- Worldwide spending on cybersecurity is going to reach $ 133.7 billion in 2022 (Gartner)
- 68% of business leaders feel their cybersecurity risks are increasing
- Data breaches exposed 4.1 billion records in the first half of 2019 (RiskBased)
- 71% of breaches were financially motivated and 25% were motivated by espionage (Verizon)
- 52% of breaches featured hacking, 28% involved malware, and 32-33% included phishing or social engineering (Verizon)
- Common causes of data breaches are weak and stolen credentials, a.k.a. passwords, back doors, application vulnerabilities, malware, social engineering, too many permissions, insider threats, improper configuration, and user error
- 69% of organisations don’t believe the threats they’re seeing can be blocked by their anti-virus software (Ponemon Institute)
- The banking industry incurred the most cybercrime costs in 2018 at $ 18.3 million (Ponemon Institute)
- 92% of malware is delivered by email (CSO Online)
- During 2019, the number of cases of abuse of personal data reportedly increased
- The spread of malicious software andransomware increased during 2019, when confidential data from both individuals and organisations is made unavailable by encryption, deletion, or alteration
- A significant number of diversion websites were registered in 2019, targeted at government and private sector organisations
- Most of the incidents reported fall into the social media category. Facebook-related incidents were the highest among social media incidents
- Bad actors’ goals
- Access your system
- Steal personal information
- Lockdown computer with ransomware
- Malicious transactions
- Imposter scam – advantage on negative situation, e.g. sending emails pretending to be from the World Health Organisation (WHO) to share new information about coronavirus; sending emails as though they are from government agencies or officials to collect personal information
- Product scams – fake shops and websites, coronavirus vaccines, surgical masks (trying to steal personal information), etc.
- Cybercriminal attacks
- Phishing attack – coronavirus advisory issue
- Spread malware
- Steal login credentials – fake calls from banks
- Engage in financial fraud
- Deploy or reinforce protective measures to address vulnerabilities – identify vulnerabilities on your current environment
- Leverage available resources to monitor and identified threats – endpoint protection, sensitive information (backup)
- Review/revise/test incident response plan – can you execute remotely?
-
- Internet response plan (hybrid protection plan)
- Contact details (in case technical staff are unavailable)/practising simulation exercise
- Backup strategies
- Personal PC/Office PC
- VPN connection
- Wireless/router protection
- PC endpoint protection (virus update)
- OS patch updates
- Deal with third party – role-based management controls
-
- Using personal devices lacking same security as company-issued devices
- Forwarding sensitive business and client information to personal accounts
- Failure of conference calls – Zoombombing
Eavesdropping attacks on private conversations or secret contact with people without their permission
- Do not use the same security codes to access the conference call
- One-time PIN code creation
- Meeting identification code (its adding additional layer of security)
- MFA conference call (to make sure that all appropriate members are in )
- New attendees join (notification or set a tone)
- Turn off third party home devices (e.g. Alexa or Google home)
- Review policies and procedures and revise as necessary
- Using personal devices for corporate use
- Storing personal credentials in websites
- Assess infrastructure necessary for work from home
- VPN – the banking virtual private network services provide a wide range of protection and enhanced bank network security services
- Multi-factor authentication (MFA)
- Mobile device management (MDM) – mobile wipe data in case you lost the device
- Bring your own device (BYOD) – when will you have to use it
- Temporary vendor access/resign employee – access disable
- Educate/train employees
- Recognise outside threats (periodically tech upgrade/newsletter)
- Communication with IT teams (awareness programme)
- Established a secure connection
-
- Unknown assets on the network – asset registers (security update and OS patches, security device ports are open, activate firewall)
- Abuse of User Account Privileges (intentional leaks and misuse of account privileges, sharing of super passwords/hardcode super passwords), policy of least privilege
- Unpatched security vulnerabilities (application is not updated/vendor systems not updated)
- A lack of defence in depth (network is structured with strong segmentation) – separate your most important system data separately
- Insufficient IT security management
- Internal IT security team to manage all of an organisation's needs can be expensive
- It's a time-consuming process
- Qualified professionals are in demand
- Inbound attack is a first move towards traditional defeats in depth, such as firewalls of the next generation, antivirus (AV), network gateways, and even modern sandbox technologies
- Advanced cyberattacks are planned to bypass the conventional protections of the network
- Next-generation cyberattacks target specific individuals and organisations to steal data
- Bad actors used various channels such as the internet, e-mail, and malicious files, and responded quickly to zero day vulnerabilities and others
- Settles into a system
- Tries to hide
- Searches out network vulnerabilities
- Disables network security measures
- Infects more endpoints and other devices
- Calls back to command-and-control (CnC) servers
- Wait for instructions to begin network data extraction
- Scanning and configuration
- For protecting mailboxes against SPAM and malware
- Proper domain name system (DNS) configurations for Sender Policy Framework (SPF)
- DomainKeys-Identified Mail (DKIM)
- Domain-based message authentication
- This technique helps to protect against phishing attacks
- MFA helps restrict malicious use and limit the damage (phishing attack)
- Data protection, encryption, and leakage
- Outbound emails are leaving the end user environment on a daily basis
- Data loss prevention (DLP), rights management, and email encryption serves to provide protection and management awareness, while helping to better manage associated risks
- Response, monitoring, and auditing
- Automating response tactics combined with mailbox auditing help to ensure that when an infected email hits the organisation network, users are able to automatically prioritise remediation
- Its ability to continuously analyse threats and monitor traffic trends are important to your email security strategy
- URL-based threats should automatically be analysed to protect against malicious content
- Real-time analytics help to block infected emails that have been received
- Comprehensive protection from BEC threats
- Threats from business email commitment (BEC) use social engineering to make end users act. It is a threat to phishing, where cybercriminals are forcing workers or consumers to reveal or move confidential data
- IT surveillance, user education, understanding, and testing help users to become more intelligent
- Sri Lanka Police Cybercrimes Unit
- Sri Lanka CERT
- Information and Communication Technology Agency (ICTA)