Virtualization Technology News and Information
RevealSecurity 2023 Predictions: Social Engineering Is Out Of Control


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Social Engineering Is Out Of Control

By Doron Hendler, CEO and Co-Founder, RevealSecurity

In 2022 we witnessed a growing use of social engineering, defined as use of manipulation techniques that exploit humans to gain access to private information. Usually, unsuspecting individuals are lured into giving access to restricted systems online.

Even my company, RevealSecurity, was born after I fell victim to a social engineering scam when an ‘insurance rep' called and lured me into disclosing the code I received on my phone from the insurance company.

Rogue insiders and external attackers have become a growing concern in enterprise business applications. External attackers leverage stolen credentials to impersonate an insider and connect to applications, while at the same time insiders are not sufficiently monitored in SaaS and home-grown applications.

Social engineering incidents pose a special challenge for security teams when it comes to protecting against these attacks, and the technological capabilities required to detect and prevent them before they happen. Unfortunately, due to the complex nature of the attack, which is performed by using confidential credentials, the misuse, abuse and/or malicious activities in business applications is often discovered only after complaints from the victims, after the damage is done.

Many incidents in 2022 have shown us that 2-factor authentication is not enough to prevent breaches, APTs (Advanced Persistent Threats) and criminal organizations are seeing 2-factor authentication as a hurdle, not a blocker. In 2023, companies will increasingly assume compromise and act to detect it with increased speed and ease which can only be done via automation.

The second trend we predict will be that companies will stop relying on detection tools that are too noisy or inaccurate, as the  burden created usually outweighs the value generated.

Rules and UEBA have been effective due to major commonalities in the network, device, and user access layers: the market by and large uses a limited set of network protocols and a handful of operating systems. However, the market-wide shift from on-prem to SaaS technologies for business-critical functions, such as finance, HR, and operations, has extended the attack surface for malicious activities in applications, creating a greater market need for detection solutions.

Rules are the first generation of cybersecurity detection technology, but they only detect known patterns, while attackers are constantly leveraging loopholes, leading to false negatives. Consequently, rule-based detection solutions are notoriously problematic because they generate numerous false positives and false negatives.

User and Entity Behavioral Analytics (UEBA) failed to deliver as promised to dramatically increase accuracy and reduce false positive alerts due to a fundamentally mistaken assumption; that user behavior can be characterized by statistical quantities, such as the average daily number of activities. This mistaken assumption is built into UEBA, which characterizes a user by an average of activities. In reality though, people don't have "average behaviors," and it is thus futile to try and characterize human behavior with quantities such as "average," "standard deviation," or "median" of a single activity.

The main criteria for success in a detection solution is accuracy, which is dictated by the number of false positives, and the number of false negatives. As explained above, rules and UEBA failed to provide the accuracy required for successful cybersecurity detection.

In 2023, behavior-based analytical detection will be required to detect the threats facing organizations. The contemporary third generation of solutions uses Sequences of Activity, ie Journeys, to contextualize activity and improve detection accuracy. 




Doron Hendler is the Co-Founder and CEO of RevealSecurity, protecting organizations against malicious activities executed by insiders and imposters in enterprise applications. Hendler co-founded RevealSecurity after experiencing social engineering himself and suffering the consequences first hand. He has raised $23M for RevealSecurity following an extensive career in management and sales with a proven track record of growing early-stage technology startups and mapping complex business environments in a wide range of global markets, both directly and through partners.

Published Thursday, January 19, 2023 7:35 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>