Environmental & Physical Threats to Cyber Security

img blog environmental amp physical threats to cyber security r1
logo adaptive

The realm of cybersecurity has evolved far beyond the realm of traditional firewalls and antivirus software. While digital threats like malware, ransomware, and phishing attacks continue to dominate headlines, there is a hidden dimension of cyber threats that transcend the virtual realm. These are the threats that bridge the gap between the digital and the physical, posing real-world consequences that extend far beyond lines of code.

In this era of hyperconnectivity, organizations face a multifaceted challenge: protecting not only against malicious hackers but also against a diverse range of physical cyber threats. These threats manifest in various forms, ranging from the destructive aftermath of natural disasters and power outages to the haunting specter of data loss due to backup failures and the all-too-human errors made by employees. Moreover, lurking within organizations are insider threats, where individuals with access to critical systems and information may turn against their own employers.

In this article, we’ll address physical cyber threats, shedding light on their potential to disrupt operations, inflict financial losses, and jeopardize the very existence of businesses. By understanding the scope and nuances of these threats, organizations can better fortify their defenses, mitigate risks, and build resilient strategies to safeguard against both the virtual and tangible perils of the digital age.

Below, we’ll take a deeper dive into natural disasters, power outages, backup failures, employee mistakes, and insider attacks, unraveling the web of challenges that SMB’s in the modern cyber threat landscape.

Natural Disasters

In excerpts from an article by insurancebusinessmag, they wrote, “In the aftermath of a natural disaster, such as a storm, wildfire or earthquake, businesses enter crisis mode. It’s in this period when leaders are scrambling to deal with damage or losses that cybercriminals are likely to strike. Natural catastrophes can set the stage for cyberattacks because they leave people and organizations vulnerable.

Threat actors are seizing such opportunities to launch well-timed attacks. “They take advantage of the fact that there is tension in the organization and attention is focused on recovering from a catastrophic situation,” said Hubbard.

Aside from impacting businesses, cybercriminals could prevent first responders, utilities, or government agencies from mobilizing after the disaster, creating a domino effect of misery.

It’s critical that all organizations include a cybersecurity plan in their overall disaster recovery strategy.

“The plan should not only cover the technology infrastructure that’s in place to support the business, it should also cover the business processes of the organization and the employees executing those business processes,” he said.

Natural disasters create footholds for cybercriminals to hack IT systems, according to Hubbard. Ransomware attacks, data breaches, and social engineering attacks are common weapons used to infiltrate vulnerable organizations.

When a storm causes IT infrastructure to fail, for example, an organization might begin running from its backup systems. But if these systems don’t have robust protection in place, they become open to data breaches.

“They back up their data to be able to run from a disaster recovery site, and that’s where we would see some of the data breaches come from,” Hubbard said.

“If an organization’s strategy doesn’t include encrypting their backups, and they’re trying to get that data to another location, they may unintentionally lose data along the way.”

Additionally, employees might be distracted or emotionally distressed following a disaster, making them more likely to fall for social engineering attacks or click on phishing links, Hubbard warned.

“People are more apt to fall for those threats because they’re just trying to do whatever they can to recover from the situation,” he said.

Prevention

Prevention and preparation are key to keeping businesses and individuals protected from cyber threats during a catastrophe.

One of the first – and best – steps leaders can take to prepare for cyber incidents is to test their business continuity and disaster recovery plans, according to Hubbard. These plans should be created and communicated well in advance of any threat and include employee education.

“Testing their backup systems, ensuring they’ve got adequate plans in place, and doing tabletop exercises: these pre-planning processes are extremely important,” he said.

“They take some pressure off you [in the event of a disaster] because you’ll know who’s doing what, who you need to call, and how you need to respond.”

Employees should be reminded to monitor credible news sources and have their guard up when assessing emails or links that look suspicious.

In terms of infrastructure, organizations should have intrusion detection measures in place across systems, including back-ups, he suggested.

“It’s important to know your technology ecosystem so that you can rebuild or recreate that environment safely, making sure you’ve got controls in place around securely accessing your data and your system,” Hubbard said. “Recovering your infrastructure should be part of your recovery plan.”

The unpredictable and uncertain nature of disasters also means that recovery plans should allow some adaptability, added Hubbard.

“You need to have some level of flexibility because the catastrophic event might impact different parts of the business. You need to adapt to the situation that is emerging, but it should cover all your bases, including any third parties,” he said.

“You should have a good understanding of who those critical external partners are, the services they provide, and whether they might be impacted by [an event].”

