How Apple’s Stance on Privacy May Impact Device Security in the Near Future

How Apple’s Stance on Privacy May Impact Device Security in the Near Future

In recent months, Apple has taken steps to improve user security and privacy. In February 2020, Apple announced that they had joined the FIDO (Fast Identity Online) Alliance. The Alliance’s goal is to help augment less secure forms of identity verification (such as passwords) by pairing them with more secure forms of authentication such as security keys and biometrics. Though this is noteworthy, Apple is also one of the last large tech companies to join the Alliance, whose ranks already included Amazon, Google, Facebook, and Microsoft.

The release of iOS 14 last September brought with it improved security features, and though users have been overwhelmingly supportive of these changes, advertisers such as Google and Facebook are much less enthusiastic.

What is the FIDO Alliance?

FIDO Alliance was founded in 2012 by a group of tech companies, including PayPal and Lenovo, with a mission to create authentication standards that reduce society’s reliance on passwords by promoting the widespread adoption of multi-factor authentication U2F tokens and biometrics

The Alliance aims to replace password-only logins with more secure login experiences for both websites and apps by promoting other forms of authentication, including security keys and biometrics (such as voice authentication, fingerprint scanners, and facial recognition). 

Apple added the ability to use FIDO-compliant security keys during its 13.3 iOS update.

What New Features Does iOS 14 Bring With It & How Do They Aim to Improve Security?

iOS 14’s new security features include:

Camera & Microphone Use Alerts

Though all apps on iOS already had to explicitly ask for permission to use the camera and microphone, starting with iOS 14, you will now be alerted whenever an app is accessing your camera or microphone. This is done using a dot in the upper right-hand corner: A green dot means your camera is currently in use, and an orange dot means the app is using your microphone.

The goal of this feature is to ensure you are never recorded without your knowledge.

Limit Photo & Location Access

This update offers a more granular configuration for your photo and location settings. This allows you to specify whether an app can never access location data, always access location date, or only access this data when the app is open or when you have granted explicit permission. 

The new Precise Location toggle switch also allows you to grant an app permission to know your general location while keeping your exact GPS coordinates private.

This update also allows users to specify whether apps can access all, none, or a few select photos.

Flagging Bad Passwords

Though Apple has had the ability to sync your login credentials across various accounts on your Apple hardware via iCloud for a while now, they have now implemented a password monitoring system that will alert you if your credentials are spotted during a data breach. This helps ensure potentially compromised credentials can be changed as soon as possible.

Discouraging Wi-Fi Tracking

Whenever a device connects to the internet, it is assigned a MAC (media access control) address, which allows your local network to keep track of the device. In recent years, internet service providers and, by extension, advertisers have been using this data to determine the time and place of your device when you log in. 

To discourage this form of tracking, iPhones are now granted a new MAC address for each unique wireless network they connect to. This means your iPhone or other Apple device will have one MAC address for your home network, one for your work network, etc. 

This feature is enabled by default on every new network you connect to.

Keeping an Eye on Your Clipboard

Data grabbing apps have proliferated in recent years, snooping on your clipboard even if you haven’t given them permission to do so. iOS 14 means that you are alerted when an app accesses your clipboard: if you just copied or pasted something, that is fine, but if you haven’t, you now know the app you are using is likely gathering data without your permission for their own purposes.

Most app companies quickly re-configured their products to eliminate this form of unauthorized data collection once Apple implemented this feature during beta testing and made this behavior public, but this feature helps ensure that underhanded app companies are no longer tempted to snoop where they aren’t explicitly welcome. 

Privacy Reports from Safari

Though Apple has blocked cross-site tracking cookies in Safari for quite some time (a feature that makes it more difficult for advertisers to string together your browsing history across various websites), this feature has been improved in iOS 14 by adding the privacy report feature

This feature gives you more details regarding what effect this blocking has on your browsing by showing you how many individual trackers on each page have been blocked over the past month. The reports don’t have an interactive component but do provide helpful information.

Coming Soon – Limiting App Tracking 

Though pushback from advertisers means this feature won’t be fully implemented until sometime in 2022, there are still steps users can take now to curtail apps’ ability to track you outside of the actual app itself.

