Cybersecurity Risks
One major cybersecurity risk most companies face, both now and in the future, is the insider threat (Bailey, 2018). Insider threats are not always a malicious act by an employee or trusted third party associate. Quite often, insider threats are unintentional in nature (Abdelsadeq, et al, 2019).
At other times, the insider threat is an intentional and malicious act. One infamous insider threat worked as an employee with a defense contractor; this defense contractor had a contract to supply information technology assistance to the National Security Agency (NSA). The employee stole classified data from the United States government (Epstein, 2017). Threat behaviors which would be of concern from a cyber security perspective might be cyber espionage, the intentional misuse or destruction of data, or the exfiltration of data. While these threats would be a cause for concern at any business location, additional cyber risks must be considered when assessing American businesses that have international locations.
There is a great deal of difference between an insider threat where the cyber threat actor is an American citizen employee, living in the Unites States, and a foreign cyber threat actor located at an international location. The malicious insider threat takes on a slightly different form at a business’s international sites. International locations must also guard against threats emanating from Nation-States falling under the umbrella of cybersecurity.
Nation-State attacks are particularly virulent as Nation-States have access to many more resources than any individual who is working alone. Ideology can be a motivator for the individual acting as an insider threat on behalf of a nation-state, and ideology can be as powerful a motivator for some individuals as is personal gain to other individual insider threats working alone (Casey, 2015).
While every potential insider threat may not be detected prior to being hired, a significant portion of those can be eliminated using the proper tools and processes. The administrative security control processes of background checks and drug testing should be a part of the hiring process, with ongoing checks taking place at predetermined intervals. Social media accounts should be scrutinized, if that practice is legal in the hiring location. After hiring has taken place, employee computer use should be monitored, both on and off the domain, with any anomalous results sent to specific individuals for action. Snort IDS/IPS is the perfect tool to perform anomalous behavior checks. Coordination with program managers will ensure that only the proper level of access is granted, with frequent access reviews for all user accounts taking place.
While not as pervasive a threat as the insider threat, an improperly configured network could still cause real damage. Network security has had to evolve to meet the threats that have evolved. Prior to the prevalence of Cloud computing that exists today, applications were typically hosted onsite. Now, Software as a Service (SaaS) is cost effective, as is high speed business class Internet connectivity. When this is coupled with the fact that Microsoft is actively encouraging all users toward Cloud-based products, such as O365, perimeter security is no longer as effective as it had been (eWeek, 2019). Network security needs to move from a perimeter-based presence to a distributed deployment for maximum effect
Threats to networks can be mitigated by proper network segmentation and ensuring data at rest is in use in the form of encryption. Cybersecurity education should be provided to all employees. This cybersecurity education could include information regarding data at rest and encryption in general to allay fears and put to rest myths such as encryption slowing their computer system down (Preimesberger, 2016). Correctly deployed VPNs should be used for all remote access sessions to mitigate man-in-the-middle (MitM) attacks. When allowing cellular connections to a network, the network should be secured against international mobile subscriber identity-catcher (IMSI) catchers (Ooi, 2015). When video-teleconferencing is in use, it should use Federal Information Processing Standard (FIPS) 140 encryption from end-to-end to protect against snooping or sniffing.
Phishing, spear-phishing and whaling attacks are common cyber security threats. According to Briefings on HIPPA magazine, a phishing attack is “ … any kind of fraudulent attempt to obtain sensitive information by disguising oneself as a trusted entity in an electronic communication, usually email” (Briefings on HIPAA, 2019). All employees are subject to phishing attacks, with management frequently the target of spear-phishing attacks. Spear-phishing attacks are more pointed toward a specific person, usually someone with more access than other employees. Whaling is a phishing attempt very specifically crafted to entice a high-value target such as a company vice president, or CEO.
There are multiple mitigations for phishing, spear-phishing and whaling attacks. The company that is concerned about these types of attacks should employ a robust smart firewall and SPAM filtering on all email servers. Education about what constitutes a phishing attack should be mandatory for all employees. Both middle and upper management need to have specific training in how to spot emails designed to target them. HTML and rich text can be disabled on all Exchange servers to reduce the likelihood of an employee clicking on a link in an infected email that got through the SPAM filter.
Ransomware is also an unfortunately frequent cyber security threat. Ransomware is an attack that encrypts all the data on a computer system or network. It is usually the result of opening an infected attachment or clicking on a link in a malicious email.
Ransomware attacks can be mitigated by not only having good on and offsite backups but also again, by employee education. A good predictor for which of the employees might be susceptible to an attack of this nature is to send emails to users to lure them into clicking on an “infected” email. When an employee clicks, then the cyber security team can get that employee very focused education and additional training.
Supply chain attacks are another cyber security threat to be mindful of. A supply chain attack can occur when a vendor does business with another company and that vendor has a limited access to that company’s internal resources. The vendor can inadvertently infect the business infrastructure due to the vendor being infected themselves. Though frequently accidental, a supply chain attack could also be a malicious attack.
Supply chain attacks can be avoided by not allowing internal access to the internal network of a business by a vendor. Ensure that service level agreements (SLAs) are in place so that if a vendor or third-party supplier were to infect the business network, then that vendor or third-party supplier would hold all liability of that breach. Businesses should only work with vendors or third-party suppliers that have hold rigorous certification standards such as Risk Management Framework (RMF).