“ WHILE EVERYONE LOVES TO TALK ABOUT THE HYPE OF ADVANCED ATTACKS , IT ’ S THE SIMPLE THINGS THAT ARE USUALLY EXPLOITED TO CREATE THE MAJOR INCIDENTS .”
TECHNOLOGY
“ WHILE EVERYONE LOVES TO TALK ABOUT THE HYPE OF ADVANCED ATTACKS , IT ’ S THE SIMPLE THINGS THAT ARE USUALLY EXPLOITED TO CREATE THE MAJOR INCIDENTS .”
IRA WINKLER CISO ,
SKYLINE TECHNOLOGY SOLUTIONS
on PC security and good passwords , while large companies have to worry about infrastructure concerns .”
According to Azzopardi , one of the key mistakes that businesses make is believing that a hack can be detected instantly . The reality is that most companies take on average of six months to detect a data breach , even a major one , as the SolarWinds incident proved . Information such as passwords , credit card details and social security numbers may already be compromised by the time a company is notified .
Azzopardi also explains how businesses , big and small , simply don ’ t attribute enough importance to the human element . That ’ s despite the fact that 95 % of cybersecurity breaches are caused by human error .
“ The main point of attack is , and will probably always be , the human element . It ’ s way easier to fool a human than it is to brute force login credentials ,” explains Azzopardi . “ The main issue with phishing is that it ’ s almost impossible to use technology in order to prevent it , instead security awareness training is perhaps our best tool and since we rely on humans to execute such a task , we must assume a significant rate of failure . It is our imperfection after all that makes us human .”
So , what should businesses prioritise in 2021 and beyond ? Azzopardi points to the basics such as antivirus , antimalware , password managers and revoking of admin rights as organisational musts . “ Throw in mandatory VPN access , regular training and exercises such as BCP testing and your organisation would already be much better prepared than most ,” he says .
He also says that API security is right up there with companies forced to make certain APIs public . As such , a priority for security teams is to “ design a robust and effective API testing strategy that doesn ’ t impede development too much while balancing security ”.
Finally , he predicts that ransomware will continue to rise , and that cryptojacking will explode . “ This is basically the process of creating a bot-net which unknowingly mines crypto for a single wallet . This can be delivered via phishing quite effectively and you will never know it ' s even there .”
businesschief . eu 175