Why less Cyber Awareness upstream means less progress downstream
Hooray! It’s Cybersecurity Awareness Month – a security marketer's dream. An entire month dedicated to building awareness and educating the public on adopting safe cyber practices. A worthwhile initiative for sure, because the human attack surface will always be the biggest and most porous, so every little thing we can do to shrink it and make it less permeable, the better. Human awareness of safe cyber practices is a good upstream problem to tackle. But tackling that upstream problem takes more than our awareness of attackers. Just as important is our awareness of the human defenders that bear the burden downstream. We don't have a month for that, but maybe we should.
So, given its Cybersecurity Awareness Month, I guess there is no better time than the present to raise awareness of what we call the “Defenders’ Dilemma.”
The Defenders' Dilemma
At Vectra AI - where I work - we sought to quantify the Defenders' Dilemma in our State of Threat Detection research. What we discovered is that defenders face a vicious “spiral of more” - the upstream problem we believe is preventing downstream progress.
Subject to our lack of cyber security awareness - every innocent mistake, error in judgment, or policy side-step - is another human – the defender. We end users need to know, what we do (or don’t do) has a direct impact on a person’s well-being. In order for defenders to make progress downstream, I argue upstream, we end users need more awareness of the dilemma they face.
More "human" attack surface, more "human" exposure
Attackers are clever. They know that one of the best routes to infiltrate an organization is through preying on human nature. Call it social engineering, phishing, or vishing, even the most well-intentioned, security-aware end user can fall victim to an attackers’ charms. Scattered Spider has proven successful in vishing IT admins to gain access, and with technology like Generative AI and Large Language Models (LLMs), attackers’ ability to convince end users to commit, click and/or divulge credentials will only get more clever. When we end users fall victim to an attackers’ cleverness, we start the spiral en masse.
More visibility gaps, blind spots
Now most of us trust the security team will see the attacker is in and stop them because...
“it’s their job.”
I am sure our co-workers (defenders) appreciate our trust and vote of confidence, but this is not always the case. What we need to know is that attackers are very good at looking like us, doing what we do, masking themselves as us to move around the organization. They are really good at assuming the roles of people with higher privileges than us, and this is when things get worse. We invited them in, and now they've our identity to get an all-access pass.
More alerts, more false positives
This time we might say...
“that’s okay, I am sure security will get some sort of alert – I've seen movies about it.”
Little do we realize, that our co-workers – the defenders – get on average 4,484 alerts per day. Four thousand things to review. Imagine if our to-do list was 4,484 items long every day. It's humanly impossible, but our defenders spend on average 4 hours a day to look at about one-third of them only to find more than 4 out of 5 (83%) are false alarms - a waste of time. Imagine the frustration. We’ve all been there – working on a project someone else deemed a priority only to find it yields zero results. Now imagine doing that for 4 hours a day, every day.
More unknown hybrid attacks
I know some of us might be thinking...
“it can’t be that bad. If it were, wouldn’t we be breached and in the headlines all the time.”
Not so fast. What we end users might not realize is what defenders are doing behind the scenes to keep the company out of the headlines. It’s no easy task. Attackers are clever at getting in, masking themselves as employees, and hiding in an alert queue in the thousands. In fact, 97% of defenders worry about missing a relevant security event because it’s buried in alerts. What’s more, 71% believe the organization has likely been compromised and they don’t know about it yet. One thing that makes defenders’ job so difficult is that often they are dealing with unknowns. Little do we realize that behind the scenes, defenders are working tirelessly to connect the dots - assembling, aggregating, and analyzing disparate data sets to diagnose the problem at hand, so they can confidently take action to halt any headline from happening.
More emerging, advanced hybrid attackers
“Breach headline averted, reputation, operations, and revenue intact, so all is well. Kudos security team for doing your job,” we might say (except for the kudos, we seldom give defenders kudos - because of our lack of awareness).
I say find some empathy. For every late night, weekend war room, family-time sacrificed, there is another attack brewing, another attacker to defend against. The one thing about cyber attackers, they are always trying to stay one step ahead. They’re doing their research on us — using our LinkedIn profiles, social media activity, publicly available information, whatever they can get their hands on to fool us into letting them in, and when we do, the defenders' vicious spiral continues, grows, accelerates. There is no stopping it.
More workload, stress, anxiety, burnout
I know what some of us might be thinking...
“we all have some level of increasing workload, stress, anxiety, burnout.”
I get it and agree – all the more reason to have empathy for defenders. When the stakes are as high as they are for defenders, taking cybersecurity awareness seriously and adopting safe cyber practices helps more than we realize.
“But I’m just one person.”
It only takes one innocent mistake, error in judgment, or policy side-step to feed the spiral and wreak havoc on our co-workers, so let's do our part because at the end of the day, protecting the organization from attackers is a team sport.
So let's all do our job - our defenders deserve progress.
At Vectra AI, we are committed to breaking the spiral and it starts with doing out part to raise awareness of the defenders' dilemma. This Cybersecurity Awareness Month, we are dedicated to do just that.