Experts from OpenText Cybersecurity recently shared valuable insights to defend against emerging threats and business email compromise for #CybersecurityAwarenesMonth.
Grayson Milbourne, Security Intelligence Director, OpenText Cybersecurity
“It’s time to start thinking about cybersecurity more like how we think about the flu season, and now covid season.
This means as a society we must take precautions to protect ourselves from the digital equivalent of illness.
Disruptions to our digital ecosystem can cause us pain and suffering. From lost files and photos, to lost access to an online account or the inability to find critical data at a time of need.
To minimize disruptions requires taking additional precautions and recognizing the risks. And it starts with improving cyber hygiene at home, including educating our kids.
We’ve been told time and time again about the value of washing our hands to avoid spreading germs. In today’s digital age, cybersecurity awareness is equally important.
It’s a fast-moving digital world and it takes concerted efforts to keep up; failing to do so is increasingly costly.”
Troy Gill, Senior Manager of Threat Research, OpenText Cybersecurity
“Business Email Compromise (BEC) attacks can cost businesses millions of dollars in losses. While prevention and detection of these attacks cannot be understated, there is also a low-tech and FREE method to disrupting these attacks – cybersecurity awareness.
With the benefit of hindsight, it is easy to see in many cases losses could have been prevented by simply picking up the phone. We’ve heard several accounts of unsuspecting victims, thinking they were communicating with someone they legitimately transact with, yet they were actually receiving an email from an attacker (that had access to the legitimate person’s email account). Email requests, sent by the attacker, frequently advised the unsuspecting victims of a change in account numbers for invoices or upcoming wire transfers. The (attacker sent) requests were fulfilled and large sum amounts sent to the attacker-controlled accounts. In almost all these scenarios, losses could have been avoided by simply calling the perceived sender of the email and confirming over the phone the account/routing change; this goes for internal communications as well. Because it is not a matter of if your organization will encounter a BEC, but when; finance teams need to talk about BEC attacks and put simple yet effective policies in place that will at the very least make successful BEC attacks more difficult for threat actors.”
Christopher Cain, Manager, Threat Research, OpenText Cybersecurity
“One of the biggest misconceptions about cyber-attacks among employees is a resignation or fear that attacks are inevitable, especially when we continually see headlines reporting on giants, like MGM, falling victim. The truth is only a select few cyber-attacks are technically complex and even those typically rely on some amount of human error. While there is no one ‘simple trick’ that we can teach employees, ongoing education through security awareness training, a little common sense, and even a healthy dose of paranoia can make a world of difference. If everyone took the time to be cautious about things like emails, passwords, typos and access, many attacks could be avoided. It’s the basics that we continually forget - Inspect email headers, never clicking on links in emails or opening attachments unless you’re certain they are safe. And of course, keep passwords complex and updated even for personal accounts and whenever possible enroll in multi-factor authentication. Lastly, avoid overthinking and simply take responsibility for what you can control.” ###