How organisations can stay one step ahead of cybercriminals

Sophisticated large-scale corporate cyber-attacks are on the rise

When successful, their impact can be devastating and potentially affect multiple organisations.

Recent breaches have demonstrated the skill and ambition that these cybercriminals employ to gain access to data. British low-cost airline group EasyJet became a target of a highly sophisticated cyber-attack that affected approximately nine million customers last year. Similarly, a few months later, Hackney Council was hit by a serious cyber-attack which disrupted services for residents and saw private documents published online.

Such attacks emphasise the criticality of a multi-layered security strategy that covers the entire network. So, how can businesses go about creating such a strategy in order to be able to successfully guard against these kinds of attacks?

How to put up your guard

To get ahead of the hackers, IT teams must be wary of unusual password activity, files being created and deleted quickly, inconsistencies in email usage, and data moving around in unexpected ways.  

One form of cyberattack is through hackers accessing software patch code and adding malicious code to the patch before it is delivered to customers as a routine update.

This method of attack is especially devious because updates and patches are routine maintenance tasks, meaning IT teams are much less likely to be suspicious about them. Anti-malware solutions are also less likely to scrutinise incoming data like a patch from a trusted vendor.  

One key component that enables these types of attacks is credential compromise. Hackers are careful to obtain authentic credentials whenever possible in order to gain entry to the systems and data that they want to access inconspicuously, minimising their digital footprint. As a result, IT teams need to be wary of unusual password activity, such as an uptick in resets or permission change requests. 

Phishing isn’t going away any time soon

It’s no secret that the top security vulnerability for every organisation is its people. Consequently, phishing will continue to be a major threat. According to the 2020 Verizon Data Breach Investigations Report, 22% of breaches involved phishing and nearly 30% of security breaches involved internal actors.

Phishing is easy, cheap, and, most importantly for hackers – effective. Just a single employee clicking on one phishing message can let loose a wave of havoc. Hackers are now making extensive use of ransomware, which is often delivered through phishing. To fight back the industry will need to continue innovating through automated anti-phishing solutions that utilise AI to keep phishing emails out of employee inboxes.

Raise security awareness to lower email threat

Another powerful tool to reduce the risk of a cyber-attack is security awareness training. This can lower the chance of an incident such as a data breach by 70%. From ransomware to spear phishing, email threats are one of today’s most dangerous forms of cyber-attack. When conducting a phishing attack, cybercriminals will send a malicious email typically disguised as a message from trusted individuals like a manager, colleague, or business associate to trick your employees into activating the enclosed malware or granting unauthorised access. They will ask the individual to take an action by clicking a link or providing sensitive information like login and password credentials.

In response, more businesses should be training employees on how to spot these emails so they can act as an effective form of defence against cybercriminals. Unfortunately, many awareness programs fail because they are not conducted consistently or are not engaging enough for employees. These trainings have been shown to lower an organisation’s chances of experiencing a damaging cybersecurity incident and are most effective when conducted regularly. In fact, a recent study around the impact of phishing resistance training found employees who received the training started to forget what they had learned after six months.

In order to be fully prepared for the risk of a cyber-attack, security awareness training needs to incorporate both educational materials and frequent phishing simulations accompanied by refresher training for those who engage with the simulations. Additionally, employees should always check with their internal IT departments if they have any doubts about the credibility of an email they receive. They can help keep their networks safe by carefully screening their emails and being aware of the signs of a phishing email, which include:

• Small mistakes in spelling, punctuation, usage or grammar

• Colour palettes and fonts that are just a little bit off

• Images like signatures or headers that are blurry

• Sentences that misidentify departments or employees

• Emails sent from a free email service provider like Gmail

• Landing pages and emails that use unfamiliar formats

Bolster backup systems

Finally, it’s important not to forget that backup systems present an opportunity to access data from many systems in one place. This means that encryption at rest, immutable backups, air-gapped data copies and hardened backup operating environments become critical components to any security strategy. 

It’s recommended that organizations follow the 3-2-1 rule, which involves keeping three copies of data on two different types of media, with one version stored off-site. Additionally, as part of a secure backup environment, businesses should consider backup solutions written in hardened-Linux, as ransomware predominantly targets the more prevalent Windows OS. Organizations should also look for backup solutions that use machine learning to effectively identify ransomware conditions, making it easier for IT teams to investigate and mitigate the effects of a cyber-attack.

It is also critical that organizations frequently test their backups for issues that could impact a successful recovery. Too often, organizations only realize their backup solution didn’t work after an incident has occurred. 

Looking ahead

At the start of a new decade cyber-attacks are still growing in sophistication and volume, and businesses around the world are facing an unprecedented level of risk. The security threat increased even further with the rise of remote working over the past year. This way of working is set to continue into the future in some capacity as many organisations plan a hybrid working model. It is therefore more important than ever for businesses to have in place a multi-layered security strategy to ensure they are protected for the months and years to come.

About the Author

Mike Puglia is Chief Strategy Officer at Kaseya. Kaseya® is the leading provider of IT and security management solutions for managed service providers (MSPs) and small to medium sized businesses (SMBs). Through its open platform and customer-centric approach, Kaseya delivers best in breed technologies that allow organizations to efficiently manage, secure, and backup IT.

Featured image: ©Scorzewiak