Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…

This week: The annual Verizon Data Breach Investigations Report always provides very useful insights into cyber attack trends. The 2023 report was recently published, so this week’s Cyber 3-2-1 will focus on some of the key findings from this report.

I am sure you want to drop everything right now so you can read this 89-page report yourself. You can download or view it at https://www.verizon.com/business/resources/reports/dbir/

While you wait for it to download, here are the data points that I find most informative.

 

1 – Who is attacking and why?

“83% of breaches involved External actors.”

“The primary motivation for attacks continues to be overwhelmingly financially driven, at 95% of breaches.”

Key takeaway: Most organisations should focus on defending against attackers who want to get their hands on the organisation’s money.

 

2 – How do the attacks succeed?

“The three primary ways in which attackers access an organization are:

  • stolen credentials,
  • phishing, and
  • exploitation of vulnerabilities.”

“74% of all breaches include the human element, with people being involved either via Error, Privilege Misuse, Use of stolen credentials or Social Engineering.”

“Ransomware is present today in more than 62% of all incidents committed by organized crime actors and in 59% of all incidents with a Financial motivation. [..] Ransomware is ubiquitous among organizations of all sizes and in all industries.”

Email continues to be the most common route in. “The convenience of sending your malware and having the user run it for you makes this technique timeless”. “An email with a dubious attachment or a malicious link requesting that you update your password” could be their way in.

However, Desktop Sharing Software is also moving up the charts. This is the type of software that an IT team would use to gain remote access to a device, so it’s obvious why the attackers would also be keen to use such software.

Key takeaway: Most organisations need to ensure their staff are regularly reminded about how they are targeted by attackers, while also ensuring it is difficult for an attacker to gain access to the organisation through desktop sharing software (e.g. anything using RDP; TeamViewer; LogMeIn etc).

 

3 How can we reduce the risks?

To reduce the risks, the report mentions specific security measures that can help.

The report also includes references to specific elements of the the CIS Controls best practice guidelines, one of the best reference points that you could use to assess and improve your security defences.

Surprise, surprise, the need for security awareness training and the use of Multi-Factor Authentication are included in the recommendations.

Key takeaway: This is a reminder that staff training and awareness is very valuable, even if it’s low-tech and uncool, and that the use of Multi-Factor Authentication continues to be a good defence against the most common attacks.

If you are uncertain about your current security defences but don’t have the time to do anything about it, I can help.

I will advise, guide, or drive you to a secure destination.

I work with you, your colleagues, and your IT service providers to ensure the route and destination are appropriate for your needs and constraints.

By this day next week, you could know how to ensure you’re not an easy target.

Learn more at https://codeinmotion.ie/services/security-assessment

 

PS I talk about these news stories, and delve into how to manage cyber risks and regs without losing your sanity, on the “Cybersecurity Without Insanity” podcast.
All episodes are accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.