Why a Single Uninformed Click Beats Even the Best Technologies
New research paints a stark reality: Data breach costs have soared to a staggering global average of USD $4.45 million—a 15% increase over the last three years.
Recently, I found myself engrossed in a thought-provoking conversation with Shay Nahari, Vice President of Red Team Services at CyberArk. A seasoned cyber warrior, Shay spends his days simulating potential attackers’ tactics, techniques, and goals, all to strengthen corporations’ digital defences. In essence, he is a Red Teamer, a vanguard of cybersecurity relentlessly searching for unseen vulnerabilities lurking within security systems.
Our conversation revealed plenty of remarkable insights, including Shay’s vivid comparison of the red teaming process to the infamous Bangladesh Bank heist, which only underscores the unpredictability and complexity of cyber threats.
“The Bangladesh heist was one of the major sagas where attackers tried to transfer over a billion dollars. The major trigger was a misspelt word,” Shay recalled.
Shay’s commentary further highlighted the vulnerabilities of modern banking systems, specifically the manipulation of the Swift financial system used for international financial transfers.
“In recent years, we’ve seen banks are very concerned about their ability to take over a Swift financial system that facilitates financial transfers,” he bared.
The World of Adversary Simulation
Shay’s pioneering approach to red teaming, or adversary simulation as he prefers, goes beyond mere defensive tactics.
“Adversary simulation is all about storytelling. We want to tell the organisation a story about how an actual attacker would operate, what they would target, and what they could accomplish,” he explained, before emphasising how this unique narrative-driven style of cybersecurity is getting companies across the globe to actually take notice of the threats they are facing.
As Shay also pointed out, cybersecurity is not a sprint but a marathon—a continuous journey with no defined finish line, but rather a series of ever-changing finish lines. In particular, the realm of banking, with its colossal structures of data and transactions, is practically a virtual playground for hackers.
Shay and others like him, though, are out to spoil the fun for these hackers.
“Banks are fascinating targets for cyber attacks. They hold not just money, but valuable data, too,” Shay explained as to why banks are prime targets of cybercriminals. “What’s more, they are often complex, full of legacy systems and challenging regulatory requirements.”
This insight into the labyrinthine world of banking cybersecurity and the threats it faces brings a fresh perspective—and it is something financial institutions ought to take a closer look at.
And so Shay firmly believes in the axiom, “Know thy enemy”—especially when dealing with threats. Unsurprisingly, it guides his approach to red teaming, which involves mimicking the behaviour of attackers.
“We always attempt to emulate advanced threat actors’ tactics, techniques, and procedures in our engagements,” Shay explained of his strategy, which he says allows his team to view security from an attacker’s perspective. In this way, they are able to anticipate their moves and proactively defend the system as a result.
Cyber Chess: Outsmarting the Enemy
Shay’s red team operates at the heart of a fast-paced, cutthroat environment, characterised by advanced persistent threats, spear phishing, and data exfiltration. They plot strategic moves, ready to counterattack each attempt to compromise the systems. For Shay, what they do is akin to playing a chess game, only the stakes are higher and the board an intricate maze of networks, protocols, and systems.
“Attackers will always take the path of least resistance. Why break a window when you can just open the door?” Shay mused.
It is this intuitive understanding of the attacker’s mindset that enables his red team to stay a step ahead of this virtual chess game.
With the explosive growth of cloud-based solutions, cyber threats have become more multifaceted than ever before, and it is a change that Shay acknowledges, noting how “hackers are focusing on cookies and identities with cloud computing being the new battlefield.”
With the shift to cloud computing and online banking, the concept of identity has become central to cybersecurity—and so Shay’s words ring even truer now: “Identity has become the new perimeter in cybersecurity and cookies the modern-day keys to the kingdom.”
His perspectives, incidentally, reveal a rapidly evolving battlefield, where old protective measures are no longer enough.
Again, Shay highlighted that while technology is a critical piece of the cybersecurity puzzle, people are equally important, if not more. He also warned, “Even the best technology can be defeated by a single uninformed click.”
This human-centric approach reflects the paradigm shift in modern cybersecurity that advocates for a more inclusive security consciousness at all levels of an organisation—one of the end goals of which is to prevent that single uninformed click Shay had been alluding to.
Life Finds a Way
Rather ironically, the cliché “Life finds a way” applies even to hackers and what they do. Put simply, they also find a way, precipitating what is now a constant evolutionary struggle—akin to a never-ending digital Darwinism.
“You can’t assume that you’ve stopped an attack just because you’ve patched a vulnerability. Hackers evolve and so should our defence mechanisms,” Shay reminded customers in the financial services industry.
This constant evolution, of staying ahead of the attackers while continuously improving defences, is what keeps Shay motivated and passionate about his work. It is a battlefield that is as much about wits as it is about technology.