Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems

Now that we’re fully in the “September Back to Swing of Things”, maintaining your network security may be a bigger challenge than normal. Why?

With many people returning to the physical workplace, whether full-time or with varying hours under a hybrid model, building owners, employers and others are routinely sending out procedural memos. The bad guys know this and are taking advantage.

Even though we know that phishing is now a perennial problem and take precautionary steps, there has been a spike in spear-phishing over the past two months as people geared up to go back.

When you consider that over 86% of organisations experienced some form of phishing in 2020, this increased activity means that we must all be hyper-vigilant.

Some experts believe that social engineering and poor patching are responsible for over 90% of cyber-security problems.

Others place crypto-jacking is the number one threat. Crypto-jacking is a form of malicious crypto-mining in which cybercriminals hack into mobile devices, computers, laptops and other endpoints with two goals in mind:

1. Generating passive income through leveraging accounts receivables or e-commerce platforms, and/or
2. Mining for crypto-currencies or stealing crypto-currency wallets. According to Cisco, 69% of organisations “experienced some level of unsolicited crypto-mining” last year. More detail can be found in the full report, 2021 Cyber Security Threat Trends.

Even if crypto-jacking is today’s big problem, you need to consider how the hacker got into the network in the first place, which brings us back to social engineering and poor patching. Take care of these two items alone and you dramatically reduce your risk exposure.

According to Roger Grimes, who joined KnowBe4 in May 2019, as Data-Driven Defense Evangelist, social engineering is a major concern. He says: “With social engineering being a factor in 93 percent of all successful data breaches, I believe that working on any other problem in the security industry would be an inefficient use of my time.”

Indeed, Grimes who is a 30-year computer security veteran, as well as a cybersecurity instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security, has researched cyber breaches and hackers extensively.

In one of his studies, Grimes downloaded the world’s largest public data breach database, which has been tracking breaches since 2005, and has recorded over 11.6 billion individual events. Grimes excluded any breaches that could not be considered truly malicious because they were the result of files being forwarded inadvertently, people disposing of sensitive documents improperly, or being given access to the wrong company data files because of improperly set protocols. The latter is a concern in and of itself, of course, and needs to be addressed as part of your quarterly review.

His final conclusion: “Social engineering and phishing account for 70% to 90% of MALICIOUS breaches”.

Phishing is problematic because it only takes one moment of inattention to wreak corporate havoc. A simple click on an image or link while multitasking, or thinking about something else, and a back door is opened to cyber criminals.

As people became better educated, and somewhat less likely to click on the mass, random phishing emails, cybercrooks stepped up their game and started using techniques designed to get a single person to respond. All they need is one to worm their way in and capture credentials. These bad actors find ways to make emails look as though they are coming from the company. Combine this technique with packet sniffers and protocol analysers, and hackers can be very effective in their attempts to gain system access. And their messaging is very realistic-looking and so, very compelling.

Social engineering takes it even one step further. With social engineering, the bad actors will even use snail mail, the phone or some form of other direct contact to gain illegal access into your network. When the stakes are high, these criminals may even find ways to enter a business to sniff out areas of vulnerability – including posing as employees in an attempt to obtain credentials.

In other words, the cyber criminals do whatever they can to access a company’s physical and digital assets, so that vulnerabilities can be discovered. So, with new people having been hired during the pandemic, and many others now not coming into work every day, organisations will need to be on high alert to ensure that systems aren’t breached.

Obviously, this will also mean ongoing training with your staff. We have partners who are specialized in providing this type of training, and would be happy to make recommendations.

The Other Problem: Poor Patching

Misconfiguration is responsible for approximately 80% of network downtime – though some of that is a result of poor patching. Depending on whose research you review, inadequate or incomplete patching can also create vulnerabilities that cyber criminals can exploit.

With so many firms having employee that have been working remotely up until today, or are continuing to do so, not all of patches have been pushed out – and not all have been properly configured on the many multiples of endpoints that have come to characterize a distributed network.

Experts suggest that at least 20% of necessary patches have not been deployed. Sometimes, missing just one can cripple your network.

To catch up, a lot of IT departments are needing to hire outside services. We were recently asked, “Is this really necessary?”

The question wasn’t about whether or not it was necessary to check that all patches had been properly deployed and configured, but whether or not it should be done as quickly as possible.

The answer: Correctly – and as quickly as possible, but… don’t sacrifice speed for accuracy and thoroughness.

In short, establishing a good security posture, by implementing strong protocols, training your people to avoid responding to phishing and other potentially malware-laden emails, licensing excellent cyber security software solutions, gaining better visibility into your cloud environments , network(s) and endpoints, and ensuring all your patches are properly installed and deployed, can greatly reduce the likelihood of your network – and by extension your business – being shut down.

The challenge can be in knowing what combination will be right for you. If you would like a free, outside consultation – no strings attached – please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).