The Wrong Kind of Wake-up Call

Carl Mazzanti is the president of eMazzanti Technologies – a firm that specializes in Cyber Security in New Jersey

The bad guys are coming. In March, tech giant Microsoft announced that the extortion and destruction threat DEV-0537, also known as LAPSUS$, penetrated one of its accounts. Although only a single account was compromised, ‘granting limited access,’ the attack highlights that getting hacked is a matter of when not if. However, advance security preparation may at least mitigate the damage. Setting up an efficient ‘fence’ around your files and data is crucial and requires serious thought.

One of the first post-hack steps is determining how the cybercriminals got into your system. This involves a cyber-forensic strategy. Sometimes the weakness is obvious – an employee admits that they clicked on a link without authenticating it. Other times, however, the threat may not be as subtle.

For example, sophisticated cybercriminals may deploy bots — software programs that repeatedly perform automated tasks — that scour social media for keywords like CEO, President, owner, and others that signify executive-level responsibility. When they latch on to these terms, they unleash other bots that access the Dark Web for passwords associated with the individual. Then they will run the passwords through the individual’s email and other accounts to gain access. Once they get a foothold in, let’s say, an email account, the cybercriminals may impersonate the account-holder and email infected files to their contacts, spreading ransomware and other malicious files.

Either way, the wake-up call that arrives with a cyber-penetration should motivate a company to review its cybersecurity strategy. Even if they contain the current attack, preventing the next one should be a priority. Reviewing cybersecurity strategies should be done regularly, but many fail to do so. Sometimes it takes a negative incident like the above to get started. Through our experience, we have seen many companies jump at the first ‘shiny object’ that promises to provide them with protection after a cyberattack — only to later discover that the promises were not delivered or they overpaid for the services or both.

Setting up a Good Defense Takes Some Work

A well-organized Managed Services Provider (MSP) or other IT services organization will offer a layered, three-legged “triangle” approach to cybersecurity. The first leg incorporates preventative controls such as keeping software patches up to date, having good antivirus programs, setting up effective firewalls, and using multifactor authentication (MFA — where users must provide additional identity verification, like entering a code received via phone, before they are granted access to an account or an app).

The second leg typically features a stand-alone SEIM (Security Incident Event Monitoring) system. This middle layer analyzes tracking information or logs – to serve as warnings that hackers or other cybercriminals are probing a user. When SEIMs were first developed, they were so expensive that only large businesses could afford them. However, technological advances have brought the price down to the point where they can be included in an affordable security package for mid-size or even smaller companies.

The final and third leg consists of two components. The first is an integrated, cyber automated response package that kicks defenses up to the highest level — not only monitoring and alerting users about their devices and systems but also launching real-time responses that may eliminate or mitigate a hacker’s damage. The second is a comprehensive backup which serves as a fail-safe protocol when your data is compromised. This backup should also be shielded from the rest of your network.

In addition to utilizing the outside expertise of a vetted MSP, a business should also ensure that its entire staff undergoes cybersecurity awareness training. It is a way to mitigate the propensity of clicking unknown links or downloading potentially dangerous files. And since individuals perform best when their activity is measured, businesses should develop security KPIs (Key Performance Indicators) to help quantify the effectiveness of an organization’s employee cybersecurity training.

A hack is never pleasant. But if an organization uses it as a catalyst to improve their cyber-defenses, then at least something useful comes from it.