With remote work becoming the new normal, ensuring that best practices are simple to implement will determine the outcome of the organisation’s security efforts. A zero-trust strategy can give organisations the best of both worlds. To know about the current cybersecurity best practices, Nidhi Shail Kujur of Elets News Network interacted with Dr Srinivas Mukkamala, Chief Product Officer at Ivanti.
According to you, what are the new cybersecurity threats?
IT professionals are increasingly becoming the target of phishing attempts, in fact, a recent survey report from Ivanti found that 80% of IT professionals reported an increase in the number of phishing attempts in the past year. 73% of respondents said their IT staff are now being targeted by phishers directly, and 47% of those attempts were successful. It makes sense that this group would be targeted because the information that IT professionals have access to is extremely valuable to threat actors – if they get the credentials of one IT staff member, they often have all the keys to the kingdom.
Spear phishing is increasing in popularity with ransomware authors, and with 101 CVEs that they can exploit attackers are spoilt for choice as they carefully design authentic-looking emails and messages to trick their victims. It is also evident that mobile phones are increasingly the main point of compromise in these phishing attacks – as phishing emails are becoming more sophisticated and more difficult to spot on a phone.
Also Read | Cybersecurity: Connect to Protect
Please tell us about Cybersecurity Trends in 2023.
The global shift towards remote/hybrid working means security teams no longer manage access to data and systems from a specified location. Instead, employees are using their own devices to access work-related information from all over the world, causing more difficulty for IT teams to track and verify all connected devices and protect them against vulnerabilities. Due to this shift, bad actors have refocused their phishing attacks and are now directing their efforts on employees’ own mobile devices, with great success, as shown by our survey results. To effectively create believable phishing attacks, hackers have been using botnet infections to harvest legitimate emails. Phishing emails are so realistic that 97% of users cannot recognise a sophisticated email. This is concerning, as phishing attacks are often a prelude to ransomware attacks. As bad actors become more sophisticated, businesses need to invest in technology that can identify and remediate weaponized vulnerabilities in real time. Implementing automated patch intelligence that prioritizes patches based on risk is the only way organisations can stay ahead of the curve when it comes to ransomware.
What are the current cybersecurity best practices and what is the importance of making a collective effort to prevent cyber scams and intrusions?
The central focus of any company’s security strategy should be the user experience because their security depends on the cyber-hygiene of their employees and employees are more likely to bypass a security measure if it is cumbersome. Now that remote work has become the new normal, making sure that best practices are simple to complete is what will determine the result of your organisation’s security efforts. A zero-trust approach can provide organisations with the best of both worlds. An Ivanti survey found that one-third (34 per cent) of those surveyed blame the increase in successful phishing attacks on a lack of employees’ understanding, and even fewer (30 per cent) said 80-90 per cent of their organisations had completed security training offered by their companies.
Tell us something about Targeted Ransomware Attacks.
Ransomware threats are still on the rise and ransomware groups are increasingly finding and leveraging zero-day vulnerabilities, even before the CVEs are added to the National Vulnerability Database and patches are released. This means that organisations must look beyond the NVD and keep an eye out for vulnerability trends, exploitation instances, vendor advisories, and alerts from security agencies while prioritising the vulnerabilities to patch. The just-released Ransomware Index Report shows that as of Q3 2022, there are a total of 170 documented ransomware families actively seeking to exploit vulnerabilities. Despite the documented rise in ransomware vulnerabilities, there are still 124 vulnerabilities that haven’t even been added to the CISA KEV catalogue yet and 18 commonly exploited vulnerabilities are missed by popular scanners.
According to you what steps should be taken to control increased attacks on Cloud-Based Services etc.?
It’s important that you start with the right data and look at it from a risk-based perspective. You should evaluate your Key Risk Indicators (KRIs) to get a sense of known vulnerabilities and known exploits daily and fix these first. Then you should leverage domain expertise to look for vulnerabilities that have a likelihood to be weaponized and prioritize fixes accordingly. Additionally, you should create models that help you target the most critical vulnerabilities. Data modeling can dissect data based on any number of factors, such as sector, geography, threat profile, etc. Instead of looking at the data one way, you can look at it ten different ways without expending additional human cycles.