However, even if you don’t explicitly give an app permission to track you, they may still try to do so per their individual privacy policies, curtailing users’ ability to opt-out of advertising tracking until this new feature is fully implemented. 

Coming Soon – Improved Access to App Privacy Information 

Though this feature is also not yet live, Apple did announce that one iOS 14 feature that is also coming soon is app privacy cards. These cards are designed to give users a clear picture of the types of data each app collects and how that data is used.

What Does This Mean For Advertisers?

It’s become common wisdom that if a product or service is “free,” then the users (or, more specifically, the data they generate) is the real product. Apple’s approach to improved privacy and security, even with significant compromises on limiting app tracking, has the potential to severely impact the ad targeting business. While this is good news for users, advertisers are not as excited.

Facebook, in particular, has already pushed back hard, announcing that its Audience Network will no longer use IDFA (identifier for advertisers) gathered from iOS devices because they can no longer guarantee the quality of that data collected. Google has also announced that they will remove select forms of advertiser tracking technology from popular apps (including Maps and YouTube) in response to Apple’s decision. 

“When Apple’s policy goes into effect, we will no longer use information (such as IDFA) that falls under ATT [the App Tracking Transparency feature] for the handful of our iOS apps that currently use it for advertising purposes. As such, we will not show the ATT prompt on those apps, in line with Apple’s guidance.“ Google Ads’ group project manager Cristophe Combette stated in the blog post responding to Apple’s changes.

Though GDPR and CCPA opened the door for more transparency into what information is gathered and used to track users, this change from Apple could represent a turning point when it comes to data security and privacy. Having agency over what data is collected (and how) is critical for any good cybersecurity posture by helping you maintain full visibility into your infrastructure by better monitoring endpoint activity. For more information about cybersecurity, or find out how your team can better safeguard your digital assets, please contact our team today.

The Shift From Cybersecurity Being a Want to a Need Just Happened

The Shift From Cybersecurity Being a Want to a Need Just Happened

The SolarWinds attack has shaken the technology and cybersecurity spheres to their core, compromising the security of both private businesses and the US government alike. This wide-reaching attack has brought the issue of poor cybersecurity within the US government to the foreground after years of insufficient action.

This devastating attack, the full extent of which is still unknown, does offer a silver lining: demonstrating the importance of good cybersecurity. 

Remote Work Brings With it Increased Cybercrime

Remote work has come hand in hand with an increase in cybercrime as organizations adapt to employees logging on from less-secure home networks populated with various IoT and other devices, creating multiple unsecured or insufficiently secured entry points onto the network. Cybercriminals are taking advantage of these vulnerable entry points to access private data and critical systems and shifting tactics to better take advantage of unsuspecting victims as the pandemic rages on

Lessons From the SolarWinds Attack

First discovered by the cybersecurity company FireEye in December of 2020, the SolarWinds attack allowed nation-state attackers (believed to be affiliated with the Russian government) to push malicious updates to a popular network monitoring product. This attack also created a backdoor in affected systems, providing attackers with ongoing access to inject more malware.

This incident has demonstrated the power of supply chain attacks (when malicious actors infiltrate networks via an outside partner or provider with access to a company’s systems and data) and highlighted the unfortunate reality that many organizations remain unprepared to detect, prevent, and address such attacks.

Cybersecurity Shifts From a Want to a Need

The biggest lesson to learn from the SolarWinds attack is that having a robust cybersecurity posture is no longer just a nice-to-have. Remote work has also made many organizations particularly vulnerable to attacks like the one perpetrated against SolarWinds as companies grapple with keeping remote workers secure.

What Should I Do? Cybersecurity Basics to Get You Started

Creating cybersecurity policies to safeguard your digital assets may be daunting, but there are a few basic steps every organization needs to take:

Create a Cybersecurity Incident Response Program

We’ve created a comprehensive guide to help your organization craft a robust yet flexible cybersecurity response program. It involves laying the groundwork by collecting critical documents, allocating resources, conducting risk assessments, and training your employees how to identify and respond to potential threats. Having a plan ahead of time is crucial since cyberattacks tend to unfold quickly, and ad hoc responses and decision-making processes are rarely sufficient to prevent or minimize damage.

