In Q2 2021, malware activity began to rise while Nuspire saw a decrease in botnet and exploit activity compared to Q1. Q2 brought some major news in ransomware, including the Colonial Pipeline attack, the disbandment of the DarkSide and REvil ransomware gangs and, as we head into Q3, the arrival of the newest gang to the block, BlackMatter.
As cybersecurity threats and tactics evolve, they are becoming increasingly sophisticated and have the potential of inflicting more harm faster than ever. Organizations connected to the internet, or with the possibility of internet connections, should know they are potential targets. The opportunity is that cyberattacks can be predictable. Organizations should learn about the most active threats and look at their digital perimeters to assess what actions need to be taken to mitigate risk.
Here are five simple actions to safeguard your organization and reduce the risk of breach:
- Educate all users, often.
User awareness is one of the most powerful, cost-effective ways to defend your organization from a cyberattack. Educate end users on how to identify suspicious attachments, social engineering, and scams, especially those circulating now. Inform end users of common themes and train them to be suspicious of major events that can be turned into phishing lures. Create procedures to verify sensitive business email requests (especially ones involving financial transactions). Use a separate form of authentication in case an email account becomes compromised or is spoofed. Often, after attackers compromise an email account, they will use the account as an additional layer of “authenticity” to attack within an organization.
- Take a layered approach to security.
Buying cybersecurity point products will Nuspire Threat Report | Q2 | 2021 not secure your business. A comprehensive defense-in-depth approach with an integrated Zero Trust cybersecurity program protects businesses by ensuring that every single cybersecurity product has a backup. Integrating defensive components can counter any gaps in other security defenses. Utilize vulnerability scanning to determine your weak spots and build security around them. Enrich your logs with threat intelligence and perform threat modeling on your organization to determine how APT groups are targeting your industry vertical.
- Up your malware protection.
Advanced malware detection and protection technology (such as endpoint protection and response solutions) can track unknown files, block known malicious files and prevent the execution of malware on endpoints. Network security solutions, such as secure device management, can detect malicious files attempting to enter a network from the internet or moving laterally within a network. This advanced protection can provide threat responders with additional tools, such as quarantining a specific device on the network and providing deep visibility into events happening on a device, during investigations.
- Segregate higher-risk devices from your internal network.
It’s critical to understand your digital footprint fully. Devices that are internet facing are high-value targets. Administrators should ensure that default passwords are changed as attackers are actively searching for devices that provide them easy access into a network. IoT devices should be inventoried. Network segregation can help limit where an attacker can move laterally within an environment in the circumstance of a breach.
- Patch, patch, and then patch some more.
Administrators should ensure that vendor patches are applied as soon as feasible within their environments. Critical patches can secure vulnerabilities from attackers. Administrators need to monitor security bulletins from their technology stack vendors to stay on top of newly discovered vulnerabilities attackers may exploit.
Navigating today’s digital battlefield can be difficult, but it doesn’t have to be.
Josh Smith is a cybersecurity analyst at Nuspire, where he specializes in information systems security. As part of the Security Intelligence and Analytics team, Josh is an expert at identifying cybersecurity trends, analyzing threat actors, and curating operational threat intelligence.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.