Cybercriminals, catching the enterprise out
Rather than settling for an easy slice of the action, ambitious cybercriminals are increasingly trying to take the whole cake. Analysts from Malwarebytes found that the threat against business has soared by over 200 percent since last year, whilst attacks on consumers fell by nearly 40 percent.
Cyber criminals will always seek the biggest payout that requires the least effort. As there is clearly more sensitive data to be stolen from the average business than the average individual, it makes sense for hackers to focus their attacks on the former whilst still using the latter as a way in. Organizations need to be doing more to protect themselves, educating employees at all levels about the importance of cyber security.
People remain the biggest weakness when it comes to cyber security. It is important to remember that the targeting of people and the targeting of businesses are not actually separate issues, they are largely interlinked. Step one of attacking an organization is often compromising the credentials of an employee. Therefore, cybercriminals don’t actually need to adjust their tactics to attack the business, they still begin by targeting an individual.
CEO Fraud Challenge
CEO Fraud is a rapidly growing attack vector taking advantage of employees’ willingness to please the boss.
For example, singling out CEOs (CEO Fraud) can be particularly lucrative. With this technique, hackers pose as the CEO of a company in order to trick a more junior employee into sharing sensitive information – and this type of attack is notoriously hard to detect. Once hackers have stolen the required details, they can then use them to target their business accounts and infiltrate the company they work for to catastrophic effect.
Not just limiting their techniques to attacking individuals, cybercriminals are targeting small businesses as an entry point into larger organizations, potentially jeopardising key client relationships. A recent survey revealed that almost two-thirds of small UK businesses (organizations with 10 to 49 members) of staff, were targeted by cybercriminals at a total cost of £13.2 billion.
The weakest link
So, why aren’t enterprises better equipped to prevent attacks from cybercriminals?
New technology in the workplace trends may be making life easier for employees, but they’re also making it harder for enterprises to keep their security under control. One such trend is work schemes such as BYOD (bring your own device). By decreasing the barriers between personal and work life, organizations are providing more opportunities for attackers, despite the advantages this brings to productivity. The increased use of cloud applications is another security risk for businesses. Employees need only accidentally upload a sensitive document to a widely accessible channel or download an infected file to endanger the security of their entire business.
Essentially, businesses shouldn’t be viewed as impregnable because they are larger and have more resources. Instead, they need to consider themselves as a sum of their parts, which has multiple potential entry points – and implement a robust security posture to protect themselves.
Enterprises have to keep in mind that targeting individual employees is always going to be the easiest way for an attacker to exploit their network. This means protecting and securing the most vulnerable entry points to the corporate network, which are email, web, and cloud applications. Unfortunately, the challenge for businesses is that this often involves deploying several point products. The average enterprise uses between 25 and 30 security products, which can produce a chaotic 500+ SOC alerts every day.
Dealing with all these alerts is not only unmanageable but leaves no time for proactive threat-hunting or searching for indicators of compromise. Who needs that?
Ongoing employee education at all levels of the business, on the perils of cyber attacks, will continue to be vital to protecting your organization, but implementing a people-focused security strategy is equally as important. With as many as 75% of employees falling for spear-phishing emails, it’s important to deploy advanced solutions that stop those emails from getting through and disarm them when they do.
We have been working tirelessly to create a solution for organisations of all sizes that is both user-friendly and effective, allowing visibility and control without getting in the way of the day-to-day.
The result is a consolidated platform which integrates email and web security, cloud access security broker (CASB) and multi-factor authentication. Not only does this offer simplicity of implementation and management, there are other advantages too…
Cyber criminals will always try to work their way up the food chain to reach the most lucrative targets, and we work hard to make sure our customers are one step ahead, offering advanced multi-layered email security that can talk to your web security and CASB, allowing them to take independent autonomous action. We call this ASE.
Our Autonomous Security Engine (ASE) enables traditionally siloed products to share and react to security events and state data whilst leveraging world-class threat intelligence to prevent attacks before they enter the kill chain.
Take a look at this video to find out more: