2022 Cyber Security Trends With Jim Macisso

Tyler Podcast Episode 47, Transcript

Our Tyler Technologies podcast explores a wide range of complex, timely, and important issues facing communities and the public sector. Expect approachable tech talk mixed with insights from subject matter experts and a bit of fun. Host and Content Marketing Director Jeff Harrell – and other guest hosts – highlights the people, places, and technology making a difference. Give us listen today and subscribe.

Episode Summary

On January 10th, a blog was posted on the Tyler Tech Resource Center from Seb Guerierro entitled, "2021/22 Cyberattack Trends & Projections." Episode 47 of the Tyler Tech Podcast is a companion piece to that blog post, and we’ll be further discussing Cyber Security Trends with Jim Macisso. Jim is a certified information security manager and account executive with Tyler Technologies Cybersecurity Solutions team. From banking institutions and healthcare systems to local and state governments, Jim has been assisting a diverse array of clients in the public and private sector for nearly a decade to improve the overall effectiveness of their cybersecurity programs. We’ll dive into the lastest in the ever changing landscape of cybersecurity – things like the latest methods and how ready most organizations are for cyber attacks so that you have the very latest information on the topic.

Transcript

Jim Macisso: We've always said being cyber "secure" is not a destination. There is no proverbial finish line, but based on the data, it is clear that agencies and organizations who prepare, who arm themselves with effective cybersecurity practices, detective solutions, and who've trained their incident response teams, are unquestionably added advantage.

Jeff Harrell: From Tyler technologies, it's the Tyler Tech Podcast where we talk about issues facing communities today and how like the people, places, and technology making a difference. My name is Jeff Harrell. I'm the director of content marketing for Tyler. I'm glad you've joined us. Well, on January 10th of this year, we posted a blog on the Tyler Tech resource center from Seb Guerierro, and it was entitled "2021/22 Cyberattack Trends and Projections." I highly recommend you checking out that blog, just go to Tyler tech.com and then click on the top of the page, drop down resources.

Now today's episode is a companion piece to that blog post. We'll be further discussing cybersecurity trends with Jim Macisso. Jim is a certified information security manager and account executive with Tyler and he's on the Tyler Technologies cybersecurity solutions team. Now from banking institutions and healthcare systems to local and state governments, Jim has been assisting a diverse array of clients in the public and private sector for nearly a decade to help them improve the overall effectiveness of their cyber security programs.

Well, today we're going to dive into the latest in the ever changing landscape of cybersecurity, things like the latest methods and how ready are most organizations for cyberattacks, so that you have the very latest information on the topic. Well, without further ado, here's my conversation with Jim Macisso. Well, Jim, welcome to the Tyler Tech Podcast.

Jim Macisso: Thanks Jeff. I appreciate you having me. I'm just very excited to be here.

Jeff Harrell: It's always fun talking about cybersecurity. It's always a topic that's high on everyone's list of interests, and we hear a lot about cyberattacks in the news. So I'd love to start out just by having you bring us up to speed. What's the current environment like right now?

Jim Macisso: Man, if there was one phrase that could be used to describe the current state of affairs and what's projected for 2022, I'd say it's rampant chaos. None of us are strangers to see in big names in the headlines anymore, but what's been a particularly alarming trend is the increase in the sophistication and particularly the viciousness of some of these more recent attacks. Cyber criminals continue to adapt their efforts and find new ways to infiltrate everything from corporate infrastructure, network systems, computers, and even smart devices with alarming precision and frequency. The unfortunate reality is that there is no one individual or entity that's immune to be in attacks. When you look at the rising costs of these incidents, the numbers are quite frankly staggered. To give you an idea of the magnitude, we're talking trillions of dollars each year.

Jeff Harrell: I think when I hear about these attacks and you sit there and you go, okay, well, why are these things happening? And if you had a pie chart, so you think about a pie chart and the reasons for each of these cyberattacks, what does that pie chart look like?

Jim Macisso: Well, unsurprisingly cybercrime leads all motivations by a significant margin, and it's not hard to see why. The cost and the impact of these attacks have continued to rise at a rapid pace over the past several years. Did you know that in 2021, the average data breach costs companies over $4 million per breach? And that's almost a million dollars more per breach than the year before. I mean the average ransomware payment alone right now is hundreds of thousands of dollars. Let alone all of the lasting reputation, but beyond cyber crime, we're seeing an uptick in the attack. Motivations ranging anywhere from corporate espionage to traditional nation, state espionage and even waging cyber warfare.

