How to block the weakest link in your cyber defense
Camelia Chan, CEO and founder of X-PHY a Flexon brand
Every cyber security professional knows that human error is the common cause behind most successful cyber violations. Software patches that have not been updated, careless clicks on phishing emails, changes in software configuration, or ‘personal’ resetting of anti-virus software are often the beginning of a cascading, costly and infamous security breach.
The extent of that human error – whether due to malicious intent or outright negligence – has recently been measured by the World Economic Forum (WEF). It is calculated in its Global Risk Report 2022 95 percent All security issues can now be identified as human error.
Of course, cyber security professionals are also extremely aware that our industry as a whole is understaffed and under-resourced. Nearly 20 percent of WEF’s network of academic, business, government, civil society and thought leaders believe that cybersecurity failure will become a serious threat to the world in the next two years. At the same time, there are 3 million gaps in the need for cyber professionals worldwide.
Remote insecurity
The potential for human error is greatly increased by the epidemic and the accelerated reliance of both individual organizations and the economy as a whole on digital systems.
With the rapid digitization of remote, and now hybrid, working platforms and devices have been made available to enable remote work. The corporate network has expanded, its boundaries have become more blurred, and sensitive data is regularly shared with a wide range of intermediaries, from cloud service providers to data aggregators and APIs. The attack surface is greatly expanded.
The widespread adoption of cloud-enabled services and networks has also changed the common threat vector. Threats can now flow from the cloud to the machine level, putting endpoint devices and their operating systems in direct line of fire.
At the same time, remote employees are sending corporate details to their residential networks, using the same laptop and the same weak passwords for both personal and professional applications.
Expensive inactivity
With no obvious barriers between work and home, a familiar informal ‘office’ setting and even more comfortable dress code, the psychological factors that always keep employees alert can easily turn into cyber fatigue and ‘what could be worse?’ Mentality. For that reason, despite having the strongest infrastructure and policies, large corporations can still collapse.
The epidemic has certainly increased the chances of human error causing indescribable damage to the corporate system. But even with the return of a new form of normalcy to corporate life, the opportunities created for cybercriminals will continue to grow. Expansion of IoT-enabled devices, edge-computing, 5G and blockchain-enabled applications presents new opportunities and new threats.
As these essential business tools come together and connect, as virtual 3D spaces network and expand, users – employees – will be asked to navigate security vulnerabilities in complex, decentralized systems without sophisticated onboarding capabilities or structured security policies.
New weakness
In the case of crime, cyber-threat actors take advantage of both the offensive method of attack and the lower barrier to entry, which increases the attacks. For example, ransomware-as-a-service (RaaS) enables non-technical criminals to successfully access a corporate network.
Now that malware can be driven by AI, the low-skilled, high-reward model of cybercrime is on the rise – especially as the expansion of cryptocurrency use keeps the ransom from being scrutinized by regulated banks and law enforcement agencies.
As the physical supply chain has become more digital, the same criminals have discovered new vulnerabilities to exploitation. The weakest link in any system can no longer be the fault of an employee but of some technology provider or other third party supply chain. Cyber-attacks are therefore no longer aimed solely at the infrastructure of a large corporation, but at smaller, less well-protected companies that support and supply them.
Outside of software
Today, most cybersecurity software relies on defense, but business leaders and their cybersecurity professionals need to update their arsenal if they want to protect their devices and their data. By design, the firmware system has a good vision – and a greater ability to protect it. For example, security at that level of storage drive is the best way to reduce attacks.
It can perform an AI-infused solid-state drive (SDD). The AI ​​component provides intelligent, intuitive, and instantaneous defense by detecting inconsistencies in data-access patterns that typically indicate ransomware, cloning attacks, physical drive theft, and even other side-channel attacks.
Embedding AI at the firmware level, where it sits close to user data, ensures real-time threat detection and protection against zero-day exploitation. The data in the drive is secure 24/7 – making it an ideal solution to complement software-based defenses for each participant in a supply chain.
What’s more, when developed in a zero-trust framework, only authorized and certified employees can access its contents, which protects users, applications and data from external threats. SSD itself, hardware sensors can provide real-time physical protection if an employee’s device is stolen, lost, or tampered with.
Leading OEMs are already applying this type of technology to recent models, and we can expect more to come in real terms as businesses look for secure devices that minimize the impact of human error by reducing the amount of human intervention required to secure data. In a constantly evolving, multi-threat world, this is the last – and most necessary – line of defense.
About the author
My name is Camelia Chan and I am the CEO and founder of Flexon. Camelia founded Flexon in 2007 and has over 20 years of experience in the electronics manufacturing industry. As CEO and founder of Flexxon, Camelia oversees the company’s business development and growth, industry partnerships and expansion into regional and global markets. There has been flexion under his leadership
NAND is a world-leading brand providing flash storage solutions across the sector; Especially in the four niche areas – Cyber ​​Security, Industry, Medical and Autonomous (CIMA).
Notice of fair use: Under the “fair use” law, other authors may restrict the use of the original author’s work without permission. 17 In accordance with US Code § 107, certain use of copyrighted material “for the purposes of criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not a copyright infringement.” As a matter of policy, fair use is based on the belief that parts of copyrighted material are free to be used for the purpose of public comment and criticism. The privilege of fair use is perhaps the most significant limitation of the exclusive rights of a copyright owner. Cyber ​​Defense Media Group is a news reporting company that reports cyber news, events, information and much more on our website Cyber ​​Defense Magazine at no charge. All images and reporting are done exclusively under the fair use of US copyright law.