SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Expert advice to combat rising ransomware & phishing

Thu, 17th Oct 2024

In recognition of Cyber Security Awareness Month, industry experts from Check Point Software Technologies and ExtraHop recently shared insights on combating ransomware and phishing threats that continue to plague organisations globally.

Jamie Moles, Senior Technical Manager at ExtraHop, highlighted the growing threat of ransomware, which frequently targets individuals through spear phishing schemes. "If you look closely at the fallout of ransomware incidents that occur today, many large-scale attacks are a direct result of various spear phishing schemes via social engineering. This is largely because hackers know humans are the easiest entry point for extensive and robust attacks," Moles stated. According to ExtraHop's report on Global Ransomware Trends, security leaders have reported nearly eight significant ransomware incidents annually, resulting in an average payout of USD $2.5 million in ransom.

Moles advised that identifying phishing attempts is crucial in preventing these attacks from escalating into ransomware incidents. "Recognising signs that indicate you might be the target of a phishing attempt is the first piece of the puzzle," he noted, urging individuals to report any suspicious communications to their IT department immediately. This proactive method, combined with advancing AI technologies, can help in recognising and mitigating phishing threats, although individual vigilance remains essential.

From Check Point Software Technologies, Jeremy Fuchs, associated with the CTO's Office, underscored the persistent threat email poses as a vector for cyber-attacks. Despite technological advancements, cybercriminals continue to exploit email communications due to the trust users place in their inboxes. Fuchs recommended several security strategies, including the use of Content Disarm and Reconstruction (CDR) technology, which removes potentially malicious executable content from emails before they reach users.

Additionally, Fuchs emphasised the importance of good cyber hygiene, such as verifying email sender addresses and being attentive to unusual language or requests in emails. "Taking a few moments to think through the context of the email can often help sort through what's good and what's bad," he advised.

In the context of organisational preparedness, Rob Falzon also from Check Point, stressed the necessity of regular phishing exercises for employees. "In today's digital landscape, it's not enough to hope you'll avoid a cyber attack—you must be prepared for when it happens," Falzon pointed out. He advocated for rapid response plans to manage breaches effectively, which include immediate alerts to security teams and disabling compromised accounts.

Aaron Rose, another expert from Check Point's CTO Office, suggested using Cyber Security Awareness Month as an opportunity to reassess and bolster current security postures. "Thoroughly examining the network infrastructure, software applications, hardware devices, security operations, and organisational policies can pinpoint areas that require improvement," Rose mentioned. Implementing a zero-trust architecture and segmenting networks were also recommended to limit the spread of breaches.

Employee education and training remain critical, alongside ongoing security practices such as vulnerability scanning, multi-factor authentication, and regular incident response plan updates. Regular backups of critical data were cited as significantly reducing downtime in the event of cyber-attacks.

The insights shared by these experts underscore the complex and dynamic nature of cyber security threats, stressing the importance of remaining vigilant and proactive in the face of potential cyber threats.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X