Having a solid approach to Cyber Security is imperative to protecting your business. As Cyber-criminals crank up the intelligence and sophistication of their scams and attacks, a layered approach to Cyber Protection can nullify a high percentage of common threats, which stands you in good stead.
What if that’s not enough? What if a breach has already occurred?
The most common problem we see is a simple account breach. Lets review what that might look like.
Credential Leak
Scenario: A member of your sales team has their Microsoft 365 account breached.
They had a strong password, and MFA setup. Sadly, they fell victim to a harvesting email that sounded too good to be true – a massive tender that looked right up their street! They clicked on the link, and tried to sign in to what looked like the Microsoft 365 system to pick up the tender documents, but for some reason they couldn’t sign in – Odd?
Hey presto – they just gave their password away. This is the “theft” phase. That password gets sold on the dark web to anyone who wants to use it to their malicious advantage.
Account Breached
A cyber criminal buys stolen credentials in bulk, and starts trying to access accounts and services. This is the “validation” phase. They typically use bots to look for accounts where MFA isn’t in place to stop them, or where some unsuspecting end user to just blindly approves the access attempt on their MFA device. Once an access token is received, this credential is more valuable and can be sold at a higher price. There’s a full market on the dark web offering validated accounts for prices ranging from a few dollars to several tens of dollars.
Guess what, your sales team member was on the phone to a customer, wasn’t concentrating, and blindly approved an MFA prompt on his phone. The account is now breached!
Exploitation
This is the heart of the attack, where a cyber criminal has identified your business as a ripe target and purchased that breached account. They will typically sit inside your system, undetected, for days and weeks and try to work out the best way to extract value from your business.
In our example the end user is in the Sales Team, they are not typically “money movers” (i.e. accounts team) so falsifying actual payments or invoices might be tricky. Having read the sales persons emails though, it seems they have really good relationships with several customers who could fall victim to requests for bank account changes.
The criminal will setup email rules to help control the flow of emails in and out, ensuring the end user doesn’t spot anything out of the ordinary and blow the whistle! From there, well, we’re sure you’ve heard plenty of stories…
Cyber Security Gaps?
The above seems pretty realistic, but could the IT Team have done more? Perhaps.
- Using Safe-Links protection on email flow could have stopped that harvesting email from reaching the end user in the first place.
- Having a password manager or dark web monitoring system could have identified that stolen credential before it was used maliciously.
- Implementing stronger MFA systems that require more than a simple “approve” button could have alerted the end user to the access request, and the fact they didn’t request it.
- Cloud service login monitoring could have picked up a sign-in from an unexpected place.
- Monitoring for email rule creation could have highlighted suspicious activity.
Your IT team probably mentioned all that kind of stuff before but it sounded too expansive. If they didn’t mention all that kind of stuff, then you need a new IT team!
The Human Element?
In reality, if your Sales person had received some Cyber Awareness Training they might have avoided this sticky situation.
- If something sounds too good to be true, it probably is.
- Be super careful when clicking links in emails.
- Check website URLs to make sure they are correct before entering credentials.
- Be suspicious of unexpected MFA prompts.
- Look out for odd mailbox behaviour, like delayed messages or emails going missing.
- Have the confidence to speak to the IT Helpdesk if unsure about anything.
End user awareness stops a lot of potential breaches, and even helps identify malicious activity when an account has already been breached. Do not underestimate the power of education.
What is the best approach to Cyber Security?
Different businesses have different needs, so there isn’t a simple answer to this question. However, we can offer some advice that fits all.
- Use a layered approach. Use multiple products and services aimed at reducing Cyber exposure. A mixture of device based security, network security and cloud service security works well.
- Use external threat intelligence. Don’t assume these products and services are bullet proof. Dark Web Monitoring can check known criminal market places for leaked credentials so you have a chance of protecting account before it is used maliciously.
- Educate your end users. Cyber Security Awareness helps identify malicious activity quickly.
- Use additional protection on key accounts. People like your money movers (Accounts, Purchasing) and decision makers (Directors, Managers) are more rewarding targets for cyber criminals. It makes sense to protect them as best you can.
- Protect your business. Put systems in place to help you achieve a good cyber security posture so you can get good insurance protection should the worst happen.
CTO are here for all your Cyber Security needs, let us help you solidify your defence!
Many thanks,
John