June 7, 2022

Don’t Get Caught in Cyber Crossfire

By Jaike Hornreich, CISA, GPEN, GWAPT, CICP, CCSFP, Senior Director - Cybersecurity & Data Privacy, Marcum Technology

Don’t Get Caught in Cyber Crossfire Cybersecurity & Digital Forensics

Russia’s invasion of Ukraine has led to a significant, global uptick in cyberattacks that is unlikely to subside in the near future. Given the typical approach to cybersecurity — doing what seems reasonable and within budget — most organizations are likely not positioned to withstand the current threat landscape. Cyberwar grabs headlines, but it overlooks the real threat to businesses: common criminals who pursue sophisticated social engineering attacks and take advantage of publicly known exploits to compromise organizations that are slow to patch vulnerable systems.

We’re used to protecting our physical space: We use locks, video cameras in secure facilities, and doorbell cameras at home. So why, when it comes to cyber/IT, does it feel like such an uphill battle to install similar protections?

The problem we see many Small Businesses (SMBs) face is not knowing where to start. They have minimal budget or staffing and many competing priorities which ultimately leads to cybersecurity fatigue (or just being set aside). Discussions around cyber occur once there is a scare, a Client asks, or, Insurance policy requires it.

There are very basic actions SMBs can take at little to no cost to keep threat actors out of your business. The best part is, these actions can help mitigate the most common methods attackers use to gain entry.

  • Ensure any Internet-connected systems are properly secured and updated. This includes your email systems, firewalls (check those network changes you made to facilitate work from home), and even websites.
  • Enforce multifactor authentication using a single sign-on solution to access company resources, and ensure users maintain good password hygiene.
  • Educate employees on the risks of social engineering and the evolving tactics used by threat actors.
    • Note: Threat actors are increasingly using text messages and voice calls, and it is much more difficult to identify when cell phone numbers are not readily known by co-workers. Additionally, caller ID and SMS spoofing can make these communications appear legitimate.

      If in doubt, contact the person directly via a known good communication method to verify the validity of requests (company chat for example).

If you’re able to increase cost and effort, additional tasks could include:

  • A detailed external and internal penetration test.
  • A spear phishing exercise for specific employees or departments.
  • A full IT risk assessment to understand the current cybersecurity maturity/posture and develop a one- to three-year roadmap that would include staffing, tooling, technical, and governance suggestions and expected costs.
  • A data confidentiality and privacy assessment.

Small and medium-sized businesses do not require much to get them on the right path and using the right tools. Still, many shy away from cybersecurity tools due to time involved in identifying, purchasing, setup, etc. It’s easy to get overwhelmed and push these efforts aside. However, SMBs can be the least equipped to survive a cyber event and the most likely to be forced to shut their doors.

Many high-quality, free or low-cost solutions, are often overlooked and underutilized. Asking your IT provider to see if they are providing or can provide any of the items below should be on the agenda for your next call.

  • Basic manage, detect, and response solutions that can replace current anti-virus tools, and have a layer of expert human monitoring watching over the environment.
  • Customers using Microsoft 365 can find free, base-level security monitoring and security configuration scanning.
  • Data breach monitoring for account credentials.

Experienced (and even not-so-experienced) security leaders will dismiss this list as obvious, expected steps (and that’s great!). The goal here is to hammer home the point that there are no excuses for inaction, and many improvements are within arm’s reach for anyone – just like having decent locks, windows, and alarm systems to fortify your house and physical business locations. It’s time to normalize the cybersecurity equivalent for the resiliency and security of your business.

Marcum Technology provides a full cybersecurity service offering. If you need any help, from beginning a review of your security posture to investigating a cybersecurity incident, or even if you just want to ask for advice on a situation you are facing, please contact us at hello@marcumtechnology.com #AskMarumTechnology