The Cyberthreat Landscape Is Changing – How Can Your Organization Minimize The Risks?
Since the onset of the COVID-19 pandemic, our lives have been upended and a great many things have been put on hold.
The same cannot be said for the cyberthreat landscape. In reality, the contrary is true, as COVID-19 has actually served to intensify security vulnerabilities
Remote working is now the norm – a fact that has broadened the threat landscape – and cybercriminals are working day and night to take unfair advantage of the situation.
As a result, 2020 has experienced a sudden increase in the proliferation of malware, spam, phishing, and credential stuffing attacks.
As reported by Interpol, there has been a 36% increase in malware and ransomware, a 59% increase in phishing, scams, and fraud, and a 14% increase in disinformation (“fake news”).
This, combined with the haste to implement new cloud systems and remote access solutions, has inflated the number of breaches in 2020.
Many organizations believe that, in order to mitigate the risks, they must invest in revolutionary new solutions; but it’s also critical that companies reevaluate security fundamentals such as passwords.
The latest Verizon Data Breach Investigations Report discovered that an astounding 81% of hacking-related breaches stem from compromised passwords. With slapdash password security being the rule rather than the exception, securing the password layer needs to be a top priority for enterprises.
As remote workers create new accounts and credentials, companies should adopt a layered approach to authentication to make sure that only strong, unique, and uncompromised passwords are being used.
By implementing the five practices detailed here, organizations can manage user access and fortify the authentication layers, thus minimizing the risk of a successful attack:
Make Multi-Factor Authentication Mandatory
According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”
Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.
However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.
Educate Your Employees
Security is everyone’s responsibility, and security training helps make people more vigilant. As cybercriminals play upon fears surrounding the coronavirus, it’s critical to advise employees as to how to recognize potential scams, lures, and phishing attacks.
Underscoring how hackers manipulate the pandemic for their own benefit can help make sure that employees pause and think instead of automatically clicking on every link they encounter.
Real-Time Threat Intelligence
Companies need to make use of automated tools designed to continually detect compromised passwords, making certain that they have immediate protection if someone’s credentials should crop up on the internet or the dark web.
Prioritize Password Exposure, Not Expiration
Organizations should rescind the antiquated policy of enforced password resets and only change them in the event that they’re compromised. This minimizes the burden placed on your IT team and, at the same time, helps users select stronger passwords as they won’t have to keep changing them periodically.
By assessing passwords on a daily basis, as well as at creation, organizations have perpetual password protection without increasing the IT team’s workload. If an existing password should become vulnerable, the appropriate remediation steps are automated, ensuring that action is taken straightaway without relying on human intervention.
As cybercriminals continue to take advantage of existing vulnerabilities and seek new methods to bypass security measures, IT teams need to adapt accordingly and strive to become more agile in order to defend against these bad actors. Instead of scrambling to incorporate the latest and greatest security tools, organizations need to bolster their cybersecurity strategies and not neglect securing the password layer.
If you’re not 100% satisfied with your current IT services provider, or if you’re looking to free up your in-house IT personnel by outsourcing some of their duties to a team of certified professionals, DataGroup Technologies is here to help. Give us a call today at 252.329.1382!