Our Insights

Valuable information we share.

Is It Time to Review Your Cyber Security Policies?

Posted by Nino Vales | Apr 12, 2022 12:04:55 PM

With recent global developments, we've seen an increased risk to organizations that are not prepared for potential cyber attacks. Learn what to look out for and how to get ahead of the next threat to your organization's data.

 

Video Transcription

0:00:01:20 - 00:00:03:1900:00:02:01 - 00:00:12:10
What's good everyone? In this video, we wanted to talk about a couple of things related to cyberattacks related to the ongoing conflict in Ukraine.

00:00:12:10 - 00:00:18:12
For organizational leadership, it might be time for you to revisit your security controls and contingency plans in place.

00:00:06:07 - 00:00:10:0800:00:18:27 - 00:00:29:18
In this video, we'll talk about spear phishing attacks, destructive malware, and we'll also discuss defenses you can put in place to protect yourself from these attacks.

00:00:29:18 - 00:00:31:09
Spear phishing attacks

00:00:31:09 - 00:00:37:2200:00:29:18 - 00:00:31:09
We're expecting to see an increase in spear phishing attacks across organizations. Why?

00:00:37:22 - 00:00:40:21
Phishing remains the top attack vector. 

00:00:40:21 - 00:00:45:08
Threat actors will exploit the weakest link in your network. The end users. 

00:00:45:08 - 00:00:48:21
So expect a surge in spear phishing attacks.

00:00:48:21 - 00:00:55:11
Spear phishing is more dangerous since it's targeted, compared to the traditional "spray and pray" phishing tactic. 

00:00:56:01 - 00:00:58:12
Your defense against spear phishing attacks? 

00:00:58:12 - 00:01:00:22
First, security awareness training.

00:01:00:22 - 00:01:09:05
Train your end users on how to spot a social engineering or phishing attempt through simulated phishing tests or online training.

00:01:09:05 - 00:01:17:24
Your goal for security awareness training is not just to educate, but to change employee behavior away from events that could lead to a security incident. 

00:01:18:18 - 00:01:24:26
Block those suspicious emails through policies to scan for malicious attachments, links or phishing attempts.

00:01:24:26 - 00:01:32:27
If you're a Microsoft 365 user, make sure to add "Defender for Office 365" in your subscription and enable these policies.

00:01:32:27 - 00:01:37:21
Most importantly, enable multi-factor authentication - also known as MFA.

00:01:37:21 - 00:01:43:01
MFA will stop account takeovers if your password gets stolen through a phishing attack or malicious software. 

00:01:44:05 - 00:01:47:13
Also, don't forget good password hygiene.

00:01:47:13 - 00:01:53:01
Never reuse the same passwords and practice combining multiple pass phrases as your password. 

00:01:53:01 - 00:01:57:25
The more characters you have on your password, the harder it is to be cracked. 

00:01:57:25 - 00:02:01:27
#2.) Destructive Malware

00:02:01:27 - 00:02:06:14
Ukraine was hit with malware, which wiped out systems and made system recovery impossible.

00:02:08:01 - 00:02:16:02
There's a great risk to organizations for this type of malware to spread outside of the Ukraine as well. 

00:02:16:02 - 00:02:19:26
State-sponsored attackers are considered the most dangerous type. 

00:02:19:26 - 00:02:24:04
They can launch attacks that can cripple an organization, regardless of its size. 

00:02:26:08 - 00:02:28:23
How do you defend against destructive malware?

00:02:28:23 - 00:02:30:25
First, layer your defenses. 

00:02:30:25 - 00:02:34:14
Do not rely on one or two security solutions alone. 

00:02:34:14 - 00:02:42:13
Increase your perimeter security by activating the security features of your firewall.

00:02:42:13 - 00:02:46:16
Enable Web filtering to monitor and block access to malicious domains. 

00:02:48:28 - 00:02:59:01
Add a managed "detection and response" service to compliment your antivirus solution, and make sure you have working backup copies of your critical systems.

00:02:59:01 - 00:03:03:17
Create multiple backup copies stored in different locations.

00:03:03:17 - 00:03:06:06
This is also known as the "3-2-1" rule. 

00:03:07:20 - 00:03:13:12
3 backup copies, 2 stored locally, and 1 stored offsite.

00:03:13:12 - 00:03:20:23
Enforce policies like "Enhanced Lock Protection" and limit accounts with admin privileges.

00:03:20:23 - 00:03:29:22
Also, add Multifactor Authentication to client VPN logins. Having layered protection can slow down or help quickly contain an incident.

00:03:31:29 - 00:03:33:06
That's it for this video.

00:03:33:06 - 00:03:39:16
If you have any questions, please don't hesitate to contact any of our reps at Clear Concepts. We'll be glad to help you out. Same as above

00:03:39:16 - 00:03:41:05
Take care and stay safe out there. 

Topics: Cyber Security, Phishing

Written by Nino Vales

Nino regularly writes about tips and articles about Cyber Security. He currently holds CCNA certifications in Routing and Switching, and CyberOps. During his free time, he loves to go fishing and play basketball. He is a huge NBA fan and loves to collect limited edition basketball sneakers and jerseys.

ASK US HOW WE CAN SERVE YOU

Clear Concepts is a team of passionate professionals, proud of what we do — we want to make a positive impact on your operation.

Let us hear your technology challenges and opportunities so we can help you get the most out of your technology investment, on-premise and in the cloud. Contact us today.