Keep Your Software Up to Date

Making sure your software is kept up to date, and that outdated and unused programs are removed from your systems is one of the easiest things you can do to improve your cybersecurity posture. When software companies discover flaws or vulnerabilities in their products, they address them by issuing patches (snippets of code that correct the issue). However, you can only take advantage of these fixes if you download the patches.

Recently patched software is a common target for cybercriminals since not all users are vigilant enough to download the patch as soon as it becomes available. This means that cybercriminals often target recently patched software in an attempt to gain access to private or sensitive information.

You should also remove any unused or out-of-date programs from your systems, particularly if the software is no longer maintained. Software that is no longer being maintained may contain unpatched vulnerabilities or flaws, leaving your entire network vulnerable. Unused programs may contain vulnerabilities that leave your network exposed, but because these programs aren’t being opened and used regularly, your team may not discover these issues until they have already been used against you.

Remove Permissions as Part of Your Offboarding Process

While most organizations have fairly robust onboarding processes, many don’t put nearly as much time and effort into creating equally comprehensive offboarding processes. To help safeguard your network, make sure that all accounts of former employees are removed so that these login credentials cannot be used. 

Even if your former employees don’t plan to access their old accounts, these unmonitored logins present a tempting possible entry point for cybercriminals. Old accounts are particularly useful to cybercriminals because no authorized users are monitoring them regularly, which means the criminal’s actions are less likely to be detected.

Stay Up to Date on Threats

You can’t defend yourself against a threat you don’t know to look for. Make sure your team is keeping up to date on the latest and most common cybersecurity threats.

Common threats include:

Review Your Current Protocols Regularly

Once you have laid the groundwork, you need to look for potential threats, investigate them thoroughly, and take remediation steps. Once a threat has been dealt with, you should take the time to evaluate how effective your response was so any shortfalls can be addressed promptly.

Even if you don’t experience an attack, your team should still be regularly auditing your current protocols and procedures to ensure they are up to date and continue to meet your needs. You may also want to consider conducting a pen (penetration) test, which involves hiring an ethical hacker to stress-test your defenses and look for vulnerabilities. Once the test is complete, your hired hacker shares their findings with your team, detailing which vulnerabilities they were able to exploit and how, and offers their professional advice for addressing these security shortcomings. These tests allow you to identify and address issues before cybercriminals can exploit them.

Invest in Employee Training

In many instances, your employees are your first line of defense. Training your employees to identify suspicious activities and ensure they know who to report their suspicions to is a critical component of any cybersecurity posture. All new hires should undergo extensive cybersecurity training, and all team members should undergo refresher training regularly.

To help your employees put their new knowledge and skills to the test, you may also want to consider running tabletop exercises. Like fire drills, tabletop exercises present your team with a hypothetical scenario which they need to address. This approach allows your team to practice their skills in a no-stakes environment and test if your current cybersecurity posture and protocols are meeting your needs. Once the exercise is complete, your team sits down to discuss what went well and what did not so that these shortcomings can be addressed as soon as possible. 

How VirtualArmour Can Help

Safeguarding your digital assets is critical, but many organizations find this task daunting. That is why the experts at VirtualArmour are here to help. Our team can help you audit your current posture for vulnerabilities and create a robust plan to address these security shortcomings. We offer a wide selection of managed and professional services, including:

To learn more about the steps your organization needs to be taking to safeguard your digital assets or to start improving your cybersecurity posture, please contact us today.

I’ve Been Hacked! What Should I Do?

If you have experienced a cybersecurity incident please contact our team right away to find out what steps you need to take to minimize damage and prevent future attacks.

Further Reading

Learn more about cybersecurity, the steps you need to take, and the threats that are out there with these select articles from the VirtualArmour blog.

