Widespread Breaches Reinforce Importance of Cybersecurity Fundamentals
Devastating cyberattacks continue making headlines in 2023. Just days before MGM Resorts was stricken with a cyberattack in September that forced the company to turn its computers off and shut down its website, Caesars Entertainment reportedly paid the same cybercrime syndicate responsible for that attack $15 million in ransom after the criminals corrupted its systems.
The MGM breach severely impacted the company, disrupting everything from reservations systems and casino operations to guest services, including the inability to electronically lock and unlock doors. The Caesars infection reportedly resulted in the company’s customer loyalty program database becoming corrupted and the firm paying to provide subsequent credit monitoring and identity theft protection services for its loyalty club patrons. Compounding matters, both companies are now battling multiple class-action lawsuits resulting from the attacks in which customers claim the companies didn’t properly protect their personal information.
2023 Cybersecurity Trends
The Caesars and MGM incidents are just two examples of complex cyberattacks plaguing organizations. As cybercriminals become increasingly insidious—a recent interruption in Clorox Co.’s operations is believed due to similar circumstances as those impacting MGM and Caesars in which information from LinkedIn and other sources was cleverly employed by hackers to trick the companies’ IT representatives into believing the criminals were actually legitimate users requiring access—it’s important companies review their own cybersecurity fundamentals to ensure their corresponding strategies remain sound.
The principles are so significant President Biden proclaimed October 2023 Cybersecurity Awareness Month. In part, the White House’s proclamation called “upon the people, businesses and institutions of the United States to recognize and act on the importance of cybersecurity and to observe Cybersecurity Awareness Month in support of our national security and resilience.”
Certainly, the attention is needed. Hackers aren’t resting.
The Trend Micro 2023 Midyear Cybersecurity Threat Report confirms the top industries impacted by cyberthreat events are manufacturing, healthcare, technology, retail, and government.
In its 2023 midyear cybersecurity threat report, Trend Micro warned of several worrying developments. In addition to malicious hackers broadening attacks to target vulnerabilities in smaller platforms, cybercriminals are also discovering more ways to successfully infect victims. The company’s report states these escalations reinforce the need for proactive cyber risk management.
The Trend Micro 2023 Midyear Cybersecurity Threat Report warns banking, retail and transportation industries – including large enterprises and small and medium businesses (SMBs) – are the top targets of ransomware attacks this year, to date.
Steps You Should Take
Start by ensuring you’re familiar with the latest industry innovations and corresponding terminology, as it’s important to understand the concepts if not every nuance of trending jargon. Here is a sampling of particularly important cybersecurity technologies with which you should be familiar:
Advanced Threat Protection (ATP) – A dynamic solution that uses both artificial intelligence and machine learning technologies integrated within endpoint protection and firewall security services to defend against phishing efforts, ransomware threats and other cyberattacks.
Advanced Threat Management (ATM) – A dynamic solution that uses both artificial intelligence and machine learning technologies integrated within endpoint protection and firewall security services to enable more rapidly identifying and more intelligently responding to phishing efforts, ransomware threats and similar cyberattacks.
BEC (Business Email Compromise) – A technique whereby malicious actors work via fake email messages that appear to be real that trick an employee into transferring funds via a fraudulent transaction the employee believes to be legitimate.
Extended Detection and Response (XDR) – A security technology typically powered in part by cloud services that monitors, detects and mitigates response to cybersecurity threats by connecting multiple resources, such as email filtering tools, endpoint protection platforms and cloud-based security services, in order to more quickly identify and arrest cyberthreats.
Intrusion Detection System (IDS) – A device or system that monitors network activity for malicious or suspicious actions or behaviors that violate preprogrammed norms, typically generating alerts when such conditions occur.
Intrusion Prevention System (IPS) – A device or system that monitors network activity for malicious or suspicious actions or behaviors that violate preprogrammed norms and that takes action to prevent exploitation or infection when such conditions occur.
Managed Detection and Response (MDR) – A cybersecurity service strategy in which a provider continuously monitors, detects and responds to cyberthreats.
Next-Generation Antivirus (NGAV) – Antimalware technology that extends beyond matching malicious file signatures by also using artificial intelligence, behavioral and event detection and machine learning to more rapidly and effectively detect and prevent viruses, spyware and other malware and even fileless malware threats.
Phishing – A form of social engineering in which a malicious actor sends a fraudulent email message to an intended victim with the goal of tricking the victim into sharing sensitive information or inadvertently installing malicious software on behalf of the bad actor.
