Threat actors have become more sophisticated over the past few years, but organizations have fallen behind in putting in place the essential countermeasure controls.
Businesses are struggling with escalating costs, including skyrocketing cyber insurance premiums. The rising cost is partly attributable to an increase in business interruption costs, which are primarily impacted by the ability of threat actors to locate and delete backups and production data within an organization, delaying prompt recovery.
The sophistication of threat actors has increased dramatically over the past few years, but companies have not kept up by implementing the requisite technical configuration and controls. Policy and compliance are essential to cybersecurity, but hackers don’t target policies. They target the configurations and controls.
As a last line of defense, precautions like immutability can help backups survive. However, the success or failure of security methods of most companies heavily depends on the users — those who don’t have an IT or security background. Unfortunately, the technical configurations and controls of most businesses do nothing to lessen the possibility of damage being done using user endpoints.
Too many companies allow a plethora of remote access software, meeting software, browsers, password managers, file-sharing tools, and personal email services. Threat actors have more opportunities to gather user credentials, access an endpoint, exfiltrate data, or achieve remote access due to this tech sprawl.
So how can businesses avoid falling victim to sophisticated threat actors?
Focus on Education
The evolving risks posed by tools that are used by employees every day and how attackers utilize them, particularly email, must be made clear to all users. Threat actors favor email for the delivery of malware, according to Verizon’s “2022 Data Breach Investigations Report.”
Additionally, IT professionals require regular training. Too frequently, victims think the breach they experienced was accidental. IT professionals often aren’t aware of the flaws and misconfigurations in their environment or how sophisticated threat actors have become at exploiting them.
A determined, motivated, anti-political personality is needed to push an organization to take the necessary actions to implement security properly. Even restricting access to personal email accounts within a company is likely to encounter resistance, but it must be done.
Evaluation is Necessary
It can be tremendously beneficial for the IT department to find a partner who can carry out an in-depth technical evaluation of the business environment using breach expertise. IT systems often have inadequate configuration and insufficient technical controls. Organizations, however, often operate without being aware of these risks.
Because risk is constantly shifting and vendors are consistently offering updated products and services, a regular assessment—at least once a year—is crucial. The configuration and suitability of technical controls must be regularly examined, so they don’t compromise the security posture of the enterprise.
Security is ultimately everyone’s responsibility, but security teams and IT professionals need to be clear about their roles and collaborate with executives as well. To defend the organization from threats, internal politics must be set aside.
For instance, in some situations, the leadership opposes measures that can look overly strict, preventing the IT team from taking the necessary steps to safeguard a business appropriately.
Businesses must focus their security strategy on safeguarding endpoints and stacking controls, among other things. Most enterprises will be in trouble if a threat actor accesses an endpoint. Businesses can better safeguard their endpoints, production data, credentials, and backups with the proper technical configuration and controls.