Corporate IT security teams are often accused of being too reactive in their approach to threat defense. Yet it’s unfortunately all too easy to fall into a vicious cycle of firefighting incident after incident, given the scale and sophistication of modern threats. In the US, 2021 was a record year for reported data breaches, while in the UK, a recent government report revealed that two-fifths of businesses had suffered a cyber-attack over the previous 12 months.
The truth is that today’s threat actors have multiple avenues for attack and a large potential target as organizations build out their internet-facing digital infrastructure. Let’s take a look at the five of the most common ways companies can be breached and how data-centric security could help minimize cyber risk.
1. Vulnerability exploitation
Last year was also a record 12 months for newly published vulnerabilities. A total of 20,142 were listed in the US National Vulnerability Database (NVD), the fifth year in a row an all-time-high had been reached. Given that many organizations struggle to prioritize and patch all of their current and legacy software bugs, there’s ample opportunity for threat actors to fire out exploits via email, web pages, instant messages and other channels. Combined with carefully selected malware, they can open the door to ransomware, cryptojacking, banking Trojans, botnet compromise and much more.
2. Insider attacks
Insiders are often overlooked as a serious threat vector. Yet while they accounted for only 18% of data breaches last year, their ability to fly under the radar of many security tools makes them particularly costly and destructive. One report estimates insider threat incidents rose by a third last year to cost over $15m on average. They also took longer to contain: 85 days on average. Threats can stem from malicious, negligent or compromised users. In deliberate incidents, data is often stolen before or just after an employee has left for a rival company, or is sometimes destroyed in an act of sabotage or revenge.
3. Misconfigured systems and IT skills shortage
As digital transformation efforts spiral, the world is undergoing an IT skills shortage, particularly in cybersecurity. The latest estimates claim over 2.7 million new workers are needed to fill these gaps. At the same time, IT environments are becoming more distributed and complex. Most organizations now run hybrid clouds from multiple providers. What this means in practice is that they’re unable to keep up to date with the dizzying speed of new feature releases. Misconfiguration is rife. Cybersecurity professionals say it was the number one cause of cloud security incidents in 2021. And it’s not just in the cloud where human error is creating extra cyber risk. Remote desktop protocol (RDP) endpoints with misconfigured access controls are a top vector for ransomware. Threat actors are now actively scanning for misconfigured systems to exploit.
4. Phishing
Social engineering remains one of the cheapest, quickest and most effective ways for threat actors to compromise corporate networks. Phishing reigns supreme, with emails either designed to harvest user credentials or silently deploy malware to corporate machines. Cyber-criminals are also turning to IMs, social media messages, texts and even scam calls to get what they want. A quarter of breaches last year were the result of social engineering attacks. Training and awareness programs are improving, but scams are increasingly hard to spot, and it takes just one misplaced click to compromise an entire organization.
5. Supply chain attacks
Nearly two-thirds (62%) of system intrusion incidents last year came through an organization’s partner. Too often companies double down on internal security only to forget about those many suppliers which may have access to their networks and critical data. Cybersecurity executives claim that 93% of global organizations suffered a breach last year due to weaknesses in supply chain security. Digital supply chains open up an even bigger potential attack surface, especially the use of third-party open source code which may be riddled with vulnerabilities.
The value of data-centric security
Faced with such odds, many security teams are constantly on the back foot. Yet a more proactive effort is possible, by starting with data security. Thanks to human error in its many guises – password misuse, misconfigured systems, error-riven code and inadequate supply chain checks – the bad guys will always find a way into corporate networks. Yet if organizations can automate the discovery, classification and protection of their most valuable data assets, wherever they’re located, they’ll be able to create a solid foundation on which to build an effective security strategy.
It means that even in the event of a worst-case scenario, threat actors will not be able to monetize what they’ve stolen. And if that data is also backed up, it will significantly reduce the impact of ransomware. Cyber risk is everywhere today. Mitigating it effectively starts with data encryption and tokenization.