Commentary & Analysis
Cybercriminals are adapting tactics quickly to leverage current events and the news cycle to attack vulnerable targets. They may time the attack to coincide with the target’s patching cycle. Attackers are moving their focus from malware to ransomware with phishing and business email compromise as the main attack vectors.
According to the Federal Bureau of Investigation (FBI),
as reported in the 2019 Internet Crime Report, the Internet Crime
Complaint Center (IC3) received nearly a half a million complaints and
recorded over $3.5 billion in losses
to individual and business victims.
– Microsoft Digital Defense Report page 19
- Use strong authentication to reduce the risk of security breaches.
- Where possible, use a passwordless solution or a password tool. Do not use SMS/voice for authentication, but rather an authenticator app.
- Disable email auto-forwarding rules
- Block macros or use Trusted Locations
- Micro-learning throughout the year builds end user skills and is more effective than generic, annual training.
Firms continue to outsource their technology to MSPs which grants wide-spread administrative access to their data. Threat modeling at MSPs is usually not as thorough as a firm’s internal due diligence. Attackers are using the pattern of phishing or brute forcing remote access to MSPs, moving laterally to acquire admin privileges, and accessing customer data through legitimate MSP admin systems.
- Conduct proper and thorough due diligence on third party least privilege and “just in time” access to accounts and services.
- Access to customer data should be heavily monitored, done under transparent approval, and with multifactor authentication.
- Network segmentation is vital to slow an attacker’s progression throughout the network.
- Employees need to secure their personal accounts and devices to prevent them from being an attack vector into the corporate environment.
- Information Rights Management is effective in limiting the damage of data exfiltration.
Cybercriminals are capitalizing on the shift to working from home. Due to the rise in video conference and collaboration tools, most firms have redirected traffic straight to the Internet. This has made remote devices more susceptible to attacks that were previously mitigated by defense in depth. Timely management of patches have been impacted because devices are configured to only get patches from internal sources via policies. Attackers have noticed and are taking advantage of the slower time to patch.
- Use cloud based options to protect the remote work force’s Internet access.
- Ensure remote devices have alternative ways to receive security patches and updates while off the corporate network.
- Applying security patches to Internet facing devices is critical.
Up to 300 million workers have moved to remote work where they access, edit, and share company data under increased stress and limited resources. Many employees are accessing corporate resources with personal devices that may not be managed effectively. Increased stress from potential job loss or health and safety concerns may lead to an increase of insider threat.
- Detecting insider threat requires visibility into end-user activity and communication.
- Insider threat risk management is not just a security issue and requires collaboration with HR, compliance, and legal teams.
- There needs to be a balance between employee privacy and company risk.
- Adopt MFA and go passwordless where possible.
- Use link filtering, disable auto-forwarding, and tag external emails.
- Use a modern VPN infrastructure that also protects remote worker’s Internet traffic.
- Ensure VPN and Firewall infrastructure is kept patched and securely configured. This has been an important attack vector for attackers.
- 3-2-1 Backups – 3 copies, original + 2 backups, 2 types of storage, and 1 offsite copy.
- Limit access with least privilege for employees, contractors, and vendors.
- Slow down attacks with network segmentation.
- The perimeter is large due to remote devices. Have a way to ensure they are kept up to date with patches and security configurations.
- Have a third party risk management system. You inherit your partner’s risks so assess third party risk, SLAs, contracts, and exposure.
- Train users with shorter, relevant sessions.
Find out More
Monarch delivers cybersecurity in a new way. Get information that matters and security that’s effective.
Click below to schedule an introduction call.