Tips to Defeat & Respond to Cyberthreats
December 17, 2020 by Loren Lachapelle
As cybersecurity professionals, we know how dynamic the threat environment can be, but this year brought about unprecedented changes to how we live and work that none of us saw coming. The shift to working remotely and accelerating cloud adoption continues to expand the enterprise attack surface. Our cyberthreat landscape has never been more challenging.
Information sharing is an important tenet in cybersecurity. There is much we can learn from our peers. Tyler Cybersecurity hosted a virtual symposium, Cybersecurity Insights for the Road Ahead, to prepare attendees for the evolving environment. We welcomed four cybersecurity experts from across the country to share their knowledge and help attendees manage their cybersecurity risk and defend against cyberattacks in the months and years ahead.
According to the 2020 Worldwide Threat Assessment, cybercrime is currently the biggest threat to the Unites States, and the outlook is grim. To speak to this threat, our program featured Matt O’Neill, special agent for the cyber task force at the U.S. Secret Service, and Rachel Tobac, White Hat Hacker and CEO of SocialProof Security. Through their daily work, both Matt and Rachel have seen increased cybercrime activity since the start of the pandemic, and they expect threats to steadily expand as we navigate the remote workforce. Below, we’ll share some cybersecurity tips we learned from them.
Tip #1 - Have a plan
Special Agent O’Neill kicked off the day with a session focused on the current threat environment. In his role, Matt focuses on financially motivated cybercriminals – so his team must be dialed in to every emerging threat out there. One popular attack they are seeing leverages stolen passwords to perpetrate a business email compromise (BEC). In a BEC, a cybercriminal impersonates a colleague, then tricks unsuspecting employees to wire money to a vendor’s account they think is legitimate – but is actually the hacker’s account.
Bad actors, especially the financially motivated ones, are using the current situation to take advantage of our weakness. Because of that, Matt stressed the following items to ensure your organization is prepared to respond to an attack.
- Have an incident response plan in place.
- Simulate each major threat situation. Stay up to date on the current threat environment by doing daily research, then set up a simulation and practice your response to the same threat. Regularly running through incident response scenarios will better prepare you to respond when it happens in real life.
- Create relationships with local authorities. When you need their help with remediation, it’s a smoother process if they already know who you are.
- Contact law enforcement immediately if you notice any suspicious or unwanted activity happening on your network, especially if the activity is coming from a vendor that has been compromised.
- Have detection controls that continuously monitor your network. Being able to quickly detect if you have been compromised is essential. Consider exploring a managed threat detection service if you lack the necessary resources on your team.
Tip #2 – Stay cautious and educated: Bad actors could be right in front of your eyes!
Rachel Tobac spoke to the importance of building a cybersecurity culture in a remote workforce. She pointed out common hacking tactics that she’s seeing in the current environment, and shared some tips for how to stay safe and avoid falling for cybercriminal tactics.
- Criminals are turning to phishing more and more. Phishing is up 350% since January, according to Google’s data, there were over 300,000 new suspicious COVID-19 related websites created in March alone.
- Be politely paranoid. Mitigate social engineering and BEC attacks by using two methods of communication for phone authentication protocols with your colleagues and service providers, especially if they are trying to get you to perform a sensitive action. If they call you, be sure to have phone authentication protocols in place and set up protocols to make the verification smooth. If it’s an email, never click a link directly, navigate to the known site outside of the email.
- Remove unused companies and services from social media. You probably work with a variety of vendors. Clever social engineers often impersonate known vendors to perpetrate an attack. You should remove any vendors listed on your website or social media accounts to minimize the leverage hackers have on you.
- Avoid credential harvesting. If you get an email that you think might be phishy, navigate to the known site outside of the email before clicking on any links in the email. Use technical controls such as email block lists, password managers, and multi-factor authentication whenever possible.
- Avoid password reuse. If a hacker cracks one of your passwords that you use for other accounts, they now have access to those accounts as well. Be sure to use unique passwords for every account.
It’s more important than ever to stay diligent in building and maintaining your cybersecurity program so that you are prepared to react and respond in the uncertain times ahead. Cybercriminals are ready and willing to use the pandemic to their advantage and create new ways to get into organizations’ networks and wreak havoc on the data, people, and workflow.