Thanks to all who joined us live on April 29, 2021 for our Top 3 Trends in Today’s Cyber Attack Landscape webinar!
Cyber attacks are at an all-time high, and threat actors are becoming more sophisticated in their attempts. When considering today’s trends (and threats) in the industry, three recurring themes often come up amongst Cybersecurity professionals: the continued growth of ‘double extortion’ ransomware attacks, the increased risk that employee identity theft poses to organizations, and the additional fallout from supply chain attacks.
Will Taylor, NXTsoft's Sr. Security Consultant discusses the these three cyber threat trends and different ways you can address them within your organization.. Click below to watch, and scroll down for the event Q&A.
Have another question? Leave it in the comments below.
Q: Are there any Open Source Cybersecurity sites you see as troublesome, such as VirusTotal?
A: There has been a market increase in the number of packages that are available on GitHub that are open source and have been maintained for a long time by very dedicated communities. Threat actors have been able to seed these packages with malicious software. In the middle of 2020, there were some tools found in a few GitHub packages with a backend that was allowing threat actors to use it to mine Ethereum. The biggest problem with these open-source tools is that unless they’re locked down and monitored, as if they were a paid tool, there’s a lot of due diligence that needs to be done on vetting that code and leveraging those technologies within your environment so they’re not opening ports into your network to allow threat actors to come in. Most of the time the initial point of entry is through phishing, but after the initial breakthrough they’re always going to leverage other means to get to the information they want. It requires that a business be diligent about vetting and have a process in place that protects their business against an attack from within an open-source cybersecurity site.
Q: What is the best measure to protect an organization's network with no firewall?
A: We are seeing a lot more startups and business that don’t have a physical headquarters or building so they’re not able to have a physical firewall setup. Even if all your tools and everything you do is in the cloud, you need to have a firewall setup there. Cloud applications such as Google, AWS and Microsoft Azure give you the ability to build a firewall within their cloud environment. Other things that you should make sure are in place are:
- Minimum number of points of entry and exit for those resources and assets in the cloud
- Access control list
- Multi-factor authentication enabled for administrative users
The layered security approach is best, but you should always have a firewall in place even if it’s within the cloud environment.
Q: What is the best cyber defense approach in a BYOD environment?
A: A layered approach is best. Your biggest weakness will always be your employees; they’re the easiest, softest spot for a cybercriminal to target. Training is key. Every employee needs to know how to identify a phishing email, what it looks like and how to identify if it’s coming from a legitimate source, and what to do if they get a malicious email. It needs to be drilled into the culture of the business that every employee is always on the lookout and ready to protect themselves and the company against a potential security breach. We recommend two other things that your business should investigate when it comes to a BYOD setting. If your employees are using their own cell phones, tablets or laptops you should think about installing a mobile device management tool. The data and applications related to your business are segmented from the individual’s personal information. If the device is lost or stolen, or if the employee is terminated your IT department has the ability to remotely delete the data related to your business so that information doesn’t fall into the wrong hands or to ensure that a terminated employee no longer as access to confidential information. The other tool that your business should look into is a RMM or patch management tool to ensure that the devices that your employees are bringing with them and that you are allowing into your secure environment are properly patched with things like the required system updates for the operating systems on laptops and phones. No matter where they’re working, if they have an internet connection, their computer is properly patched and up to date just like it would be if they were running on the company network in the office.
Q: All we ever hear about is how much money we're losing to cybertheft, but we never hear anything about recoveries. What's being done to track down the criminals and bring them to justice? It seems that if the amount of money lost isn't substantial, no one cares. Why?
A: There’s a couple of reasons. Cybercriminals are leveraging a lot of tools to ensure that their identity, location, and anything that could be used to track them is protected. Because of this, the amount of time and money that would have to be utilized to expose these cybercriminals far exceeds the information that could be found. A lot of times, these criminals are operating out of different countries and prosecution is sometimes impossible. Our advice is, if you can help it, to never pay a ransom. The best way to avoid being the victim of a cybercrime is to be proactive and take a cybersecurity first approach to everything that has to do with your business.
Q: How safe is the organization network with users accessing cryptocurrency websites, betting sites, and the like?
A: It’s much easier to protect your workforce from malicious websites when everyone is sitting in the same office as opposed to having your employees working remotely. Any website that your users are accessing that has the potential of rerouting them to a malicious website where they’re entering personal information is a red flag, and they’re exposing not only themselves but also your business. Access to these kinds of sites should be blocked. This can be accomplished through several different channels including VPN management, end channels and firewalls. Many of these sites allow you to lock down websites based on reputation so that you’re not only blocking the obvious sites but you’re blocking all sites that might put your users and business at risk.