Security as a Service (SECaaS) – A cloud computing model in which a provider embeds its security services within a client’s infrastructure to enable monitoring and mitigation of cybersecurity risks.
Security Event Management (SEM) – A cybersecurity strategy that emphasizes detecting, identifying, collecting, monitoring and reporting cybersecurity related events using software, hardware and services to better enable analyzing, responding to and managing cybersecurity design, policies and behaviors.
Security Information Management (SIM) – A cybersecurity strategy that emphasizes monitoring, capturing and analyzing computer and network security information, including data returned by individual security agents and captured by system log files, for the purpose of central collection and analysis.
Security Information and Event Management (SIEM) – A cybersecurity strategy in which security information management and security event management strategies and corresponding software, hardware, tools and techniques are combined to provide organizations next-generation cybersecurity detection, analytics and response.
Security Operations Center (SOC) – A dedicated facility that provides technology teams with a centralized location to proactively and continuously monitor and analyze a network’s security posture and status and coordinate response to cybersecurity incidents when they occur.
Smishing – A form of social engineering in which a malicious actor sends a fraudulent text message to an intended victim with the goal of tricking the victim into sharing sensitive information or inadvertently installing malicious software on behalf of the bad actor.
Social Engineering – A fraudulent technique whereby a malicious actor attempts to manipulate and trick a victim into performing actions or revealing information that assists the malicious actor in compromising or exploiting the victim’s computer, network or systems.
Vishing – A form of social engineering in which a malicious actor telephones an intended victim with the goal of tricking the victim into sharing sensitive information or inadvertently installing malicious software on behalf of the bad actor by making the victim believe the information is being shared by or the instructions being provided are from a trusted contact.
Whaling – A form of spear phishing in which a malicious attacker impersonates and targets high-level executives.
Besides ensuring you’re familiar with the latest cybercrime technologies and available solutions, confirming respective cybersecurity fundamentals are in place is another important step in addressing information technology (IT) vulnerabilities and combatting common cyberthreats. Numerous respected authorities, meanwhile, publish and maintain best practices guidelines for securing your organization’s computer network, systems and data.
Targeted spear phishing attacks, command and control breaches and remote access vulnerabilities lead the list of hacker tactics and targets in 2023, according to the Trend Micro 2023 Midyear Cybersecurity Threat Report.
The US Cybersecurity & Infrastructure Security Agency (CISA)—part of the US Department of Homeland Security—maintains a wealth of cybersecurity resources designed to assist organizations with managing cyber risks. The agency also maintains its Shields Up hub to provide specific cybersecurity guidance for organizations that includes the following baseline recommendations:
- Confirm all remote access and privileged and administrative access require multifactor authentication (MFA)
- Update all operating system and application software
- Disable all nonessential network ports and protocols.
- Implement strong controls (as recommended by CISA) for all cloud services
- Explore using some of the agency’s free cyber protection services
In addition to these practices designed to reduce cybersecurity threats, the agency also recommends organizations take steps to better detect and respond to intrusions when they do occur, including:
- Properly focus IT staff on identifying and assessing unexpected or unusual network behavior
- Ensure the entire network is protected by effective antimalware software that’s kept current
- Monitor, inspect and isolate traffic from volatile international locations
- Prepare a cybersecurity response team in advance
- Conduct tabletop exercises to practice and better understand cybersecurity roles and responsibilities
CISA does not recommend stopping there, though. Proper cybersecurity diligence also requires preparing for recovery. The agency encourages organizations of all sizes operating in all industries to implement and test backup processes to ensure operations-specific data and systems can be rapidly restored as the organization requires, should an event occur. The cybersecurity authority also recommends manufacturers and other industrial organizations test manual controls to confirm critical functions could operate should the network fail.
Any doubts such steps are necessary should be eliminated knowing the National Institute of Standards and Technology (NIST)—a US Department of Commerce agency that encourages innovation and industrial competitiveness by advancing standards and technology to enhance economic security—recommends taking such steps, too. Within its Cybersecurity Framework, which concentrates focus on the five key Govern, Identify, Protect, Detect and Respond functions—the agency reaffirms the importance of locking down these fundamentals and presents formally structured guidance organizations can use to better understand, assess, prioritize and communicate cybersecurity efforts.
Need Cybersecurity Help?
If you have cybersecurity concerns and aren’t sure how to best make sense of new trends and protective tools, call Louisville Geek. Your organization doesn’t even need to be in Louisville or Kentucky, for that matter. We assist businesses throughout the US.
You can reach us at 502-897-7577 or by emailing [email protected].