Cybersecurity Basics at the Organizational Level

Building a Cybersecurity Incident Response Program

The SMBs Guide to Getting Started with Cybersecurity

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Keeping Your Network Secure in a “Bring Your Own Device” World

19 Essential Cybersecurity Best Practices

Cybersecurity Basics at the User Level

How Fear Motivates People to Click on Spam

5 Old School Hacking Techniques That Still Work (& How to Protect Your Data)

Airports are a Hacker’s Best Friend (& Other Ways Users Expose Themselves to Risk)

Common Threats

Our Predictions for the 2021 Cybersecurity Environment

Hackers Are Increasingly Targeting People Through Their Phones

Everything You Need to Know About Ransomware (2019 Edition) 

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront It?

Don’t Let Phishing Scams Catch You Unaware

DNS Spoofing: What It Is & How to Protect Yourself

Cryptojacking: Because Every Currency Needs to Be Protected

If You Experience an Attack

Hacked? Here’s What to Know (& What to Do Next)

The SMBs Guide to Getting Started With Cybersecurity

The SMBs Guide to Getting Started With Cybersecurity

The recent SolarWinds hack is just one of many incidents that demonstrate the importance of good cybersecurity. Too many SMBs still believe they are too small to be targeted by cybercriminals, but in recent years the number of attacks on small and medium-sized organizations has continued to rise. The Ponemon Institute’s 2019 report found that two-thirds of the world’s SMBs had experienced a cyberattack as of 2019, yet at the time, 45% of those same surveyed businesses reported that their cybersecurity posture was “ineffective”.

Safeguarding your organization and its digital assets may seem like a daunting task, but in the digital age, a robust cybersecurity stance is essential. In this article, we will discuss common threats to look for, as well as concrete steps your organization can take to protect itself from cybercriminals, and ways the Virtual Armour team is here to help.

Common Cyber Threats to Watch Out For

Cybercriminals, also called hackers, use many tactics to target businesses of all sizes. However, because of the pervasive idea that SMBs are less likely to be targeted, smaller organizations are less likely to be prepared.

Social Engineering (Including Online Scams & Phishing Scams)

Social engineering, a common tactic used in phishing scams, including spam, involves manipulating unsuspecting victims into granting access to restricted systems or data or revealing private information such as usernames and passwords. 

Social engineering can take several forms. Phishing scams involve sending potential victims an email impersonating a trusted individual or organization (such as your boss or your bank) and using that previous relationship built on trust and authority to trick you into doing what the cybercriminal wants you to do. At its core, social engineering uses basic human psychology (such as our predisposition for helping others or trusting organizations we do business with) against us to manipulate our actions. 

Ransomware

Ransomware is a type of malicious software (or malware) used to prevent legitimate users from accessing their data and systems. Once the legitimate user is locked out, the cybercriminal demands a ransom and promises to restore access if the ransom is paid. 

Ransomware can easily cripple an organization of any size as daily activities grind to a halt. Even if the ransom is paid, recovery can be a challenging process. Depending on the systems or data affected, you may require the assistance of a cybersecurity expert.

While some organizations choose to take the financial hit and pay the ransom, there is no guarantee the cybercriminal responsible will hold up their end of the bargain once the money has been handed over.

The costs associated with ransomware also typically extend beyond the ransom itself. You may also:

  • Need to replace damaged data or hardware and recover any data that has been lost. 
  • Experience a loss of income due to business disruptions
  • Incur additional IT costs in the form of overtime wages, increased security costs, and the wages of any additional personnel required during the recovery phase. 
  • Need to pay for a cybersecurity investigation and forensics services (if you experienced a data breach as part of the attack)
  • Likely need to invest in further employee training to help safeguard against future incidents.

Depending on the nature and scale of the attack, your organization may also suffer reputational damage, which you may or may not be able to recover from.

DDoS Attacks

DDoS (Distributed Denial of Service) attacks can be performed by either large, coordinated groups of cybercriminals or a handful of cybercriminals controlling a large number of bot computers (computers controlled by programs that allow them to perform automated tasks on command). 

During a DDoS attack, all of the cybercriminals or their bots hammer your server with requests, overloading it and causing it to crash. This can potentially paralyze your business as business activity grinds to a halt. When the server is down, legitimate users such as employees or customers are unable to access the targeted server or any websites or applications hosted on it. 

Cybersecurity Basics

Now that you know what sort of threats are out there, what steps can you take to safeguard your organization against them?

Create a Cybersecurity Incident Response Program

The first thing you need to do is create a cybersecurity incident response program. For more information on how to do this, please read our article Building a Cybersecurity Incident Response Program

Creating a response program begins with making critical decisions (such as who is responsible for what and how resources should be allocated during a crisis) before an attack occurs. Attacks tend to unfold quickly, so an ad hoc response developed in the moment won’t be sufficient. By preparing ahead of time, you can ensure there are no gaps in your policies and procedures that could hinder your response efforts.

Next, you need to preemptively look for potential threats. You can’t respond to a threat if you don’t know it is there. This proactive approach gives you a heads up on any potential threats so you can adjust your tactics and strategy to best safeguard your digital assets.

Should an incident occur, your top priority should be to contain it before it can do any significant damage. Once the threat has been contained, then you can shift your focus to eradicating the threat so it can’t be weaponized against you again and ensure all unauthorized users are locked out of your system.

Once the threat has been dealt with, you will need to move into the recovery and remediation phase. This involves notifying any impacted external entities (such as customers and relevant governing organizations) and telling them what happened and what damages your organization has suffered. This is also the phase where you gather evidence for later review. This phase focuses on the root cause analysis, which identifies the primordial problem and lets you determine what steps you can take to effectively remedy the situation. 

Finally, when the investigation is complete, you and your team should review the efficacy of your response. Identifying any gaps or weaknesses now gives you a chance to address them before your organization is threatened again.

Review & Audit Regularly

As part of your regular operations, you should be auditing and reviewing your cybersecurity posture regularly. To help you do this, the Virtual Armour team created a handy checklist: Cybersecurity Spring Cleaning: It’s Time to Review Your Cybersecurity Best Practices.

Make sure you are regularly:

  • Reviewing your password guidelines
  • Auditing your current cybersecurity programs
  • Reviewing your endpoint protection protocols
  • Ensure all your software is up to date
  • Review your cybersecurity protocols and schedule refresher training for all employees

You may also want to consider conducting pen (penetration) tests. Pen tests involve hiring an ethical hacker to stress test your cybersecurity defenses and look for gaps that cybercriminals may be able to exploit. Once the test is complete, the ethical hacker sits down with your team to share their findings and offer expert advice on steps you can take to better fortify your network.

Invest in Employee Training

Cybersecurity is everyone’s responsibility. Even the best plan is only useful if everyone on your team knows how to implement it effectively, and even the most diligent employee can’t follow your cybersecurity best practices if they don’t know what they are.

Employees should undergo cybersecurity training as part of your onboarding process, and all employees from the CEO down should receive regular refresher training. All employees need to:

  • Understand why cybersecurity is important
  • Know what protocols are in place and why
  • Know how to identify suspicious activities
  • Know who to report suspicious activities to
  • Know what steps they need to be taking to help safeguard your organization

As part of your refresher training, you may want to consider conducting tabletop exercises. Tabletop exercises work like cybersecurity fire drills: allowing your team to respond to a hypothetical cybersecurity incident in a zero-stakes environment. Tabletop scenarios allow employees to put the information they learned in cybersecurity training to the test and try out your current protocols, so they are well-practiced should an actual incident occur.

When the exercise is finished, you can sit down with your team and review the efficacy of their response as well as the efficacy of your existing protocols. This gives you a chance to identify any deficiencies and create solutions before your organization is actually threatened and helps keep response protocols fresh in your employees’ minds. This is also an excellent way to familiarize employees with any changes or updates to your cybersecurity incident response plan.

For more information, please consider reading our article Cyber Hygiene 101: Basic Steps to Keep Your Company Secure.

What to Do if Your Organization is Hacked

If your organization has been hacked, please contact our security team straight away and consider reading our article Hacked? Here’s What to Know (& What to Do Next).

Need a Hand? Virtual Armour is Here to Help!

All of this may seem daunting. Not everyone is a cybersecurity expert, and that is okay. That’s why the experts at Virtual Armour are here to help. We can work with your organization to identify current deficiencies in your cybersecurity plan, help you create your cybersecurity incident response program, and help you respond and recover from an incident should one occur. 

We also offer a variety of managed services, including 24/7/365 network and endpoint monitoring and a guaranteed rapid response time. We have extensive experience working with a variety of industries, including finance, healthcare, retail, and energy, and we have extensive experience working with service providers.

For more information about what steps you can take to begin fortifying your cybersecurity posture or begin the fortification process, please contact our team today.

Further Reading

For more information about threats to look out for, steps you can take, and other cybersecurity news, please consider reading our blog.

Some articles and resources you may be interested in include:

Cybersecurity Basics & Best Practices

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Common Threats & How to Safeguard Against Them

The Modern Hacker: Who They Are, Where They Live, & What They’re After

How Fear Motivates People to Click on Spam

Don’t Let Phishing Scams Catch You Unaware

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Everything You Need to Know About Ransomware (2019 Edition)

Cybersecurity & Infrastructure Security Agency Ransomware Guidance and Resources

Reports & Statistics

Ponemon Institute Library

Our Predictions for the 2021 Cybersecurity Environment

Our Predictions for the 2021 Cybersecurity Environment

2020 was a rough year for all of us, particularly from a cybercrime perspective. As businesses and schools rapidly pivoted to remote work and remote learning, many cybercriminals changed their tactics and adjusted their focus to take advantage of the situation as well as user uncertainty and fear.

As working and learning from home remain the norm for many individuals and businesses around the world, cybercriminals are poised to continue aggressively targeting users specifically using a blend of online and offline tactics

Fortunately, there are many steps your organization can take to better safeguard your digital assets against cyberattacks. As cybercriminals adjust their tactics, businesses of all sizes need to remain agile and stay up-to-date on the latest cybersecurity threats.

2021 Top Cybersecurity News

The Ongoing Fallout from the SolarWinds Attack

The SolarWinds attack, which infiltrated both the US Treasury and the Department of Homeland Security as well as a number of private organizations, rocked the cybersecurity world. Uncovered last December, this wide-reaching, devastating attack is believed to be the work of the Russian Intelligence Agency’s Foreign Intelligence Service and may have been launched as early as March 2020.

This supply-chain attack used malware to infect the networks of most, if not all, of SolarWinds’ customers via a software update. However, because the Russian attackers have had access to a wide number of networks for as long as several months, security experts are still working to determine exactly how widespread the attack was and what sensitive data and systems have been compromised. 

Even once experts know the full extent of the attack, the remediation process will be long and grueling. Entire enclaves of computers, servers, and network hardware across both federal and corporate networks will need to be isolated and replaced even as security teams continue to hunt for evidence of malware, determine what information has been compromised, and create and implement strategies to mitigate loss and damage. 

Number of Cyberattacks Expected to Rise

In addition to dramatically changing how we go about our daily lives, COVID-19 has also provided a convenient cover for cybercriminals as they shift their attack vectors away from large, well-guarded corporate networks to small, potentially vulnerable home networks. One study suggested that, in 2021, a ransomware attack on a business is likely to occur every 11 seconds, up from every 40 seconds in 2016. 

INTERPOL’s assessment of the impact of COVID-19 on cybercrime has shown similar trends, with targets shifting away from major corporations, governments, and critical infrastructure in favor of small businesses and individuals. 

2021 Cyber Attack Trends

User-Targeted Attacks Expected to Rise

As workers swap their cubicles for their kitchens, cybercriminals have changed tactics accordingly. The work from home model has brought with it a rise in successful attacks, at least in part because users are more likely to use personal devices (which are often less secure) for work-related activities.

As users log in from home, they create personal islands of security: a model where each user is effectively following different (often lax) security protocols. When workers are onsite, all of their traffic is routed through your business’s network, which is likely closely monitored by a professional security team. However, without a dedicated security team watching every employee’s home network and personal device, your organization is exposed to increased risk.

Cybercriminals are taking advantage of this increased attack area to create personalized attack chains. While traditional tactics often involved a “spray and pray” approach (where cybercriminals used generalized social engineering attacks, such as the classic Nigerian prince scam, to target a large number of users in the hopes that a few would bite), recent trends have seen a rise in hyper-personalized attacks that target specific uses with privileged access to sensitive infrastructure, data, and systems. 