Power Outages

In excerpts from an article by TechNative, they wrote, “With an increasing number of devices and systems relying on a constant power supply, a sudden loss of electricity could leave businesses and individuals vulnerable to cyber attacks. The potential consequences of a blackout on cyber security could be devastating, with data breaches and loss of sensitive information putting both businesses and individuals at risk.

Small businesses should bite the bullet

In the event of a blackout, some businesses may struggle to maintain cyber security protocols and systems, potentially leaving them open to attacks. When databases are unexpectedly shut down from events like blackouts, it can lead to data loss or corruption.

This is because the database may not have had a chance to save or close all of its files and connections properly. This is of particular concern for small businesses, as they may not have the resources or infrastructure to protect their databases from unexpected shutdowns properly. They also may not have the option to use cloud-based databases, which can provide added protection against localized blackouts and other types of disruptions.

Blackouts threaten these types of organizations in several ways. For example, without a constant power supply, firewalls and intrusion detection systems may not be able to operate effectively, leaving networks vulnerable to attacks. Additionally, backup generators may not be able to provide enough power to maintain critical systems and databases, leaving them vulnerable to data loss or breaches.

Take control of your cyber security with no interruptions

To mitigate the risks of blackouts on cyber security, businesses must take steps to ensure that their systems and networks are protected. One key solution is the use of uninterrupted power systems (UPS). A UPS provides enough energy for a database to safely shut down without losing data, ensuring that even in the event of a blackout, critical systems and data will remain protected. Cyber security needs prioritizing, so businesses should ensure their firewalls and intrusion detection systems are powered by UPS or backup generators to ensure that they continue to function during a blackout.

Depending on the structure of the business, companies may want a UPS that gives them enough power to save computer backups or shut down equipment safely. For small businesses, a simple battery backup is less expensive and fairly simple to maintain. However, larger enterprises may need to leverage a more complex system that can provide uninterrupted power to equipment that needs to continue operating.  While this can be a costly investment, given the potential losses that blackouts can cause in operational downtime and cyber risk, the expenditure is a sensible option.

This goes for organizations of all shapes and sizes. However, small businesses are particularly at risk. Data shows that many businesses lack confidence in their ability to prepare for (23%), fight (21%), and recover from (21%) a cyber threat. While large organizations can dedicate vast amounts of resources to cyber defenses, SMEs may not have the expertise, financial clout, or technology as multinationals.

To mitigate this risk, it is essential these businesses take steps to ensure that their systems and networks are protected, including the use of uninterrupted power systems (UPS) to ensure proper shutdown of databases and prevent loss of data in the event of a blackout. By taking these steps, businesses can ensure that they are prepared for any potential blackouts and can protect themselves from cyber-attacks.”

Backup Failures

In excerpts from an article by unitrends, they wrote, “Businesses find comfort in backups, knowing data is protected from loss. Unfortunately, the reliability factor of backups depends on a number of factors, from the backup approach, the state of the environment, and the backup schedule. Likewise, recovery depends on the type of backups, the restore method required, and the recovery target. It’s no wonder that even with a backup strategy, a staggering 50% of restores fail.

In a nutshell, painful backup failures are all too common.

What is backup failure?

No backup infrastructure can guarantee a 100% failure-free transaction every time. This is what you call backup failure, and according to a survey, the failure rate is at an all-time high of 37% and is expected to increase over the coming years.

Backup and recovery are based on the system used — in many cases, outdated or overworked infrastructure components may be poorly optimized for backups and even less so for restoration. Backups exist in complex environments, and critical data exists across on-premise, cloud, and hybrid platforms. It’s difficult for multifunctional IT professionals (and systems) to keep track of all the data in such a complex environment without ever missing a beat.

Conversely, hackers have benefited from the same complexity. Poor business continuity and disaster recovery (BCDR) allows attackers to target backup files, either deleting them outright or encrypting and holding data for ransom.

One of the biggest problems with backup failures is that they may go undiscovered until a restoration request is processed. Backup failures hide in plain sight since they don’t impact the production environment and may not produce errors indicating an issue. Unfortunately, it’s often only when the backup files are needed for recovery that an operator discovers a previous backup failure and is unable to perform the necessary restore.

Even if you’re taking backups on a regular schedule, the moral of the story is: Don’t. Ever. Get. Too. Comfortable.

What are the risks of backup failure?

There is a considerable amount of risk of backup failure due to the fact it limits the ability of an organization to recover from a disaster and ensure business continuity. Here are some of the monetary and non-monetary risks that follow a backup failure.

