With most professionals working from home globally, the enterprise cyber-attack surface has notably increased.
With most companies working in broken teams globally, and employee devices no longer under regular protection of centralized IT security.
With this concern, CISA, the Department of Homeland Security of the US Federal, has also re-issued regulation on defensive measures and cyber readiness for businesses. Thus organizations are taking active measures in order to minimize the risk of cyber-attacks and data breaches.
Today, the cybercriminals are spamming via modern technologies in their ransomware strategy to encrypt an enterprise’s systems. For instance, the WannaCry attack in 2017 had crippled banks, logistics, and many other industries around the world.
The ransomware is evolving, and with time, threat actors have created sophisticated attacks with the help of spear-phishing emails that seed genuine websites with malicious code. Such targeted attacks have a much higher success rate. Furthermore, emerge of a new attack has found ransomware exfiltrating data and warning to make it public – if the ransom is not compensated.
Consequently, more businesses are prioritizing to enhance their cyber resilience. According to VMware Carbon Black, ransomware attacks itself have had a 900% surge in 2020.
Unsurprisingly, ransomware is only one form of attack – another can replace it in no time. As per Forrester, about 80% of data breaches are linked to privileged access abuse.
Bigger organizations have already implemented cybersecurity training to alert employees about how ransomware is deployed. This is undoubtedly helping them to recognize and keeping away from the spear-phishing attacks.
As per experts, updating anti-virus and anti-malware software with up-to-date signatures, along with regular scans, can avoid such attacks. Even backing up data to the non-connected environment regularly is crucial for organizations. After verifying the integrity of the backups regularly, CISOs could be in a safer stage.
However, amid this unprecedented time, it is more essential to focus on the security measures that assure the organization’s value and critical data. Thus, more businesses are looking beyond the fundamental cyber strategies – to pursue a comprehensive cyber defense approach.
Clearly, to mitigate the common thread across different techniques, credential abuse, and by considering identity as a security perimeter – most cyber-attacks and data breaches could be avoided.