By Manuel Moreno*
As the virtual world demands more and more sophistication, business leaders have launched a race to rapidly adopt technologies under the mistaken view that they will obtain greater capabilities compared to their competition. However, without prior analysis, they are opening cyber security gaps, since investment in digital initiatives far exceeds that of protection, both in solutions and in personnel training.
In fact, CyberArk’s 2023 Identity Security Threat Landscape Report, alert to high staff turnover rates as a result of increasingly complex IT structureswhich will result in a higher number of attacks.
And it is that each new implementation of Software as a Service (SaaS), adoption of the Cloud or third-party services, creates new points of digital interaction between people, tools and processes, which must be shielded with a solid cybersecurity strategy, based on both solutions and technological services, such as the training and development of personnel skills adapted to the 75 different applications that, on average, an organization uses (CyberArk).
What is alarming about this figure is not the total number itself, even considering a 68% increase in the next 12 months, that is, that by 2024 each business environment is expected to handle 126 cloud-based applications, according to said report. The real risk lies in the large percentage of that entirety that only supports password-based authentication, making it an easy entry point for cybercriminals.
This is consistent with the recent Fortinet study: Cybersecurity Training and Awareness 2023, which reports that overall, 81% of cyberattacks were through phishing, password cracking, and malware implantation. Particularly, in Latin America, the most common attacks are against passwords.
This is why it is crucial, on the one hand, to push two-factor authentication into each of our enterprise applications, and on the other, to focus on internal skills development and workforce training, rather than encouraging staff turnover in looking for profiles that are not quite suitable, considering that new technologies continue to be adopted day by day.
The exits and entrances of candidates and labor disagreements are also a cybersecurity risk to be evaluated. CyberArk identifies internal danger areas that are not considered as a priority in the development of a Digital Security strategy and that can be the successful trigger for a cyber attack:
- Leakage of confidential information from employees, former employees, and third-party vendors. For example, 58% of companies report users going out and saving sensitive or confidential work documents.
- Unprotected or constantly rotating identities and application access, as every time an employee leaves, IT must remove access permissions from the various applications they used. Additionally, due to the increasing complexity of IT, 62% of security teams operate with limited visibility to verify who is accessing sensitive data and assets.
- The constant need to update software to try to gain speed and other competitive advantages, without evaluating interoperability, which gives excessive privileges to developers, who are highly attractive targets for cyber attackers.
In conclusion, our collaborators can be the weakest point or the most powerful defense. Everything will depend, first, on organizations assuming cybersecurity risks as a reality; and second, that from this, they consider their staff as an information asset that also needs attention, visibility, protection, defense skills, such as knowledge and awareness, before continuing to rapidly adopt tools that demand more and greater technological capabilities.
*Manuel Moreno is Security Sales Enablement Director at IQSEC.
Editor’s Note: This text belongs to our Opinion section and reflects only the author’s vision, not necessarily the High Level point of view.
MORE NEWS:
IQSEC More than 15 years of experience providing comprehensive and innovative cybersecurity and digital identity solutions.