Impersonation scams have been on the rise, especially with the increase in screen time given the impact of the pandemic giving way to a greater attack surface area for scammers. Moreover, as organisations adopt to the new hybrid working model, employees who work remotely tend to be lax about security practices and be more exposed to cyber risks.
Jonathan Jackson, Director of Engineering, APAC at BlackBerry shares that there has definitely been an increased opportunity for threat actors to make inroads or gain insight into the organisation as more attack vectors are made available.
“Suddenly, everybody's having to use their own devices and this has now exposed a huge opportunity for attackers to gain a foothold in your organisation to steal data, execute man-in-the- middle attacks, or tap into the unsecured Wi Fi networks,” said Jackson.
“The pandemic unfortunately, also brings with it a degree of vulnerability. Cyber criminals are very good at preying on vulnerable victims. They know what they're doing and they're very well organised.”
Rising trend of impersonation scams
On the increasing number of scam attacks, Jackson reveals that such impersonation cases occur across the board everywhere now – especially with everyone working from home during the pandemic and we become unsure of who to trust. This has become a point of interest for cyber criminals as they recognise that there are the little buttons that need to be pressed for an individual to release the information to them.
“The reality of that from an organisational perspective, there is increased number of things that we need to have to get our job done. With bringing your own device, each of these things adds complexity to infrastructure,” adds Jackson.
“If you're a CIO and the CSO, you are charged with the security of the data that is on an endpoint which is a massive challenge. How can one ensure that all your employee devices have up-to-date software and patching? How can you ensure that the application that the employees are installing isn't a piece of malware?
“The challenge now for organisations is how do they reign that security back in and reduce the attack surface for the organisation. Some employ a zero trust framework or a zero trust architecture, where you basically trust nothing. Everyone will need to earn the trust to get access to the information needed. If you can deploy solutions and capabilities in an organisation which can help you establish some form of zero trust, that will help you as you go forward in this digital transformation.”
Constantly establishing trust
However, in establishing zero trust, there would be challenge of constantly re-authenticating and re-establishing trust for every interaction once verification of one’s identity is needed.
“What we can do is operationalise the use of machine learning, automation and artificial intelligence. We can now track the transactions and engagement patterns continuously to pull up a risk score – observing the way that a device is being used on a continuous basis and allowing access to information,” advised Jackson.
“But if at any level, the risk looks like there's something weird going on that device, then we can ask for re-authentication to prove that you are who you are before allowing the individual to carry on doing what they were trying to do.
“That's one of the tactics that can help organisations make sure that their data and their networks are secure. It's not just about data and metrics – it is the data, person, applications, and even people.”
Upholding security within the organisation
For every organisation, the responsibility of ensuring the security of devices and systems would usually fall on either the outsourced security vendor or an internal security team. However, Jackson feels that it is the responsibility of every individual within the organisation to have some level of cyber awareness.
There needs to be initiatives within the organisation that would help everyone to stay cyber resilient. This comes down to employee awareness, and the vendors and partners that they are working with.
Given the shortage of skilled workforce for organisations to establish this cyber resilience, Jackson identifies the partnerships with vendors and partners to be essential to circumventing this challenge.
Additionally, below are 5 tips that Jackson has shared to ensure that your organisation is prepared and protected:
- Patch everything
Organisations should patch all operating system vulnerabilities to ensure that everything is up to date. However, even if organisations are able to patch the server farm and the data centre, the challenge for organisations lies with the current workforce using their own devices. Regardless, having a framework for keeping devices and systems up to date is very important.
- Backup your data
There must be a decent backup of your organisation’s data, and that backup has to be off your network. The most important part would be to not rely on the Windows Shadow Copies as your backup as they are often deleted during the exfiltration of a cyber attack.
- Investing in vendors
Vendors and partners are important players who can help with next generation AI based detection and response capabilities and equip you with cyber warfare tools that can help you to cover everything. This includes endpoints, servers, Point Of Sale (POS) machines, IoT devices, mobile devices, and even people.
Cyber security planning needs to focus on the people and the security team. Should there be a need to fill in the gaps in skills and resources, security training needs to happen.
It is important to know how ransomware and malware can get into your organisation, but teams need to be able to threat hunt as well against attacks such as Cobalt Strike and TrickBot as threat actors use those tools themselves.
The workforce would benefit from education in the form of Red Teaming activities, phishing campaigns, and cyber gamification training. All of these things would be essential to keeping the cyber awareness levels high in an organisation.