7 minute read

The Cybersecurity War: You Are A

by Shane Naugher

The Cybersecurity War:

You Are A High-Value Target!

It is no secret that cybersecurity is critical for organizations of all sizes and industries. Ransomware increased by an explosive 388% between quarter two and quarter three of 2020. The effects of COVID-19 were not just felt from an economic impact but also from a huge uptick in cybersecurity risk and liabilities. The bad guys took advantage of a massive shift in the workforce working remotely and, in many cases, less securely. On top of that, the fact that so many were hypersensitive to communications revolving around COVID-19 health issues, paycheck protection program funding and economic relief set the stage for easy pickings for threat actors to step up attacks.

Ransomware is primarily spread through two predominant threat vectors: 1. End users falling victim to email phishing and/or clicking on malicious links and attachments; 2. Poor password hygiene.

While information technology (IT) professionals have preached for years that end users should never click on an attachment or a link they are not expecting, the bad guys are becoming more convincing. In the case of poor password hygiene, we know approximately 70% of people will reuse passwords across multiple sites and services. If one site is compromised, then credentials end up posted to the darknet for sale and now the threat actors just need to plug those credentials into software that attempts to access multiple sites.

However, ransomware is not the only threat ravaging organizations from a cybersecurity perspective. Business email compromise (BEC) is arguably just as big of a threat and is often used in conjunction with a ransomware attack. In the case of BEC, access is compromised to the email account of the victim through multiple means including poor passwords, compromised credentials sold on the darknet and phishing attempts that prompt end users to enter their current credentials in a fake website that only collects the data input. In the case of the fake websites,

you may have seen emails in your inbox about needing to reset your Office 365/ Google email password, unusual signin activity that you need to verify, or over-the-limit storage that you need to correct. All of these can prompt the end user to enter their credentials freely for the bad guys and not even realize it until it is too late.

Once the threat actors have access to your email account, they can send email to your staff, vendors and clients. Most of the time the threat actors will monitor communications for days, if not weeks, to determine who is the most valuable target and what are the active projects that involve finances where they can take advantage. From there, they can send emails to other staff members or even clients asking for payments to be submitted to a fraudulent bank account - the email is coming from a valid sender and, in most cases, a valid project/ subject about which the staff or client is expecting communications. This type of attack increased 50% in frequency during 2020 and cost organizations more than $1.8 billion in associated losses.

So yes, there is a cybersecurity war occurring and unfortunately city municipalities are a top target. Why? Well, for one, a private business may or may not be able to survive a ransomware attack and/or BEC and the related expense. A private business may end up just closing the doors. Municipalities do not have the option of simply closing down. Most municipalities are more aware of these type of threats in recent years, and most cases have been advised to carry cyber liability insurance to mitigate the risks. In many cases, they have been mandated to adopt this coverage. When an attacker is choosing a target, will they pick the one that may or may not have insurance and may or may not have the funds to survive? Or, will they pick the one most likely required to have funds or insurance coverage to survive these types of attacks?

In this war, the high-value targets are the individuals that control the finances and operations. They are the city clerks, finance directors, CFOs and administrators. They know these are the ones that are involved in the projects, executive decisions, and in many cases control the funds. Do you feel that cybersecurity laser dot on you yet?

Just as in any physical war, you need to be prepared and have a strategy in place to defend yourself and your organization. The landscape around this war changes daily and not having a plan and strategy in place is equivalent to running across a minefield in snowshoes.

The first step is to outline a formal incident response plan. At a minimum, this needs to be a formal document that outlines what steps to take and who is involved in the event of a cyber incident. This should include what type of communications are needed, in what order, and by whom. Just as in a traditional emergency, the same logic and process should be used in a cyber emergency. When a cyber event happens panic hits everyone and just like a physical emergency, keeping a cool head and following a defined process will give you a much better outcome in the end. In an ideal world, you would have an incident response platform that automates much of the process and

Now is the time to build.

Missouri’s municipalities and utilities are reevaluating capital improvement plans to advance critical infrastructure projects. Combining today’s financial backing with design‑build delivery makes now an opportune time to pursue your projects. To learn how to capitalize on the opportunities, listen to our webinar at burnsmcd.com/MML102021.

In this war, the high-value targets are the individuals that control the finances and operations. They are the city clerks, finance directors, CFOs and administrators. They know these are the people that are involved in the projects, executive decisions, and in many cases control the funds. Do you feel that cybersecurity laser dot on you yet?

communications and keeps detailed documentation of all the details.

Secondly you need to make sure you are keeping up to speed with the latest tools to mitigate your risk and liability. Traditional antivirus software is becoming less and less effective at stopping the latest threats. This means software everyone was so concerned with keeping up to date five years ago is completely missing the newest threats that do not act like the traditional virus and malware threats. Your protection needs to also include a zero-trust approach to your network and data. This limits the ability of items that normally get past antivirus software and instead focuses on the activities and permissions to execute rather than a known virus signature.

Finally make sure you are addressing your biggest liability — your people. Since the top two largest threat vectors come from your people using poor password hygiene and/or clicking on malicious links and attachments, this is the biggest risk to your organization. To address this, your team should be utilizing ongoing cybersecurity awareness training and testing. Organizations that proactively train and test their users can see exponential reductions in their risks and liabilities. Your staff does not want to be a risk to the organization. Once they realize how much risk they face, they welcome the additional focus and resources training and testing can provide.

It is time to gear up and get ready for battle! This war is not going away anytime soon. The more preparation and attention you give it today, the better your chances of winning against the bad guys. Your survival tomorrow depends on the training and preparation you do today!

Cutting Edge Solutions

Jeff Chronister

Senior Advisor

The Top Emerging Risks for Public Entities

• Pressure to Reduce Costs & Align Budgets • No Long-Term Documented Plan in Place • Lack of Claims Management Strategy • Cyber Attacks • Legislative Changes • Employment Practices Liability • Rising Cost of New Hires • Aging Workforce

Shane Naugher is the president and owner of DaZZee I.T. Services. DaZZee I.T. Services has spent the last 21 years designing, building and maintaining complex network and security solutions for public and private entities in Missouri and Arkansas. DaZZee’s highly specialized team has been contracted by organizations from Winnipeg Canada all the way down to the Florida Keys.

www.facebook.com/mocities

www.twitter.com/mocities

www.linkedin.com/ company/mocities

Scan the QR code with your smartphone or visit www.mocities.com

for links to each page!

This article is from: