- News & Resources: Listings >
- Blog
- Brand and Network Considerations When Adopting AI Corporately
- Integrating XDR, SIEM, and SOAR
- 3-2-1 –Go? Not so quick, this time.
- 5 Things a CISO Shoud Know
- 10-Step Patch Management Checklist
- Penetration Testing vs. Breach Attack Simulation
- Current big cyber breaches and impact on businesses
- Smart Infrastructure Gets Lit Up!
- Securing Industrial IoT: The Missing Puzzle Piece
- 7 Common Cybersecurity Mistakes Made by SMBs
- The Future of Physical Security: Cloud-Based Systems
- Autonomous and Sensor Technology Use Surging
- 2024 Facilities Trends Will Require Facilities and IT Teams to Work in Tandem
- NGFW vs. WAF. What’s the Right Firewall for You?
- Chris Hadfield’s Words To Live By
- Industrial Revolution 4.0 + IIoT
- Digital Fluency Drives Innovation
- Your Cloud Needs Protecting, Too
- Your building alarm systems could become obsolete. In 2024!
- Zero Trust 2.0: Zero Trust Data Resilience (ZTDR)
- We just got, or got used to, Wi-Fi 6. What is Wi-Fi 7?
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – 4th and Last in a Four-Part Series
- Why 2024 is the Year for AI Networking
- International Women’s Day is Tomorrow – Great Time to Think About…
- Data-Centric Security Step One: Classifying Your Data
- The Network – Unsung Hero of Super Bowl LVIII
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – Third in a Four-Part Series
- Boosting IT Team Performance by Fostering Intuition, Curiosity and Creativity
- Breach Remediation Costs Can Wipeout Bottom Line and Business
- Hoodied Hackers Now Favour Hugo Boss
- What Do You Need to Tell the Board? Business Metrics that CISOs Should Share – Second in a Four-Part Series
- How to Get People to Re-Engage After the Holidays
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – First in a Four-Part Series
- Android Devices MUST be Updated + IT Departments Being Cut as Privilege Escalation Escalates
- Today’s Common Cloud Migration and Management Concerns
- Protect Your Healthcare Network from Cyberattack – Lives are at Stake
- Happy Halloween: Black Cats Lead to Boo….Hoo.
- Insurance Underwriters are Protecting Their Flanks
- Insurance Companies Cracking Down as Cybercriminals Become Better Business Builders
- Scary Cyberattacks Stats
- Parents, Profs and IT Professionals Perceive Back-to-School Through Different Lens
- Zscaler’s new IDTR and other tools that leverage generative AI
- Vanquish Vaping, Vandalism and Villainy
- Fabric for Fast-Paced Environments
- Changes to Cyber Insurance Requirements – What you Need to Know
- Cybersecurity Readiness – Newly Released Report
- Passwords Leaked…Again
- 10-Step Patch Management Checklist
- Remote – Again – For Now… and Still Maintaining Engagement
- Protecting Pocketbooks, Passwords and Property from Pilfering
- Raspberry Robin: Highly Evasive Worm Spreads over External Disks
- Cisco Introduces Responsible AI – Enhancing Technology, Transparency and Customer Trust
- Managing Customer Trust in Uncertain Supply Chain Conditions
- Hope on the Horizon
- Toys of Tomorrow… What will spark your imagination? Fuel your imagination?
- Protecting Purses and Digital Wallets
- The Password that Felled the Kingdom + MFA vs 2FA
- The MOE’s RA 3.0 and Zscaler
- 7 Critical Reasons for MS Office 365 Backup
- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
10 years ago, cybersecurity was not a commonly-used phrase, even within IT departments. Today, the term is not only well-known, but a major concern for organisations of all sizes, in every sector, in every country around the world.
Over the past 18 months, the number and intensity of attacks has increased dramatically because cybercriminals have become more adept at the business behind threat vectors. They are better organized and have better tools – and are seeing bigger returns as a result.
The cost of cybercrimes, taking into account business interruption, was $6 trillion in 2022. Experts estimate the figure will rise to $10.5 trillion by 2025. That’s a 175% increase within two years.
Why? Right now, a hacker attack occurs every 26 seconds globally. According to the FBI and Interpol, approximately 33 billion accounts will be breached in 2023. That’s about 2,328 a day, with 97 cybercrime victims being created each and every hour!
