Mitigate Human Weaknesses as Cybersecurity Risks Continue to Rise
Cyber attackers always take the easiest route to access data; unfortunately, people have become an easier target than defeating modern security safeguards. Social engineering – the act of manipulating people into disclosing sensitive data – is considered the second-most popular contributor to data compromise, having increased 141 percent from 2015 to 2016, according to the 2017 Trustwave Global Security Report.
Email phishing is the most prevalent form of social engineering. Attackers pose as trustworthy people or organizations and use email or malicious websites to solicit personal information. Worse yet, attackers do not stop there; they typically also install malware to hunt for other sensitive data.
According to the 2017 Verizon Data Breach Investigation Report, around 1 in 14 users are tricked into following a link or opening an email attachment – and 25 percent of those are tricked more than once. Once phishing opens the door for hacking, malware is typically installed to take control of systems or capture and export data.
More than half of cyber breaches involve malware, according to the Verizon report. The threat has decreased as compared to prior years, but it remains one of the most frequent threats for all organizations. In fact, almost two-fifths of businesses in the United States, Canada, the United Kingdom and Germany have been hit by a ransomware attack in the past year, according to a survey by security firm Malwarebytes.
If humans create the easiest access point for cyber hackers to then install malware, it is imperative that organizations not only take steps to prevent malware, but first, take steps to prevent phishing.
Steps to Take to Prevent Phishing
Focus on the following three areas to set a strong foundation for preventing phishing in your organization:
- Start with a mature security awareness program. C-level executives typically have their email addresses published on their organization’s website, which makes them an easy target for spear phishing. Anyone with an email account should go through training on how to identify suspect emails, how to report them and how IT can help communicate current threats.
- Email filtering is a must-have for any company. The market is flooded with great products, so analyzing the cost and benefit will most likely work in your favor. If your organization uses Office 365, you get email filtering for free — it just needs a little configuration from your IT department.
- Have a tested incident response plan. Pretend an email gets past your filters, a user gets phished, and you have to limit the impact. Have a scenario in your incident response plan for how to identify, report and quarantine a malware attack. Malware works quickly and, according to the Verizon report, only takes days or hours to do its job.
- Incentivize users to report phishing emails. Setup an inbox for users to be able to forward suspect phishing emails. Your IT team should read, investigate and send communications regarding current phishing campaigns. Phishing hits fast, so response time is key.
Tips for Preventing and Responding to Malware
- Prevent users from installing unauthorized software. Many companies still allow users to be administrators of their own machines. With some testing, we recommend that this privilege be taken away. This step will keep most malware and ransomware from taking a foothold in your network.
- Keep up-to-date systems. Use tools to monitor and update operating system and third-party application patches. An unpatched system is commonly how attackers gain a foothold in your network.
- Run comprehensive and regular backups. The only way to get your data back following a ransomware attack (without paying the ransom) is to restore from a recent backup. Ensure your backups are completing successfully and that you perform test restores periodically.
- Ensure anti-virus and anti-malware software is up to date. Anti-virus and anti-malware detect based on virus signatures and symptoms. Make sure you have the latest updates from your vendors and configure frequent updates if you haven’t already.
- Restrict internal user permissions. Once malware hits, the attacker has a user’s account. Does that user need access to every company file share? Review user permissions to your network and your critical applications.
If your organization is unfortunate enough to be hit with a malware infection, take note of the following response steps:
- Isolate the workstations immediately from the network to stop any further incursions.
- Begin cleaning up the infection by contacting your endpoint security vendor’s support staff.
- Determine the nature of that particular infection.
- Check if user data was encrypted.
- Alert other employees of the threat.
- Notify law enforcement.
A cybersecurity strategy is not a “set it and forget it” game plan. Staying informed on the latest breach tactics, software weaknesses and prevention tools is critical.