Dear Ramey: Security Awareness Must Be Continual Awareness

11/16/2021

Answering burning questions from victims of cyber events.

DEAR RAMEY:

Last year during the holidays, I remember seeing a lot of articles about breaches. As we move towards this holiday season, should we expect the same? What can we do to protect ourselves better?
 

                 – Security Aware for the Unaware

DEAR SECURITY AWARE: 

Throughout 2021, there has been a tremendous focus on cybercrime. Every day, a new organization makes headlines for being breached, a new zero-day vulnerability is identified, or a ransomware group attempts a new tactic to pressure victims into paying ransoms. The cybercrime challenge is so vast that the U.S. government hosted a two-day virtual summit with at least 30 other countries to discuss the ever-growing and ever-changing threat landscape.

At Arete, cybercrime investigations jumped by 107% from the cumulative first three quarters of 2020 to the same quarters in 2021. Figure 1 demonstrates the year-over-year comparison between the quarters in 2020 and 2021. Note that Q421 has not ended, and the data represents investigations to date.

Figure 1 – Year-over-year comparison of investigations

So, when you ask if you should expect to experience the same, my answer is yes. In fact, I’d go so far as to say you can expect to see even more breaches this holiday season. 

Year over year, it’s the most active time for cybercriminals. People are busy scouring online shops for the best deals, trying to wrap up work-related tasks before taking off for vacation, and planning to host parties throughout the season. Threat actors rely on and profit from these holiday distractions.

Call to action for vigilance

If you want to better protect yourself, it’s time to be more vigilant than ever.

Vigilance is all about situational awareness. If you see something, say something. If you spot a phishy email, don’t open the attachment. Think through your actions as if the worst-possible scenario could happen. Every time you receive solicited or unsolicited emails or download files from the open web, you should be asking questions — for example, “Was I supposed to receive an invoice from this company? If I wasn’t and I open it, can I release ransomware into our environment?”

No one can continue to assume everything is safe. Quite the contrary. We must all assume nothing is safe and take adequate measures to protect our computers. To start, you can train or remind everyone — young and old, new and experienced — that the safest path forward is trusting no one and verifying always. 

The following tips can help with vigilance and immediately improve security.

Refresh, retain, be aware. October was international cybersecurity awareness month. But just because October has passed doesn’t mean we should stop talking about cybersecurity. If anything, it should have been a prelude for what’s about to come and what could happen if individuals don’t remain vigilant. 

We should all implement the concepts and topics learned in October — for example, learning how to identify a phishing email, maintaining proper password management, using multi-factor authentication (MFA) — to reduce the success of attacks during and after the holiday season. We should continue the conversation throughout the holiday season, including sending frequent emails highlighting success stories, encouraging individuals to “see something, say something,” or gamifying good security practices.

Historical industry data indicates a spike in cybercrime activity. For cybersecurity investigators, the fourth quarter is notorious for being the busiest all year. Just ask any investigator how many Thanksgivings they’ve had to eat cold turkey or how many war rooms they’ve sat in on Christmas Eve. 

Don’t assume someone else is monitoring. Everyone is distracted during the holidays. Each of us has a role to play in security. Do your part.

Their tools, their arsenal. Phishing emails, password spraying, credential stuffing, and vulnerability exploitation are just a few common ways for threat actors to gain access to your network. Awareness encourages questions. Questions can promote enhanced security.

Let the computer think for you. Implement an endpoint detection and response (EDR) tool from one of the top leaders in Gartner’s Magic Quadrant of endpoint protection platform providers. The right EDR tool will leverage artificial intelligence in addition to signature scanning to detect and mitigate threats and connect into a security operations center (SOC), in-house or outsourced, where a 24×7 team of SOC analysts can respond nearly instantly to any alert the tool generates.

Remotely access networks securely, not easily. The only person who likes accessing network more easily than your boss is a ransomware affiliate. They are constantly looking for exposed remote desktop protocol (RDP) services and when they find one, they strike with intensity. To stop bad actors from exploiting this number one intrusion vector, disable external access and instead, enable virtual private network (VPN) access with MFA. While MFA isn’t a silver bullet, it is a great start to shielding access via stolen credentials. 

Prepare for the worst. Cybersecurity companies love to promote cybersecurity assessments — and that’s because they work. Security is a race to find the weakest link and fix it before threat actors have time to find and exploit it. So, engage in an assessment and be the first to identify security gaps. 

Assessments come in all shapes and sizes and can be tailored to your organization’s needs and budgets. For the holiday season, consider assessing your organization’s ability to respond to a cybersecurity event. You’ll gain valuable insight into what information is available for an investigation, what initial incident response steps your organization can perform, and how you can organize your team to recover operations quickly.

Sharing knowledge is half the battle. So, keep talking about security.

No one is immune to a cyberattack and we should not be immune to talking about the topic. Cyber threats are not specific to any given month. Rather, they are ever-present and spike in volume during certain periods of the year. What was discussed in October should be discussed over the holiday season, should be discussed into the new year and beyond. Every time you talk to co-workers, loved ones, and even, strangers about security, you are promoting awareness and can encourage actions to clean up computer behaviors and lessen the impact of attacks.

Arete IR Director Stephen Ramey is here to answer burning questions from victims of cyber events. If you have a question, please don’t hesitate to reach out at [email protected]. Arete wants to help by sharing our insight and experience.