Jeff Harrell: So cybercrime is number one. And what were the other ones that you mentioned?

Jim Macisso: So cybercrime far and away, number one, but beyond that, we're even seeing upticks in corporate espionage, traditional nation state espionage with cyber spies, as we like to say, and even cyber warfare.

Jeff Harrell: So would cyber espionage, it sounds like a spy movie or something, is that just getting into a company and finding trade secrets and sensitive information?

Jim Macisso: Yeah, absolutely. So on the corporate front, we're looking for sensitive intellectual property, trade secrets, ways that you can gain leg up on your competition. And then on the nation state side, that's the traditional spy thrillers. We talk about trying to get into a company to then move forward and try and get sensitive information potentially on government employees.

Jeff Harrell: And I think most of us we've seen movies and we think of cyber criminals as teenagers in a basement wearing a hoodie, drinking mountain Dew, eating spicy Cheetos. But it's a lot more sophisticated than that. Isn't it?

Jim Macisso: Oh, it certainly is Jeff. The environment has become increasingly well organized and has even taken on a professional field while some of the cyber criminal gangs out there have names that sound like super bell and straight out or Marvel comics like dark side, black matter and are evil. I think the public would be shocked to learn that a lot of these groups act as service providers to the criminal world. Increasingly, what we're seeing is that many of these groups will rent and sell their malware or hacking services to other criminals who want to carry out attacks and extort victims, call it ransomware as a service.

... the public would be shocked to learn that a lot of these groups act as service providers ...

Jim Macisso

CISM

 

It's no small operation either. I'm talking everything from marketing teams, customer support staff, and evenly offering to farm out negotiators on your behalf as a criminal. Some groups will even make proactive outreach to the meeting now about your breach in an effort to up the pressure to pay. They really pride themselves on their service too. The reasons behind this are not hard to see though. For one, they want their products to work for the criminals who buy them.

But furthermore, they understand that individuals, organizations, and government agencies simply aren't going to keep paying ransoms. If they aren't going to give them the ability to decrypt their networks after they pay, it's simply bad for business. You almost forget you're being extorted sometimes when you're engaging with these criminals. In a lot of ways, when you take out the devastating impacts that these criminals are having on our national security to local and state governments, corporations, and everyday individuals, it's quite disturbing.

What control does the government have over cybercriminals?

Jeff Harrell: And I guess, that brings a question. If you know that these they're almost running like a business, like you said, they've got customer service. I heard they have cube farms. So someone's sitting in a cube trying to conduct cyber crime. Why doesn't governments shut these kinds of things down?

Jim Macisso: Well, you got to remember in a lot of places and nations that these organizations operate in, they're legitimate businesses and there's no law enforcement agreements between these nations. A lot of them are our adversaries, quite frankly. So they're able to operate with relative impunity as long as they're not going after their host nation.

Jeff Harrell: So there's a bit of ability to kind of work on their own because there's no fear of the government coming in and shutting them down.

Jim Macisso: Agreed.

Jeff Harrell: And what's usually at stake? We talked a little bit about the pie chart of different crimes, but what's usually at stake with these cyberattacks?

Jim Macisso: Sure. From my perspective, whether you're a local or state government agency or a private corporation, your ability to keep constituent services online and safeguard your sensitive information remains top priorities, the significant financial impacts aside, the reputational harm that these devastating attacks cause and their ability to undermine public trust must be fully appreciated. In this day and age, we tend to say, it's not a matter if, but when you're attacked.

Jeff Harrell: Yeah. And we certainly do hear a lot about that in the news and I know that it happens quite a bit. And I always wonder, everyone's kind of aware of it, but I wonder how prepared are most organizations for these attacks?

Jim Macisso: Sadly, they're not. A number of organizations that still have not invested in effective, preventative and detective solutions or incident response strategies is quite staggering. To give you some perspective, last year alone, over 50% of organizations acknowledge that they lack the cyber incident response plan and the majority of the ones that did, admitted that they are not even confident in their plans effectiveness. And think about this, the average time for an organization to identify and contain a breach is 287 dates. That's nearly a year.

Look, we've always said being cyber secure is not a destination. There is no proverbial finish line, but based on the data, it is clear that agencies and organizations who've prepared, who've armed themselves with effective cybersecurity practices, detective solutions, and who've trained their incident response teams are unquestionably added advantage. Ultimately, threat readiness, detection and response of the driving factors behind what will protect your organization.

New Cyberattack Methods

Jeff Harrell: I like how you said that, it's not a destination. You're never quite done with protecting yourself. It's an ongoing process. Okay. Jim we're in 2022 February, believe it or not already through January, any changes to cyber attack methods?

