Cyber Defenses – CyberSecurity Confabulation

As we near the 2024 US presidential election, businesses around the country face an escalating cybersecurity threat that demands immediate and sustained action. According to recent research, two-thirds of employees already report an increase in political emails hitting their work inboxes. This increase doesn’t just clutter mailboxes—it creates a perfect storm for potential ransomware attacks, putting organizations at significant risk.

Cybercriminals are, at their core, opportunists. They recognize that major public events like elections create an ideal environment for their nefarious activities. During these times, emotions can run high. Americans also tend to pay closer attention to political news and communications. This means workers may be more susceptible to election-related phishing attempts designed to compromise their employers’ IT systems.

The success of phishing attacks often depends on the attacker’s ability to engineer an emotional response. By tapping into the heightened political atmosphere, cybercriminals try to craft messages that provoke strong reactions, increasing the likelihood that recipients will click on malicious links without proper validation.

Consider the typical election-related email: it might claim to contain breaking news about a candidate, allege a scandal or promise exclusive insider information. For an employee caught up in the political fervor, the temptation to click could override their usual sense of caution. This momentary lapse in judgment is all a skilled attacker needs to gain a foothold inside an organization’s network.

The research also highlighted another alarming statistic: more than a third of end users admitted that they’re at least somewhat likely to click on a link in a political campaign email, even if it appears suspicious. And one out of five are unlikely to validate a political campaign email before opening an attachment.

This lack of caution is troubling on its own, but it gets worse:

Most U.S. workers access personal email on the same devices they use to access work correspondence. This blurring of personal and professional boundaries creates a significant vulnerability for businesses nationwide. An employee engrossed in the latest poll numbers or campaign developments might be less vigilant about cybersecurity best practices, especially if they’re toggling between work tasks and election news.

The severe consequences of a successful phishing attack that leads to ransomware are numerous, from operational and financial disruption to legal and reputational repercussions. As outlined, these risks are becoming even more pronounced as the election season heats up. It’s crucial organizations bolster their cyber resilience and maintain a heightened state of vigilance to protect against potentially devastating attacks.

A comprehensive approach to heightened cyber resilience should include:

Employee education and awareness – Implement comprehensive training programs that teach staff to recognize and report suspicious emails, particularly those with political content. IT staff should conduct regular phishing simulations to test and reinforce employee best practices and to create a culture of cyber resilience awareness, where employees feel empowered to report potential threats without fear of reprimand.
Robust email security – Deploy advanced email security solutions capable of identifying and quarantining potential threats before they reach employee inboxes. Additionally, protocols like domain-based message authentication, reporting and conformance, sender policy frameworks and domain keys identified mail can reduce the risk of email spoofing, while AI-powered email filtering systems can detect subtle anomalies in message content and sender behavior.
Network segmentation and access control – Properly segmenting networks can limit the potential spread of ransomware. Implementing least-privilege access controls also helps ensure employees have access only to the data and systems necessary for their roles.
Comprehensive backup and recovery – Backup and recovery is your last line of defense against threats like ransomware. Maintain up-to-date, clean backups of critical data and systems and ensure you can efficiently and effectively recover from them. All the backups in the world do no good if you can’t recover them. IT leaders should consider AI-powered data protection along with a 3-2-1 backup strategy: at least three copies of backup data on at least two different media with at least one copy stored off-site and on immutable storage.
Incident response planning – Develop and regularly update a detailed incident response plan that outlines steps to take in the event of a ransomware attack. Tabletop exercises should be conducted to familiarize key personnel with their roles and responsibilities during and after an incident, while partnerships with cyber resilience firms and legal cybersecurity counsel should be formed before a crisis occurs.
Endpoint protection monitoring – Deploy and maintain up-to-date endpoint protection software on all devices that access company resources. Endpoint detection and response solutions that can quickly identify and contain potential threats should be implemented as part of a zero-trust security model, which assumes no user or device is trustworthy.
Policy enforcement – Develop and enforce clear policies regarding the use of work devices for personal activities, especially during sensitive times like elections. These should include stricter controls on non-work-related web browsing and email use during high-risk periods.

