The increased pace of technological change, and security threats that come with embracing digitalisation, continue to make the business environment increasingly un-secure. As an example, UK organisations have faced 172,000 cyber attacks in the first quarter of 2021, that’s almost 2,000 cyber attacks a day, with attacks being registered every 45 seconds on average*.
As well as the constant phishing attacks, attackers were most likely to target IoT devices, including networked CCTV cameras, building control systems and smart systems.
As a result, individuals and organisations have to constantly monitor and close the security gap between themselves and the ever changing external environment.
The ability to adapt to the external environment quite often requires a mindset change, starting at the very top, with the subsequent impact affecting an organisation’s culture, structure, staff, systems and processes, essentially a complete reconfiguration of strategy and tactics. Only by continually monitoring the external environment whilst analysing internal capabilities can an organisation’s ability to improve cyber security be achieved.
Organisations need to practice the power of adaptation. Remember, it’s not just about the physical environment, the social and emotional environments need to be considered as well. Whilst machines and tech solutions are fairly predictable, people aren’t. The human element of cyber security is critical when you consider that one of the biggest cyber security threats in any organisation comes from its employees.
Therefore organisations need to act like a chameleon. It is generally well known that chameleons change colour based simply on their environment – a very clever camouflage tactic to hide from predators, or perhaps to sneak up on and attack victims, or in the case of deception security to lure attackers to a trap. But did you also know that chameleons are wonderfully biopsychosocial – they change colour in response to physical, environmental and emotional needs. Chameleons explore and adapt to their surroundings, changing colour as they move in the world to suit the environment, and they also change colour depending on their mood and emotions. They have multiple personalities, and therefore great power.
The global COVID pandemic is a prime example of where emotional and human factors needed to be considered. Businesses faced additional security exposures as many staff had to quickly start working from home, in some instances with personal or dated devices and software, many of which may have been insecure. Coupled with a sense of fear and increased stress, scammers very quickly moved to leverage both these factors resulting in a huge increase of cyber attacks.
Cyber criminals have unlimited time, resources and immense motivation, primarily for monetary gain or ideological purposes, and they use psychological tactics to exploit, manipulate and trick individuals into clicking on links, downloading files or giving away secure information over the phone.
Psychological warfare may sound extreme but that’s exactly what’s at play – mind games. So to be cyber resilient, you need to act like a chameleon, and constantly adapt to the ever changing environment, physically, emotionally and mentally.
Your organisation can always go one step further in building cyber resilience, and trick attackers with managed decoys, causing attackers to expose themselves.
As full-spectrum security experts, Infosec Partners offer a managed deception security service, get in touch for more information.