Have you ever attended a webcast and were saddened when it's over because the presenters really made you think? That was the case for a broadcast SecureWorld recently hosted with Mike Britton, CISO of Abnormal Security, and legendary investigative journalist Brian Krebs.
Here are some of the key highlights from their riveting discussion on preventing cyberattacks that matter the most.
While cyberattacks have shifted over the last decade, email is still the primary attack vendor even in 2022.
The average vendor compromise attack is costing organizations over $180,000, and hackers are successful with those compromises about 12% of the time. In the case where the bad guys are using compromised infrastructure, the malicious host isn't complicit attacked, right? So, cleaning up the infection, more often than not, in the old days meant getting the victim to first care and then take appropriate action. That generally doesn't happen as much anymore with the bad guys using compromised infrastructure, or does probably in part because so much of the "bad stuff" has migrated to the cloud.
By and large, attackers are also getting way better at not spamming people who aren't able to be victims of their spam; so basically, not drawing undue attention to their crime infrastructure, which is making their attacks more organized.
Brian Krebs said:
"Let's not forget, each [email] breach tends to beget more breaches. For example, don't underestimate for a second how valuable targeting data and how much targeting data that the ransomware actors obtain when they hack into one of their victims and steal all their internal data. Which, of course, [this stolen data] then becomes the fuel for a second ransom demand."
Most tech companies, from big to small, pretty much run the same basic infrastructure, email, and messaging within their organization. And while the major shift to remote working has forced us to collaborate in this way, let's not forget about the importance and the key role these collaborative platforms play in almost any organization. Think of platforms like Slack, Microsoft Teams, Skype, Zoom, etc.
What we've seen over the past couple of years, particularly since the pandemic, has been a lot more targeting of employees at specific companies that attackers want to get into. These attackers will use a variety of lures to pull people in, but a lot of the phishing has been centered around updating the VPN for a client or employee, or redirecting users to phishing sites that look a lot like their collaborative platform login page.
The trouble here is that in a lot of organizations, there's a great deal of sensitive information and access to internal resources. In these types of collaborative platforms, like Slack for example, when some user account credentials get phished, someone else's credentials could be phished. It becomes a snowball effect and it's not long before the attackers then have access to the same internal tools that your employees do.
Mike Britton said:
"The odds are overwhelmingly stacked against any corporate security group or corporate IT group. The bad guy just has to be right one time, they need to get ONE person to click on ONE email. And you know, that can cause a potential loss for that organization."
Cybercrime today remains successful because of the ways it hijacks the people behind the keyboard. People are the weakest link in an organization's security toolbox because it doesn't matter how sophisticated an attack is, if hackers are able to hijack the brains of people opening their message, that is how they're able to be successful in their crimes. Emotional pleas are common in these types of attacks and prey on victims' altruistic side.
Krebs concluded:
"I think the vast majority of cybercrime today is successful because it hijacks the people behind the keyboard. Social engineering, as it's called, has always been the most powerful part of InfoSec, or the lack of InfoSec, in any organization."
These are just some of the highlights from our engaging webcast; it was loaded with actionable ways to improve your security awareness program and ultimately your success at defending your organization.
To register for upcoming SecureWorld Remote Sessions webcasts, visit: https://www.secureworld.io/resources?cat=remote-sessions