Technology

Why employees are now weak link in cyber-security

cyber

Threat intelligence is a way of reducing ‘physical and cyber risks’ while supporting decision-making and existing security intelligence methodologies and systems. FILE PHOTO | NMG

Employees have become the latest target for cyberattacks with the number of insider-related breaches increasing by 55 percent over the past three months, Dimension Data has revealed.

The tech firm indicates that the increase in the incidents was as a result of companies lacking active monitoring of their IT infrastructure with employees working remotely.

“The current Covid-19 crisis has seen an upsurge use of technology in unprecedented ways. Many companies have adopted a work-from-home routine, some having to also adopt a ‘bring your own device policy’,” said Ishmael Muli, head of Dimension Data’s intelligent wecurity business in East Africa.

“This move has increased organisational risk and cybersecurity etiquette has begun shifting to the end users. As a result, the most prevalent attack vectors going around include phishing and social engineering.”

According to Dimension Data, attackers are taking advantage of publicly available weak systems. Most security controls are designed to monitor and capture activities within the office premises, leaving gaps as more employees remotely connect to company resources from mobile devices and external networks.

“Although insider threats are largely attributed to malicious employees and contractors, statistics from the company's Threat Intelligence Centre shows that most incidents in the region originate from employee negligence and other close associates ignoring corporate cybersecurity policies, misuse of data, and installation of unauthorised applications among others,” said Mr Muli.

Data from the National Kenya Computer Incident Response Team Coordination Center (National KE-CIRT/CC) indicates that 87 percent of cyber-threat advisories were due to system vulnerabilities.

"Across East Africa, we are seeing insiders take advantage of organisations that lack visibility or the ability to investigate successful cyberattacks due to limited access controls to detect unusual activity once someone breaches their network. Some of these attacks involve manipulation of transactional data, tampering of logs to limit tracing, as well as framing legitimate users - all of which make forensic investigations difficult," Mr Muli said.

According to cybersecurity firm Kaspersky, there has been a rise in business email compromise (BEC) attacks whose objective is to compromise business correspondence for the purpose of committing financial fraud by access to confidential information and exploiting it.

“While many companies are focused on safeguarding themselves against external BEC attacks, more concerning should be the potential for internal ones. These attacks originate from legitimate addresses within the company,” said Bethwel Opil, enterprise sales manager at Kaspersky in Africa.

“Usually the email from the compromised mailbox contains a request to transfer money (to a supplier, contractor, tax office, or the like), or send confidential information. And it is all seasoned with standard social-engineering tricks.”

The cybercriminals, he noted, try to “rush the recipient (for example, if the company does not pay today, it will get fined)), make threats (I asked you to make the payment last month, what the hell are you waiting for?!), adopt an authoritative tone that brooks no delay, or use other ploys from the social-engineering playbook. Combined with a legitimate address, it can create a very convincing impression.”

A classic case has been the spam emails containing Covid-19 information from sites claiming to be the World Health Organisation. At first glance, they seem pretty authentic, but upon closer investigation, they are phishing links.

Mr Opil adds that email attacks and spam will always increase thanks to the emergence of more sophisticated fraudsters and a growing number of syndicate networks across the globe.

As such, businesses must re-evaluate their weaknesses both within the physical organisation and on the employee front.

“It has become easy to forget about email as a security risk, as employees go about their day-to-day work and routines. However, for many businesses, and across many intrusion types, it is often the entry point to compromise a computer system or user data (about 80 percent of intrusions start with a phishing email),” he adds.

In the first quarter of this year, Kaspersky research shows that its anti-phishing system prevented almost 120, 000 attempts to redirect users to scam Web sites. Furthermore, Kaspersky security solutions detected more than 49,500 malicious email attachments in the same period. The largest share of phishing attacks fell to the Online Stores category (18.12 percent). Second place went to Global Internet Portals (16.44 percent), while Social Networks (13.07 percent) came in third.

To keep safe, Mr Opil advises business to provide a VPN for staff to connect securely to the corporate network.

“All corporate devices (including smartphones and laptops) must be protected with appropriate security software. Furthermore, the software must provide the functionality for data to be wiped from devices that are reported lost or stolen, segregate personal and work data, and restrict which apps can be installed.” He adds.