We seem to hear new warnings about ransomware or phishing threats every day. It is starting to feel like a broken record and people are tuned out.
The reality is email continues to be the weapon of choice for cybercriminals seeking to steal data or money from organizations. Cybercriminals are using email because it continues to work, especially in times of instability. Healthcare organizations are primary targets with the COVID-19 pandemic causing mass chaos and confusion across the country.
There is a story every day about phishing, ransomware, malware, social engineering or business email compromise (BEC) and the problem continues to grow with a new approach being called a double extortion attack. In this tactic, cybercriminals corner their victims even further by dripping sensitive information into the darkest places on the web to substantiate their ransom demands. What can organizations do to fight this trend?
Defending against these threats requires a focus on the fundamentals of security and regular user training. Of course, these can be augmented by security tools, but we’re big believers in the fundamentals helping to avoid most problems.
The phishing, ransomware, malware, social engineering, BEC and double extortion attacks all rely on getting users to take a desired action. Usually, the action is to click on an attachment or link which includes malware. They rely on subterfuge or a false sense of urgency to manipulate human behavior. The cybercriminals may have researched your organization and know not only who’s who but have samples of their prior emails for writing styles.
Business email compromise (BEC) is a trend less talked about but is costing billions of dollars a year. BEC is where cybercriminals use email as a tool to manipulate and socially engineer organizations to make false payments. Either valid payments made to the wrong account or fraudulent payments made by well-intentioned but misguided individuals.
Avoiding these scams starts with implementing the fundamentals of security.
- Patching all systems and applications – most of these threats seek to take advantage of known vulnerabilities in technologies used within your organization. Patching the servers, workstations and applications removes the easiest attacks and most common threats.
- Filtering email to suspicious content – removes 99% of the problem before it gets to the user. There are many tools which provide excellent protection, but they need to be fully implemented and kept up to date.
- Blocking URLs known for harmful content – most up-to-date firewalls will include this functionality, but you need to make sure it’s turned on. This will not only block users from connecting to dangerous sites but will also block outgoing malware connections to its servers to upload data or obtain encryption keys.
- Avoid using email in sensitive business processes – Email should not be considered a trusted system because it is a) a direct path from the internet, b) is easily manipulated to make users think the sender is someone they trust, and c) a great tool to create a false sense of urgency. Many times, these scams begin with an urgent email from the “CEO” or “CFO”.
- Training – Security training for users is often an overlooked tool, with many organizations preferring to rely on technical solutions for protection. Automated tools certainly play a big part in preventing these attacks, but the cybercriminals find ways to bypass the tools. Annual security training is a start but woefully insufficient to build a secure culture. Monthly or weekly security awareness is often missed as a tool to change user behavior and awareness. Short quickly consumed messages not only transmit the desired content, but they make it easy for users to receive the message. Adding humor and making content graphically appealing will encourage users to pay attention over the drab boring articles of the past. You can also include real-life examples to help users quickly identify current circumstances as a potential threat.
- Incident Preparedness – Eventually and despite everyone’s best efforts something will happen. It’s at this point, a proper response will greatly reduce the severity and impact of a potential incident. Train your users to report questionable events and ensure your helpdesk can handle them appropriately to minimize business impact.
Cybercriminals will continue using email until it stops working for them. Employing a well-rounded security strategy which addresses all of the fundamentals is a great foundation for protecting your organization and customers.