in cybersecurity have to be retrained frequently to recognize new attack methods.


“As adversaries evolve, we have to evolve as well,” he said.


He used obfuscation as an example, such as when a piece of malware is mostly built with legitimate code. A ML algorithm would have to be able to identify the malicious code within it.


Manipulating bots

The article points out that Panelist Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, said that if AI algorithms are making decisions, they can be manipulated to make the wrong decision.


"If attackers understand these models, they can abuse these models," he said.


Foss described a recent attack on a cryptocurrency trading system run by bots.


"Attackers went in and figured out how bots were doing their trading and they used the bots to trick the algorithm," he said. "This can be applied across other implementations."


Foss added that this technique is not new but now these algorithms are making more intelligent decisions which increases the risk of making a bad one.


Where we fit in

So where does GTconsult fit in?


We offer a range of cyber security services that will ensure that you are protected against any threats. We also have our A-Team which will assist you with any concerns you have. Contact us today to find out more. 

Jonathan Faurie

Share -