There is no question regarding how technically highly-advanced and sophisticated cyber-criminals are. They possess adequate skills and know-how to intrude inside the IT network and steal sensitive information and bring the IT ecosystem to a standstill.
Nevertheless, one often overlooked fact is that most of the IT incidents stem from social engineering: an act of stealing sensitive information through deception and using fraudulent and manipulative ways. And an insider is the key link in this social engineering who can provide necessary information to other actors for executing targeted attacks.
Indeed, social engineering has shaken the cyber world time and again. Who could forget the sensational cyber-heist involving a bank some six years ago? While criminals were able to exploit the security vulnerabilities, at least one insider was thought to be the key actor in the social engineering required to execute a cyber-heist.
While a gullible actor may unintentionally pass key information through social engineering, but in most cases, it has been witnessed that compromised insiders are the ones who work in tandem with external bad actors to execute a data breach.
Recently, in a report citing cyber specialists, U.N. experts revealed that hundreds of millions of dollars are being stolen by state-sponsored cyber-actors. These cyber-actors target financial institutions, exchanges and cryptocurrency companies for funds required to sponsor illicit nuclear and missile programs.
Phishing, malware, code exploitation among other methods is used to target financial institutions. However, what is striking is that these actors also rely on advanced social engineering to siphon funds.
According to the World Economic Forum’s Global Risks report 2022, 95% of cybersecurity incidents can be traced to human mistakes wherein insider threats- intentional or accidental- represent 43% of all security breaches.
Can targeted attacks be prevented?
To err is human, nor human greed can vanish. Insiders always remain a major threat as they are privy to confidential information. But what organizations could do is to have proper IT measures in place to detect abnormal and suspicious human IT patterns.
A large number of suspicious identities go undetected for a long period of time if an IT ecosystem lacks security analytics and orchestration.
Today’s organizations require a proactive approach to mitigate risks stemming from risky behavioral profiles in real-time. Each and every digital identity is required to be continuously assessed. Real-time alerts on risky behavioral profiles ensures that risky identities are de-provisioned.
A solution such as ARCON | User Behaviour Analytics can detect why certain IT end-users are doing or accessing something which they are not entitled to do or access. Deploying UBA enables organizations to significantly reduce the threat surface.
Social engineering is possible when an insider can easily collude with cyber-actors to steal sensitive information. Continuous risk assessments of IT end-users can significantly mitigate the chances of targeted attacks.