The repercussions and liability of cybercrime continuously threaten organizations. With so much at stake, business leaders and security professionals must initiate meaningful change to overcome present-day challenges in the cybersecurity industry. A recent study by Stanford University has shown that at least 88 percent of breaches in the past 12-24 months were a result of human error. With this statistic in mind, former White House CIO Theresa Payton highlights the ways organizations can strengthen their cybersecurity strategy and tactics by “designing for the human.”
Who is Theresa Payton?
Theresa Payton is a true leader in cybersecurity and IT strategy. As a change-maker in the industry, she became the first female to serve as the White House CIO, overseeing operations for President George W. Bush. Beyond Theresa’s experience with government cybersecurity, she also has held executive roles in two of the country’s top financial institutions. Where is Theresa now? As the CEO of Fortalice Solutions and co-founder of Dark Cubed, Theresa Payton works with clients to uncover strategic opportunities, identify emerging threats, and improve their cybersecurity posture.
LogRhythm was honored to have Theresa speak at our 2021 RhythmWorld Security Conference. Theresa shared a lot of useful information that organizations should pay close attention to as they evaluate their cybersecurity strategy, protocols, and architecture moving forward. In this blog, we’ll dive into her key design principles that protect an organization from cybercrime, plus cover Theresa’s insightful threat predictions for 2022.
Three Principles to Safeguard Your Organization from Cybercrime
Theresa Payton strongly believes that organizations can improve their security posture if they design their strategy based on the human. Here are three principles to keep in mind when evaluating and improving your security maturity:
Principle 1: Think to Yourself, What Drives Human Nature?
It’s important to understand what drives human nature and how to incorporate that into your security strategy. Often, cybercriminals will seize your network initially by targeting employees as a gateway. Cybersecurity awareness programs and educating your workforce across the organization on security best practices is necessary, but it cannot be your only means of defense.
You must accept that your employees will make mistakes, break security rules, create weak passwords, and more. At some point, an individual in your company will fall victim to a cyberattack — but the burden cannot lie on the user.
In this principal, Theresa emphasizes the importance of implementing proactive safety nets that protect against human error. For example, Theresa discussed how during the COVID-19 pandemic, cybercriminals used social engineering and manipulation campaigns to trick employees to click on links they normally would not click on. The beginning of the pandemic proved to be a scary and unprecedented time for modern-day society and every new headline or COVID-related resource drew a lot of attention and engagement from the public. In this case, security teams could have protected employees from phishing scams by filtering emails with suspicious COVID-related keywords. This is a great example of understanding the human psyche and implementing a more proactive security defense based on hacker tactics and trends.
Other examples of safety nets can incorporate more elaborate processes like implementing micro segmentation of user access controls and verifying user authentication. While some companies are widening the safety net and reducing risk by moving to a Zero Trust security model (you can learn all about LogRhythm’s Zero Trust architecture here) not every security team has the funding or bandwidth to initiate that level of change. At a minimum, Theresa suggests implementing a multi-factor authentication (MFA) solution to give your users an easy safety net that reduces password-based cybercrime.
Principal 2: Get into the Minds of Cybercriminals
The best way to think like a criminal is to observe and learn from their actions. Try baiting cybercriminals with decoy scenarios of human profiles, systems, or applications that look valuable and vulnerable. This will entice a cybercriminal to attack, and you can examine their every move to gather information about their strategies and where your system may have gaps. Use this data to reshape your security protocol, patch vulnerabilities, and prepare for potential incoming threats.
Cybercriminal techniques have evolved and continually challenge security professionals as the attack surface expands with cloud migration, digital transformation, Internet of Things (IoT), remote working, and more. Today’s cybercriminals are deploying various strategic tactics that target employees, including:
- Deploying incessant phishing attacks
- Leveraging clickbait tactics to steal or purchase data from third-party marketing sites
- Using artificial intelligence (AI) generators to create deepfake personas
- Enticing individuals with fake ads such as “help wanted” ads
- Creating unemployment fraud insurance scams
- Developing shell companies that mimic legit businesses
- Posting fake reviews
- Installing chatbot scams
- And much more!
In her session, Theresa shares how humans naturally leave “digital gold dust” which makes it simple for cybercriminals to determine the best ways to dupe someone via social engineering, and to easily gather clues that reveal what their passwords contains. For example, Theresa shares how cybercriminals can perform a straightforward name search and gain access to all associated email and social accounts, their link analysis, and whether that person has passwords stored in data dumps.
As security professionals, we must educate our employees to reduce their digital trail, while ensuring we have a proactive detection and response process that prevents attacks or quickly mitigates a breach and lessons the severity of impact.
