The Four (4) Horsemen of Cybersecurity

Ever wondered what the top 4 ‘horsemen’ are, which exposes small and medium-sized enterprises to 90% of cyber threats, vulnerabilities, and successful attacks? Read further to learn more, including actionable countermeasures that are customizable for any organization.

Cybersecurity influences the day-to-day business decisions of many organizations in today’s digital age. It is a widely-known fact that the paramount nature of cybersecurity attracts adversaries, who continuously engineer sophisticated tools and deploy malicious tactics, techniques, and procedures (TTPs) at a much faster rate than organizations realize. These TTPs, although diverse in mechanism, are geared towards the exploitation of the three tenets of cybersecurity: confidentiality, integrity, and availability.

Security researchers suggest that if organizations can adequately secure and protect against four critical threats, then they can cut down close to 90% of the chances of becoming a victim of cyberattacks.

Let’s analyze how GoldSky Cyber Security can help you understand what these four horsemen lurking within the cybersecurity are:

Human Error

Humans are known to be the weakest link in the security chain. An IBM report states that human errors are the most common aspect of cybersecurity, which results in 95% of all attacks. The term “Human Error” pertains to ignorance, mistakes, and negligence or recklessness as it relates to cybersecurity best practices and system misconfiguration. A good example of a human error-based attack was the infamous scam against the cable-wire manufacturer, Leoni AG, which resulted in an email phishing attack and a loss of $44 million.

Image Source:
https://www.ekransystem.com/en/blog/how-prevent-human-error-top-5-employee-cyber-security-mistakes

Impact: Leoni AG lost $44 million in electronic wire fraud, and the company’s stocks dropped by almost 7% following the attack. As it’s evident from the image below, large portions of human errors are rampant in Very Small Businesses (VSBs) and Small to Mid-sized Businesses (SMBs).

Image Source:
https://www.kaspersky.com/blog/the-human-factor-in-it-security/

What Control Measures Can Organizations Adopt?

According to a recent Ponemon study, 78% of organizations agreed that they had experienced a data breach due to human negligence or malicious employees. Although it is a known fact that “to err is human,” a functional method to mitigate the effects of human mistakes is to deploy realistic and holistic strategies and controls, such as:

  • Detective control: the best way to detect human errors is to monitor and watch out for potential threats and vulnerabilities continuously. Being vigilant helps to eliminate half of the risks.
  • Preventive control: attacks can be prevented by being foresighted and educating employees well in advance via robust security awareness training. Additionally, organizations must endeavor to implement security policies and standards that will adequately institutionalize access control mechanisms.
  • Corrective control: to err is human, to correct is divine! Therefore, it is critical to introduce a ‘ Knowledge Sharing’ or a ‘Lessons Learned’ culture among employees. This single process will help to reduce the learning curve, thus saving organizations from costly human mistakes.

Unpatched/Outdated Systems

Not updating a system means that it still runs on the old code for which the attackers have already devised hacking schemes. An irregular software, application, or operational system maintenance is one of the most significant baits for inviting cyber adversaries.

Example: The spread of Petya and the WannaCry ransomware worldwide is attributed to EternalBlue, which exploited a Microsoft vulnerability. In May 2017, it spread through several networks, compromising the computers running on an unpatched older version of the Microsoft Windows operating system.

Impact: The WannaCry impact was global, resulting in a compromise of more than 230,000 computers in more than 150 countries, costing nearly $4 billion in financial losses to individuals and organizations. Surprisingly, the US tops the list with most of the EternalBlue vulnerable internet-connected devices.

What Control Measures Can Organizations Adopt?

A simple solution to the problem of outdated or unpatched systems is applying vendor patches, as soon as they are available. Organizations may have many unpatched systems because of employee negligence, lack of automation, absence of policy and procedures around patching and system configurations, etc. However, Here’s how to detect and halt the adverse consequences of an unpatched system:

  • Detective control: develop an automated alert mechanism via email notifications or system pop-up pages, aimed at escalating patching requirement updates to all relevant stakeholders within your organization. Additionally, it is imperative to monitor patch releases from vendor sources, as there are specific periods in the month when significant patches are released, such as Patch-Tuesdays, which is sponsored by Microsoft.
  • Preventive control: to prevent lapse of system update, set reminders or regularly checks to ascertain that you’re using the latest version of firmware or software. The BEST way is to keep the auto-update turned ‘ON.’

