As organizations continue to embrace digitization, security remains a top priority. Forward-looking cybersecurity strategy is essential for companies investing into sustainable and long-term successful digital transformation, as Deloitte puts it.
However, many organizations investing in cybersecurity are falling into the trap of assuming their cybersecurity challenges are being caused solely by technology shortfalls and the shift away from legacy processes. Whilst technology plays a critical role in mitigating cyberthreats, many of the most advanced tech-driven solutions can fail to overcome what is the biggest problem in cybersecurity: people.
Almost every cyber threat — be it ransomware attacks or vulnerabilities — can be traced back to an action, or failure, of somebody inside the company.
A staggering 82% of breaches involved a human element, according to Verizon’s 2022 Data Breach Investigations Report. This includes incidents in which employees exposed information directly (for example, by misconfiguring databases) or by making a mistake that enabled cyber criminals to access the organization's systems.
Social engineering attacks
The so-called ‘people problem’ in cybersecurity has been brought to the forefront in recent months due to the rise in high-profile social engineering attacks, whereby hackers manipulate a user, often through fear or doubt, to coax them into actions like revealing credentials or other sensitive information.
Take the recent Uber data breach. This headline-grabbing incident saw a lone teenage hacker conduct a large-scale compromise of the ride-sharing company’s IT systems. How did they do it? By tricking an Uber employee into revealing their password details. In a series of Telegram messages, the hacker claimed that after they had obtained the employee’s password, they repeatedly triggered multi-factor authentication (MFA) push notifications in an authentication app. Then they sent a WhatsApp message claiming to be Uber’s IT department instructing the employee to confirm that the login attempt was legitimate.
This hack, though simple, gave the attacker access to a VPN through which they could connect to Uber’s corporate intranet. From there, they were able to access many critical Uber IT systems, including the company’s email dashboard, Slack server, security software, and Windows domain.
Cloud-based communication platform provider Twilio also recently announced a serious breach that occurred as the result of a social engineering attack on employees.
In this incident, a threat actor convinced multiple Twilio employees into handing over their credentials, which allowed access to the company’s internal systems. They then used SMS phishing messages that pretended to come from Twilio’s IT department, suggesting that the employees’ password had expired or that their schedule had changed, and advised the target to log in using a spoofed web address that the attacker controls.
This intrusion allowed the hackers to access the data of 125 Twilio customers and companies — including end-to-end encrypted messaging app Signal.
Uber and Twilio are not the only big-name companies to fall victim to social engineering attacks in recent months. Other well-known targets include Cloudflare, Cisco, LastPass, and Rockstar Games.
Mitigating human risks
These incidents demonstrate that, even for a company with Uber’s resources, these kinds of social engineering threats are impossible to completely defend against. It doesn’t matter how good a firm’s password policies are, whether sensitive information is properly stored or encrypted, and even whether multi-factor authentication is used — there’s always a chance that a human employee will be fooled into letting the attacker in through the front door.
While MFA can reduce the likelihood of passwords causing a data breach for the apps it is enforced on, it does not fully protect against attacks leveraging credentials.
In its quarterly threat report for Q2 2022, enterprise cybersecurity provider ZeroFox assessed that “social engineering remained one of the most frequently reported intrusion tactics in Q2, and this will almost certainly remain the case for the foreseeable future.” It’s also becoming clear that for even the largest of companies, it’s one of the hardest attacks to protect against.
Thankfully, there are technology solutions out there that can help. Extended Detection and Response (XDR) and Managed Detection and Response (MDR) provides increased visibility compared with traditional cybersecurity solutions and responds to advanced forms of cyberthreats, including social engineering attacks.
Bitdefender GravityZone XDR natively observes and detects attacks across the organization’s environment: physical and connected devices, virtual and cloud platforms, and their hosted workloads are all covered, while Bitdefender MDR — backed by GravityZone XDR — combined endpoint, network, cloud, identity, and productivity application telemetry into actionable security analytics, augmented by the threat-hunting expertise of a fully staffed security operations center (SOC).
While many modern security operations fail to identify malicious activity that can evade many security tools, Bitdefender’s advanced solutions provide a more detailed understanding of what ‘normal’ looks like enabling MDR teams and organizations to win against malicious actors in the ever-evolving cyber space.
Learn more about how to look for XDR in an MDR partner.