While online activities increased during the pandemic, so too have the number of cyber security incidents. In the Verizon Business 2021 Data Breach Investigations Report (2021 DBIR), 5,258 breaches from 83 contributors across the globe were observed – which is a third more compared to last year.
Of these breaches, 85% involved a human element while over 80% were discovered by external parties. Moreover, for organisations in the financial and insurance industries, 83% of data compromised in breaches was personal data, whilst in professional, scientific and technical services only 49% was personal.
To better understand the evolving cyber security landscape and find out how to best secure your organisation, iTNews Asia speaks to Kamal Subramaniam, Security Consultant at Verizon.
iTNews Asia: What can organisations do to ensure that their employees are aware of how to protect themselves from falling victim to such attacks when remote working becomes the working standard? What do you think will be the implications if they do not do so?
The most important thing you first need to do is to educate employees on their responsibilities in the fight against cyberattacks. In Asia, many of the breaches that take place are caused by financially motivated attackers who are phishing employees for credentials, and then using those stolen creds to gain access to mail accounts and web applications.
These breaches can have devastating and long-lasting consequences for organisations extending from financial losses, business continuity problems, legal liability to reputation damage. While organisations can take actions to strengthen their security posture, it is also important to foster a security culture so employees can play their part in protecting the business.
To protect employees from falling victim to these attacks, some good practices that organisations can consider include:
- Assess your needs. A simple security exam can let you know where your employees are secure and where they might need more support.
- Develop a list of training objectives. Then, test against these objectives to measure success and failure—and to craft future training sessions.
- Train on specific security risks and scenarios. Gamify simulated cyber-attacks by breaking into competitive teams. Remember to train knowledge and skills – employees should know exactly how to choose a strong password and know not to install unauthorized software.
- Emphasise new-hire training. But don't neglect to train existing employees on incident reporting procedures so that every potential breach and security issue can be examined and resolved.
- Know the cyber security hotspots. Emphasise the use of social media posts as vectors for social engineering attacks, the importance of mobile device security and the manifold ways that remote employees can be attacked or compromised in their home offices.
- Ramp up security training and awareness for your employees. Ask employees to treat any unknown emails and links as suspicious, and provide them an easy way to alert your IT or information security team.
iTNews Asia: What should organisations do in the situation that they were hit by phishing and ransomware attacks? Which industry is more prone to attacks and why do you think they are more susceptible?
After discovering a phishing or ransomware attack, the immediate response for organisations should be to disconnect any affected machines from the network and isolate other machines wherever possible. This will likely cut off the bad actor’s access and limit further dissemination of malware, should they still have control over breached machines.
Ransomware was only a threat to availability, but we have seen a shift in tactics of the bad actors to “name and shame” their victims. These actors will exfiltrate the data they encrypt and threaten to disclose the data if the victim doesn’t pay ransom. It is highly advised not to pay a ransom as it may be unlawful in certain circumstances.
As such, it is important that well-prepared organisations have in place a comprehensive incident response playbook, an appropriate crisis management plan and business continuity measure that provides guidance on detailed restoration plans for data backups, impact assessment, legal implications and the communication requirements to the stakeholders, regulators and law-enforcement. Having a robust security awareness training in place will also help employees better identify and prevent from falling prey to such attacks.
COVID-19 has no doubt caused a lasting impact on the security landscape, resulting in an increase in successful phishing emails or other breaches amidst the distributed environment. As organisations move their services to the cloud to ensure business continuity, bad actors have also taken note and ramped up attacks on web applications where such attacks represented 39% of all breaches in the 2021 report.
While security remains a challenge for many organisations, there are significant differences across verticals. The industries that stood out in terms of the number of security incidents and breaches include public administration, financial and insurance, healthcare, and entertainment.
For certain industries, such as financial and healthcare, many of such attacks are also financially motived as we see that the financial sector frequently faces credential and ransomware attacks from external actors.
iTNews Asia: What practical and proactive steps can they take to prevent or mitigate risks from ransomware?
From our past findings, ransomware has been continuing on an upward trend since 2016, and now accounts for 5% of total cybercrime incidents. Today, 10% of breaches involves ransomware – doubling last year’s frequency. This highlights an urgency for organisations in the region to prevent and mitigate risks from such attacks.
...it is important that well-prepared organisations have in place a comprehensive incident response playbook, an appropriate crisis management plan and business continuity measure that provides guidance on detailed restoration plans for data backups, impact assessment, legal implications and the communication requirements to the stakeholders, regulators and law-enforcement.
- Kamal Subramaniam, Security Consultant at Verizon
Some steps organisations can take to safeguard their operations include employing robust incident response services that include proactive security assessments, incident response planning expertise and round-the-clock threat intelligence and monitoring.
In addition to enlisting a managed services provider to enhance their security capabilities, organisations can take basic actions to strengthen their security posture.
- Ensuring that their security systems are updated and strengthening access management for remote systems.
- Ongoing cybersecurity training can also help employees avoid falling victim to the email phishing scams that give hackers access to their systems in the first place.
- Segment networks to contain the spread of attacks and limit attackers' ability to move laterally across compromised networks.
- Use multi-factor authentication on all accounts, including remote desktop protocol servers, to make it harder for attackers to phish, guess or crack credentials and hijack key systems for network access.
- Regularly back up information according to the three-two-one rule. This will help organisations restore encrypted systems in a worst-case scenario.
- Deploying zero trust network access (ZNTA) would mean that resources are hidden and only accessible through a trust broker. Three simple steps include verifying users, validating devices and limiting access.