In a climate where cybercrime is increasing exponentially, the risk of organizations being disrupted is imminent. Did you know that in 2020, there was approximately one ransomware attack every 10 seconds and Malware increased by 358%?1 In addition, it is estimated that cybercrime will cost the world a truly alarming $10.5 Trillion annually by 2025!2
As artificial intelligence and networking capabilities escalate, so ascends the skills of bad actors and the effectiveness of their tools. The issue of whether or not organizations need comprehensive security is no longer a question – it is whether you have the appropriate holistic security solutions that scale, maintain business agility, and meticulously protect your organization.
Questions organizational leaders need to ask themselves:
• Action plan: Are you confident in your protection, action plan, and recovery capabilities from cyber-attacks, including data encryption, exfiltration, and extortion/ransomware?
• Employee Risk: Are you prepared for when employees fall for increasingly savvy social engineering attacks?
• AI and Machine Learning: How do you stay on top of rapidly evolving tactics, including bad actors utilizing Artificial Intelligence and Machine Learning, over the course of time?
•Availability: Are you confident you will maintain business critical availability?
• Backups: Do you have ransomware-proof backups that enforce multi-factor, role-based authentication?
Another growing concern among organizations as society prepares for a post-pandemic era is the rise of a “hybrid workforce” mixing their workweeks working out of their home and corporate offices. Remote endpoints that may not be following best practices introduce a significantly increased risk when connecting them to the corporate network.
Some tips to consider when dealing with remote workers / hybrid workforces:
• Home Wi-Fi security: Home networks probably have weaker protocols (WEP instead of WPA-2, for example). This allows hackers easier access to the network’s traffic.3
• Phishing: Phishing attacks are widely recognized as the top cause of data breaches. Hackers can easily send seemingly legitimate, deceptive emails with malicious links and attachments. Once an employee clicks on this malicious link, a hacker is able to gain access to the employer’s device and likely to their corporate network from there.2
• Insecure Passwords: Simple passwords have become incredibly easy for savvy hackers to crack, and furthermore, if an insecure password is used across several platforms, it allows hackers to gain unauthorized access to multiple accounts in a very short period of time.2
• Misleading Domains: Containing wording related to coronavirus, COVID-19, or other current worldwide or local concern, that lures a person into downloading of malware, including ransomware.4
Some key steps in analysis and actions include:
• Strongly consider a “holistic” framework-based approach to enhance your cybersecurity posture. For example, conduct a NIST or a CIS Controls Gap Assessment in order to establish best practices and a remediation roadmap with priorities set in alignment with your organization’s vision and goals.
• As ransomware is now among the top cybersecurity threats, consider engaging a strong solution provider to run emulated ransomware attacks to help you pinpoint your potential weakest security controls, including your current security technologies and incident response plans.
• Leverage AI/ML for expedited detection and response capabilities.
• Alternating your Vulnerability and Penetration testing service providers regularly will potentially uncover vulnerabilities not caught via your incumbent provider’s tools and methodologies.
• Consider utilizing a virtual CISO to advance toward maximum security maturity with minimal cost and resource allocations.
• Additional key security assessments and tests may include: Remote Endpoint Security Posture; AI-Powered User and Entity Behavior Analytics; Data Risk; AI-powered Endpoint Protection; Privileged Accounts; Email Security; IoT, network, WiFi and Bluetooth penetration testing; Credential Web Access; Social Engineering Tests and Ransomware Readiness Assessment.
This article was provided by Nth Generation. Since 1991, Nth Generation has provided award winning, industry leading, consultative IT services, encompassing a suite of IT and security solutions. Nth boasts top technical and consulting talent and expertise – as well as numerous industry leading manufacturer partnerships – spanning IT infrastructure and advanced cyber security technologies, frameworks, and services. For more information, questions, or assistance in establishing best practices, contact Nth Generation at (800) 548.1883 or visit Security.Nth.com.