Jim Macisso: While the attack methods continue to evolve each year, the most common attack outcomes still remain, which are breach of sensitive data and disruption of services. Some of the most common ways attackers do this are through ransomware, which I know we've talked a lot about today, but the prevalence of which can't be overstated. However, it's important to note that it's no longer just a matter of criminals encrypting your network, it's become more and more common now that criminals will exfiltrate data before they encrypt in an effort to ensure that you pay up.

One stuff that jumped out to me was at approximately 80% of organizations that paid a ransom were hit by a second attack. Oftentimes by the same group, we call this double extortion. Another big one is malware, which really is a blanket term for all kinds of malicious software that's designed to damage and disrupt systems. When you hear the term malware, it can be used to describe anything from virus, Trojan, wiper wear, spyware, or even ransomware to name a few. And lastly, denial-of-service attacks, which can cause devastating disruptions to the availability of online systems and services.

Jeff Harrell: And I know that I've heard different terms thrown out. You've thrown out a few of them, but could you outline some of the techniques that cyber criminals use, I've heard phishing and ransomware and things like that. Would you mind outlining some of those techniques? So we're a little bit more up to speed on that.

Jim Macisso: Sure. By far social engineering is the most prevalent technique out there. It has so many practical applications. For any listeners who may not be familiar with the term, social engineering involves a malicious actor, impersonating a trustworthy entity to try and obtain or extract data. And the most common method of social engineering is phishing. Fishing can be launched via fraudulent websites, phone calls, and even over text, but it's most commonly done through email. And to give you an idea of the prevalence, it's estimated that a new phishing site gets spun up almost every 20 seconds.

Then consider the fact that almost 40% of end users who have not gone through regular cybersecurity awareness training, fail on phishing tests. One term we always like to hammer home in our cyber division is that all it takes is one click to put your organization at risk. And whether it's by a witting or an unwitting participant, social engineering is the most common way that criminals seek to exploit human vulnerabilities, to gain access to networks and information. This technique could involve duping a user into providing sensitive information, downloading malicious attachments, or even clicking on malicious links. The sophistication of these scams can sometimes be so good that they can even do the industry experts with decades of cybersecurity experience.

Jeff Harrell: So you said one click can get you in trouble, obviously opening certain attachments and things like that. Are there some rules of thumb that say hover of the link? If you don't know where it's from, don't click on. What are some just practical rules of thumb to at least help us be a little bit more alert to these Phishing or these social engineering attacks?

Jim Macisso: Sure. Well, first and foremost, there's a lot of great solutions out there that can help your IT security staffs, and maybe our organization has already invested in one, but you as the user look at the link, like you said, hover over it. If it looks suspicious at all, or if you don't recognize the sender, if there's not a reason for them to be sending you an email, reach out to your support staff and reach out to IT and send that their way. Let the trained experts look at what this is and identify it's in fact, something suspicious or malicious. On top of that, again, I can't emphasize enough recognizing, would you be expecting this for this person? And are they sending you an email? Additionally, be suspicious of any redirect sites that are asking you to enter your login credentials to Office 365 or Adobe or Dropbox, things like that. That would be another area I'd also look to check to see why are they asking for my login information?

Jeff Harrell: I think a lot of us are alerted more to email cause that's traditionally how we've thought of perhaps phishing happening. But I get a lot of strange texts now on my cell phone. And I just assume if I don't know who it's from, if I won a hundred dollars for Amazon, I'm kind of guessing I probably didn't, that's a phishing attempt. Is text messaging one of the most current kind of methods that people are using for phishing?

Jim Macisso: It's certainly a new one. And I would say that practice, you just laid out right there is probably the best practice. Chances are, if you're winning a gift card or some sort of prize, you didn't know you entered into, it's probably not legit. So best practice is just delete those. And don't even clicking on the links. 'Cause you don't know where they're going to take. We know that iPhones and mobile devices these days they're not bulletproof. So best practice by all means is just do not even give them the chance.

Trends in 2022

Jeff Harrell: And I imagine that's good advice, Jim. And I imagine just like with text messages, the cybercriminals are smart. They're always evolving, adapting. Where's this headed? We're now in February of 2022, where do you guys see these trends heading?

Jim Macisso: By all indications, we're expecting to see further increases in the frequency, in magnitude and the financial burden that these attacks are causing. When you layer on the rising geopolitical tensions that we're seeing across the globe, it adds even more volatility to the threat. As we navigate our way through this evolving threat landscape, it's really not a matter of if an attack will happen, but how prepared an organization is for when it does. As we discussed earlier, the most favorite tools of these cybercriminals that cause devastation to your network are going to be social engineering, malware, ransomware, and disrupting available services.

