[BreachExchange] Every Week Is Shark Week in Cyberspace

Destry Winant destry at riskbasedsecurity.com
Tue Jul 31 21:41:57 EDT 2018


https://www.darkreading.com/endpoint/every-week-is-shark-week-in-cyberspace-/a/d-id/1332413

Your data, identities, and credentials are cyber chum. Here's how to
protect yourself from the feeding frenzy.

Your odds of being attacked by a shark are zero if you never venture
into the ocean — which is far lower than the odds of being cyber
hacked even if you never go online. After all, you could still become
a victim of identity theft without ever wading unto Internet waters.

The point is this: Fear the cyber shark far more than the great white,
tiger, or bull shark, whose majesty was celebrated this week during
the Discovery Channel's Shark Week, as it has every year since 1987.

So, what can Shark Week teach us about cybersecurity? Here are four
areas to focus on in honor of Shark Week.

1. Assume the Role of a Lifeguard
An organization's ocean is the Internet. Some if it equates to shallow
waters such as internal networks, but much of is deep and uncharted
via the cloud. No matter the depth of the water, you still need to
assess the risks of venturing into potentially perilous territory. A
CISO is a company's lifeguard, which means being aware of, adapting
to, taking precautions against, and assuming control of the threats
that attackers present. With threats always evolving, it's imperative
to keep improving your organizational lifeguarding skills.

2. Guard Against Phishing Attacks and Save the Whales
Phishing attacks — and, specifically, mobile phishing attacks —
continue to rise. In fact, the SANS 2017 Threat Landscape Survey
reported that phishing remains the most significant threat to
organizations, with 74% of cyberattacks beginning when a user clicked
on a malicious attachment or link contained in an email.

Spearphishing attacks are also increasing, rising to 50% in the last
quarter of 2017. This technique has been used to devastating,
well-documented effect over the past few years. Spearphishing takes
the form of an email that appears to be from the recipient's friend or
colleague. The email encourages the recipient to click on what are in
reality malicious links or attachments or persuades that person to
reply with sensitive professional or personal information. These
attacks are difficult to identify on the surface because they combine
the most common attributes of successful social engineering.

Social engineering tactics are also heavily leveraged in an even more
insidious method of phishing known as pretexting, business email
compromise (BEC), or "whaling" attacks. These attacks create the
believable pretext of a fabricated persona in which the victim — most
often a C-level executive — develops a false sense of trust in the
hacker. Once the relationship has been established, money-transfer
fraud and/or outright data theft quickly follows.

Prevention measures for all phishing, spearphishing, and whaling
attacks are widely known and essentially the same. Yet despite
anti-phishing methods such as reporting suspicious emails and
routinely changing passwords, attacks are still increasing. Modern
authentication techniques can be great tools for preventing the
repercussions of stolen credentials. Performing security audits and
providing user education and training are also solid prevention
methods.

2. Safeguard Your Waters with Modern Authentication Methods
Many threats are false positives; the dorsal fin of a friendly,
curious dolphin can look like the dorsal fin of a shark that's
circling the waters. Similarly, an access attempt might not look
suspicious until it's too late. With 80% of breaches being caused by
valid yet stolen or misused credentials, it is imperative to validate
every access attempt — ensuring that the good guys get in (without
hindering user experience and productivity) while keeping the bad guys
out. Today's available solutions add intelligence and analytics to
authentication methods. These risk-based solutions, available from
many vendors, focus on the user's profile and tendencies. They can
include techniques such as geographic analysis, device recognition,
and IP address-based threat services.

3. Continually Assess Your Environments
Threats are everywhere, in the water and online. They're usually
hidden. They sometimes don't appear until it's too late. But that
shouldn't keep humans from swimming in the ocean or conducting
activity online, especially in the age of digital transformation.
Safety counts, and precautions matter.

During Shark Week, we witnessed humans taking shelter in shark cages
and avoiding seal-populated areas and shark-infested waters. As
organizations continue to engage in Internet activities, remember to
follow identity and security best practices, keep your senses alert
for phishing emails and have a remediation and response plan when an
attack does occur.


More information about the BreachExchange mailing list