Why it’s time for organisations to rethink their cybersecurity strategy
Article by Proofpoint Asia-Pacific and Japan vice president Tim Bentley
The recently announced 2019 Australian Federal Budget places a sizable emphasis on bolstering the country’s cybersecurity capabilities, a necessary priority given the ongoing global concerns around targeted state-sponsored attacks.
However, these forms of sophisticated attacks don’t just target government entities.
Every day, organisations of all sizes and industries must defend against targeted, high profile threats that aim to steal money, gather valuable information, or launch phishing or malware attacks.
The public and private sector alike are battling an everchanging landscape and must be attuned to the direction in which attackers are moving.
There has been a fundamental shift in the threat landscape, which demands an entirely new way of thinking from IT security teams.
Most security professionals are trained to approach security with the IP address at the centre of their world, but technology vulnerabilities have become rarer, and require more advanced cyber warfare skills to exploit.
To compensate for this, cybercriminals have shifted their focus.
Small or large, nearly every attack against the public and private sector begins in the same way – relentlessly targeting a person through email, social networks or SaaS applications.
These attacks are socially engineered and often use identity deception tactics (such as spoofing and fake email chains) to pose as trusted colleagues or business partners over email and manipulate potential victims into wiring funds, opening a link or attachment, or disclosing information.
Notably, the traditional VIPs within an organisation are often not the same VIPs a cybercriminal would target.
Instead, targeted individuals can range from a CEO’s executive assistant, an intern who handles assigning key card access for a government building, to even a financial team member who wires financial payments to vendors.
These very attacked people (or VAPs) are not necessarily people who are known or actively tracked by the security team which is why an attacker can often be successful without the alarm bell ringing.
This shift in the landscape shows no sign of slowing down.
Proofpoint researchers observed that the number of email fraud attacks against targeted companies increased 226% between Q3 2018 and Q4 2018, and 476% when comparing Q4 2017 and Q4 2018.
Given this, implementing a security strategy that prioritises the protection of people is a key step in proactively preventing a catastrophic loss of data, funds and ultimately brand reputation.
Organisations can establish a people-centric security strategy by taking the following steps:
- Assume users will click – Social engineering is increasingly the most popular way to launch email attacks and criminals continue to find new ways to exploit the human factor. Leverage a solution that identifies and quarantines both inbound email threats targeting employees and outbound threats targeting customers before they reach the inbox.
- Build a robust email fraud defence – Highly-targeted, low-volume business email compromise scams often have no payload at all and are thus difficult to detect. Invest in a solution that has dynamic classification capabilities that you can use to build quarantine and blocking policies.
- Train users to spot and report malicious email - Regular training and simulated attacks can stop many attacks and help identify people who are especially vulnerable. The best simulations mimic real-world attack techniques. Look for solutions that tie into current trends and the latest threat intelligence.
- Protect your brand reputation and customers – Fight attacks targeting your customers over social media, email, and mobile—especially fraudulent accounts that piggyback on your brand. Look for a comprehensive social media security solution that scans all social networks and reports fraudulent activity.
- Partner with a threat intelligence vendor – Smaller, more targeted attacks call for sophisticated threat intelligence. Leverage a solution that combines static and dynamic techniques to detect new attack tools, tactics, and targets—and then learn from them.