By Jared Hrabak, Consulting Cybersecurity Engineer
As the world continues to digitize and navigate various global challenges, cybercriminals are exploiting every opportunity, with identities and privileges at the top of their target list.
Cyberattacks have reached staggering numbers. According to the FBI, more than 883,000 cybercrime complaints were reported last year in the United States alone, accounting for $12.5 billion in losses. Business Email Compromise (BEC) increased by 10%, and ransomware attacks rose by 18% from the previous year. Globally, Interpol reports that attacks targeted towards major corporations, government, and critical infrastructure are increasing at an alarming rate, also illustrating the persistent and growing threat landscape.
Outpacing the Cybercriminals
These statistics are daunting! Yes, we’re being forced to change our ways at a rate we never imagined, but rapid change and adaptation are crucial in this environment. Embracing change and adjusting quickly could be your most effective defense—deterring cyber criminals enough to make them look elsewhere—which may be the name of the game for the foreseeable future.
Corporate Cybersecurity Attack Trends
A big part of the latest attacks we are seeing involves stealing credentials through BEC. Once compromised, these credentials can provide access to private networks, systems, and applications. Here’s how these attacks typically unfold:
- Initial Access: Cybercriminals start by using phishing and social engineering to steal account credentials to gain application access.
- Credential Testing: Next, they use automation to quickly validate the stolen credentials across multiple systems.
- Testing the Waters: Then, they experiment with smaller financial transactions or other actions to stay under the fraud alert and cybersecurity system triggers.
- Major Attack: Finally, they move in for the kill and launch a larger attack on a more significant target.
In many cases, hackers gain access to corporate email credentials, set up inbox rules to forward emails to their accounts, and then wait for valuable information to arrive, such as sensitive data or financial details. This is happening on a massive scale, causing corporate cybersecurity professionals to constantly be on high alert.
Corporate Cybersecurity Tips to Stay Ahead
With that in mind, here are a few tips to make it more challenging for attackers, which could be enough to send them elsewhere to easier targets. These actions should also be formalized into a corporate cybersecurity policy document and be updated as often as the evolving security environment dictates.
Define Your Security Process Before Buying Tools
- Strategize First: Define your security processes, protocols, and strategy before purchasing security tools, not after. Time and again, I see clients trying to retrofit their security policy to work with a tool they’ve already purchased and rolled out. Not only is this painful, but it’s also backward. Consider your entire attack surface, including cloud and on-premise assets, mission-critical vs. non-critical apps, etc., and then find the right tools to fit these needs. This approach saves time and reduces exposure points.
Conduct Regular Security Audits
- Routine Audits: Regular security audits help identify vulnerabilities and ensure that your security measures are effective. Addressing weaknesses promptly can prevent potential breaches.
Secure Endpoint Devices
- Endpoint Protection: Ensure all endpoint devices are secured with appropriate security software and policies. This includes employee devices used for remote work.
Enhance Employee Training and Communication
- Continuous Training: Regularly update and train your employees on the latest cybersecurity practices and threats. A well-informed team is a critical defense against cyber-attacks.
- Clear Communication: Ensure corporate cybersecurity policies are clearly communicated and easily accessible to all employees. Regular reminders and updates help maintain awareness.
So, I’ll end with one of my favorite analogies. Passwords are like underwear: make them sexy (unique and exotic), change them often, and don’t share them with anyone.
I couldn’t agree more.
Did I miss anything? Send me your feedback. I’d love to hear from you to update or add to this. Our goal is to help clients stay ahead of the curve and bring the expertise they may not have in-house. Together, we can stay vigilant in unique times.
Need help with your cybersecurity program?
Let’s talk
Contact us today at (800) 544-8877, and we’ll help ensure your organization is doing everything it can to stay protected.
“As a Cybersecurity Engineer, Jared partners with clients to help them identify product solutions that match their cybersecurity governance, risk and compliance objectives. He enjoys educating and advocating for a successful cybersecurity practice by focusing on client success. Jared brings a wealth of experience in content filtering, cybersecurity operations, and military service to help put clients on the path to success.”
Jared HrabakConsulting Cybersecurity Engineer
