Criminal Break-In

11063692094?profile=RESIZE_400xDuring the dark days of COVID-19, the transfer from office to remote working cybersecurity was often neglected so that businesses could just “stay in business.”  Even after a couple years, common sense tells us that companies would have caught up with cybersecurity.  There are three business scenarios: those that have been attacked, those that do not know they have been attacked, and those that are going to be attacked. 

The risks are high with research showing the average cost of an IT security breach is US$4.35 million according to a study by IBM in 2022.  It is estimated that 54% of breaches remain undiscovered for months.  It is not surprising when you can now rent or buy Ransomware as a Service (RaaS) as cheaply as you can subscribe to Netflix. 

See:  https://redskyalliance.org/xindustry/ransomware-as-a-service-went-to-business-school

This is the reason why professionals need to take a serious approach to cybersecurity. We all know people who lock the house, but leave the windows open.  That once you experience a house break-in, you install an alarm; use deadlocks everywhere; install floodlights and security cameras; or some just assume it will never happen to them again - but often it does.  A recent survey revealed that more than one in six (17%) of burglary victims had fallen prey to being looted three times or more, and 65% of those in the same property.[1]

See:  https://redskyalliance.org/xindustry/danger-will-robinson-in-2023

Often businesses are attacked in a minor way, they complete some cybersecurity hygiene then continue as normal.  Often that was the attack before the real attack. What they have not taken into consideration is that most cyberattacks today do not happen on the fly, they are well researched and planned.  The average time attackers spend in the organization is 240 days before they make their move.  They build trust, rapport and explore within the company before they attack. 

In effect, once a user identity has been compromised, the “hackers” do not have to “hack-in,” they simply log-on just like you would with Netflix, often undetected until days, weeks or months later.  They quietly sit and collect data from your organization and wait for the perfect time to hold your firm to ransom. 

Many companies have invested heavily in security products and services, but alarmingly research shows that many do not have these services deployed and configured correctly, and in many cases the most vulnerable or “privileged” users are the ones least protected. 

Here are some tips for ensuring your business is taking the right steps to prevent a ransom demand:    

  • Simplify your cybersecurity tool set. Simply by making sure your tools are joined up and work together – from Identity and Access Management, Multi Factor Authentication (MFA), application threat control, firewalls, network access control to endpoint protection you will be better protected.  This is not about buying more tools, in most cases it is about reducing the number and complexity of cybersecurity tools you use and focusing on the vital few that will give you the most effective control by ensuring they are deployed correctly. 
  • Assume breach. Every business should be working from the standpoint of assuming they have already been breached or will be soon.  You need to apply zero trust principles and ensure that every access made by every single person onto your network is explicitly verified. 
  • Use Multi-Factor Authentication. MFA combines two or more independent credentials: something the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification or a known/trusted device.  This single action using MFA correctly can eliminate more than 99% of phishing attacks of which there are 921 identity attacks every single second.  Not using MFA is like locking your front door and leaving all the windows open.
  • Write and Activate Data Loss Prevention Policies. These protect against accidental or deliberate data leakage by defining how an organization can share and protect its data.  They provide a guide as to how data can be used in decision making without it being exposed to anyone who should not have access to it. 
  • Use an Enterprise Identity Provider. An enterprise identity service, read Azure Active Directory or OKTA to provide single sign-on, multifactor authentication and conditional access to guard against 99.9 percent of cybersecurity attacks.  They take away the inconvenience of verifying each access point every time. 
  • Streamline protection across email, chat, files web apps and endpoints all these ways of communicating leave you open to attack if you are not using the latest cybersecurity technology. Make sure all your tools work across communication platforms and there are no gaps that can be exploited.
  • Train your users. Regularly training your users on basic security hygiene to keep your business safe. The biggest single source of breaches come from your users clicking on a phishing email or text message.  If you educate them about likely breaches and how attackers are thinking and are likely to try and reel them in, then they can be your best form of defense.
  • Use Patch management and leverage automated patching were possible across every switch, access point, router laptop and application. It sounds so simple, yet many organizations are still not patching in a timely fashion which is leaving them wide open to attack. 

 

If your business is not considering all these steps, it may not be long before you realize that a “subscription” has been taken out against your firm and the hackers have been logging on and off at will.  Make it a priority to address the gaps in your cybersecurity protection to lessen the chances of the next email you receive might be one asking for a ransom payment.  Or a phone call from their new Call Center.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://www.cybersecurityintelligence.com/blog/has-someone-taken-out-a-subscription-against-you-6893.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!