Learn from Jason Manar about recent trends in cybercrime and how companies can strengthen cybersecurity.
Cybercriminals are becoming more sophisticated, and state-sponsored cybercrimes have increased. As such, businesses must implement greater protection measures. Here, Jason Manar, chief information security officer, Kaseya, talks about a few recent trends in cybercrime and steps companies can take to strengthen cybersecurity.
As cybercriminals become more sophisticated, IT professionals must implement greater protection measures to safeguard their organizations. They need to hire the right people to meet their organization’s security needs and implement security-first cultures that focus on thwarting threats wherever they may strike.
According to Mandiant, the time between initial compromise and detection (also known as dwell time) has decreased from 24 days to 21. This is a positive development in the IT community and shows how preparedness can mitigate the potential damage caused by bad actors. Even so, any amount of time an unauthorized party has access to systems can be detrimental. Over the past year, we’ve seen a surge in cyberattacks brought on by state-sponsored actors such as APT10 and APT41, which are cyber espionage groups funded by the Chinese government. Many of these threat actors are taking advantage of misconfigurations and holes in software protection.
To combat these threats, IT professionals must prepare for various attack types. Incident response plans, education, and tabletop exercises are some of the ways that both leadership and employees can become engaged in creating a security-first culture that prioritizes data protection.
The following are a few recent trends in cybercrime and a few steps organizations can take to strengthen their cybersecurity.
Statistically speaking, phishing and social engineering attacks are on the rise. This year, we’ve seen more phishing attacks that contain malware than ever before. While credential stuffing statistically comprises only two to three percent of cyberattacks, this method is also increasing in prevalence. We’re also still seeing a large number of ransomware attacks.
We continue to see state-sponsored attacks from Eastern Europe and Asia, most often as port scanning, spear phishing, credential harvesting, and password spray techniques to gain access to both networks and cloud environments. Earlier this year, the Cybersecurity & Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory warning of increased malicious activity from Russia targeting various sectors globally following the start of military intervention in Ukraine. Likewise, CISA, NSA, and FBI indicated an increase in sophisticated Chinese state-sponsored activity to steal sensitive data, intellectual property, and personally identifiable information.
To combat these threats, CISA urges both government and civilian organizations to update and patch systems quickly, implement multi-factor authentication, and require strong, unique passwords. It also urges them to block obsolete or unused protocols at the network edge, upgrade or replace old devices, move towards a Zero Trust security model, and enable robust logging and log monitoring practices. By following this guidance, IT professionals can ensure that data is protected and safeguarded against threat actors.
Phishing continues to be the preferred method of attacking organizations, with some of the most successful scams impersonating company leadership requesting urgent action or communications seemingly coming from legitimate financial institutions. We’re also keeping a close eye on the potential for AI-powered attacks that can aid threat actors in predicting passwords based on stolen data or deepfaking biometrics such as facial recognition. Anti-phishing solutions, combined with engaging employee security training, are keys to fostering understanding and building a strong first line of defense.
Ransomware continues to be a threat across all industries and has increased by 446% since 2019, according to Ivanti’s latest study. Just in the last year, we’ve seen a significant increase in ransomware activity; according to the FBI, as many as 2,048 ransomware complaints were registered in 2021. These types of threat campaigns can reach millions of Americans every day by increasing gas prices, disrupting health care, interrupting the delivery of utilities, and interrupting government and education.
Aside from the “ransom” stage of an attack, there are several other steps in which threat actors can cause damage. Mandiant reports that following an initial compromise, attackers will first establish a foothold within internal systems. Then, they will maintain access while also escalating privilege before conducting internal reconnaissance efforts and exploring the hacked environment, moving laterally across different systems and applications. The mission is complete when certain data is extracted or business operations are disrupted. Oftentimes, threat actors will exfiltrate data or extort businesses by threatening to release confidential information publicly, sending concerning messages to top company leaders to coerce swift action.
In worst-case scenarios, companies can lose everything and go out of business. Therefore, IT professionals must stay on top of patching and updating systems to protect against vulnerabilities in network infrastructure. Proactive measures companies can take include instituting education programs, implementing regular patching policies, limiting administrative accounts and privileged access and auditing account access. From a password standpoint, it’s also important to run regular security and penetration tests, along with implementing strong password security policies and implementing multi-factor authentication.
See More: A Guide to Stopping Global Cyber Crime at the Local Level
It’s important now, more than ever, to ensure that you’re hiring the right security professionals with the right skill sets for your security team. Many larger companies are ensuring that the next generation of IT professionals is properly trained and prepared to address evolving cybersecurity concerns by partnering with universities and engineering schools to cultivate talent. Smaller organizations can also incentivize new hires to grow in their careers by providing robust in-house training initiatives. Kaseya’s Grow Your Own program also aims to support new hires through education programs, mentorship and leadership development.
As mentioned earlier, the key to creating a security-first mindset is education across all levels and teams within an organization. Security chiefs must educate the company leadership on the value of implementing these programs as a part of an integrated security stack. Employees must be engaged in security training as they are the first line of defense against bad actors. Creating cultures of security that originate from the highest levels of organizational leadership and trickle down to all other levels is also critical in implementing a security-first mindset that is long-lasting.
What does training look like? New hire onboarding should always incorporate security education. All employees should undergo phishing campaigns regularly to confirm that training is effective and follow through on any gaps that may be present. With more people working in hybrid and remote roles than ever before, workers must understand the necessity of email security. Gamification in the form of points, badges, leaderboards, and scoreboards can also incentivize employees to participate actively and retain learning better.
A strong information security policy can limit risk and exposure, both from cost and reputational perspectives. And strong policies are those that are continually reviewed and audited to ensure intended effectiveness. Successful policies institute processes across the entire business that are practical, enforceable and verifiable. When creating a security policy, ask yourself what you want the policy to do, who the intended audience is, and what objectives you hope to accomplish. Make sure you account for things like authority, access control and network security policies, data classification and protection, data backup and how you move and secure data. The policy should also include security awareness training and the frequency it’s carried out, encryption practices, and data backup procedures, and also clearly define roles and responsibilities for named personnel.
What steps have you taken to improve cybersecurity in your organization? Let us know on Facebook, Twitter, and LinkedIn.
Image Source: Shutterstock
Chief Information Security Officer, Kaseya
On June 22, Toolbox will become Spiceworks News & Insights