The human being as an IT security risk

29 January 2021
| No comments

Share post

Misconduct, inaccurate policies, and incorrect configuration of endpoints are common weak points. The cyber kill chain usually looks for the weakest link in the chain - and that is often the human being. An analysis of the Bitdefender telemetry of 110.000 endpoints in the first half of 2020 shows that misconfigurations and the "weak point employee" are the number one causes for a very high percentage of cyber attacks.

While hackers in Hollywood films always go to great lengths to crack security systems and firewalls, the reality is often different. Few attacks require a cinematic amount of effort. Employed and incorrectly configured systems usually do the main work and create vulnerable gateways. The attacks are also effective in targeting the main weaknesses in corporate security - humans are often one of them.

Endpoint can be a weak point

Endpoint misconfigurations cause around a third of all security incidents, and imprecise remote management policies leave hundreds of thousands of systems vulnerable. Plus: 93 percent of employees recycle old passwords over and over again. According to Bitdefender's Security Intelligence Cloud telemetry, this represents only a small fraction of the security incidents that can be expected in an enterprise.

Companies often try to ensure IT security according to the motto "deploy and forget". You buy special solutions and hand over the responsibility to an already overburdened IT team. But the administrator needs help. Given the targeted attacks, specialized security services are a better answer. Only large organizations with the appropriate budget can afford these services of a Security Operations Center (SOC). In the meantime, however, the offer on the market has become more democratic. Managed Services Providers (MSP) and Managed Security Services Providers (MSSP) offer bundles of Enterprise Detection Response (EDR), Managed Detection and Response (MDR), and SOC services that are also available for smaller and medium-sized companies are within reach.

Human factor

Liviu Arsene, Bitdefender

Liviu Arsene, Global Cybersecurity Researcher Bitdefender

Regardless of all security precautions of organizations, the behavior of the user remains a challenge. Human error doesn't just include a person opening an attachment containing malware or falling for a phishing attack. It includes all actions and behaviors of the user that ensure that a malicious message reaches the employee, that malware can gain a foothold or that the security event can go unnoticed.

In addition, employees often undermine countermeasures by circumventing policies and IT processes in favor of procedures that appear faster and easier to them. A prime example is the reuse of passwords - the front runner among the risks posed by employees. 93,1 percent use login data that they have already used before or use for other access. The companies are partly to blame for the misery: They give employees the opportunity to choose these passwords without having to determine how they are to be changed. Requirements that are intended to prevent employees from interfering with security-relevant processes and settings must, however, be defined and enforced by IT. The top management is also called upon to support such processes.

With the wrong attitude

Human errors also happen to administrators. With insufficient staffing and in view of more complex systems, you are quickly overwhelmed. The risk begins with incorrectly defined company-wide security guidelines. For hackers, they are heaven on earth. An analysis of Bitdefender telemetry from the first half of 2020 shows Window Remote Management (WinRM) as the front runner. It is set incorrectly on 55,5 percent of all endpoints scanned. Attackers look for WinRM vulnerabilities and other incomplete or poorly defined guidelines in order to dial into systems and control them completely remotely. They can execute malicious code, change registry keys or grant PowerShell access. A recent report by ESG and Bitdefender shows that incorrect or risky endpoint settings are the entry point exploited 27 percent of the time.

Internet settings are another important and often overlooked security category, accounting for 73,1 percent of all endpoint misconfigurations. So users shouldn't really be able to run unsigned .NET Framework components from Internet Explorer. However, this happens more often. Another problem arises with SSL 3.0 downgrade attacks, through which attackers carry out man-in-the-middle attacks on the communication that is actually encrypted.

The IT left alone

Managed Detection and Response (MDR) for companies of all sizes (Image: Bitdefender).

Due to the increasing sophistication and diversification of cyber attacks and chronically understaffed IT security departments, many companies are increasingly at risk. Larger companies can choose to run their own SOC. For medium-sized and small organizations, MDR services offer an effective and in most cases sufficient alternative to putting security in external hands.

Such a dedicated security team takes over and is responsible for the configuration of the endpoints - although it works remotely and still has a complete view of the infrastructure. The best option is to provide organizations with a comprehensive endpoint risk analysis. Similar to a system audit, both technological risks and dangers resulting from human error are analyzed.

MDR offers the benefits and expertise of a SOC at a fraction of the cost. MDR teams work with companies to create pre-approved scenarios for responding to incidents. This is how the defense reacts correctly and faster. Often long before an initially undetected attack compromises the infrastructure.

More on this at Bitdefender.com

 

About Bitdefender

Bitdefender is a leading global provider of cybersecurity solutions and antivirus software, protecting over 500 million systems in more than 150 countries. Since it was founded in 2001, the company's innovations have consistently ensured excellent security products and intelligent protection for devices, networks and cloud services for private customers and companies. As the supplier of choice, Bitdefender technology is found in 38 percent of security solutions deployed around the world and is trusted and recognized by industry experts, manufacturers and customers alike. www.bitdefender.de

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

The Terminator tool is coming back

BYOVD (Bring Your Own Vulnerable Driver) are still very popular among threat actors as EDR killers. One reason is, ➡ Read more

Bitdefender, Stories
, , , ,