Defendify’s Success Manager, Shanna Utgard, sat down with Tim Carbery, Managing Partner of CastleHill to share insights on current topics in Cybersecurity.
Current Threats
Overall, discussions on what's needed for stronger cybersecurity has become a part of the daily conversation since the pandemic. Especially after the swift shift to remote work, many companies became vulnerable to bad actors.
Phishing attacks in particular have increased in sophistication and have become more targeted and role-specific. Bad actors are preying on the essential job functions of individuals to lure them into exposing their information. For example, a CEO of an organization might receive a critical budget email, or the accounts payable team may receive fraudulent invoices from a malicious source. Not only are cyber criminals targeting by title, but they are taking a deep dive into public profiles, such as LinkedIn, to increase the sophistication of the attack. This particular type of phishing tactic, which targets a senior player of an organization, is known as a whaling attack.
Did you know that Ransomware kits are available for purchase on the dark web? That means anyone can buy and launch an attack on an organization. For example, suppose one had access to an email list and distributed a phishing email that someone within an organization opened. In that case, they could encrypt all of the organization's files, with half of the profit going to the individual and half going to that malware creator. No prior experience is needed to deploy these attacks, and these companies even have online chat and support teams - Concierge cybercriminal services!
An organization can be compromised if its third-party vendors do not have proper cybersecurity processes in place. A great example of this was the Target breach in 2013, which cost the retail giant $202 million. The attacker breached the Target database by infiltrating the network of a smaller HVAC contractor of Target. Large companies are starting to take note and are executing vendor risk assessments; however, many companies don't know where to start. Companies can minimize their risk by looking at their internal cybersecurity processes, including vetting their third-party vendors.
Layers of Cybersecurity
In the presentation, Shanna compares layers of cybersecurity to swiss cheese. Stating that if you put layer after layer of Swiss cheese in place, there are tiny holes. And in each piece of cheese at each layer, we're able to stop someone trying to come through. However, suppose an attacker gets through all those different layers of defenses. In that case, we want to make sure that we have a well-documented incident response plan in place, cyber insurance, to recoup any of those damages and backups that have been tested regularly and make sure we can recoup any of that information and data that is lost.
Assessment and Testing
A robust cybersecurity program starts with a risk assessment to understand and identify current security risks within an organization. As Shanna mentions, Defendify compares it to a doctor prescribing medication before conducting an exam and knowing what the issue is - it’s our baseline. The doctor won’t prescribe the medication without a thorough examination. This is where diagnostics from the assessment come in. Our risk assessment tool assesses the strengths and weaknesses of an organization. From there, we determine what tools can be put into place to prevent future attacks and foster a robust cybersecurity program. An example of that is the stolen password scanner tool, which identifies, analyzes, and proactively monitors your organization’s compromised or stolen employee and customer data.
Detection and Response
If you had a cyber-attack at two o'clock in the morning on a Sunday, how confident are you that you have the tools in place to detect it, and the team that can respond to contain it? If you had a bad actor in your network or an active attack right now, would you know?
Defendify's breach detection and response service take a proactive approach. Even with layers of defense in place, breaches can happen with unvetted vendors, compromised credentials, or a really well-crafted phishing email. With breach detection and response from Defendify, companies have 24/7 defenses in place without needing a full-time security team on staff or paying for some aggregator to pull all your different logs in from all your other separate systems.
Vulnerability scanning consists of due diligence across the board. Are there out-of-date devices or software that you're running that could be used to exploit you? The Vulnerability Scanner is a cybersecurity tool that automatically searches your networks and systems for security vulnerabilities then provides detailed reports to help you understand what risks to consider and where security gaps are.
Policies and Training
Technology is just a piece of the overall cybersecurity solution. Policies and training are essential in ensuring everyone within an organization knows how to defend against a cyberattack. Many breaches result from employees misusing technology; therefore, it is crucial to implement a robust technology and data use policy. Having a technology and data use policy helps to reduce risks associated with a cyberattack by establishing clear procedures, expectations, ownership, and communications around behavior and remediation.
Phishing simulations are another practice for examining and reinforcing policy and how to deal with cyber threats when they come in. Shanna mentions that there is a hesitation in directing the simulations to individuals at the executive level, but that is exactly who they should be getting the simulations because they are the direct target of the bad actors. Entire organizations should be participating in the simulations. Bottom-line: Cybersecurity awareness and posture should be a top-down mindset for any organization.
An All-in-One Solution
Much of security is siloed between email accounts, endpoint behavior, firewall and network activity, and cloud applications. Having a solution like Defendify will help bring visibility to all suspicious activity, anomalies and vulnerabilities, and provide an entire team of cybersecurity experts to respond to any suspicious events or attacks. If there is a security incident at two o'clock in the morning on a Sunday, Defendify will handle it. And when you wake up in the morning, there will be a fully detailed report waiting. The report will include how the breach occurred, how it was contained and remediated, and any recommendations on preventing a similar breach from happening again. In addition, you'll get regular check-ins from a dedicated success manager who will review your reports and provide guidance on ways to continuously improve overall cybersecurity posture.
Watch the full episode of the CastleHill Coffee Chat episode here.
Want to learn more about Defendify tools for streamlined cybersecurity? Check out our free cybersecurity tools to help companies get started: Defendify Cybersecurity Essentials Package.