A couple of weeks ago, we posted a survey so people could evaluate their cybersecurity savvy.
And the results are . . .
Well, let’s just say that most of us could brush up our security smarts.
Instead of reviewing the entire survey here, we’re going to focus on three of the questions where most of us were off the mark — and then, if you want, you can take (retake) the quiz to see how well you do.
Survey Question 6. What percent of companies have at least one critical security misconfiguration in their cloud deployment?
The answer: A staggering 73% have critical misconfigurations. 50% of respondents got this right.
In a recent study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. By critical, we mean configuration lapses that enable an attacker to gain access directly to private services or the AWS console, or that could be used to mask criminal activity from monitoring technologies.
In light of this statistic, it’s not surprising that some of the biggest hacks in the recent past have been possible because of AWS misconfigurations. These include:
- The RNC data exposure in which the records of nearly 200 million U.S. voters were compromised. (For Threat Stack’s commentary, see The RNC Exposure: Learnings and Actions to Take.)
- The Verizon data breach that exposed 14 million customer records
- The Dow Jones database misconfiguration that exposed Over Two Million Dow Jones Customer Records
- And as you know, many more
Survey Question 7. In 2017, what percent of breaches were caused by insiders?
25% of breaches were caused by insiders. Only 15% of respondents got this one right.
Many security principles have been carried over from the pre-cloud era. This may explain, in part, why so few people view insiders as a significant cause of cyber breaches and think instead of the “enemy at the gate.”
To learn more about this problem and what to do about it, have a look at these posts from Threat Stack’s blog:
- In Insider Threats: What You Need to Know and Do, Palen Schwab points out that “Many times, it’s actors within an organization who carry out sophisticated and malicious attacks designed to steal money or IP — or both” and goes on to outline measures that organizations can take to identify, mitigate, and protect against insider threats.
- For excellent advice on how to actively monitor and hunt for for ex-employee activity, see this post by Sam Bisbee, Threat Stack’s CISO: How to Manage the Ex-Employee Insider Threat.
- In Identifying Insider Threats Within Your Docker Containers, Nathan Cooprider, Threat Stack Senior Software Engineer, addresses the question of how to protect against insider threats in Docker Containers.
Survey Question 13. How many users fall for phishing scams by clicking a link?
The answer is 7%, and only 7% of respondents got this right.
(Other sources, such as the 2016 Verizon Data Breach Report, indicate that as many as 30% of employees fall for phishing attacks.) Whatever the exact number, social engineering and phishing in particular represent a very serious threat.
Threat Stack’s CFO Kevin Durkin points out (W-2 Phishing Scams: What You Need to Know to Stay Secure) that one of the best lines of defense is a combination of employee training, periodic testing, and continuous security monitoring to help make your organization an unappealing target.
Final Words . . .
Congratulations to those who got a high score on our cybersecurity quiz. For the rest, many of us could stand to improve our cybersecurity knowledge. But as we say, to strengthen your security, you need to know what your current security profile is.
If you want to know where you stand — or want to try improving your score — take the Threat Stack Cybersecurity Quiz.
After you’ve completed the quiz, have a look at this video to see how you stack up against your peers.
And finally, to learn how Threat Stack’s intrusion detection platform can help address your security requirements, contact us for a demo.