The convergence of personal political passion and access to critical company networks creates a potent risk that organizations cannot afford to ignore. As we move toward November, businesses must remain vigilant and proactive in their cyber resilience. Leaders should also view this period not just as a time of increased risk, but as an opportunity to strengthen their overall security posture. The steps outlined here to combat election-related ransomware threats will serve organizations long after the polls close, too, creating a more resilient and secure business environment now and in the future.

The post Beyond the Campaign Trail: Strengthening Your Business’s Cyber Defenses for Election Season appeared first on Cybersecurity Insiders.

We’ve all heard the stories. In 2023, Caesar’s Entertainment shelled out a whopping $15 million in damages due to a cyber breach, and MGM Resorts International took a $100 million hit from a ransomware attack. In each case, the breaches in question were caused at least in part because of an often-overlooked threat vector: the companies’ own help IT desks.

Threat actors aren’t giving up on this tactic, either. Earlier this year the American Health Association and the U.S. Department of Health and Human Services issued separate warnings that cybercriminals were targeting healthcare help desks.

Why Help Desks?

Ransomware attacks have become as common as morning coffee. Without strong security safeguards in place, organizations can unwittingly roll out the red carpet for cybercriminals via their IT service desks, giving hackers VIP access to company resources and compromising overall security. The IBM Security Cost of a Data Breach Report 2023 found that the average financial impact of these ransomware attacks now exceeds $5 million, and the threat is only growing.

Help desks are an attractive target for cybercriminals for a number of reasons, the biggest being the level of access IT workers have to an organization’s most sensitive data and functions. Help desks have the power to take high-risk actions such as resetting passwords, removing MFA for a locked-out user, creating new user accounts, and assigning or revoking privileges. If a savvy attacker is able to trick the help desk into doing any or all of these things, they can potentially gain unfettered access to systems and the ability to carry out all sorts of malicious activities, whether that be installing malware or ransomware, exfiltrating sensitive data, or even simply establishing a back-door for later activities down the road.

Strengthening Help Desk Security

With the threat of help desk abuse on the rise, organizations must take steps to harden their help desks against potential attacks. One of the best ways to achieve this is to adopt a Zero Trust mindset.

It’s essential for every organization to question how much access their help desk has in their environment. In keeping with Zero Trust philosophy, help desks should only have access to the functions they need to do their jobs when they need them—that means regularly reviewing to ensure the help desk has the least privilege it needs to fulfill its role. Giving broad administrative access for all help desk personnel is a non-starter, and one of the surest ways to open your organization to an attack via this vector. Security teams should regularly review privileges and entitlements of help desk employees to make sure nobody has more access than they need.

Furthermore, help desk employees need to hear from leaders and security teams that they need to follow established processes, require documentation, and verify users—especially for exceptional requests—to maintain a secure practice. Knowing leadership has the help desk’s back and that there are no exceptions even for VIPs calling in with an “urgent” request is key.

Identity Verification and MFA

Once the proper understanding and processes have been put in place for the structure of your help desk and the people staffing it, next organizations should look at security solutions that can further bolster their help desk’s security posture. Authenticating user identities at each step of a help desk engagement is critical, and while voice and visual identification can be effective, they are not always an option. To address this, organizations should take a defense-in-depth approach to securing their help desks.

Combining multi-factor authentication (MFA) with other out-of-band contact methods such as manager approval via a ticket system, calling the manager manually, having a conference call with the service desk employee, the user making the request, and then a relevant manager or team member, are all effective methods that can stop a cybercriminal in their tracks.

The Help Desk Needs Help

With the prevalence of costly ransomware attacks, data breaches, and more, establishing a strong security posture across your organization’s entire threat surface has become a financially material concern.

The surge in cyberattacks targeting service desks is a stark reminder of the importance of robust security measures. By implementing strong MFA, verifying identities, and cultivating a culture of security, we can mitigate risks and safeguard our resources against cybercriminals.

Don’t let your help desk harm your organization. Fortify your defenses against this emerging tactic to stay safe from cybercriminals looking to weaponize your help desk.

The post Help Desks Under Siege: Bolstering Cyber Defenses appeared first on Cybersecurity Insiders.