In the new series MIDMRKT Local, Symantec and MIDMRKT Suite partner to bring together local IT executives for interactive discussions on cybersecurity.
Thus far, we’ve met with nearly 100 executives in the following cities:
- Alexandria, Virginia
- Salt Lake City, UT
- Minneapolis, MN
- Milwaukie, WI
Here’s a recap of what we’ve learned thus far!
There are a multitude of threats that make cybersecurity an overwhelming endeavor for many IT departments, but emails and websites continue to be the most common, most damaging entry points for hackers. The increasing number of remote workers and fake sites over the past years amplifies these threats significantly. Even so, the most challenging realization for many organizations is that these threats often originate from within the company.
Many attendees have shared that security threats, from both emails and websites, often come from an employee inside the organization. In order to mitigate these threats, education or training is very common, but identifying an employee with bad intentions is still challenging.
Preparing for internal threats is a delicate situation. Organization must balance productivity and efficiencies with monitoring and restrictions. Often times what’s at stake is employee morale. Excessive monitoring and unnecessary restrictions can lead to a culture of fear or distrust, paralyzing or obstructing productivity.
At the local events, the attendees have overwhelmingly agreed that a focus on employee engagement and training can create a more positive and secure work environment. Also beneficial is an attentive HR department, which can help identify and prevent internal security threats.
Even employees that are less technologically inclined have caught onto the classic phishing emails and scams. Many organizations have set up their own sophisticated phishing campaigns to help educating employees about odd looking links or senders. Employees, at this point, have become more aware of scammers asking them to donate money or send a ransom, which is progress. The problem is that email threats are becoming increasingly sophisticated, with some containing links that can fool software and services that are explicitly designed to detect email threats.
In Salt Lake, one attendee noted a phishing attack so severe that an internal employee ended up wiring $1M to the hacker. For many midmarket companies this would be crippling.
In Alexandria, attendees discussed a giant in cybersecurity. Emotet is a banking trojan that has evolved significantly over the last year to produce extremely deceptive and malicious email campaigns. These emails infect recipients through attached word documents, PDF files and links to fake websites designed to gather sensitive information. Commonly used to attack local and federal government agencies, Emotet infections have been known to cost as much as $1 million of damage per incident.
In order to protect their organizations from the growing threats, attendees concluded:
- Invest in antivirus software.
- Keep all software systems updated to the latest patch.
- Educate employees to think before they open any link or attachment in an unsolicited email.
With the growing population of remote workers, it's also essential to protect devices even when they're not on an organization's local network. As such, many companies are turning to cloud access security brokers to help protect a remote workforce that is accessing sensitive data from around the world.
Finally, in protecting yourself from email threats, point solutions or products aimed at preventing a specific risk should not be the only line of defense. Today's email threats evolve far too quickly for point solutions to be practical over an extended period.
Website threats are equally as common and dangerous as malicious email campaigns. Cryptojacking is one of the fastest-growing new threats, having increased by an alarming 459 percent in 2018, according to a Cyber Threat Alliance report. Cryptojackers can infect your website with a single line of code from their mining algorithm and then slow your device to a crawl as they use your computing power to mine for cryptocurrency. All of the conventional content management systems are vulnerable and can be exploited, with WordPress sites being some of the most common cryptojacking victims.
In addition to making devices hardly functional and able to complete work, cryptojacking causes computers to use an absurd amount of power. According to MarketWatch, it costs US$4,758 in power consumption alone to mine a single bitcoin. Considering that two cybercrime groups, Alpha and Beta, have been able to steal more than 1 billion dollars in cryptocurrency, the power consumption costs of unsuspecting victims are ludicrous. Cryptojacking might not involve hacking directly into your bank account, but you are still paying a hefty price.
Maintaining good cyberhygiene is the best way to protect yourself from cryptojacking and similar website threats. Protection ideally involves creating a routine or set of procedures that all device users within an organization can maintain to keep systems secure and running smoothly.
About MIDMRKT Local
If you like to learn more about MIDMRKT Suite or our Local events, please visit us at http://www.midmrkt.com. We offer a number of services for both midmarket IT executives and solution providers.