Cybersecurity threats are on the rise and one misstep could cost you your business. We spoke with High Point Networks Senior Security Engineer Jamie Maguire to learn about how to prevent and recover from cybersecurity disaster.
Q: What are the most common cybersecurity threats businesses are facing today?
A: Business email compromise is the biggest one we see and we see it almost weekly. The second one we see is ransomware.
Q: How should companies protect themselves from those two threats?
A: The best way to prevent email compromise is multifactor authentication. We recommend people install an authenticator app on their phone so they get a push notification when they try to log in. That can cut down the risk of email compromise a lot.
Another good thing to have is a strong password policy. We like to tell people that longer passwords are almost always stronger. 16 characters for a password or passphrase is a good place to start.
Another thing that should be done is security awareness training. Businesses should educate staff on common types of phishing emails and what common types of scams look like so they can recognize them and not fall victim to them.
Ransomware is more complex. It’s a bit more involved. Ransomware often starts with phishing. So those three methods of prevention I just mentioned apply to ransomware as well.
To prevent ransomware from making a significant impact on your business you should be doing a lot of backups because when someone deploys a ransomware attack, they lock up all of your data.
It’s also important to understand what your business has exposed to the internet. A lot of ransomware groups are starting to attack the perimeter of networks in addition to phishing. They like to go after services, applications, and servers that are exposed directly to the internet. So, understanding where your exposure is can help a lot as well.
Q: Are there any formal pieces of training or external pieces of information that you’re aware of that i should point readers to?
A: There are a lot of good resources out there. The National Cybersecurity Alliance has some great resources and articles at staysafeonline.org. They also have a good video series on YouTube (@StaySafeOnlineNCA).
There are also some great local and regional events including CyberCon (Bismarck), UND CARS Symposium, Fargo BSides Security Conference, and the NDSU Cyber Security Conference.
Q: If a cybersecurity attack happens, what are the first steps a business should take to recover?
A: Get all of the technical people and IT staff involved right away.
What is email compromise?
A compromised email occurs when an unauthorized party gains access to an email account, often through phishing or weak passwords, allowing them to potentially steal sensitive information or impersonate the user for malicious purposes.
What is ransomware?
Ransomware is a type of malicious software that encrypts a victim’s data, blocking access until a ransom is paid to the attacker. It can cause significant disruption to businesses and individuals by holding critical files or systems hostage.
Trying to understand the scope of the incident is the first step. Then, once you understand the scope of the incident, you can better understand how to contain it. So containment is the next step.
Start locking accounts, resetting passwords, removing infected devices from the network, and things like that. Then, you can start to recover. If any devices need to be cleaned or wiped, do that. If anybody’s mailbox needs to be checked out, do that.
Q: If a business is hacked and has information on customers that is accessed, how would you recommend the business communicate with their customers?
A: For our company, we put together a formal incident response plan. We have a documented plan that whenever something happens, all of the steps for action are written out. The who, what, when, and where is all defined. I think that’s a great thing that every business can have. And I think contact information for clients and customers are good things to have in your plan.
Another thing I think is really useful is a tabletop exercise for businesses. So, we bring everybody into a room, the IT people, sometimes even the finance people, sometimes even the C suite, and we run through a scenario—like a ransomware scenario for example. When we do this, a lot of good questions start to get asked.
By the Numbers
- Around 80% of businesses affected by BEC attacks did not have multi-factor authentication (MFA) in place (Cobalt: Offensive Security Services)
- 66% of organizations reported ransomware attacks in 2023 (Cisco Talos Blog)
- Global financial losses from business email compromise scams exceed $1.8 billion annually (Deloitte United States)
Q: What are some of the most common mistakes you see people make once they’ve actually been the target of a cybersecurity incident?
A: One thing I’ve seen before is a hesitancy to involve cyber insurance. I think sometimes, for whatever reason, organizations are hesitant to get the insurance involved. Maybe they do this because they don’t want to pay their deductible or risk their rate going up. So, they think they can kind of contain the incident themselves. That would be a big one. I think another thing is not responding urgently or ignoring certain alerts and warnings.
Q: Are there any new threats with ai that businesses need to be aware of in the coming years?
A: I don’t know that it’s necessarily anything new right now. I think it’s more of the same. One thing in cybersecurity that gets mentioned a lot is social engineering—trying to con someone into doing something that they shouldn’t. And I think we’re seeing AI get applied to that a lot now, and I think we’re going to see more of that. Social engineering isn’t new, but I think AI getting applied to social engineering is probably what we’ll see. This might take the form of deep fake videos or audio, for example. People are going to try and use these to get you to send money or a password.
High Point Networks
highpointnetworks.com
Facebook | /highpointnetworks
Instragram | @high_point_networks
Linkedin | /company/highpointnetworks