As many of you are undoubtedly aware from reading the news, there has been a considerable increase in cybersecurity attacks over the past year against both government and commercial organizations. These attacks have ranged from ransomware attacks against local municipalities to exploiting software repositories of some of the largest software providers in the world. The 2021 attacks are recent examples of how a cyber-attack can cripple companies, causing national shortages in products and services. We are all potentially affected.
If your company were to experience an attack of a similar type and magnitude that we are reading about, it could potentially impact your customer's ability to operate. The downstream effect could be catastrophic.
Why are the bad guys doing it?
Primarily, their motives are financial as they hold organizations ransom by encrypting data that they have criminally gained access to. Organizations that have not adequately established data and systems backup plans are often put in a situation where they must pay the ransom to resume business operations rapidly. Secondarily, many of these attacks result from foreign state attacks directly, sponsored through funding of a third party, or sanctioned. These attacks are being conducted to destabilize our national infrastructure, cause financial losses, and create chaos and fear by disrupting an already burdened supply chain due to COVID. Quite simply, we're caught in the middle of a cyber war.
Easy things IT professionals can do to better secure remote workers
Put together a security plan aligned with the reduction of risk specific to threats that have a high likelihood and have a high impact on systems and data:
- Use Multifactor or "Modern" Authentication (MFA) wherever possible. This reduces the risk in the event a password is compromised.
- Ensure a robust Endpoint Detection & Response (EDR) product on all endpoints to protect against malware and other system compromises.
- Use external security experts to test system defenses and give recommendations on hardening your environment.
- Update relevant security policies, standards, and procedures.
- Monitor intelligence sources for relevant threats and vulnerabilities to mitigate exposures.
Training end users on these changing attack habits is more important than ever before
Even though you may use a reasonably advanced email filter to identify and prevent threats, occasionally, they still get through. Most malware is delivered through email, and it just takes a click on a link or opening an attachment for your laptop or accounts to become compromised.
Unfortunately, new attacks and new systems vulnerabilities spring up every day. Therefore, it's good to have a vigilant mindset and question anything out of the ordinary. Here are some suspicious scenarios you should examine closely if you receive them via email:
- Sudden changes in a business practice via email (especially financial processes). You can always ask the sender, by phone call, if they sent a questionable email.
- Any requests for employee or customer data that are not part of a normal process.
- Any employee asking for your password.
- Anyone asking for your credit card via email or text.
- Anyone asking to wire funds.
While enhancing your security posture, malicious activities go unseen, which is especially true when they directly target you. Below are some actions you can take to protect yourself:
- Save your important data to the cloud. If you have an incident with malware or ransomware, your data will be safely recoverable.
- If you have system access that DOES NOT use multi-factor authentication, change your passwords often even if there is no forced expiration. Make passwords complex (upper and lower case, numbers, letters, and special characters), at least eight characters in length, and do not use the same passwords for any other accounts.
- Use VPN to protect your connection if you are on a public network.
Finally, do not hesitate to report it! If something does not look right - you are not sure if the person emailing you is a customer, or that new LinkedIn contact is asking some strange questions about your company’s systems - it probably is not.