Principal 3: Leverage Behavioral Analytics to Dupe Cybercriminals
It is time to “beat cyber criminals at their own game” and you can do this by leveraging behavior-based analytics through artificial intelligence. To achieve this, you need to determine what the normal baseline behavior looks like for your employees. Then implement a solution into your security operation that can monitor and detect irregular activity thus automating a response or alerting your team with abnormal behavior for further analysis. This method can enable teams to scale their threat detection efforts and leverage intelligent systems that have a higher level of technical accuracy.
There is a lot of useful technology that can empower your security operation center (SOC) to improve profiling and anomaly detection against diverse environmental data. For example, LogRhythm’s user and entity behavior analytics (UEBA) solution has the power to perform all of these security measures with full-spectrum analytics, allowing analysts to drill down into threats when alarms are triggered. UEBA’s visibility into your user activity acts as a digital bodyguard as it uncovers threats that may have been overlooked. With UEBA your team can more effectively and quickly solve use cases, such as:
- Identify malicious insider threats
- Track unauthorized data access and exfiltration
- Monitor abnormal access, privilege escalation, and new account creation
- Spot brute force attacks in real time
- Uncover compromised accounts
- Monitor privileged accounts and unauthorized elevation of permissions
Theresa Payton’s 2022 Triple Threat Predictions
To help maintain a proactive security strategy, Theresa shares her predictions about what to expect in cybersecurity and the obstacles that are forecasted to take place in 2022. You can never be certain as to what next year will hold, but you can take advantage of the most suitable crisis playbooks based on industry trends, what your personal threat data and research is indicating, and predictions from thought leaders in the industry.
Prediction 1: “XR will be Hacked”
We are in a time where remote work has sparked more virtual meetups rather than traditional face-to-face gatherings. Theresa believes that cybercriminals will leverage this as an opportunity to hack extended reality (XR). Extended reality goes beyond augmented reality (AR) and virtual reality (VR) constructing tangible and nontangible environments all created by computer technology.
Now what does this mean for you and your organization? XR collects your digital footprint such as your thumbprint, iris print, voice, and daily computer activity, which makes it almost indistinguishable when a hacker uses this information. You can maintain leverage over cybercriminals or lessen risk by micro segmenting or tokenizing critical data, adhering to Zero Trust principles, and establishing security playbooks for this type of hacker scenario.
Prediction 2: “Mini Black Swan Banking Event”
According to Theresa, you should “plan to have access to cash.” In this second prediction, Theresa believes there will be a banking breach and cybercriminals will rob money. This incident will go viral causing mass paranoia and people will frantically search for information on how to keep their money safe. The public will turn to chat bots and phone lines to reach real banking professionals, yet cybercriminals have already thought beyond this to use deep fakes to further strengthen their conviction and reap the benefits. We do not know the exact likelihood of this scenario, but a way to position yourself out of harm’s way is to segregate your money into multiple banking institutions so that you have different sources to retrieve funds.
Prediction 3: “AI Drives Misinformation Campaigns Without Human Intervention”
Don’t believe everything you see or hear. Be cognizant of AI deepfake audio and video dupes as cybercriminals can be deceitful through imitating individuals in your organization. Theresa shared an eye-opening example of a real incident that occurred amongst the European Council of Banks when a CEO requested a wire transfer from a CFO. The two followed protocol by first communicating through email then authorizing over the phone, but to the CFO’s surprise the transfer was never requested by the CEO. In this instance, AI was the driver of a manipulation campaign using deepfake audio which can widely be found on the internet especially from relevant executives.
Here we see a profound need for safety nets: MFA cuts out many opportunities for threats like this to slip through. Substantial transactions and decisions will never have enough points of verification for those involved, so as a best practice, create verbal and non-verbal passcodes and frequently change them. Another safety measure is to assure that employees have the means to report anomalous activity in the prevention of AI fraud.
Watch Theresa Payton’s Cybersecurity Presentation First-Hand
LogRhythm is wholly grateful to have hosted a judicious cybersecurity leader such as Theresa Payton. Her extensive knowledge across a variety of industries was evident and engrained in both her insights and predictions. You can use Theresa’s cybersecurity tips to understand the psyche of your employees and hack into the minds of the cybercriminals to improve your security posture. Remember, it’s not a question of if you will experience a breach, but when…so always strive to be security first and stand ready for whatever threats may come your way.
I’ll leave you with this simple, but effective quote from our RhythmWorld guest speaker that rings true to how cybersecurity professionals should approach their work:
“Reliability, recovery, and resiliency are the three Rs of your job.” – Theresa Payton
If you did not get the chance to watch Theresa’s keynote session at the 2021 RhythmWorld Security Conference, you can and watch it here at anytime!