Saturday,23 November, 2024

Subscribe to Newsletter

HOME
  NEWS
  Knowledge Center
 
News

Cyber Criminals Changing Attack Strategies to Focus on Exploiting Employee Behaviour Finds SANS Endpoint Survey

Published May 22, 2017

Highlighting the change in cyber-criminals’ focus from attacking technical vulnerabilities to now exploiting user behaviour, SANS Institute, in its recent survey titled ‘SANS 2017 Endpoint Risks and Protections’, found that browser-based attacks and social engineering are now the two most powerful techniques targeting organizations. Both techniques prey upon users as their initial point of entry.

“Cyber criminals are going after the weakest link- the employee. Unfortunately for organizations, this means that even after they have invested heavily in IT security technologies, poor security awareness among employees can still result in their systems being breached,” explained Ned Baltagi, Managing Director, Middle East & Africa at SANS. “Social exploits are becoming more sophisticated than ever before and even employees with the best intentions, can severely compromise the cyber security of their organisations.”

While users represent the top target leveraged by attackers, vulnerabilities such as misconfigurations or software flaws were also commonly leveraged in attacks against the endpoints, ranking as the third most common source of significant compromise, according to survey respondents. Such vulnerabilities have been responsible for a number of large-scale attacks including the very recent and infamous WannaCry which is considered to be the most successful ransomware campaign to date.

According to the survey, 53% of respondents have knowledge of impactful compromises starting at their endpoints in the past 24 months. And that total doesn't include the 37% who don't know whether they've been compromised or not during that timeframe.

Of the 53% of significant breaches that respondents knew about, just 48% were detected through endpoint detection and response (EDR) solutions. The remainder of detections were not directly from endpoint solutions, and included such sources as log analysis, security information and event management (SIEM) system alerts, cloud-based monitoring, and even third-party notification.

"The farther from the endpoint a breach is discovered, the more time it has to pivot from system to system and increase the impact of the breach," said SANS Analyst G.W. Ray Davidson who authored the report. "As organizations develop sufficient maturity, they should automate remediation activities as much as possible, because the scope of a breach can quickly outpace remediation efforts."

"Organizations must devote more resources to user education and to monitoring activities that result from user behaviour," Davidson continued. "The insider threat is no longer just the malicious actor with unauthorized access; well-intentioned but naive employees can be just as dangerous."



Rate This:

Posted by VMD - [Virtual Marketing Department]


Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks