Cyber Defense eMagazine July 2021 Edition
Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine July Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, Co-founder & International Editor-in-Chief, Stevin Miliefsky, President and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
The growing threat<br />
In the last 12 months, the percentage of organizations experiencing a cyber-attack jumped from 38% to<br />
43%, according to Hiscox data, and 73% of those victims experienced more than one attack. A paltry 9%<br />
reported they were able to defend the attack with no impact on operations. Stronger defenses and better<br />
preparation are required to avoid potential disaster.<br />
Beyond the disruptive impact of ransomware or DDoS attacks, there lurks the even worse threat of a fullblown<br />
data breach. It takes 280 days on average to identify and contain a data breach and costs $3.86<br />
million, according to the Ponemon Institute. It’s far better to spend a fraction of that amount to bolster<br />
your defenses and harden your security posture.<br />
The question is where to spend it to ensure the greatest impact.<br />
Phishing and BEC attacks<br />
We know that malware can usually be traced back to a phishing attack. Threat actors are increasingly<br />
picking their targets and getting smarter about how they approach them. Spear phishing is on the rise<br />
and sophisticated attacks employ stolen credentials to attack laterally. If a message or email appears<br />
legitimate, or worse comes from a colleague’s account that has been hacked, the risk of someone clicking<br />
a link or downloading a file and triggering a malware installation is much greater. The unpleasant truth is<br />
that anyone can be fooled. Employees of all levels can fall victim to phishing scams.<br />
Business Email Compromise (BEC) is also a serious concern, with the FBI reporting $1.8 billion losses<br />
through BEC, which is a staggering 42% of the cybercrime loss total. Much more sophisticated and<br />
targeted at CEOs, CFOs, and other high-ranking executives, BEC can be the result of months of<br />
reconnaissance, with attackers building complex infrastructures and hacking multiple accounts in pursuit<br />
of a big payday.<br />
Spending effectively to boost security<br />
The temptation to sink any budget increase for cybersecurity into a tool or platform that promises to<br />
safeguard your data is understandable, but there’s a better way to strengthen your security. If we accept<br />
that security systems can always be bypassed by persuading people to unwittingly grant access, then<br />
it’s clear that the best way forward is to educate and empower your workforce.<br />
Security awareness training is crucial because by teaching people to spot the common signs of a phishing<br />
attack will develop the muscle memory you want to see.<br />
Establish a baseline before you begin and set targets for improvement with periodic tests, such as mock<br />
phishing campaigns, to determine what progress has been made. Test results and any real-life security<br />
incidents that occur should be leveraged as learning opportunities and used to inform ongoing training.<br />
Make sure that you combine training with stronger security controls and strict procedures. At the shallow<br />
end, you have to provide phish alert buttons to make it easy to report suspicious emails. Reports should<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>July</strong> <strong>2021</strong> <strong>Edition</strong> 43<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.