While this approach is more time-consuming (since attackers need to identify and profile specific individuals to create the targeted attack), this approach is more likely to yield shorter attack-cycles, making it increasingly difficult for organizations to identify and stop attacks in progress.

Another user-focused trend to watch out for is cybercriminals increasingly targeting individuals via their phones.

A Blend of Online & Offline Tactics

The work from home era has forced cybercriminals to adapt their tactics, but unfortunately, many have done so successfully. One tried-and-true cybersecurity attack, the phone scam, has seen a resurgence.  

COVID-19 Scams Continue

According to the FCC, many cybercriminals are taking advantage of the fear and uncertainty around COVID-19 to trick unsuspecting victims into revealing sensitive personal information using social engineering. These include phone calls, emails, or text messages offering “COVID-19 kits”, “Coronavirus packages”, or Medicare benefits related to the virus. Scammers use these promises of assistance to try and convince potential victims to hand over sensitive information such as bank account details, social security numbers, or medicare numbers. 

A similar but related scam involves scammers offering “relief payments” from government agencies. These calls, text messages, and emails typically follow a general format: The caller says you have been approved to receive money, either via a relief payment or a cash grant or even via a low-interest small business loan and then asking for personal information (to “verify your identity”), banking information (so they can charge you a small “processing fee”) or both. Some scammers also ask for payment via cryptocurrencies (such as bitcoin) or gift cards. 

If you are located in the United States and are targeted by scammers, please report your encounter to the FCC.

Fake Tech Support Scams on the Rise

Another twist on the phone scam is the fake tech support scam. This follows a similar format to the scams discussed above but involves cybercriminals asking users to grant access to their computers so they can “conveniently” fix a tech support problem you weren’t even aware you have. 

Criminals then use this access to install malware, add backdoors for future access, or log keystrokes (to capture usernames, passwords, banking details, and other sensitive data). 

SMBs Likely to Invest More in Cybersecurity

As cyber threats continue to rise in 2021, small and medium-sized businesses are, particularly at risk. This is because, unlike large, enterprise-level organizations, many smaller organizations still believe that they are less likely to be targeted.

According to research conducted by Analysys Mason and reviewed in Forbes 2021 cybersecurity predictions, SMBs cybersecurity spending (including services, hardware, and software) is projected to grow by 10% between 2019 and 2024, creating an $80 billion market.

Safeguarding Your Organization in 2021

The best thing you can do to safeguard your organization’s digital assets is be proactive. Make sure you are up to date on all the latest cybersecurity threats and have a well-rounded and up-to-date cybersecurity incident response program in place

You should also assess your current cybersecurity posture regularly to ensure it is continuing to meet your needs, and you may want to consider conducting pen (penetration) tests to stress-test your current defenses. You should also make sure that all new employees receive cybersecurity training as part of their onboarding process and that all workers undergo refresher training regularly. You may also want to consider conducting tabletop exercises to give your team a chance to test their cybersecurity response skills in a no-risk environment. 

Virtual Armour is Here to Help

Safeguarding your organization from cybersecurity threats can be a lot to handle, particularly if you aren’t already a cybersecurity expert. That’s why Virtual Armour is here to help. Our team of experts can review your current practices with you, help you identify weaknesses, and create a plan to strengthen your defenses. We are also able to monitor your infrastructure, firewall, and endpoints 24/7/365 for potential threats and help you mitigate or even avoid damage should an incident occur. 

We have extensive experience working with service providers as well as organizations in a variety of industries and verticals, including healthcare, finance, retail, and energy

For more information about our service offerings or to find out what you can do to safeguard your digital assets best in 2021, please contact us today.

The Digital Partridges in the Cybercrime Pear Tree

The Digital Partridges in the Cybercrime Pear Tree

The holidays may be a time for spending time with loved ones and exchanging gifts, but the gifts cybercriminals bring aren’t jolly at all. 2020 Has been a rough year, and many organizations have felt the strain, particularly when it comes to cybersecurity and adapting to the changing tactics cybercriminals are employing. 

