How to keep your organisation safe through a summer of cybercrime

How to keep your organisation safe through a summer of cybercrime
Bharat Mistry, Technical Director at Trend Micro, shares his advice on how best organisations can protect themselves as cybercrime continues to rise drastically this summer. 

As the temperatures warm up and lockdowns ease, you might be forgiven for thinking that summer means an easier time at work. Unfortunately for cybersecurity professionals, that’s most definitely not the case. You might want to take it easy, but threat actors rarely take PTO. From crippling cyberattacks on UK schools to urgent new advice for patching critical vulnerabilities, there’s no shortage of stories to keep CISOs awake at night.

The good news is that mitigating cyber risk doesn’t need to be prohibitively expensive or complex. Now is a great time to revisit policies, tooling and strategy, to set your organisation up for success.

A summer of cyberthreats

By any measure, ransomware is the most visible and dangerous threat UK organisations have to deal with this summer. Trend Micro detected a 34% year-on-year increase in new variants in 2020, and the underground market remains as prolific as ever this year. Over recent months, high-profile attacks on US oil and food supply chains and managed service providers have escalated ransomware to the highest levels of government. In addition, both G7 and NATO leaders have called out nations such as Russia for harbouring criminal groups.

Yet while these big-name attacks tend to be most eye-catching, the majority are still aimed at SMBs. And the affiliate groups that carry most of them out are getting bolder. According to insurers, the average size of demand made to North American ransomware victims soared by 170% year-on-year in the first half of the year. We’ve seen attacks combining not only encryption of key files and data theft but also DDoS attacks and the contacting of customers and stakeholders—all with the end goal of forcing payment. The good news is that their tactics are increasingly predictable: initial entry via phishing, vulnerability exploitation or RDP, and lateral movement using legitimate tools.

Less easy to predict or deflect are nation-state attacks. Yet as state-backed operatives get bolder, more organisations are becoming exposed to potential compromise—either as a target themselves or a “stepping stone” en route to higher-value partners. When the US government starts offering rewards of up to US$10mn for information identifying these actors, you know that the advantage is increasing with the attackers.

Making things even more difficult is the increasingly blurred lines between state-sponsored and cybercrime activity. Nation states today might buy hacking tools off the dark web and even hire cyber-criminals to do their dirty work. In the meantime, the cybercrime economy continues to mature. Today it’s a finely tuned machine where each component has a precisely defined role. As we’ve reported, “access-as-a-service” vendors are increasingly common. These threat actors typically compromise targets and then sell network access to ransomware groups and others. The pressure to patch vulnerabilities and find misconfigured endpoints has never been greater.

Review and prioritise

Although we say that things are getting harder for cybersecurity leaders every year, 2021 has had more bumps in the road than most. But that doesn’t mean it’s game over. In fact, the summer offers a useful opportunity to take stock of what works and what doesn’t and to advance the corporate cybersecurity posture.

READ MORE:

We know that attackers are increasingly hijacking RDP endpoints and other accounts by brute-forcing credentials or using previously breached passwords. That makes multi-factor authentication increasingly table stakes for today’s CISOs. We also know that they’re still exploiting vulnerabilities to compromise systems, including those dating back several years. So patch promptly and consider virtual patching capabilities to protect end-of-life and other systems where fixes can’t be easily applied. Finally, review the legitimate tools (PSexec, Cobalt Strike etc.) that are regularly used by threat actors once inside your networks to perform lateral movement without raising the alarm. By understanding how they’re used by your employees, you’ll be better placed to spot anomalies that could indicate malicious activity. More broadly speaking, use this summer to identify your most business-critical systems and build defences around them first. Work with your security partners to audit their solutions and ensure you have the latest builds and features in place. And review your policies, especially incident response and recovery in the event of a ransomware attack. The bottom line is that no organisation is 100% safe from a security breach today. It’s all about spotting them early on and taking action before the bad guys have.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...