FEATURE Review by Shane Naugher
The Cybersecurity War: You Are A High-Value Target!
It is no secret that cybersecurity is critical for organizations of all sizes and industries. Ransomware increased by an explosive 388% between quarter two and quarter three of 2020. The effects of COVID-19 were not just felt from an economic impact but also from a huge uptick in cybersecurity risk and liabilities. The bad guys took advantage of a massive shift in the workforce working remotely and, in many cases, less securely. On top of that, the fact that so many were hypersensitive to communications revolving around COVID-19 health issues, paycheck protection program funding and economic relief set the stage for easy pickings for threat actors to step up attacks. 24
theReview September/October 2021
Ransomware is primarily spread through two predominant threat vectors: 1. End users falling victim to email phishing and/or clicking on malicious links and attachments; 2. Poor password hygiene. While information technolog y (IT) professionals have preached for years that end users should never click on an attachment or a link they are not expecting, the bad guys are becoming more convincing. In the case of poor password hygiene, we know approximately 70% of people will reuse passwords across multiple sites and services. If one site is compromised, then credentials end up posted to the darknet for sale and now the threat
actors just need to plug those credentials into software that attempts to access multiple sites. However, ransomware is not the only threat ravaging organizations from a cybersecurity perspective. Business email compromise (BEC) is arguably just as big of a threat and is often used in conjunction with a ransomware attack. In the case of BEC, access is compromised to the email account of the victim through multiple means including poor passwords, compromised credentials sold on the darknet and phishing attempts that prompt end users to enter their current credentials in a fake website that only collects the data input. In the case of the fake websites,