Corrective control: immediately update or patch your systems or install the latest version once you notice that vendors have released a patch or update.

Credential/Access Control Error

Image Source:
https://www.f5.com/labs/articles/threat-intelligence/application-protection-report-2019–episode-2–2018-breach-trend)

It is clear from the image above that inadequate access control mechanisms, such as weak passwords management, inappropriate role-based access, and inadequate end-user training, are one of the top causes of rampant cyber attacks today.

Example: In 2016, Dropbox experienced a data breach, which led to the compromise of many user credentials. Following several forensic analysis of this incident, security specialists discovered that a Dropbox employee was involved in the recycling of passwords at work.

Impact: Although Dropbox secures passwords using a strong hashing function known as bcrypt, the security breach led to the compromise of 60 million user credentials, which included user’s email ids and passwords. Though there were no significant financial losses since the passwords were encrypted, it surely earned a bad name for the company resulting in reputational damage to Dropbox.

What Control Measures Can Organizations Adopt?
  • Detective control: identify the group of employees who need to have access – this is known as the ‘Need To Know’ principle – to particular files and share minimum accessibility (this is known as the ‘Least Privilege’ principle). Therefore, incorporating a ‘Need to Know’ and ‘Least Privilege’ principle within your organization ensures that you have an updated access control list, which helps to manage those who have access to critical company assets.
  • Preventive control: the use of strong passwords, multi-factor authentication mechanisms, segregation of duties, etc., can be implemented as preventive measures against cyber attacks. At GoldSky, our equipped cybersecurity engineers are positioned to develop and manage critical procedures relating to preventive security controls across diverse levels of an organization.
  • Corrective control: It’s never too late to correct a mistake. Change or update your access management policies and procedures, if you still have the same ‘issue’ popping up for every time.

Social Engineering

Social engineering is the manipulation of end users and convincing them to divulge sensitive information. This threat becomes exploitable when there is a lack of security awareness training (tabletop planning exercises), compensating controls, and redundant security controls.

Example: In 2013, a massive social engineering attack on Target’s point-of-sale (POS) systems resulted in hackers getting hold of more than 40 million customers’ credit and debit card details.

Impact: malicious actors were able to steal sensitive payment card information. Additionally, the Personally Identifiable Information (PII) of an additional 70 million customers were compromised. Later, Target was fined $18.5 million in a multi-state settlement to resolve state investigations.

What Control Measures Can Organizations Adopt?
  • Detective control: this includes basic security instructions, such as being cautious of suspicious emails, restricting sensitive access from unauthorized parties, and implementing cybersecurity awareness training across an organization’s workforce to proactively detect social engineering threats. For advanced computing environments, enterprises should invest in artificial intelligence and machine learning algorithms to realize mature anti-phishing and anti-malware
  • Preventive control: invest in anti-virus, email filtering, and anti-phishing solutions. Educating employees and training them on how to respond and report to social engineering attempts, as end-users are the first in the line of defense against these types of attacks, which are responsible for 98% of cyber attacks around the world.
  • Corrective control: perform a ‘root cause analysis,’ most probably this is high time to change your security solution provider (the ‘technology’ issue), or the training provides (a ‘training’ issue). Our GoldSky Security Professionals are readily available to leverage our in-house expertise to ensure that your organization’s cybersecurity posture is up-to-par with the major industry standards.

In Closing

As more employees continue to migrate towards virtualized operational environments, cyber-attacks has become the greatest threat to organizations within the digital arena. Oftentimes, small and mid-size organizations assume that cybersecurity controls are unaffordable and only available to larger organizations. However, such a notion is simply incorrect. Thus, understanding the security best practice to protect critical assets against human error, unpatched systems, access control errors, and social engineering will help to secure a significant aspect of any organization.

Therefore, it behooves any organization to consult with competent third-parties as it relates to the implementation and management of the detective, corrective, and protective controls as it suits the computing environment’s current state.

With offices in Denver, Orlando, Tampa, Nashville and Washington D.C GoldSky offers reliable 24/7/365 security solutions to the entire US.

Get in touch to learn more about how GoldSky can keep your data secure today. 



NEED A CYBER SECURITY CONSULTANT?

Contact GoldSky Security Today!

This information will never be shared for 3rd party use