How to keep your organisation safe through a summer of cybercrime

How to keep your organisation safe through a summer of cybercrime
Bharat Mistry, Technical Director at Trend Micro, shares his advice on how best organisations can protect themselves as cybercrime continues to rise drastically this summer. 

As the temperatures warm up and lockdowns ease, you might be forgiven for thinking that summer means an easier time at work. Unfortunately for cybersecurity professionals, that’s most definitely not the case. You might want to take it easy, but threat actors rarely take PTO. From crippling cyberattacks on UK schools to urgent new advice for patching critical vulnerabilities, there’s no shortage of stories to keep CISOs awake at night.

The good news is that mitigating cyber risk doesn’t need to be prohibitively expensive or complex. Now is a great time to revisit policies, tooling and strategy, to set your organisation up for success.

A summer of cyberthreats

By any measure, ransomware is the most visible and dangerous threat UK organisations have to deal with this summer. Trend Micro detected a 34% year-on-year increase in new variants in 2020, and the underground market remains as prolific as ever this year. Over recent months, high-profile attacks on US oil and food supply chains and managed service providers have escalated ransomware to the highest levels of government. In addition, both G7 and NATO leaders have called out nations such as Russia for harbouring criminal groups.

Yet while these big-name attacks tend to be most eye-catching, the majority are still aimed at SMBs. And the affiliate groups that carry most of them out are getting bolder. According to insurers, the average size of demand made to North American ransomware victims soared by 170% year-on-year in the first half of the year. We’ve seen attacks combining not only encryption of key files and data theft but also DDoS attacks and the contacting of customers and stakeholders—all with the end goal of forcing payment. The good news is that their tactics are increasingly predictable: initial entry via phishing, vulnerability exploitation or RDP, and lateral movement using legitimate tools.

Less easy to predict or deflect are nation-state attacks. Yet as state-backed operatives get bolder, more organisations are becoming exposed to potential compromise—either as a target themselves or a “stepping stone” en route to higher-value partners. When the US government starts offering rewards of up to US$10mn for information identifying these actors, you know that the advantage is increasing with the attackers.

Making things even more difficult is the increasingly blurred lines between state-sponsored and cybercrime activity. Nation states today might buy hacking tools off the dark web and even hire cyber-criminals to do their dirty work. In the meantime, the cybercrime economy continues to mature. Today it’s a finely tuned machine where each component has a precisely defined role. As we’ve reported, “access-as-a-service” vendors are increasingly common. These threat actors typically compromise targets and then sell network access to ransomware groups and others. The pressure to patch vulnerabilities and find misconfigured endpoints has never been greater.

Review and prioritise

Although we say that things are getting harder for cybersecurity leaders every year, 2021 has had more bumps in the road than most. But that doesn’t mean it’s game over. In fact, the summer offers a useful opportunity to take stock of what works and what doesn’t and to advance the corporate cybersecurity posture.

READ MORE:

We know that attackers are increasingly hijacking RDP endpoints and other accounts by brute-forcing credentials or using previously breached passwords. That makes multi-factor authentication increasingly table stakes for today’s CISOs. We also know that they’re still exploiting vulnerabilities to compromise systems, including those dating back several years. So patch promptly and consider virtual patching capabilities to protect end-of-life and other systems where fixes can’t be easily applied. Finally, review the legitimate tools (PSexec, Cobalt Strike etc.) that are regularly used by threat actors once inside your networks to perform lateral movement without raising the alarm. By understanding how they’re used by your employees, you’ll be better placed to spot anomalies that could indicate malicious activity. More broadly speaking, use this summer to identify your most business-critical systems and build defences around them first. Work with your security partners to audit their solutions and ensure you have the latest builds and features in place. And review your policies, especially incident response and recovery in the event of a ransomware attack. The bottom line is that no organisation is 100% safe from a security breach today. It’s all about spotting them early on and taking action before the bad guys have.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

An image of cybercrime, News, How to keep your organisation safe through a summer of cybercrime

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Nutanix on OVHcloud US Offers a Hybrid Multicloud Solution

Joon Lee • 11th September 2023

Nutanix is a leading cloud computing software company that helps companies simplify their cloud strategies by using hyperconverged infrastructure (HCI) environments. Hyperconvergence is a software-centric architecture that tightly integrates compute, storage, networking, and virtualization resources and other technologies on commodity hardware servers supported by a single vendor.

OVHcloud Is at the Forefront of the Data Revolution

Karen Kokiko • 11th September 2023

Information technology is going through a digital transformation and reshaping how we do business, how we interact, how we make decisions, and how we influence our society. OVHcloud® is at the forefront of this data revolution, standing apart from the competition with a strong commitment to creating a level playing field and the opportunity for...

Right Sizing & Workload Optimization in the Cloud

Joon Lee • 11th September 2023

Organizations facing the challenges of scaling their cloud infrastructure can achieve improved performance by implementing the principles of right sizing their infrastructure. This practice is essential for optimizing cloud infrastructure and enhancing its overall effectiveness. In this guide, we will discuss the benefits of right sizing, including optimizing costs, eliminating waste and improving performance. We’ll...

Can Europe take on the US Cloud giants?

Richard Hilton • 30th August 2023

With so many issues coming up about cloud storage, what is the solution to the dominance of the major giants like AWS (32%), Microsoft (23%) and Google (10%) taking 65% of the world cloud market?

The race to dominate the AI space

Kevin Cole • 24th August 2023

The launch of Chat GPT-4 in March of this year provided the catalyst for a conversation that has been gaining momentum for some time now: How will artificial intelligence (AI) change the world?