If your organization hasn’t been prioritizing cyber security, it’s time to make a change before a disaster forces you to do so. Hackers aren’t going to wait for you to get your act together — they’re ready to strike now, so there’s no time to spare when it comes to taking the necessary measures to keep your organization protected.
I recently presented a webinar bringing awareness to the potential risks organizations are facing and what steps to take to defend against today’s cyberattacks.
This article will cover the main takeaways from the webinar, including real-life case studies, best practices to protect against threats, how to strengthen cyber security awareness across your organization and more.
A Brief History of Cyberattacks
The first computer viruses were created by researchers to see what could happen if a threat entered and where vulnerabilities were present.
When malicious actors started using different forms of malware to attack large companies, it was intended to wreak havoc and make statements as social activism against big business. This then led to early forms of hacking where threats were used to get phone or internet service for free.
Ultimately, hackers were more a nuisance than a monetary threat to businesses. That has radically changed in the current era of cyber with today’s number of monetized threats. A prime example of that is ransomware.
Ransomware
When ransomware first appeared on the scene, it was sent to anybody and everybody. There were mass emails sent to large and small organizations, and compromised websites and links used to build the infrastructure and test the waters for bad actors to see what worked when launching their ransomware, executing attacks and getting the money.
Today, anyone can buy software to execute a ransomware attack and share the profits with the bad actors who sell the software. There are even 24x7 help desks where the ransomware software vendors will help someone purchase cryptocurrency and transfer it to them. Ransomware has transformed into an enterprise.
Recent Cyber Security Breaches
LastPass
In 2023, the password management platform, LastPass, was breached by an attacker who gained access through information previously gained from a less invasive breach and went on to target one of four people on the planet who had access to decrypt company files. The attacker accessed this senior engineer’s home office computer, which exposed sensitive customer data.
Despite this attack, I still recommend using password management software — but beware. When using third-party software for any business process, you should put additional layers of security in place even when abiding by the software’s recommended cyber security best practices. Enabling extra layers of security, such as multi-factor authentication (MFA), will keep your organization safe even if the third-party is compromised.
Using the LastPass enterprise version (not the free version) with strong, secure passwords makes it extremely difficult for attackers to break into, so don’t feel entirely discouraged from using a password manager — just be diligent.
MailChimp
Another 2023 attack targeted the email marketing automation platform, MailChimp. One of their employees was socially engineered by attackers to give up information that allowed the attackers to access multiple employee accounts and an internal support tool.
Only 133 MailChimp clients were compromised, but each of those clients had their entire client database exposed. This is one more reason to be aware of the potential risk when using these services and also have a plan for alerting your clients to protect themselves should their information get into the wrong hands.
Vulnerabilities With Cloud Service Providers
When relying on any cloud service provider, make sure you’re implementing additional layers of security to what they provide so that if they become compromised, your information is still kept secure.
If you’re using a public-facing IP and a Microsoft Azure virtual server, you want to ensure you don’t have things open like remote desktop protocol because although it’s secure today, a vulnerability could arise soon. If your system is not up to date, that vulnerability can spell out disaster.
Social Engineering
Social engineering is when bad actors use deception to manipulate their targets into divulging confidential information to be used for fraudulent purposes. It can target any individual with an email address and even over the phone, known as vishing.
The two major signs of social engineering are:
- A sense of urgency to complete a simple task
- A request not to disclose the action to anyone else
If you notice these red flags in an email, report the email as phishing and do not respond.
Open-Source Intelligence (OSINT)
Bad actors are using OSINT to gather points of information to be more calculated and specific when targeting certain individuals, especially those of us in business development or those who have their email publicized in some way. They use information from social media platforms and company websites to create a scenario for reaching out to you directly with a request or impersonating you when contacting a colleague.
Security Awareness Training
Security awareness training (SAT) is essential to educate your employees and applies to every division of your organization — it should not just be a priority for your IT department. Every department at every level is being targeted by cyber threats, so every member of your organization must be trained and up to date on the latest cyber security threats and protocols.
You need to tell each user what to expect, what to do with the unexpected and verify that they understand. Threats evolve, so testing your staff regularly can help keep them alert to what a potential threat looks like and what to do. We recommend randomized testing monthly. At a minimum, you should send a test to your staff annually. This allows you to identify users who are “happy clickers” and fail the test so you can make sure they know better next time or revise their privileges.
Any staff member with an email address needs SAT, but different departments may need supplementary security training to prepare for certain scenarios that would specifically apply to their work. For example, finance department staff members need to be aware of indicators of payroll fraud and attempts to manipulate that information. There needs to be clear processes in place for employees to follow in the event they’re targeted by an attacker.
Incorporating SAT into your organization’s required protocol is always going to be less expensive than the cost of a breach.
Prioritizing IT and Where to Focus Your Attention
Along with SAT, you need to provide your employees with the right technology for them to do their job safely and effectively. If staff can’t easily accomplish what they need to get done, they are sure to develop workarounds that can compromise your business’s security. You must have an IT resource to help you map out efficient business workflows, detect where your potential security vulnerabilities exist, and monitor and patch those weak areas.
Address Security in Layers
Review your systems regularly (at least annually) to understand your most valuable systems and sensitive information on your network. They need to be protected and backed up accordingly.
Follow the policy of least privilege when assigning access to your staff members. This is a role-based approach that only grants individuals access to the parts of your network that are necessary for their job. A separate account should be used for those who need administrative access to your network. Accounts used for day-to-day work should not have access to everything on the network. That way if a regular user account is compromised, the admin access is not compromised.
Zero trust is a network architecture that examines every point on the network and only allows users to access areas if they are authorized. The rule of thumb: never trust, always verify.
With the onset of remote work, firewall perimeters need to extend to wherever your employees are accessing your company’s network. Zero trust makes it harder for bad actors to get into areas of your network but won’t hinder your authorized users.
Gather Your Signals
Let’s say you have the right firewall, endpoint protection, software packages, etc. in place. Each of these tools has a logging capability with information known as “signal.” Signals need to be monitored and managed, so you want to gather them in a centralized place and oversee them 24x7 with the help of artificial intelligence (AI) or machine learning.
This allows you to see patterns in your signal that can indicate if something is awry and take action. Endpoint protection software picks up on suspicious activity at any time and isolates the endpoint where it is occurring, so it does not compromise the rest of your internal resources.
Follow a Framework
To determine the best plan of action for your organization’s security, you need to select a cyber security framework. Your employee handbook should have a dedicated section with guidelines on how employees should use the technology provided by your organization and what they are and aren’t permitted to do.
A framework allows you to put all aspects of your network and technology in its place so you can detect where gaps of vulnerabilities lie and address them. If you haven’t done any sort of assessment of your network and you have an insurance company or client that requires you to be compliant with a framework, know that it can take up to six months to complete. Therefore, it behooves you to be proactive.
A framework is a continuous compliance process. Once you get through year one’s initial survey and assessment, year two’s survey becomes easier and more streamlined as you have a plan of action and milestones (POAAM) outlined for years to come. Eventually, it will become more of a maintenance process.
Next Steps
You need to be aware of what is most important on your network, where you see the highest number of threats and cover the key areas of SAT with your staff. Make sure that your internal business and external client processes are performed in a secure manner. You should have solid backups stored separately from your network so that if there is a compromise, your information has layers of protection and can be recovered. Keep in mind that all aspects of your cyber security framework need to be monitored, maintained and managed.
Need Help?
Our Technology Solutions Group includes a team of cyber security experts. We’re happy to meet with you for a cyber security risk assessment of your organization’s IT infrastructure. Or, you can contact us online or call 410.685.5512 with any questions.