Lost productivity

Productivity is the first casualty of backup failure. The inability to recover backup files forces IT departments to work overtime to investigate and fix the issue to recover data, putting all the ongoing work in a logjam. It creates a ripple effect, delaying work across departments.

Reputation cost

Fixing the reputation of your business after a backup failure is challenging since failed recoveries may lead to prolonged outages or disrupted services. In fact, reputation management can have a huge impact on your margins. Not only do you lose current customers but, with poor credibility and bad publicity, potential customers would never come knocking on your door.

Penalties and legal fees

Backup failures can conflict with compliance regulations, leading to hefty penalties. Fighting penalties means dealing with a pile of legal paperwork and courts. In many instances, legal fees can exceed more than the penalty itself.”

Employee Errors

In excerpts from an article by SecurityToday, they wrote, “Often mentioned but seldom probed in the media is the biggest reason behind cybersecurity breaches – employee error. Two facts about this stand out. One is just how overwhelming employee errors are. The other is that the fault lies largely in the lap of companies themselves, not their workers.

Let’s start with a statistic. A joint study by Stanford University Professor Jeff Hancock and security firm Tessian has found that a whopping 88 percent of data breach incidents are caused by employee mistakes. Similar research by IBM Security puts the number at 95 percent.

Moreover, when a breached company finds the cause of the attack and the human culprit, the reaction is typically stern. According to Tessian in its aforementioned study, “Psychology of Human Error 2022, ” one in four such employees lose their job within about a year, even though more than half of employees fall for a phishing email because the attacker impersonated a senior executive at the company.

They and surviving employees typically feel guilty, and predictably, fewer of these employees are reporting their mistakes.

This approach isn’t working. This isn’t to say that employees shouldn’t be held accountable. But, after a proper lecture and probably a mandate to embrace more cybersecurity training, the focus should be on helping the employees do better in the future. Rejection helps nobody.

Ultimately, the mitigation of human error has to come from two angles – reducing opportunity and educating users. The fewer opportunities there are for an error, the fewer users will be tested. And the more knowledge they have, the less likely they are to make a mistake even when they face an opportunity to do so.

Most companies have done a pretty good job on the reduction of opportunity by typically investing time and money into bolstering their cyber defenses and supporting technology. They typically have a long list of anti-virus solutions, software and operating system patches, virtual private networks, and vulnerability scanning across devices. Encryption is also becoming common.

On the cybersecurity education front, however, most enterprises are not doing a good job. Employees typically get a day or two of training when they are hired and thereafter some sort of brush-up once a year. This isn’t enough because many employees forget at least some of what they learn after a few months, and, regardless, all employees need additional help with cybersecurity because it’s constantly changing. According to the Advanced Computing Systems Association, companies should host cybersecurity training every four to six months, preferably using interactive examples and videos.

At this juncture, unfortunately, too many employees remain insufficiently informed about cybersecurity, in part because security executives and managers put a higher priority on amassing technology. In particular, many companies prioritize having a broad array of complex cybersecurity tools, even though this may be counterproductive.

According to IBM Security, security teams are overwhelmed by alerts and the growing number of tools they must manage. Big Blue estimates that enterprises use as many as 40 different security products from vendors, which essentially boils down to building a clear picture with pieces from 80 separate puzzles.

Another indication that security executive may be misplacing their priorities is the continued reluctance among many companies to adopt incident response plans consistently across their organizations. Another study by IBM Security, with the help of the Ponemon Institute, found that a whopping 74 percent of security and IT pros surveyed in 11 global markets didn’t feel this was necessary. This seems to be a mistake, given that IRPs are designed to expedite the response to an organizational breach to mitigate reputational damage and cleanup costs.

What businesses typically do when cybersecurity issues pop up is rely on their security department for help. This approach is too narrow, however. For a truly security-aware culture, all employees of the business must also be seriously committed to staying abreast of cyber threats. Creating such a culture is facilitated when leaders can influence their team members to adopt certain mindsets and behaviors – precisely the goal of corporate cybersecurity training.

Ultimately, companies must embrace more and better cybersecurity training. If it turns out that employees continue to make too many errors, they must explore why. They may find that lack of motivation is the root cause. Employees may see it as an annoyance or something they cannot really control. Either way, companies must work harder still with these folks. Serious employee support is the best way to mitigate breaches.”

