They used to be blindingly obvious. Oddly worded, poorly spelled emails that offered to pay you millions of dollars from an inheritance, if you would just share your bank details. Messages purportedly from banks you don’t have accounts with.
As risk comes full circle, though, individuals are being targeted by a new breed of scammers and cyber-criminals. This adds to the weight shouldered by business IT departments already under constant pressure to secure data resources.
FireEye’s Rich Costanzo is dedicated to helping to keep Australian businesses safe. He said there is good reason the organised cyber-crime groups are turning their attentions to individuals.
“They might hit a thousand targets instead of one, but the dollar amount is still the same,” said Costanzo.
“But when they hit a big bank, there will be law enforcement organisations across the world, with huge resources, looking for the perpetrators.”
This isn’t the case, said Costanzo, with smaller attacks against random individuals. “With small individual amounts, who’s going to go and find the perpetrators?”
That isn’t to say that the targeted corporate attacks are no longer happening. Rather, attacks are hitting a wider range of individuals and businesses, with opportunistic efforts once more on the rise.
“We have seen a dramatic shift where criminal groups that were once focussed on industrial espionage are now delivering ransomware,” said Costanzo. From his position on the security frontline, Costanzo said that Australian businesses have one advantage. “There is an increase in awareness of risks, which is driving people to get things done,” he said.
“Leading organisations are more visibly beefing up their security.”
While there is no perfect solution, Costanzo said that organisations should seek out products designed to cover newer types of attack. Alarmingly, many organisations are investing in security technologies that have well-known loopholes easily exploited by malware. “These are technologies that we knew half a dozen ways to bypass back in 2014,” said Costanzo. Still, some preventative measures are relatively simple. “You need to improve email hygiene,” said Costanzo. “Attacks often start by email, and traditional email security vendors can’t always keep up.”
There are preventative technologies that Costanzo said can be put in place without affecting business processes. “We have seen major Australian organisations, with tens of thousands of seats, that have been able to seamlessly turn on effective email protection overnight.” Instead of more traditional endpoints, Costanzo said that organisations need tools that actively look for indicators of compromise before problems emerge. “With intelligence-led security, the detective work is done for you automatically.”
This level of automation makes a big difference to security, and it also favours the budget-conscious. But, said Costanzo, businesses “still need to make an investment” if they are to minimise risk.
The security efforts at the top end of town are paying off, according to Costanzo, driving cyber-criminals to move to softer targets. But determined hackers with huge resources will, said Costanzo, still breach defences.
To address this risk, He recommends that every organisation builds a strong incident response plan. “Everyone should have an incident response playbook that they test at least once a year, just as they would test disaster recovery plans” said Costanzo. “When you see large breaches, it is easy to identify organisations that had a plan, because they will be out of the news very soon.”
Those without a plan, he said, are still talked about years later, and are more likely to become subject to individual lawsuits.
“Investing in strong technology and trusted expertise prevents a world of problems later.”
For expert security advice on your security posture or a chat about the latest IT security trends, contact the Comlinx team of friendly IT security experts.