Statistics show that cyberattacks are trending upwards. Why is this the case and why are firms still increasingly vulnerable to data breaches and other forms of attacks?
To gain a view of current challenges, Digital Journal spoke with Eric Williams, who is a senior solutions architect at HID Global. Prior to joining HID, Williams held a position as the VP of operations for a startup based in Asia. He joined HID in February 2016 as part of the pre-sales engineering team working in identity management and authentication.
Digital Journal: What is the current state of cyberattacks around the world?
Eric Williams: By all accounts, cyberattacks are on the rise. According to Security Intelligence, phishing attacks increased by nearly 50 percent in the first half of 2022, with reports of around 11,000 incidents. Phishing attacks increased by 48 percent in the first half of 2022. It is no surprise that the most common cyberattacks are ransomware attacks and email compromises. Generally, economic conditions have influenced criminal activity, and cybercrime follows this trend.
DJ: Are cyberattacks becoming more sophisticated or is it simply that there are more of them?
Williams: It is a bit of both. Statistics show that cyberattacks are trending upwards dramatically. Additionally, cyberattacks recently have become more sophisticated in iterative ways, in a similar way that cyber defenses have done. As soon as cybersecurity professionals implement new ways to defend assets, cyber criminals find new ways to circumvent these defenses. It is a cyclical struggle.
DJ: Why are many companies especially vulnerable to attack?
Williams: My answer is anecdotal, however I believe that a large majority of cybersecurity attacks are enabled by individuals making errors that expose their companies to risk. Ransomware, for example, relies almost exclusively on the reality that an employee can be tricked into installing a malicious payload. These are sometimes combined with a zero-day vulnerability that may not require user interaction, but it’s the exception to the rule.
DJ: What types of technologies should firms be adopting?
Williams: All organizations, regardless of size, should first adopt an infosec policy around industry best practices. Once in place, one of the common defenses against cyberattacks are the use of multi-factor authentication for all IT assets. Biometrics have made strong inroads in recent years. Both can be combined with newer digital cryptography, such as what can be implemented with the Fast Identity Online (FIDO) credentials standard, something we offer with the HID Crescendo line. There are no one size fits all solutions, it needs to fit the needs of the users because if it isn’t easy to do the right thing, users will most likely find ways to circumvent security. For data at rest, It is essential to have solid backups that are regularly tested.
Also, companies must practice information security fundamentals. It is unforgiveable to experience a compromise due to system that has not been patched for a well-known vulnerability. The key is to offer the best UX without compromising on security.
DJ: Where in the organization should responsibility for cybersecurity sit?
Williams: This is a great question. In the cybersecurity world, we believe that everyone needs to be engaged in cybersecurity at some level. You used the word “responsibility,” and while cybersecurity professionals are responsible for the most visible aspects of defending IT assets, ultimately all members of the organization must take personal responsibility. Generally, this is about remaining aware of threats, and how to react when an attack affects them. Consider the business mantra that everyone in an organization is in some way part of the sales process, regardless of title and position. The same is true for cybersecurity.
DJ: How can errors involving employees be addressed?
Williams: By definition, errors occur by accident due to deception or lack of clear thought. Examples are a phishing email that can trick a user into divulging a secret or into clicking a link that will install a malware payload. One way to defend against this is by thorough and continuing education of every employee on cyber threats. On the other hand, employees cannot always be expected to make good decisions. This is where a clear cybersecurity policy exhibits its value. The policy should define how assets are protected, any by which means. Authentication requirements should be an integral part of the policy.
DJ: What is on the future technology horizon to improve cybersecurity robustness?
Williams: Historically, cybersecurity technology defenses have advanced slowly. Certificate-based authentication (CBA) has been a significant cybersecurity tool for decades. More recently, biometrics have become a strong piece of the cybersecurity puzzle. Looking to the future, modern technologies based on digital cryptography will hold more important roles in the cybersecurity posture of many organizations.
While nascent, FIDO authentication is becoming a more important cybersecurity component for many organizations. A newer technology related to FIDO called Passkeys shows some promise. However, it is unclear at this time how these technologies will evolve to conform to enterprise requirements. Cybersecurity strategy should strive to enable the right security for the right users as business needs evolve, it needs to account for change because it is the only constant.