Cybercriminals’ Enhanced Tool Chest Pays Dividends
For years, bad actors focused on deactivating firewalls and antivirus technologies, and tampering with log entries. Now they are becoming more sophisticated.
Cybercriminals started targeting the cloud, especially public cloud, and related infrastructure, as companies migrated more and more of their operations to the cloud. Then, thanks to SASE solutions, perimeters became better protected.
This prompted the crooks to become increasingly resourceful at bypassing or modifying authentication processes, in order to gain access. This includes finding ways to get into higher-privilege accounts. Now, when they do gain access, they’re wreaking more havoc than ever before. Key personnel account access is being removed, proprietary knowledge is being stolen, resources are being deleted, data destroyed, and service not only denied, but completely stopped.
Again, it’s all about access, and Access Brokers are crawling out of the woodwork. Similar to a real estate broker, access brokers have listings of compromised files that are available for purchase. They also actively solicit and train new recruits. The lion’s share of their business though, comes from buying and selling illegal network access to all types of organisations with a focus on the MUSH sector, and mid-size enterprises with 100 – 1,000 employees and somewhere between 50 million and $1 billion in annual revenues
Unsettling for IT Managers responsible for protecting client and employee data: There was a 112% increase in 2022 over 2021 in the number of advertisements for purloined credentials – and double-digit increases since January 2023.
This is especially worrisome because, according to Verizon’s 2022 data breach report, over 80% of the breaches categorized under web application attacks could be attributed to stolen credentials, which allowed attackers to login, rather than breaking-in.
Compounding the problem: It’s a lot easier for people to go to the dark side these days.
On the dark web, phishing tips and multi-approach breach tutorials are plentiful. Ransomware as a Service exists, and there are account managers who will gladly show inexperienced users how infiltrate corporate accounts.
Thanks to ChatGPT and similar tools, more people are entering the hacking fray because they can now get help with the code – and even have it be executed perfectly for them in minutes.
Ironically, in March 2023, a ChatGPT data breach forced OpenAI, its parent company, to take ChatGPT off-line until the matter was resolved.
Lastly, there has been a spike in well-funded, nation-state attacks.
Think You Won’t Be Targeted in a Nation-State Attack? Think Again.
With increasingly distributed networks, and hybrid working a fact of life today, organisations are routinely creating virtual spaces in which stakeholders can work collaboratively. All to the delight of cybercriminal enterprises, because once entry is gained into one corporate portal, the marauders can hop, skip and jump their way seamlessly into the networks of other connected organisations.
The result is that multi-stage, multi-vector attacks have become the norm.
Today, it’s also highly possible that one of the stakeholders with whom you collaborate regularly, or one of the firms within your supply chain, manufacturers its products offshore.
One of these companies may do business with a company in Russia, Iran, North Korea or China (the top sources of nation-state threat activities, according to Microsoft’s Digital Defense Report 2022). Now, your network could be vulnerable to a nation-state threat vector. All it takes is the smallest of security shortcomings somewhere along the line, for a massive problem to be unleashed. It’s akin to a small ocean wave encountering interference of some kind and being transformed into a rogue wave, which can be highly destructive.
This has become so problematic that many insurance companies no longer cover nation-state attacks, likening them to acts of war, which are not covered by most policies.
Protecting Yourself
We often recommend that clients implement a Multi-Factor Authentication (MFA) solution, such as Cisco’s Duo, to ensure that any device trying to access your network, applications and data is actually in the hands of the person to whom it belongs.
Adaptive MFA is also referred to as “Smart MFA” because it uses AI to determine whether or not the authentication process needs to be ramped up, on a case-by-case basis.
In addition to the verifying the actual device, Adaptive MFA considers the user, and the context in which the individual is using the device. The advantage is that it cuts down on the number of times a valid user is required to re-authenticate – and can identify immediately when unusual patterns are occurring.
For organisations not already using some kind of authentication process, this might be one of the best investments they make this year
it is also prudent to regularly review your policies and protocols, continuously coach your stakeholders on how to spot phishing, and to ensure that your patches are always up to date and have been pushed out to all devices and other endpoints.
Lastly, you will want to review your insurance policies, and the criteria for being compliant, so that you are protected in the event of a breach that takes down your network. That being said, insurance carriers are rethinking their coverage strategies.