Jeff Harrell: And I'm listening to this episode and I'm thinking, man, we need to do something here. We've done some things. But Jim, as you pointed out earlier, this is an ever evolving, you're never done. It's not a destination. If someone wants to take additional step, they're thinking, what can I do to become more cyber secure? What would be a great next step for them?

Jim Macisso: So I think one of the biggest things to remember is that there are resources and tools out there that organizations of any size can implement to protect themselves against these escalating threats. Things like firewalls, antivirus software and detection solutions, they're immensely valuable, but they need to be supplemented with ongoing cybersecurity program development that include regular assessments, testing and training. If you're looking for a place to start, I'd encourage listeners to check out the Tyler Technology cybersecurity solutions and services @tylertech.com for additional resources and services. Or contact us directly. Our team comes equipped with over 250 years of combined cybersecurity experience and offers a comprehensive suite of solutions that can help any size organization, get their program on track and improve their cybersecurity experience.

Look, cybersecurity threats, ultimately impact all areas of the business. So logically cybersecurity needs to be integrated into all levels of the organization, but I'll leave you with a few of the action items that our team professionals recommend to assist organizations in proactively addressing potential weaknesses before they can be leveraged by attackers. First multifactor authentication. I can't say this one enough, but mandate a multifactor solution across the enterprise, especially for staff that hold elevated access levels, public facing employee services and cloud hosted portals.

Secondly, invest in a detection solution. Interactive attacks these days are designed to bypass automated monitoring and means of detection. Our managed detection and response solution provides 24/7 analyst surveillance combined with artificial intelligence and machine learning to detect and prevent sophisticated and persistent attacks. Next, make sure your cybersecurity policies and procedures are kept up to date. Also, test your plans regularly and conduct vulnerability scanning, and finally work to establish a cybersecurity driven culture. Just as technology is critical in the fight to detect and stop intrusions, education and the action of end users play a critical role in effective cybersecurity practices. Train, test, and then train again. Remember, best in practice cybersecurity behaviors can be the ultimate difference between a close call and a full blown incident.

Jeff Harrell: Jim, I think that list you just gave us is like the money slide. I'm going to add that list to the show notes because I think that is so important for people to have that list of very practical things they can do. And I do want to ask you a follow up on the multifactor authentication. That's a good practice, not only in business, but also in your personal life too, for your social media accounts, your bank accounts. Set those up as much as you can.

Jim Macisso: Absolutely. Most services and applications these days come with free multifactor settings that you can enable, whether it's Facebook, Instagram, Twitter. I recommend this to all my friends and family. If there's anything out there, banking solution, social media, look to see if they've got multifactor, 99% of the chance they do and you should enable it right away. 'Cause we like to joke. You don't need to be faster than the bear. You just got to be faster than the other guy running from the bear. So just remember they're opportunistic attackers, they're looking for the easy win, the low hanging through. So if you're sharing passwords or if you're out there using the same username and password combination, it's so easy for these guys to go out and just do a quick sweep of any popular website and see if they can get in. So having this type of solution in place in your personal life can be a great defense method.

Jeff Harrell: Jim, this has been very insightful. I know it's a topic everyone has a lot of interest in. Any final parting thoughts for us?

Jim Macisso: In general, I would say, stay on your guard, stay vigilant both in your personal lives and in your work lives. The threats out there are very real. And as we can see from the news clippings, it's getting worse by the day. But I think by and large, if you can stay on top of these, understand what's going on in the world and really know what the threats out there are. I would say beyond multifactor authentication, looking into a password state in your personal life, building strong passwords, those can be great, easy tools that help improve your overall cybersecurity posture.

Jeff Harrell: Jim, awesome information. Thanks so much for joining the podcast.

Jim Macisso: Thanks Jeff. I really appreciate you having me. It's been a pleasure to me.

Jeff Harrell: Well, I hope you enjoyed that conversation. And as I mentioned, I will put that checklist that Jim mentions in the interview, in the show notes. So look for that. Again, appreciate you joining the Tyler Tech Podcast. We have lots of great plans for 2022. We drop a new episode every other Monday on a variety of different topics in the public sector. So please subscribe to the show, leave us a review. Let us know what you think. We really appreciate you listening. Again, this is Jeff Harrell with Tyler Technologies, really appreciate you being here. We'll talk to you soon.

Related Content