Insider Threats

In excerpts from an article by OpenText, they wrote, “An insider threat refers to a cyber security risk that originates from within an organization. It typically occurs when a current or former employee, contractor, vendor, or partner with legitimate user credentials misuses their access to the detriment of the organization’s networks, systems, and data. An insider threat may be executed intentionally or unintentionally. No matter the intent, the end result is compromised confidentiality, availability, and/or integrity of enterprise systems and data.

Insider threats are the cause of most data breaches. Traditional cybersecurity strategies, policies, procedures, and systems often focus on external threats, leaving the organization vulnerable to attacks from within. Because the insider already has valid authorization to access data and systems, it’s difficult for security professionals and applications to distinguish between normal and harmful activity.

Malicious insiders have a distinct advantage over other categories of malicious attackers because of their familiarity with enterprise systems, processes, procedures, policies, and users. They are keenly aware of system versions and the vulnerabilities therein. Organizations must tackle insider threats with at least as much rigor as they do external threats.

Types of Insider Threats

Malicious Insider Threats

Also referred to as a turn cloak, the principal goals of malicious insider threats include espionage, fraud, intellectual property theft, and sabotage. They intentionally abuse their privileged access to steal information or degrade systems for financial, personal, and/or malicious reasons. Examples include an employee who sells confidential data to a competitor or a disgruntled former contractor who introduces debilitating malware on the organization’s network.

Collaborator

Collaborators are authorized users who work with a third party to intentionally harm the organization. The third party may be a competitor, nation-state, organized criminal network, or an individual. The collaborator’s action would lead to the leak of confidential information or the disruption of business operations.

Lone wolf

Lone wolves operate entirely independently and act without external manipulation or influence. They can be especially dangerous because they often have privileged system access, such as database administrators.

Careless Insider Threats

Careless insider security threats occur inadvertently. They are often the result of human error, poor judgment, unintentional aiding and abetting, convenience, phishing (and other social engineering tactics), malware, and stolen credentials. The individual involved unknowingly exposes enterprise systems to external attack.

Pawn

Pawns are authorized users who have been manipulated into unintentionally acting maliciously, often through social engineering techniques such as spear phishing. These unintentional acts could include downloading malware to their computer or disclosing confidential information to an impostor.

Goof

Goofs deliberately take potentially harmful actions but harbor no malicious intent. They are arrogant, ignorant, and/or incompetent users who do not recognize the need to follow security policies and procedures. A goof may be a user who stores confidential customer information on their personal device, even though they know it’s against organizational policy.

A Mole

A mole is an outsider but one who has gained insider access to the organization’s systems. They may pose as a vendor, partner, contractor, or employee, thereby obtaining privileged authorization they otherwise would not qualify for.

How to Detect an Insider Threat

Most threat intelligence tools focus on the analysis of network, computer, and application data while giving scant attention to the actions of authorized persons who could misuse their privileged access. For secure cyber defense against an insider threat, you have to keep an eye on anomalous behavioral and digital activity.

Behavioral Indicators

There are a few different indicators of an insider threat that should be looked out for, including:

  • A dissatisfied or disgruntled employee, contractor, vendor or partner.
  • Attempts to circumvent security.
  • Regularly working off-hours.
  • Displays resentment toward co-workers.
  • Routine violation of organizational policies.
  • Contemplating resignation or discussing new opportunities.

Digital Indicators

  • Signing into enterprise applications and networks at unusual times. For instance, an employee who, without prompting, signs into the network at 3 am may be cause for concern.
  • A surge in the volume of network traffic. If someone is trying to copy large quantities of data across the network, you will see unusual spikes in network traffic.
  • Accessing resources that they usually don’t have or that they are not permitted to access.
  • Accessing data that is not relevant to their job function.
  • Repeated requests for access to system resources not relevant to their job function.
  • Using unauthorized devices such as USB drives.
  • Network crawling and deliberate search for sensitive information.
  • Emailing sensitive information outside the organization.

Examples of Insider Threats

Numerous insider cyberattacks take place each year, but the overwhelming majority do not make it to the news. There have, however, been insider threats in cyber security that have stood out in recent years.

  • In 2018, Facebook fired a security engineer accused of exploiting the privileged information his position accorded him to stalk women online.
  • In 2018, a Tesla employee was alleged to have sabotaged company systems and sent proprietary information to third parties.
  • In the 2019 Capital One data breach, a former Amazon engineer retrieved more than 100 million customer records. They exploited their inside knowledge of Amazon EC2 to circumvent a misconfigured firewall in Capital One’s cloud server.
  • In 2020, a former Google executive was sentenced to 18 months in prison for stealing trade secrets from Google’s self-driving-car division and handing them over to Uber, his new employer.

