Cybersecurity Awareness: Risk Management, Malware and Phishing Strategies

By Chuck Brooks, President of Brooks Consulting & Adjunct Professor at Georgetown University

As we observe National Cybersecurity Awareness Month, there have been many significant changes in threats from the previous year.  Because of the increase in connectivity over the past year, the surface of cyberattacks has gotten much worse. Remote work has made a significant contribution to this growth. Malware and hacker breaches into cyberspace have increased in tandem with the capability and connectedness of cyber devices.  The ecosystem of cyber-threat actors has expanded in both magnitude and complexity. 

The government and business attention to cybersecurity in recent years has been mostly focused on responding to the most recent security incident or threat. Because cyber-defenders were constantly one step behind from the start, it has been challenging to mitigate the risks.

Several wake-up calls, such as a significant string of sophisticated threat actor intrusions against numerous high-profile targets such as MGM, MOVEit, T-Mobile, Yum! Brands, MailChimp and more, have exposed a defective strategy for data defense and operating with a passive preparedness, which has led to a shift in the reactive mindset.

The increasing interconnectedness of cyber devices, companies, and apps has led to an increase in cyber intrusions and threats from hackers and viruses. Various criminal enterprises, belligerent nation-states, and loosely associated hackers are among the increasingly sophisticated cyber threat actors.

In the rapidly changing digital landscape, being proactive goes beyond simply employing staff and acquiring new technology. Adopting a cybersecurity framework is also necessary, as certain situations may call for the use of tactical measures, encryption, authentication, biometrics, analytics, continuous testing, diagnostics and mitigation. To put it succinctly, proactive cybersecurity is assisting in maintaining business continuity.

For proactive cybersecurity, there is a wide variety of elements to consider. They include risk management, phishing and malware, cloud computing, public-private partnerships, protecting critical infrastructure and supply chains, and the impact of emerging technologies.

Risk Management is a First and Perpetual Step

Effective cyber threat repercussions strategies revolve around risk management, including incident response and mitigation. It is imperative to stay informed about how the danger landscape is changing and to prepare for any eventuality. Resilience planning, information exchange and situational awareness evaluation must all be prioritized in a risk management strategy.

Protecting key applications and emphasizing data privacy should be the goals of an all-encompassing risk management strategy. This necessitates openness; understanding the precise location of the data, the identities of those attempting to access it, and their actions.

Conducting cyber vulnerability risk assessments are also important to a proactive cybersecurity commitment. Through the rapid identification and prioritization of cyber vulnerabilities, a risk assessment can help you improve overall operational cybersecurity and promptly deploy solutions to safeguard vital assets from malevolent cyber attackers.

Cyber-hygiene best practices, education and training, use policies and permissions, network access configuration, code testing, security controls, applications, device management, application controls and routine network audits are all important components of an all-encompassing risk management strategy.

Having strong passwords that are difficult to guess through social engineering is another aspect of cyber hygiene. Furthermore, multifactor authentication is a smart move and a useful defense against less complex threats. In today's business world, training staff to identify malware and phishing attacks is essential. Also, developing a resilience strategy is crucial.

Government Risk Management Initiatives

Nowadays, because of the morphing cyber-threat landscape, the government has promoted frameworks for enhancing risk management. These initiatives include Zero Trust, Defense in Depth, and Security By Design. 

Zero trust emphasizes stringent identity and access control upheld by appropriate authorization and authentication to safeguard resources (assets, services, workflows, and network accounts). The Defense in Depth security process comprises redundant preventive security tools and measures.

Since the Internet was not built with any security in mind, Security By Design mandates security as an integral element of every network and system that is being built, especially when replacing dated legacy Operational Technology (OT) and OT systems.

Phishing and Malware

In terms of cyber-threat statistics, phishing continues to be the most dangerous, mostly because of the increasing prevalence of remote work and mobile devices.

The preferred method for many hackers is phishing. Phishing is understood to be a method used by hackers to distribute malware or steal your important data. A targeted phish can fool anyone, particularly if it appears as a personal email from a higher-ranking employee or a bank, company, or website you frequently visit.

Phishing software can be web-based, but it typically arrives through email attachments. These days, phishes can be extraordinarily complex. The images used to imitate emails or texts from banks, businesses, jobs, and even friends are much more sophisticated than the poorly typed and corny phishing attempts from ten years ago, and the tools are available on the Dark Web. Additionally, thousands of them are sent automatically, thanks to machine learning/artificial intelligence tools.

Ransomware attacks often accompany phishing and can be launched quickly by the accidental click of a mouse or a visit to a website with embedded malware. Unfortunately, criminal hackers can be hard to track down and punish as they often are compensated with cryptocurrencies and prepaid cards. Businesses can safeguard themselves with a variety of anti-ransomware software tools at their disposal. Furthermore, any company's risk management plan should include backing up, isolating, and encrypting sensitive data in case they are hacked. 

Stay tuned for Part 2 of this Cybersecurity Awareness blog series where I'll shed light on the critical need for close collaboration with cloud providers to encrypt and protect data, emphasizing the establishment of robust incident response strategies to swiftly tackle potential compromises.