Concord Technology Group

At Your Service - call 1-866-242-2775

7890 Forest Valley Lane
Concord Township OH, 44077

 

Highlights from Cisco's Midyear Cybersecurity Report

News > Highlights from Cisco's Midyear Cybersecurity Report

Highlights from Cisco's Midyear Cybersecurity Report

 

Cisco’s Midyear Cybersecurity Report contains a wealth of information for IT professionals. But security is everyone’s concern, so we’ve highlighted a few of the most important points that everyone who uses a network should know.

Business Email Compromise (BEC) is a greater threat than ransomware.

"The risk intelligence provider Flashpoint, a Cisco partner, has studied the BEC problem and has determined that it’s currently the most lucrative and profitable method to extract large amounts of money from a business. It’s a deceptively easy attack vector that relies on social engineering to trigger the theft.

"At its most basic, a BEC campaign involves an email (sometimes using spoofing to appear as though it’s from a co-worker) delivered to financial employees who can send funds by wire transfer. The adversaries have usually done some research on the company hierarchy and its employees — for example, using social network profiles to piece together the likely chain of command. The email may appear to be from the CEO or another top executive, asking the recipient to send a wire payment to a supposed business associate or to pay a vendor. The message may express some urgency to compel the recipient to send the money, which typically ends up in foreign and domestic bank accounts owned by cybercriminals.

"Because BEC messages don’t contain malware or suspect links, they can usually bypass all but the most sophisticated threat defense tools. … It’s a low-cost, high-return approach for criminals, which means it will likely grow as a threat vector."

Concord’s advice: All employees should be aware of the basics of phishing, but those with access to finances or human resources records need to be especially vigilant. (In a variation of this scam, the phony CEO asks for all employees’ W2 forms.) All unusual requests should be treated with suspicion, and management needs to make it clear that no one will be penalized or reprimanded for causing a delay that turned out to be unnecessary. Establish confirmation protocols for requests for wire transfers, bank account information, personnel records and any other sensitive data. A single email should never be sufficient to share valuable information or initiate a payment or transfer of funds. Read more about “spearphishing” here.

Internet of Things (IoT) security risks.

"IoT devices, which include everything from cameras to thermostats to smart meters, are generally not built with security in mind. Many of these devices lag well behind desktop security capabilities and have vulnerability issues that can take months or years to resolve. In addition, they typically have little or no CVE (common vulnerabilities and exposures) reporting or updating; run on specialized architectures; ave unpatched or outdated applications that are vulnerable, like Windows XP; are rarely patched.

"Compounding the security problems with IoT devices is the fact that defenders may have difficulty understanding the nature of the alerts coming from these devices. In addition, it is not always clear who inside the organization is responsible for addressing IoT compromises. … Defenders need to start focusing on potential IoT weaknesses because adversaries want to target them to launch ransomware campaigns, steal sensitive information, and move laterally across networks. IoT devices are the type of vulnerable ‘low-hanging fruit’ that threat actors are quick to exploit."

Concord’s advice: No matter how large or small your organization, someone needs to oversee the selection, installation and ongoing management of every device that touches the network. Investing time in selection — researching the best options, as opposed to the cheapest — will save time and money later.

Your in-house IT team may be overwhelmed.

"'Alert fatigue' is an ongoing problem for in-house security teams. … Many security personnel see far more daily alerts than they can investigate, leaving potentially serious threats unremediated. When many low-level alerts are generated, they can be automated, an opportunity that many organizations are failing to take advantage of — perhaps simply because of a resource deficiency or an absence of skill. By automating as many of the low-level alerts as possible, organizations can concentrate on higher- priority concerns that are more likely to have a greater impact to the rest of the organization’s environment.

"The causes of alert fatigue are several. Siloed systems may create duplicate alerts, or teams may not have the knowledge to distinguish between low- and high-priority alerts, or false positives. They may lack tools such as auditing that can determine the source of potential threats. This is where out-of-the-box thinking from outside services teams can cut through the 'fatigue' and offer nuanced counsel on threats that need response."

Concord’s advice: Don't treat security like an expense, but rather as an investment in stability and growth. Get your team the support and tools that they need to keep your network safe. Contact Concord Technology Solutions at 440-210-3200 to find out how we can help.