How to protect against insider attacks

Protect critical assets

Identify your organization’s critical logical and physical assets. These include networks, systems, confidential data (including customer information, employee details, schematics, and detailed strategic plans), facilities, and people. Understand each critical asset, rank the assets in order of priority, and determine the current state of each asset’s protection. Naturally, the highest priority assets should be given the highest level of protection from insider threats.

Create a baseline of normal user and device behavior

There are many different software systems that can track insider threats. These systems work by first centralizing user activity information by drawing from access, authentication, account change, endpoint, and virtual private network (VPN) logs. Use this data to model and assign risk scores to user behavior tied to specific events, such as downloading sensitive data to removable media or a user logging in from an unusual location. Create a baseline of normal behavior for each individual user and device, as well as for job function and job title. With this baseline, deviations can be flagged and investigated.

Increase visibility

In a 2019 SANS survey on advanced threats, more than a third of respondents admitted to lacking visibility over insider misuse. Therefore, it’s important to deploy tools that continuously monitor user activity as well as aggregate and correlate activity information from multiple sources. You could, for instance, use cyber deception solutions that establish traps to draw in malicious insiders, track their actions, and understand their intentions. This information would then be fed into other enterprise security solutions to identify or prevent current or future attacks.

Enforce policies

Define, document, and disseminate the organization’s security policies. This prevents ambiguity and establishes the right foundation for enforcement. No employee, contractor, vendor, or partner should have any doubts about what acceptable behavior is as it relates to their organization’s security stance. They should recognize their responsibility to not divulge privileged information to unauthorized parties.

Promote culture changes

While detecting insider threats is important, it is more prudent and less expensive to dissuade users from wayward behavior. Promoting a security-aware culture change and digital transformation is key in this regard. Instilling the right beliefs and attitudes can help combat negligence and address the roots of malicious behavior. Employees and other stakeholders should regularly participate in security training and awareness that educate them on security matters, which should be accompanied by the continuous measurement and improvement of employee satisfaction to pick up early warning signs of discontent.

Insider threat detection solutions

Insider threats are more difficult to identify and prevent than external attacks. They are often below the radar of conventional cybersecurity solutions such as firewalls, intrusion detection systems, and antimalware software. If an attacker logs in via an authorized user ID, password, IP address, and device, they are unlikely to trigger any security alarms. To effectively protect your digital assets, you need insider threat detection software and a strategy that combines multiple tools to monitor insider behavior while minimizing the number of false positives.”

Conclusion

In the ever-evolving landscape of cybersecurity, the focus has traditionally been on safeguarding digital realms from external threats. However, the world of cyber threats extends far beyond the virtual, venturing into the physical domain with a set of challenges that demand equal attention and vigilance. This article has illuminated the hidden dangers posed by natural disasters, power outages, backup failures, employee errors, and insider attacks, all of which blur the line between digital and tangible consequences.

Natural disasters, though uncontrollable, provide an ideal backdrop for opportunistic cybercriminals, seizing moments of chaos to launch their attacks when organizations are most vulnerable. To combat this, a robust disaster recovery strategy that includes cybersecurity measures is imperative.

Power outages, on the other hand, expose businesses to potential data breaches and system vulnerabilities. Utilizing uninterrupted power systems (UPS) and prioritizing cybersecurity within infrastructure is paramount to ensure resilience during blackouts.

Backup failures, often lurking in the shadows, pose a significant risk to organizations. In an era where data is king, any lapse in backup processes can lead to lost productivity, reputational damage, and even legal consequences. Vigilance in monitoring and testing backup systems is essential.

Employee errors, responsible for a substantial portion of cybersecurity breaches, require a multi-faceted approach. Beyond punitive measures, organizations must invest in continuous cybersecurity training to reduce opportunities for error and foster a culture of security consciousness among employees.

Finally, insider threats, whether malicious or inadvertent, are an ever-present danger that necessitates comprehensive solutions. Detecting insider threats requires a blend of behavioral and digital indicators, combined with an organization-wide commitment to cybersecurity awareness.

In a world where cyber threats transcend the virtual and physical realms, prevention, preparedness, and vigilance are paramount. Organizations must not only shore up their digital defenses but also build resilience against the physical manifestations of cyber threats. By understanding and addressing these hidden perils, businesses can fortify their cybersecurity posture and navigate the modern cyber threat landscape with confidence.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every device connecting to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions, you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives