A shocking reality of today's world is the availability of cybercrime as a professional service: in the event of a breach, 66% of small businesses could be forced to shut down operations. Acybersecurity report released by the United States government in 2016 reveals that weak network security and unauthorized activity in critical systems were the primary causes of data breaches. Armed with years of experience, RedLegg's team of experts possess a thorough understanding of the network exploits and vulnerabilities that companies face. Here are six of them:
1. Business Email Compromises
Although "Um8re11a5@" may seem like a strong password to a human, it's just a sequence of characters to a computer and can be brute-forced (the most common password attack) in a matter of minutes. We strongly encourage passphrases like "WeWentForAWalkToday@4" since they are easier to remember and harder to crack. However, multi-factor authentication offers more robust protection via hardware tokens, software tokens and biometric information. The physical location of the user can also be used to verify network authentication. In the case of spoofed emails, if they appear to originate from authenticated users, those user accounts may have been compromised. Spam filtering doesn't help here, but implementing email security solutions such as Mimecast can ensure securely signed emails, as well as protection from malware and phishing attacks.
2. Social Engineering
Research has shown that 70% of employees under age 30 tend to ignore organizational security policies, and are among the weakest links in cybersecurity because they tend to fall prey to phishing or vishing attacks. While multi-factor authentication, comprehensive training on various methods of social engineering and phishing simulations can help reduce the attack surface, it's also important for an organization's security team to know the pulse of the organization. Knowing various employee types, their level of commitment, how they respond under pressure, whose persuasion they would be likely to follow and what amount of authority to exercise for policy compliance can go a long way toward threat mitigation. Persistence and communication are key here: security consciousness is a culture that employees adopt through emulation, observation, training and testing.
3. Insider threats
Although hiring the right people and maintaining a strong company security culture plays a large role in insider threat management, access control can be automated to a large extent using permission and identity management tools. This approach also assists with General Data Protection Regulation (GDPR) compliance. Unfortunately, insider threats originate not just from unauthorized user access (network evil maid attack via bootloader), but also from authorized users circumventing security policies. While organizations typically use Security Information and Event Management (SIEM) tools to monitor, track and record suspicious events across an average of 172 days (the attack detection dwell time), we recommend coupling the information garnered from SIEM with User and Entity Behavioral Analytics (UEBA) tools that utilize machine learning to examine vast amounts of historical data patterns to identify not just malicious activity by users, but also patterns that indicate malware compromise.