The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a new cybersecurity advisory to highlight precautions and mitigation steps that public and private sector organizations can take to reduce their risk to ransomware and other cyber attacks, specifically leading up to holidays and weekends.
This advisory is based on observations on the timing of high impact ransomware attacks that have occurred previously rather than a reaction to specific threat reporting.
Cyber experts weighed in on the advisory and what organizations can do to prepare.
Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based AI cybersecurity company:
"With fewer staff plugged in over a long weekend, the risk of accidental discovery to an adversary is likely going to be diminished particularly among organizations that have an overreliance on preventative security and haven’t fully funded operational security activities that detect and hunt malicious behaviors."
Bill O’Neill, Vice President of Public Sector at ThycoticCentrify, a Washington D.C. based provider of cloud identity security solutions:
"Regrettably, it’s quite common that these attacks happen during the holidays because foreign malicious actors typically perceive that IT and security teams at a target organization are either out-of-office or significantly pared down. This often leads to a delayed response or an unprepped ‘skeleton crew’ that simply doesn’t have the resources to simultaneously monitor for and deter threats fast enough. Because most organizations would prefer to have their data released immediately, rather than wait out the duration of a holiday weekend (and incur continued reputational damage), they’re also more likely to negotiate with attackers and pay out the requested ransom to minimize long term risks associated with these attacks."
Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based endpoint-to-cloud security company:
"Holiday weekends, especially during the summer, represent an opportunity for cybercriminals to take advantage of a thinner workforce and people not paying as much attention to their work responsibilities. IT and security teams are some of the hardest-working individuals in any organization, which means they deserve some R&R over long weekends. However, this means that there are going to be fewer people on call who can immediately respond to security alerts. People also may be traveling and not able to access their work computer or mobile device in order to help stop an attack once they receive an alert of suspicious activity.
Attackers have already become much more advanced in how they gain entry to an organization's infrastructure - even when teams are fully staffed up and working. Phishing has become such a widespread issue, especially on mobile devices, that attacks prioritize that strategy to compromise employee accounts and enter the infrastructure unnoticed. Once they have those credentials, they can move laterally around the infrastructure across SaaS, IaaS, and private apps until they find where the crown jewels are hidden. Without the right user, device, and data monitoring solutions in place a team could miss telltale signs of a compromised account. These signs range from anomalous logins to accessing and exfiltrating compliance-related data.
Teams may be more reliant on automated processes and policies during these stretches when fewer people are working. With so many point security solutions, teams could run into operational hiccups where the right alerts don’t end up getting to the right people. This is why taking a platform approach to securing your infrastructure is so advantageous. Being able to monitor how your users, devices, and data all interact with each other is key to protecting yourself against advanced cyberattacks like ransomware. In addition, a platform that enables you to implement dynamic data access, encryption, and security policies across all users and devices is a key part of any modern security strategy."
###
Comments