Ransomware is stealing the headlines. But, besides ransomware, other cybersecurity threats are lurking. Focusing on the Top 3 Threats will also assist you with your ransomware detection and resiliency strategy.
- Automated account take-over — For remote access platforms and versions with privileged access, such as bank accounts or administration accounts, automated account take-over attacks are well underway. Attackers comb data breach dumps of passwords and corporate email accounts and reuse those.
Mitigating control: search password dumps for your corporate email accounts and enforce 1:1 password changes by notifying the user. In addition, consider a more frequent password reset policy.
- Business Email Compromise — Socially engineering your staff into changing wire instructions sending money to the wrong place, presenting the team with fake purchase orders, and impersonating the CEO or someone that has the authorization to request funds transferred.
Mitigating control: Domain name design; credentials; template protocol; text each other a code
- Security and Privacy Issues — Almost all of the major videoconference tools have had to deal with issues at some point. Google Hangouts, Zoom, RingCentral, WebEx, and Microsoft teams have addressed various vulnerabilities that would allow an attacker to eavesdrop on a meeting or find recorded files stored on public cloud instances. Make sure you are very familiar with their security guides.
Mitigating control: set security policy at the corporate level, train everyone on your company regarding the policy.
Mitigating control: When employees leave your corporate instance of collaboration tools, they may not realize how unprotected they are. For example, Slack and Microsoft Teams collaboration tools are often open across industry-sharing, peer groups. These open forums have had challenges with malware being delivered through links and attachments.
Advice to Follow Back at the Office
- Know Your User Stories: Design Your Security Playbooks for the Human
- Model futuristic scenarios & practice playbooks
- Segment To Save It
- Prevent Business Email Compromise / Wire Transfer Fraud by implementing a domain name that’s not your public-facing domain name, creating credentials only used for money movement, talking to your bank about options, creating a wire transfer template, consider each person has a code name not easily guessed
- Identity / Access Controls help combat data and IP theft
- Books on internet safety, privacy, and manipulation campaigns:
- Protecting Your Internet Identity: Are You Naked Online?
- Privacy in the Age of Big Data
- NEW BOOK — Manipulated: Inside the Cyber War to Distort the Truth
Here are my cybercrime predictions for the future so that you can plan today for what may come to your organization next. If you are not sure where to begin, consider taking each scenario and using a staff meeting to ask 3 key questions:
- What would we do if this cybercrime prediction hit our organization?
- What would our incident response playbook and our decision tree look like?
- How would we best recover from this?
2021 Cybercrime Predictions (developed at the end of 2019)
- COVID19 Innovations Lead to Innovation in Cyber Crimes
- 5G will accelerate cybercrimes
- Misinformation Campaign Hits Global Elections (Again!)
- AI Poisoning will be a “thing”
- Ransomware goes all-in on cloud
2022 Cybercrime Predictions (developed at the end of 2020)
- XR (Extended Reality, also known as the Metaverse) will be hacked!
- Mini-Black Swan Banking Event
- AI Drives Misinformation Campaigns Without Human Intervention
How to Spot and Stop Manipulation Campaigns
Read the book Manipulated – wink! Available in hardcover, ebook, and audio formats on Amazon.
- Have a digital disaster playbook for all of the 2021 & 2022 predictions I mentioned
- Check trusted vetted news organizations by going to their site directly (3 – local, national, outside your country)
- Go to organizations such as factcheck.org or snopes.com.
- Ask employees before clicking on links or opening attachments to think twice. If they still need to take action, this free tool can do a quick scan looking for danger — https://www.virustotal.com/gui/.
Free resource released by DHS’ CISA: COVID-19 Exploited by Malicious Cyber Actors https://www.us-cert.gov/ncas/alerts/aa20-099a
If you do suspect or want to report any type of COVID-19 fraud, the FBI has a special unit assigned to COVID-19 – the Fraud Coordinator is Senior Litigation Counsel Shaun Sweeney at USAPAW.COVID19@usdoj.gov or 412-644-3500
Ransomware Victim Organization No More Ransom: https://www.nomoreransom.org/en/index.html
Avast’s Free Decryption tools: https://www.avast.com/en-us/ransomware-decryption-tools
Trend Micro Decryption Tools: https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor
As your organization reimagines the business model, it’s critical that your resiliency plan include not just a new security strategy but also a resiliency strategy for YOU!
I encourage each of you to do as they say on an airplane – when the oxygen masks come down, put yours on first before helping others.
Create space for Renewal, Recharging, Reimagining
As part of your daily routines.
Also, a reminder that it is not a sign of weakness to talk to someone and tell them you feel anxious or nervous or just can’t sleep. If you don’t feel like your normal self, please ask for help.
Use your employers’ EAP; call a friend; please call someone.
Be Healthy. Be Safe. Be Well.
Theresa Payton, First Female White House CIO and Leading Cybersecurity Expert
Guest presenter on Logicalis’ Securing the Future webinar