Thursday, November 16, 2023
Latest:
Cybersecurity Experts from Non-Security Companies
TechnologyGeneralTips

Cybersecurity Experts from Non-Security Companies

Addison Albert

The increase in cyberattacks across the globe comes at a significant cost for businesses and organizations in order to better protect their networks and systems from malicious actors. 

As cybercriminals have been exploiting the COVID-19 pandemic to gain access to valuable data and unauthorized access to systems. Over the past 12 months, major cybersecurity threats have emerged. One of the major cybersecurity threats is the inundation of misinformation and weaponized websites and documents. The other major threat is a newly remote and hybrid workforce that lacks the proper protection. Since many remote employees are performing their day-to-day work tasks over an internet connection via a work device or a cloud-based system, the risk of cyberattacks increases.

We wanted to find out from cybersecurity experts from non-security companies what organizations can do to prepare themselves for the future of cyberattacks.

How Have Cyber Attacks Evolved over the past 12 Months?

From the ransomware attack on Colonial Pipeline in May that halted the flow of oil and gasoline across the East Coast, to the JBS Foods ransomware attack that disabled its beef and pork slaughterhouses, and the Kaseya ransomware attack in July that used software to deliver REvil (also known as Sodinokibi) ransomware via an auto-update, 2021 has exposed just how vulnerable the world, critical infrastructure, and IT environments are to cyberattacks. 

Cybercrime costs include damage and destruction of data, stolen funds, lost efficiency and productivity, theft of financial data, theft of intellectual property, theft of data, and post-attack disruption to an organization’s day-to-day operations. As our world becomes even more digital and interconnected, identity needs to be at the heart of every business and organization’s security strategy. 

”Over the past 12 months, cyber-attacks have increased and are becoming more sophisticated and aggressive.  According to a 2021 mid-year report by Check Point (https://checkpoint.com), in the first half of 2021, global cyber-attacks increased by 29%, as hackers continued to exploit the COVID-19 pandemic and the shift to employees working.  Ransomware attacks have surged 93% in the last 6 months, fueled by innovation in an attack technique called Triple Extortion.  

In addition to stealing sensitive data from organizations and threatening to release it publicly unless a payment is made, attackers are now targeting organizations’ customers and/or business partners and demanding ransoms from them too.  Supply chain attacks have also increased. For example, the now well-known SolarWinds supply chain attack stands out in 2021 due to its scale and influence. 

Supply chain attacks are becoming very popular since they allow an attacker to gain access on a one-to-many scale. Instead of a frontal assault on one network, they put their efforts on finding a weak spot elsewhere by attacking a trusted source for not only that network by many networks using that same vendor’s software. The European Union Agency for Cybersecurity (ENISA) has forecasted that there will be four times more software supply chain attacks in 2021 than there were in 2020.

The thought of not trusting even the legitimate software you purchased introduces some percentage of doubt into everyone’s mind. With a supply chain attack, this time, it’s not just malicious code attacking with obvious ties to threat actors; it’s now worrying about whether your vendor’s code is secure. In some cases, it also comes down to trusting your vendor’s vendor is also doing the right thing.”-Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder, LI Tech Advisors

”Cyber security attacks have increased both in frequency and success over the past 12 months. The cybersecurity attacks have evolved to include artificial intelligence in a data breach component. In other words, they have become smarter and are able to attack the vulnerabilities or sensitive data of the client.”

-Ilan Sredni, Palindrome Consulting, Inc. – “Delivering Peace of Mind” 

”Cyberattacks have evolved significantly over the last 12 months. They are happening more frequently and on a larger scale more than ever. In 2021 alone, the world saw some of the most significant cyberattacks in history in Colonial Pipeline, JBS Foods, Brenntag, and Kaseya.”

– Kenny Riley, Velocity IT, Technical Director

Cyber attacks are increasing in frequency, but the methods have largely remained the same. Hackers look for new ways to exploit popular software. Also, they spend time perusing the dark web looking for useful usernames and passwords to buy (yes, they buy them) and will use those for attacking a prospective victim. Once in, the typical hacker will then collect data for 3-6 months to learn how your business works to make the ransomware most impactful.”-Mike Shelah, Advantage Industries

What Lessons Can Be Learned from the Biggest Cyber Attacks in Recent History?

The rise in high-profile cyberattacks in 2021 showed the world how easy it is for malicious actors to invade an entire infrastructure. Many of the cyberattacks that occurred in 2021 can be connected to a business or organization’s inability to manage access to systems.

”The main lesson learned is that all businesses, as well as governmental agencies, are vulnerable to attacks.  A business can and should not assume it “won’t happen to you”.   There is a saying that 50% of all businesses have been hacked and the other 50% have been but just haven’t realized it yet.  Businesses need to make sure that their employees are regularly trained since many attacks get through due to inadequate security training of employees.  Businesses need to have a proactive hardware replacement cycle that guarantees that equipment gets upgraded before its end of life and that all systems are kept up-to-date with the latest security patches.”

-Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder, LI Tech Advisors

”One of the most glaring lessons that we have learned lately is that the attacks are going after vectors that have access to many clients, as clearly shown in the Kaseya attack.”

-Ilan Sredni, Palindrome Consulting, Inc. – “Delivering Peace of Mind”    

”The biggest lesson to be learned from these large-scale cyberattacks is that companies, big and small, need to practice IT governance and put practical security measures in place to protect their business and confidential data.  Technologies such as multi-factor authentication, while easy to implement, can be the clear difference-maker between a failed cybersecurity attack and a successful one. ” 

– Kenny Riley, Velocity IT, Technical Director  

”The lesson here is over 80% of companies are not taking this seriously. Doctors don’t follow HIPAA. Retail establishments do not follow PCI, government contractors have been mandated for YEARS to follow NIST-800-171 and they don’t (which is why they are now developing CMMC) and the list goes on and on. You need to take this seriously.”

What Will Cyber Attacks Look Like in the Future?

”Cyberattacks are a multi-billion-dollar industry for cybercriminals and this trend will continue into the future since it’s so profitable.  The attacks will become more frequent and more sophisticated.”

-Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder, LI Tech Advisors

”I often compare cyber security to the wild west, therefore predicting the future is almost impossible. The amount of money that’s being funneled towards the attack side is inconceivable, additionally allowing cybercriminals to dedicate teams with the sole purpose of hacking prospects.”

-Ilan Sredni, Palindrome Consulting, Inc. – “Delivering Peace of Mind”   

”Cyberattacks will continue to become more frequent, with more significant consequences as time goes on. The intelligence that goes into cyberattacks will also evolve and become more sophisticated and harder to detect, which means businesses will need to step their game up and improve their security posture if they hope to protect themselves from these types of threats moving into the future.”

– Kenny Riley, Velocity IT, Technical Director  

”Cyber attacks will increasingly look more authentic and be harder to prevent and overcome.”

-Mike Shelah, Advantage Industries

What Are Advice for Organizations Looking to Get Ahead of the Cyber Attacks of the Future?

  1. Secure your hardware – make sure you are using the latest security patches and complicated passwords are being implemented.  Use 2-factor authentication where possible.  Also, make sure that you turn on BitLocker device encryption for all your Windows 10 devices and enable remote-wipe any mobile devices that might be lost or stolen in order to protect the data it has access to.
  2. Encrypt and Backup data – you need to make sure you prevent physical access to sensitive data and also render it useless if it falls into the wrong hands. Data encryption is the best “quick fix” for data breaches.  If a data breach should occur, the data would be inaccessible.
  3. Perform a network security scan – you should periodically run a network security scan of your network to see what devices are attached and where security holes may reside.
  4. Train your employees – One of the weakest security points are your employees.  Ongoing training is very important to maintain a heightened level of awareness of cyber threats. Purchase a cyber security training service that will automatically send out fake phishing attempts to test your employees and train them if they fail. 
  5. Invest in cyber insurance – consider this business continuity insurance in the event that any of the security measures you have taken fail.  If you fall prey to a ransomware attack, cyber insurance will help you recover by offering financial support to quickly remediate the issue.

-Anthony Buonaspina, BSEE, BSCS, CPACC, CEO and Founder, LI Tech Advisors

”Businesses looking to get ahead of cyberattacks and provide themselves with proper protection should be implementing baseline security measures within their organization as soon as possible. There are many steps that companies can take to improve their overall security posture. The top three items that come to mind would be to ensure that any form of remote access into the organization is appropriately secured with multi-factor authentication. Ensure that your organization has proper air-gapped backups in place and test restores of those backups regularly. Finally, develop, implement, and practice a well-thought-out cybersecurity incident response plan within your organization so that you have an action plan in place in the event of a cybersecurity attack to minimize damages.”– Kenny Riley, Velocity IT, Technical Director  

  1. 10x your cyber budget and let your IT team do their job
  2. Pick a cyber framework, follow it, document it, review quarterly & update as needed
  3. Be proactive, use tools like MDR (Managed Detection & Response) Sign up for a cyber security training platform for your employees and be sure to verify ALL employees participate every month. Do not let them slip one month.

You May Also Like

Technology Trends in Business

Technology Trends in Business: Top 14 Focuses of 2024

Addison Albert
Is Online Teaching Trustworthy for the Future

Is Online Teaching Trustworthy for the Future

Addison Albert
New Age Of Construction & Engineering Technology

New Age Of Construction & Engineering Technology

Addison Albert