‘Twas the night before a ransomware attack…
Your team might be getting ready to head out for the holidays, but adversaries are gearing up for one of their busiest (and most successful) times of the year.
From the Darkside Colonial Pipeline cyberattack over Mother’s Day to the Kaseya cyberattack over the July 4th long weekend, cybercriminals often take advantage of the holidays and long weekends as an optimal time to target victims, given that IT and network defenders may be operating at limited capacity for an extended period of time.
Recently the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned that they have observed an increase in ransomware attacks occurring on holidays and weekends. Moreover, threat actors have also evolved in how they launch ransomware attacks – what were once mostly opportunistic ransomware attacks have matured into highly-targeted cyberattacks, creating an extra level of concern for businesses.
As a security leader, you shouldn’t be caught unprepared and in the middle of a business-impacting cyberattack this holiday season. We’ve identified 4 key cybersecurity best practices for your organization to implement before heading out for the holidays.
Ensure your team and organization is cyber resilient
This shouldn’t be a surprise for you, or any other business leader, but your employees are your weakest link. That’s why it’s crucial that your team is informed on the organization’s security best practices, expectations, and policies, including:
- Treating all documents and emails from unknown sources with suspicion
- In a recent Solarmarker drive-by social engineering threat, a victim was tricked into downloading and executing a malicious executable disguised as a document template. Through our Machine Learning Powershell classifier detecting malicious code execution, our 24/7 Security Operations Center (SOC) was alerted and we were able to remediate the threat quickly.
- Critically examining a website before downloading files or being redirected to a 3rd party website
- Storing encrypted backups of your organization’s data offline and ensuring that your team performs backups on a consistent basis
- Using multi factor authentication (MFA) on network ingress points such as VPN or RDP
In addition, conduct Phishing and Security Awareness Training (PSAT) ahead of the holidays and adopt this as a regular practice throughout your organization. Just remember that not all PSAT programs are created equal. An effective PSAT program builds cyber resiliency and risk awareness needed to drive behavioural change within your employees versus converting everyone into a cyber expert.
Have an Incident Response (IR) plan in place
It takes under 15 hours for 91% of attackers to breach perimeter controls, which is why it’s important for your organization to adopt an “assume breach” mentality. In other words, you should assume that despite having a multi-layered cybersecurity defense in place, your business will experience a breach at some point.
When a cyberattack hits, every second counts in reducing the impact to your business. We’re here to help you each step of the way. Therefore, your security team should take a proactive approach to IR that enables your organization to build a strategic incident response plan that ensures cyber resiliency. This will be crucial to limiting business disruption and reducing costs incurred by a potential cyberattack. Engaging with an IR retainer, Security Incident Response Planning (SIRP), simulations and training, and security consulting & advisory services are excellent means to ensuring that you have an effective IR plan in place.
At eSentire, we provide 24/7 On Demand IR retainers to address emergency security incidents globally with an industry-leading 4 hour threat suppression SLA. Our Cyber Investigations team can deploy remote technology and kick off threat suppression in less than 4 hours anywhere in the world.
Ensure you have 24/7 cyber threat detection and response capabilities
The vast majority of organizations don’t have the resources required to navigate today’s cyber threat landscape on their own. As cyberattacks continue to rise exponentially, many businesses are realizing they need around the clock, global SOC capabilities.
Unfortunately, the budget required to build and staff an in-house 24/7 SOC, especially in the midst of a global skills shortage, is often too large for many organizations to manage. Based on our SOC pricing calculator, the estimated annual investment required for a mid-sized organization of 1,000 employees to build an in-house SOC is approximately $2,169,920 annually.
The reality is that regardless of the organization’s size, the answer to protecting your business from cyberattacks requires a 24/7 team that can detect and respond to threats immediately. However, given the commitment required to build an in-house SOC, we recommend that organizations consider outsourcing SOC operations to a Managed Detection and Response (MDR) provider that is well-equipped to monitor your environment 24/7. At eSentire, we become an extension of your team with 24/7 coverage at a fraction of the price of an in-house SOC. This means that you can rely on our expert SOC cyber analysts and Elite Threat Hunters to alleviate the resources on your team.
Adopt a “Cybersecurity First” mindset beyond the holiday season
Your cybersecurity strategy shouldn’t be an afterthought. As your employees continue to work from home, your organization must take a proactive approach to identifying security gaps and building a comprehensive cybersecurity program.
We recommend that you take a proactive approach to your cybersecurity program before heading out for the holidays so you, and your team, can have peace of mind.
Consider strengthening your cybersecurity strategy with Managed Risk Programs to build an enterprise-level cybersecurity program that aligns your business objectives with your unique risk and exposure, exceeds compliance requirements, and ultimately alleviates resource constraints on your organization.
As a result, your cybersecurity program will begin to adapt to the evolving threat landscape and you can demonstrate a positive return on your cyber investment over time.
To learn more about how eSentire’s services can help strengthen your organization’s security strategies, book a meeting with an eSentire security specialist now.
