Employees can create major security headaches for CISOs

The cyber security challenge, more people-centric attack targeting, is expanding for CISOs in the remote working era.

The cyber security challenge is expanding for CISOs looking to protect their organisations.

In today’s security environment, cyber attackers or hackers have pivoted their focus towards the user. This, combined with the rise of remote working, caused by the outbreak of Covid-19, and the expanding definition of the insider threat, has created a number of new cyber security challenges that must be addressed.

To find out about this expanding cyber security challenge and how CISOs can overcome them, Information Age spoke to Proofpoint‘s Resident CISO for EMEA, Andrew Rose.

A people-centric attacker focus

According to Rose, hackers have completely pivoted in their focus away from targeting infrastructure towards the user or person in an organisation.

The reason for this is that “security professionals have done a great job putting in place the various firewalls, intrusion detection and anti-malware technologies” that have made it increasingly difficult for hackers to break in and access an organisation’s data.

Instead, hackers are now targeting the end user or employee — those who have direct access to an organisation’s data — via phishing emails or malware campaigns.

This challenge has been exacerbated by the recent surge in remote working and the remote access needed by employees to ensure productivity and efficiency are not damaged.

The impact of remote working on the cyber security challenge

According to Proofpoint’s latest cyber security survey, of CISOs and CSOs in the UK & Ireland, securing the remote workforce is still a significant focus for CISOs. Most security leaders are still working to implement their desired controls and the report found that 64% of CISOs believe that the rapid shift to remote working has left their organisations more vulnerable to cyber threats.

“CISOs recognise the challenge, as employees continue to work on personal PCs and shared devices, while using home networks, which are generally not as well fortified as a corporate device or being on the office network. This leads to a concern regarding platform security and potential data loss scenarios” explains Rose.

He also suggests that remote working has led to an increased challenge of communication between staff members. The immediate ‘support network’ of being able to turn to a colleague at the desk next to you has gone, so employees either rely on their own intuition, or send more emails, which can increase the phishing email threat.

Another impact of remote working has been the acceleration of cloud adoption. This has also created a number of cyber security challenges.

“Organisations felt compelled to push out cloud applications straight away, in order for their employees to be able to work from home. But, those employees using such platforms need additional training and haven’t become used to this way of working, which means they are more vulnerable to an attack as they’re not sure what is unusual activity and what is not,” adds Rose.

Andrew Rose is Resident CISO for EMEA at Proofpoint.

The top CISO concerns, according to Rose:

1. Ransomware — Proofpoint’s survey revealed that 46% of CISOs and CSOs in the UK&I cited ransomware as the biggest threat to their organisation in 2021. This mainly arrives by email and “CISOs have to make sure they are applying control focus on the email gateway to stop ransomware ever getting to an employee’s inbox,” says Rose.

2. An ineffective awareness program — the Proofpoint survey found that 55% of CISOs think that a lack of awareness is the biggest threat facing their organisation and 74% agreed that the programs need to be improved. Given that the vast majority (99%) of email attacks require human intervention, to run code, hand over credential or pay a fraudulent invoice, this layer of control is critically important.

3. Cloud account compromise — managing the risks associated with the sudden increase in cloud usage is going to be the priority for the next two years for many CISOs. Cloud adoption, and the movement of corporate applications and data from on premise systems to cloud platforms makes sense, but there are concerns.

“Users will have many cloud identities and these can be compromised by attackers and used against you. The challenge is in identifying and managing all of these cloud identities, and controlling the potential sensitive data they hold,” continues Rose.

4. The insider threat — the definition of the insider threat is expanding.


The insider threat definition is expanding

Traditionally, the insider threat — a rogue (malicious insider) or untrained (accidental insider) employee who leaks confidential information on purpose or by mistake — was one of the toughest challenges for CISOs to overcome.

However, the definition of the insider threat is expanding. Now, because of the rush to cloud environments, attackers are more likely to be able to steal user credentials and masquerade within the network as an internal user. Verizon’s 2020 DBIR showed that credential theft and reuse was the most successful attack method, accounting for 37% of all data breaches.

“Suddenly, the insider threat is no longer just about insiders. Now it’s about the CISOs ability to identify and differentiate between well-meaning employees, and malicious actors both being inside your network — where one is ‘bending’ a policy to meet an immediate customer requirement, and one is seeking to cause harm, by stealing data or planting ransomware,” says Rose.

It’s clear the cyber security challenge for CISOs is expanding due to the impact of remote working. Organisations are now employing people without ever having met them personally, however they can improve the situation by building a strong cyber security culture.

Proofpoint GM discusses insider threats in a “work-from-anywhere” reality

Rob Bolton, GM International of the ITM business unit at Proofpoint, talked to Information Age about the 2020 Insider Threats Global Report. Read here

Building a strong cyber security culture

Successful CISOs have to build a strong cyber security culture within their organisation.

“The results can be transformational,” says Rose.

CISOs need to make their employees care about security, however many attempt to do this through simple security awareness training. Awareness, however, is just the beginning. The question, according to Rose, is how do you shift that awareness into behavioural change? And then build that behavioural change into culture?

“There are multiple components that change awareness into behaviour”, said Rose, “but the most important one is ‘motivation’. Imagine if a person smokes – they know that it’s bad for their health – it’s on the side of every packet – but still they do it. What makes them stop? When they gain sufficient motivation to change – whether that is a health scare, a new baby, the cost of the habit etc. It’s vital for CISOs to find the triggers that will leverage their users ‘awareness’ and change it into ‘behaviour’, and then push those triggers again and again.”

“Culture grows slowly on the back of this. When the correct behaviour becomes the expected norm, then peer pressure starts to call out and correct any incorrect or inappropriate behaviour. At that point, you are on the path to a security culture which invites every employee to become a extended member of the security team, and this will serve your organisation really well even as the risks and threats evolve.”


Rose’s cyber security predictions

1. Ransomware will start focusing on more on cloud environments, not just OneDrive and SharePoint, but S3 and Azure too.

2. Malware will continue to focus on users as the major attack vector, because that is generally the path of least resistance for hackers.

3. Attackers will increasingly focus on using LOLBins — living off the land binaries — and LOLscripts to achieve their goals. What better way to avoid the anti-malware detection capabilities, than not to use malware but to use the core capabilities of the endpoint against itself?

4. Business Email Compromise (BEC) attacks will continue to grow and still be the largest cyber related cause of financial loss for organisations.

5. Hackers will reinvest the money they’re making from ransomware into research and upskilling to improve their ability to subvert and bypass multi-factor authentication.

6. Hacking groups will increasingly collaborate and cross-pollinate their skills.


This article was written as part of a paid partnership with Proofpoint

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...