Vigilance in Cybersecurity: Identify Both External and Internal Threats


Staying connected to the digital world is part of our daily lives. Yet, hackers are diligently working to wreak havoc online. Whether it’s stealing credit card information or developing a virus to destroy a computer or entire network, there are people out there looking to cause trouble. Unfortunately, not all threats come from the outside. Insider threats are also very real. October is Cybersecurity Awareness Month and it’s a great time to recognize the latest threats, understand best practices, and spot the dangers of interacting online so businesses and their employees become less vulnerable to cybercriminal acts.

Current Cybersecurity Trends

Ransomware is making waves this year, aiming for businesses of all sizes. In these cases, hackers encrypt company data and demand a ransom for its release. In addition, artificial intelligence (AI) attacks are on the rise, lowering the entry level for attackers and making it simple for even the most inexperienced person to become a cybercriminal.

“The interesting part is that the most common attacks are still against users within a business,” explained Don Pecha, chief information security officer at FNTS. “AI writes better phishing emails, hides the malicious links better, and makes the illegitimate sites look more legit. AI-based bots are also foot-printing business security perimeter, showing attackers where they can focus their attacks.”

With individuals being common targets, employee training is becoming more imperative.

“On the current trends, security leaders are exploring the concept of ‘security is everyone’s job,’” said Puja Kandel, principal owner at CMIT Solutions. “That means they must get innovative to address this challenge and make sure all users understand security policies and risks.”

- Advertisement -

With more employees working from home than ever, new cybersecurity challenges have arisen.

Tim Hunter, IT director at Hawkins Construction, noted that home offices are often less protected than centralized offices.

“This increases the risk of sensitive information falling into the wrong hands,” he explained.

One thing remains: cyber criminals are looking for weak spots and will take advantage of those whenever possible.

“Cybercriminals will continue to refine and perfect their tactics to compromise tools and technologies to exploit weaknesses,” said Jason Bowra, senior vice president, managed services at Secur-Serve. “Still, it remains that tricking people, outdated and misconfigured systems, and outdated software are at the easiest and top of the list.”

Risk of Insider Threats

Stacy Eldridge, digital forensics and cybersecurity expert at Silicon Prairie Cyber Services, noted that establishing a baseline for normal employee activity using automated methods is a good way to identify insider threat issues promptly.

“Monitor unusual data transfers,” she said. “Keep a vigilant eye on any instances where employees transfer significant volumes of data to unauthorized destinations, especially during unconventional hours, such as late at night or on weekends.

“When unusual data transfer patterns are detected, engaging in timely conversations with the employee involved is essential. These discussions should be approached delicately by trained personnel and timed appropriately.”

Bowra noted that in addition to conducting behavioral interviews during the hiring process to assess a candidate’s honesty, it’s important to continuously monitor and audit user activities on the network and critical systems.

“Be on the lookout for suspicious behavior,” he said. “Adopt a zero-trust mindset. Trust no one. Only provide access to systems and data that is needed for an individual to perform their job functions.”

Pecha recommended using simple ‘canary’ type security tools for determining who’s looking to harm a business.

“The ‘canaries’ are fake documents that appear like a sensitive file,” he said. “When a person tries to open them, they alert you and provide reports on who opened them and from where.

“This is a simple, low-cost solution that can help prevent insider threats and attacks from outsiders who have gained access to your internal systems. In both cases, they rely on data and a canary will trip to alert you.”

Training and Education

Training employees on cybersecurity best practices is vital. Provide basic internet usage details, teach them to recognize common cybersecurity threats, and offer education on how to best identify and avoid phishing attacks. Conducting phishing simulations and regularly testing employees to identify vulnerabilities can help minimize both internal and external attacks.

“Implementing strong access controls and monitoring systems can help detect any suspicious behavior or unauthorized access,” Hunter said. “Regular audits and assessments should be conducted to identify any potential vulnerabilities or unusual activities.

“Additionally, businesses should foster a culture of trust and open communication, encouraging employees to report any concerns or suspicious activities. Establishing a culture of cybersecurity within the organization by promoting a sense of responsibility and accountability can contribute to a more vigilant and proactive workforce.”

Eldridge noted that relying on the same computer-based cybersecurity training each year is not only boring, but it can also be less impactful. She recommends hiring a live presenter to talk about recent incidents, which can keep people more engaged and interested. Then, using the ‘carrot over the stick’ approach after training can be helpful in keeping teams vigilant.

“Once you’ve empowered your team with the right cybersecurity training, the next step is to inspire and maintain their vigilance by recognizing and rewarding their efforts,” she said. “Relying solely on punishment can discourage individuals from reporting potential issues or unusual behaviors, as they may fear negative consequences.”

Re-evaluating Best Practices

Eldridge said that the first step in gauging the effectiveness of a company’s cybersecurity program is establishing a list of goals. Without predefined objectives and a way to measure progress, it’s hard to assess if your security efforts are successful or not. Next, look closely at how much you’re spending on responding to cyber incidents. If there is excessive time or financial resources being spent in that area, take that as a sign that investment in a new strategy needs to take place.

“Evaluate the balance between investing in your people and technology,” Eldridge said. “Neglecting the humans in cybersecurity can be risky since people are often the weakest link in the security chain. Your cybersecurity program should evolve to prioritize both skill development and technology enhancement.”

Businesses are responsible for ensuring their data is secure. So, doing everything in your power to keep things that way means looking closely at what programs or practices are being used to see if they’re working.

“Even if your data is in a data center cloud environment or you’re working with a service provider, you are responsible for the reputation of the business and for keeping data safeguarded against attacks,” Bowra said. “Review compliance documentation, policies and procedures of third-party vendors to ensure you engage with a partner you can trust and who is a fit for your business and security requirements.

“We work with many small businesses and hear, ‘Why would someone want my data?’ The truth is, they don’t want your data. They want the money that comes from capturing your data. Whether the payment comes from a ransomware request or the sale of your data, there is big money in cybercrime.”

Staying Safeguarded

There is no single tactic that can prevent a large-scale cybersecurity attack. That’s why it’s crucial to regularly review and evaluate what methods are most effective. This ensures you are utilizing the most up-to-date approaches that greatly reduce your risk of falling victim to an online scam, virus, or security breach.

Unfortunately, even with the strongest methods in place, cybercriminals will make their way in and work to destroy what you’ve worked hard to build.

“Ditch the mindset of ‘it can’t happen to me,’” Bowra said. “It can and it will. If you don’t have cybersecurity measures in place, you need to start with a risk assessment.

“Start by assessing your current cybersecurity posture. Identify vulnerabilities, review your existing security policies, and determine where improvements are needed. Consider investing in cybersecurity insurance to help mitigate financial risks associated with data breaches and cyberattacks.”

Most of all, remember that technology is changing and so are the attacks that go along with it. What once worked for online protection a few years ago, simply might not be enough now.   

“Cybersecurity awareness is a crucial aspect of protecting businesses and individuals from cyber threats,” Hunter said. “It is an ongoing process of educating and training employees about the dangers that exist in cyberspace and how to act responsibly. By understanding the latest threats, best practices, and the dangers of interacting online, employees become less vulnerable to cybercriminal methods.”

That ability to stay alert and adapt as needed is what will keep businesses and their employees one step ahead of those aiming to wreak cyber havoc.

“Good information security requires a continuously evolving mindset,” Pecha said. “Businesses must keep investing in good security tools and education for their security teams.

“Managing proper governance requires good knowledge of the business, so help your teams to understand the business. Understanding the business allows them to better understand the risks and provide better security that fits their organization.”