COMMERCIAL NEWS
Cyber criminals ‘exploiting employee behaviour’
May 22, 2017 11:20 AM
Browser-based attacks and social engineering are now the two most powerful techniques targeting organisations a report said highlighting that both techniques prey upon users as their initial point of entry....
Browser-based attacks and social engineering are now the two most powerful techniques targeting organisations, a report said, highlighting that both techniques prey upon users as their initial point of entry.
“Cyber criminals are going after the weakest link- the employee. Unfortunately for organizations, this means that even after they have invested heavily in IT security technologies, poor security awareness among employees can still result in their systems being breached,” explained Ned Baltagi, managing director, Middle East & Africa at SANS Institute, a top provider of cyber security training and certification.
“Social exploits are becoming more sophisticated than ever before and even employees with the best intentions, can severely compromise the cyber security of their organisations,” he added, commenting on SANS Institute’s recent survey titled ‘SANS 2017 Endpoint Risks and Protections’.
While users represent the top target leveraged by attackers, vulnerabilities such as misconfigurations or software flaws were also commonly leveraged in attacks against the endpoints, ranking as the third most common source of significant compromise, according to survey respondents. Such vulnerabilities have been responsible for a number of large-scale attacks including the very recent and infamous WannaCry which is considered to be the most successful ransomware campaign to date.
According to the survey, 53 per cent of respondents have knowledge of impactful compromises starting at their endpoints in the past 24 months. And that total doesn't include the 37 per cent who don't know whether they've been compromised or not during that timeframe.
Of the 53 per cent of significant breaches that respondents knew about, just 48 per cent were detected through endpoint detection and response (EDR) solutions. The remainder of detections were not directly from endpoint solutions, and included such sources as log analysis, security information and event management (SIEM) system alerts, cloud-based monitoring, and even third-party notification.
"The farther from the endpoint a breach is discovered, the more time it has to pivot from system to system and increase the impact of the breach," said SANS analyst G W Ray Davidson who authored the report.
“As organizations develop sufficient maturity, they should automate remediation activities as much as possible, because the scope of a breach can quickly outpace remediation efforts.
"Organizations must devote more resources to user education and to monitoring activities that result from user behaviour. The insider threat is no longer just the malicious actor with unauthorized access; well-intentioned but naive employees can be just as dangerous,” he added. – TradeArabia News Service
 + 10000000) + '&millis=' + new Date().getTime() + '&referrer=' + encodeURIComponent((window != top && window.location.ancestorOrigins) ? window.location.ancestorOrigins[window.location.ancestorOrigins.length - 1] : document.location) + ')
 + 10000000) + '&millis=' + new Date().getTime() + '&referrer=' + encodeURIComponent((window != top && window.location.ancestorOrigins) ? window.location.ancestorOrigins[window.location.ancestorOrigins.length - 1] : document.location) + ')
COMMERCIAL NEWS
Every dirham lost to fraud in UAE costs firms AED4.19: study Apr 17, 2024 16:52 PM
Businesses in EMEA now bear a cost of fraud that is 3.90 times the...
Sukuk market set to grow; GCC DCM to cross $1 trillion Apr 17, 2024 16:24 PM
Sukuks are expected to grow further through the remainder of 2024...
Tech firm launches digital supply chain financing solution Apr 17, 2024 13:27 PM
Codebase Technologies a UAE homegrown financial technology platform...
Lombard Odier appoints Ali Janoudi as Head of New Markets Apr 17, 2024 11:43 AM
Bank Lombard Odier & Co Ltd has announced the appointment of Ali...
Mantra launches incubator in Dubai World Trade Centre Apr 17, 2024 10:11 AM
Mantra has launched its new incubation programme at the Dubai World...
GCFC partners with AGII to accelerate green growth in Africa Apr 16, 2024 16:15 PM
The Global Climate Finance Centre (GCFC) a COP28 legacy has assumed...