In today’s business world, most companies are fully reliant on technology to maintain their daily operations. Data has become valuable currency and as much as technology creates convenience and efficiency, the sheer volume of connected devices and systems has increased risk and vulnerability. Attacks on systems are becoming more prolific and companies need to constantly evaluate if they have done enough to protect themselves or their customers.
In a recent IT Trendsetters webinar with Rapid7, an MDR service provider, we discussed how cybersecurity is evolving and what the trends are for 2023. Specifically, common mistakes that make companies an easy target. You’ll want to avoid these pitfalls:
There is a perception that cybercriminals only target major multinational companies that have large customer databases of sensitive information that are worth exploiting. This may have been the case several years back, but no longer. These companies have invested heavily in security making it harder for criminals to break into their systems and so the attackers are turning to easier targets – small and medium sized business.
Typically smaller companies don’t invest as heavily in security or monitor their systems as diligently, yet most are connected to the internet in some way. This makes them relatively easy targets. Even smaller businesses have to protect their reputation and their customer data and criminals know and exploit this. Unfortunately, without adequate protections in place, most small to medium-sized businesses don’t survive a targeted cyberattack. When considering security, it should be viewed as a necessity for business continuity rather than an additional expense. If company systems are exposed to the internet, they’re vulnerable and it takes a strategic effort and investment to make them more secure.
A major trend emerging from 2022, was that almost 40% of high-severity breaches were a result of not implementing MFA on public-facing surfaces. Attackers got into systems with relative ease and were able to do a fair amount of damage in a short period of time. While many employees may feel that MFA is an annoyance, in terms of business, it’s become essential. It’s a really simple, no-cost way of making it harder for attackers to access and navigate through systems. The value cannot be understated. In fact, most insurance companies include MFA as a requirement for obtaining insurance coverage.
Exchange servers, gateways, firewalls, and any endpoint that touches the internet could become an access point for an attacker if it is not properly secured. These are some of the areas that threat actors commonly go after to get into company systems and account for approximately 25% of attacks. Companies need to be diligent in keeping these access points patched and monitoring them for any unusual activity.
Another major trend is attackers using stolen credentials to gain access to a company system. These are often obtained through Phishing emails or compromising an employee’s social media account. In addition, there are many brokers on the dark web making good business by selling compromised but authenticated identities. These are often identities of past employees and without having robust authentication and monitoring services in place, these compromised identities can go undetected. The risk of compromised identities is another reason to implement MFA, If an identity is compromised but MFA is in place, it makes it harder for attackers to use the identity to progress within company systems.
As much as companies are proactive about security, the reality is that attack methods are constantly evolving and it’s not always possible to keep ahead of and block every vulnerability. This is why it’s critical when a threat is identified, to have partners, systems, and policies in place to be able to isolate and quickly shut down the attack to minimize the damage.
The challenge is that this is a complex task requiring specific expertise that has the capacity to work with great urgency. Where the attack originated, how attackers gained access, what they did, and how it impacted business, all forms part of how the threat is resolved. Most small to medium-sized businesses can’t afford to employ this level of expertise full-time. Especially as the nature of threats are becoming increasingly complex. This is why it often makes sense to partner with Endpoint Detection and Response (EDR) and security specialists as part of a managed solution. In working with a number of clients, they have greater insight into how best to counter attacks and can often move more swiftly to mitigate the damage
But even in that, there is a challenge. There are so many different security services available and it can be difficult to identify which ones are applicable to a specific business. There is no one-size-fits-all solution. When investigating options, it’s important to understand where the services start and end. For example, a managed detection and response service likely won’t be running system and patch updates, but they would be able to identify and work to resolve threats.
Because of these complexities, another emerging trend is that many insurance companies are recommending companies outsource their security to partners who are specialists. Their collective exposure to threats makes them better positioned to be able to identify possible threats and remediate them. They can also then use this information to identify what gaps exist in terms of threats and what steps need to be taken to put the right security in place to reduce the risks.
Cybersecurity constantly evolves, as these trends indicate, and requires an agile approach. Companies should continue to be proactive about security, partnering with industry specialists and keeping abreast of threats and vulnerabilities.
