Security Thought Tank: Essential tools to mitigate duplicate extortion attacks

It makes good business sense to make full use of the revenue potential of any product, so why not developers and controllers of malicious software? Cybercriminals now not only encrypt data but also demand money and threaten to publish that data in the public domain To put pressure on the victims to pay the ransom.

Ransomware is one of the threats a company faces, along with the main route of infection through phishing emails. Reports from National Cyber ​​Security Center And the results of the annual cyber security survey of businesses and charities in the digital, cultural, media and sports sectors show that 86% of malicious software attacks involve phishing. New Waves of Phishing Emails From “HMRC” and “TV-Licensing” Covit-19 infection is complemented by those who use the mask.

If a person’s social media privacy systems are not set up properly and they share more information about work – related activities, this can help attackers make their phishing emails more trustworthy. In a recent example, the attackers exploited social media information about a project team working in a foreign country. Employees released details of their location and plan, and the attackers used the information to submit an invoice to head office in London.

Many cyber criminals Sell ​​leaked data on the dark web This often creates waves of multiple attacks after the original breach, a supply chain of criminals willing to buy datasets. It is necessary to constantly monitor the dark web.

Managing these risks requires a comprehensive approach using both technical and practical controls and education.

Placing technical restrictions

Technical controls should be applied to the IT infrastructure so that they can easily configure the growing threats while at the same time being cost effective and having minimal impact on the user experience. Such restrictions include using only reliable security software on all devices and keeping software and operating systems up to date. Regular grafting.

Accepting cloud services can also help mitigate ransomware infection because many cloud services retain earlier versions of a company’s data.

Encryption is another option, but there are rules that require that the business case be clear and in some cases be accepted as a minimum security requirement.

Creating the right culture through education

Phishing attacks can be mitigated by activating email gateways that try to trap phishing emails, but these will never stop 100% of potential attacks. A user education program Necessary.

There are some simple things that a user may notice, they should be alert to the authenticity of the email, and an important part of this approach is training people not to click a link or run macros. .

This is especially important as the number of employees working from home is increasing and they need to ensure that their work is kept separate from their home-based IT systems.

Hides data in plain view

Securing data is not about blocking access, but ensuring that it is shared only on the basis of who is requesting it. Data watershed data and data loss prevention tools can also be useful by adding personal values ​​to identify compromised information.

One of the key questions we are asked when responding to an incident is: “Can you find our personal data?” The ability to identify PIIs in large IT gardens is essential and an integral part of it Compliance with the General Data Protection Regulation (GDPR), The system must hold the inventory of the PII.

Deviates from password

Advances in biometric authentication – now practiced on mobile phones – are becoming more complex, allowing for less intrusive ways of authentication. Innovations like Microsoft Hello change passwords with biometrics and simple PIN.

Recently, New York State University announced that it has successfully developed one 3D finger nerve biometric recognition A method of providing specific quantity and anti-cheat levels previously impossible. Such advances in technology eliminate the possibility of exploiting weak or reused evidence.

Using AI to detect potential violations

Artificial intelligence (AI) is becoming an integral part of protecting a system against data loss. In a complex environment facing many threats, the traditional approach of monitoring technology feeds is no longer enough.

Understand or learn what the natural state of accepted security is, and then detect trends in a wide range of technical and human factors that indicate dangerous behavior or actions, which, if seen in real time, can be avoided before data loss occurs.

It is clear that the full range of these tools will be required to effectively protect personal data.

Jim Medcoff is a cybersecurity expert B.A. Consulting.

Leave a Reply