Cybersecurity Faux Pas: A Look at Organizations' Major Missteps

Failing to update software and security patches

Not keeping software up to date can be risky as new security vulnerabilities are regularly identified and patched by software vendors. Zero-day vulnerabilities, where no patch yet exists from the vendor, can quickly become N-day vulnerabilities, meaning a patch has been issued but the organization has not applied it. N-days are potentially more dangerous than zero-days because the vulnerability’s existence is now public, and threat actors are quick to develop exploits and search for organizations that have not been patched yet. 

Proactive maintenance can help protect data centers and networks against breaches and data loss.  The challenge is that patching is time-consuming. 

Using weak and easily guessable passwords or reusing the same password for multiple accounts

This is a common mistake that can seriously affect cybersecurity. Passwords are the first line of defense against unauthorized access to an online account or device, so it is crucial to use strong and unique passwords.

Maintaining a secure identity and account protection is critical for everyone in today’s connected world. Unfortunately, keeping track of multiple passwords is difficult, prompting many people to reuse the same or similar passwords on multiple accounts, which is a dangerous security practice. 

Neglecting to back up important data

Neglecting to back up necessary data is a mistake for cybersecurity because it can have severe consequences in the event of a cyber-attack or other incident resulting in data loss. Backing up data regularly creates a copy of important files and information, which can be used to restore the original data if it is lost or corrupted. Without backups, recovering lost or damaged data may be impossible, leading to significant disruption, financial loss, or other negative consequences.

Falling for phishing scams

There has been an increase in phishing attacks and in the amount requested in wire transfer Business Email Compromise (BEC) attacks, and industries such as healthcare and transportation have seen an increase in ransomware attacks. Threats on social media have also risen. Mobile phone-based fraud, such as smishing and vishing, has also increased. These trends highlight the ongoing and evolving nature of cybersecurity risks from phishing attacks.

Increasingly sophisticated phishing scams are posing a serious threat to personal and financial security. Fraudulent emails or websites appear legitimate but deceive victims into giving away sensitive information, which can be detrimental if malicious actors access them. Furthermore, these attacks often serve as entry points for malware distribution, which poses yet another risk to the victim’s device and data systems.

Neglecting to train employees on cybersecurity best practices

Neglecting to train employees on cybersecurity best practices is a mistake because it leaves individuals within an organization vulnerable to cyber-attacks. Humans are often considered the weakest link in an organization’s cybersecurity defenses, as cybercriminals can easily trick or manipulate them using phishing or social engineering tactics. If employees are not trained to recognize and prevent these attacks, they may unwittingly put the organization’s data and systems at risk.

Relying on outdated security measures

The problem businesses faced with the old, legacy AV solutions revolved around the fact that they were based on detecting malware files through signatures – typically a hash of the file, but later through identifying tell-tale strings contained in the binary through search methodologies like YARA rules.  This approach proved to have several weaknesses. First, malware authors began to sidestep signature-based detection simply by padding files with extra bytes to change the malware’s hash or using different ways to encrypt strings that could not be easily read by binary scanning. Second, adversaries’ intent on stealing company data and IP, or inflicting damage through ransomware, was no longer just trying to write malicious, detectable files to a victim’s machine. Instead, bad actors’ tactics had evolved to include in-memory “fileless” attacks, exploiting built-in applications and processes and compromising networks by phishing users for credentials or stealing resources with cryptomining. 

No Identity protection implemented

Having no identity protection implemented is a problem for cybersecurity because it leaves individuals and organizations vulnerable to identity theft and other types of cyber-attacks.

With social networks, multi-tasking, and the evolution of devices around us, it just makes sense for adversaries to keep investing in social engineering.  A solution with Identity Threat Detection and Response, Identity Attack Surface Management, and Identity Cyber Deception capabilities can solve the problem.

No threat hunting and lack of regular monitoring for security breaches

Not conducting threat hunting and failing to regularly monitor for security breaches is a problem for cybersecurity because it can lead to undetected or unmitigated threats and attacks.  By conducting threat hunting and regular monitoring, organizations can identify potential threats and attacks, allowing them to take action in addition to identifying new indicators of compromise that existing security measures may not detect. 

Conclusion

While it is true that there are constantly new threats emerging and that it can be difficult to stay ahead of them, it is important to remember there is much that enterprises can do to mitigate the risk, cut off easy avenues of attack, and harden the organization’s cybersecurity defenses. As we look forward, solving the cybersecurity challenge will be a combination of deploying the right product and having the right people, processes, and procedures in place to minimize the risk.

- The author, Diwakar Dayal is the Managing Director and Country Manager of SentinelOne India and the SAARC region