Skip to main content

Staying ahead of the hackers – what organisations must be aware of

(Image credit: Shutterstock / Khakimullin Aleksandr)

Sophisticated large-scale corporate cyber-attacks are on the rise. When successful, their impact can be devastating and potentially affect multiple organizations.

Recent breaches have demonstrated the skill and ambition that these cybercriminals employ to gain access to data. British low-cost airline group EasyJet became a target of a highly sophisticated cyber-attack that affected approximately nine million customers last year. Similarly, a few months later, Hackney Council was hit by a serious cyber-attack which disrupted services for residents and saw private documents published online.

Such attacks emphasize the criticality of a multi-layered security strategy that covers the entire network. So, how can businesses go about creating such a strategy in order to be able to successfully guard against these kinds of attacks?

How to put up your guard

To get ahead of the hackers, IT teams must be wary of unusual password activity, files being created and deleted quickly, inconsistencies in email usage, and data moving around in unexpected ways. 

One form of cyber-attack is through hackers accessing software patch code and adding malicious code to the patch before it is delivered to customers as a routine update.

This method of attack is especially devious because updates and patches are routine maintenance tasks, meaning IT teams are much less likely to be suspicious about them. Anti-malware solutions are also less likely to scrutinize incoming data like a patch from a trusted vendor. 

One key component that enables these types of attacks is credential compromise. Hackers are careful to obtain authentic credentials whenever possible in order to gain entry to the systems and data that they want to access inconspicuously, minimizing their digital footprint. As a result, IT teams need to be wary of unusual password activity, such as an uptick in resets or permission change requests.

Phishing isn’t going away any time soon

It's no secret that the top security vulnerability for every organization is its people. Consequently, phishing will continue to be a major threat. According to the 2020 Verizon Data Breach Investigations Report, 22 percent of breaches involved phishing and nearly 30 percent of security breaches involved internal actors.

Phishing is easy, cheap, and, most importantly for hackers - effective. Just a single employee clicking on one phishing message can let loose a wave of havoc. Hackers are now making extensive use of ransomware, which is often delivered through phishing. To fight back the industry will need to continue innovating through automated anti-phishing solutions that utilize AI to keep phishing emails out of employee inboxes.

Raise security awareness to lower email threat

Another powerful tool to reduce the risk of a cyber-attack is security awareness training. This can lower the chance of an incident such as a data breach by 70 percent. From ransomware to spear phishing, email threats are one of today’s most dangerous forms of cyber-attack. When conducting a phishing attack, cybercriminals will send a malicious email typically disguised as a message from trusted individuals like a manager, colleague, or business associate to trick your employees into activating the enclosed malware or granting unauthorized access. They will ask the individual to take an action by clicking a link or providing sensitive information like login and password credentials.

In response, more businesses should be training employees on how to spot these emails so they can act as an effective form of defense against cybercriminals. Unfortunately, many awareness programs fail because they are not conducted consistently or are not engaging enough for employees. These trainings have been shown to lower an organization’s chances of experiencing a damaging cybersecurity incident and are most effective when conducted regularly. In fact, a recent study around the impact of phishing resistance training found employees who received the training started to forget what they had learned after six months.

In order to be fully prepared for the risk of a cyber-attack, security awareness training needs to incorporate both educational materials and frequent phishing simulations accompanied by refresher training for those who engage with the simulations. Additionally, employees should always check with their internal IT departments if they have any doubts about the credibility of an email they receive. They can help keep their networks safe by carefully screening their emails and being aware of the signs of a phishing email, which include:

  • Small mistakes in spelling, punctuation, usage or grammar
  • Color palettes and fonts that are just a little bit off
  • Images like signatures or headers that are blurry
  • Sentences that misidentify departments or employees
  • Emails sent from a free email service provider like Gmail
  • Landing pages and emails that use unfamiliar formats

Bolster backup systems

Finally, it’s important not to forget that backup systems present an opportunity to access data from many systems in one place. This means that encryption at rest, immutable backups, air-gapped data copies and hardened backup operating environments become critical components to any security strategy.

It’s recommended that organizations follow the 3-2-1 rule, which involves keeping three copies of data on two different types of media, with one version stored off-site. Additionally, as part of a secure backup environment, businesses should consider backup solutions written in hardened-Linux, as ransomware predominantly targets the more prevalent Windows OS. Organizations should also look for backup solutions that use machine learning to effectively identify ransomware conditions, making it easier for IT teams to investigate and mitigate the effects of a cyber-attack.

It is also critical that organizations frequently test their backups for issues that could impact a successful recovery. Too often, organizations only realize their backup solution didn't work after an incident has occurred. 

Looking ahead

At the start of a new decade cyber-attacks are still growing in sophistication and volume, and businesses around the world are facing an unprecedented level of risk. The security threat increased even further with the rise of remote working over the past year. This way of working is set to continue into the future in some capacity as many organizations plan a hybrid working model. It is therefore more important than ever for businesses to have in place a multi-layered security strategy to ensure they are protected for the months and years to come.

Mike Puglia, Chief Strategy Officer, Kaseya

Mike Puglia
Mike Puglia is the Chief Product Officer at Kaseya.