This year, give your organization the gift of a good cybersecurity posture by taking steps to safeguard your digital assets.

The Cybercrime Pear Tree: How the Sudden Shift to Remote Work Has Changed the Workplace Landscape

The sudden pivot to remote work earlier this year left many organizations scrambling to continue daily operations and minimize disruption, which means cybersecurity may have fallen down your list of priorities. 2020 saw an increase in the number of cyberattacks and brought with it new attack surfaces. Paired with a distracted workforce and unanticipated staffing shortages in a multi-stress environment, 2020 created very favorable conditions for cybercriminals that are likely to continue into 2021.

Cyberattacks on the Rise

Since the onset of the COVID-19 pandemic, the FBI has seen a 400% increase in the number of reported cyberattacks, and ransomware attacks (one of the most common forms of attack) are increasingly targeting small and medium-sized businesses.

While key industries such as healthcare, manufacturing, financial services, and public sector organizations such as the WHO remain targets, financial institutions such as banks are now fending off nearly three times as many cyberattacks as they have been in previous years. Many of these attacks originate as phishing emails that either trick workers into handing over sensitive data or contain malware.

Cybercriminals are also increasingly targeting people through their mobile devices.

Shifting Attack Surfaces

The continued shift to remote work has meant that many organizations are relying on new and unfamiliar infrastructure and processes to continue daily operations. This lack of familiarity and the artificially accelerated shift to remote work means your team may not know about existing vulnerabilities in the software they are using to do their jobs. Cybercriminals are continually exploiting existing vulnerabilities in remote work technologies, so you need to ensure all software used has undergone a security audit. 

However, even if your organization has thoroughly vetted all new technologies and processes, you can’t be certain that your business partners, vendors, and other third parties have been as studious, which means you need to be extra vigilant and may need to take additional steps to minimize risk to your organization.

The Human Factor

The pandemic has taken an emotional toll as well, leaving workers distracted and stressed. Personal and financial stressors leave workers more vulnerable to social engineering attacks, and remote workers may not be as vigilant about their cybersecurity posture at home as your internal security team is at the office. 

As more workers call in sick or need to take time off or reduce the number of hours they are available to care for dependents or relatives, many organizations are facing unanticipated staffing shortages. At the same time, while many workers used to find working from home increased their productivity, the forced isolation, limited privacy, loneliness, and new demands brought by the pandemic have decreased productivity dramatically

In the United States, recent data suggests productivity among professional and office workers is down 11%, and manual service and industrial workers are, on average, 17% less productive. In-house security teams have been particularly hard hit as they are forced to operate in an environment where they now face multiple crises on various fronts at any one time, each of which demands significant attention from both management and security teams. Securing a remote workforce is also more difficult than securing an on-site workforce, further adding to security workloads.

The Digital Partridges: Threats to Guard Against

Phishing Attacks Leveraging Video Conferencing Software

Many cybercriminals have begun to leverage video conferencing software such as Zoom and Skype to launch phishing campaigns. Criminals create phishing emails made to look like legitimate pending notification emails coming from Skype, Zoom, or a similar platform. When users click on the link in the email, they are asked for their username and password, which are then harvested by unauthorized users for criminal purposes. 

Other groups are sending phishing messages reportedly from Zoom telling recipients they have missed a meeting or their account has been suspended, designed to get users to click on a malicious link to either view the meeting details and reschedule or reactivate their account. Other similar attacks try to trick users into downloading fake video conferencing software installation programs that contain malware.

Social Engineering in the Remote Work Age

We have already discussed in detail how remote work environments make social engineering even more dangerous. Social engineering involves manipulating individuals to infiltrate an organization at the human level by tricking users into revealing sensitive information or granting access to the network. 

Since social engineering attacks often rely heavily on email or other communication types such as phone calls or text messages, remote work environments are particularly vulnerable to this type of attack as users trade in-person meetings for phone calls, video conferencing calls, and text-based forms of communication. 

Social engineering plays on two main factors: our innate desire to help others and emotions such as fear, urgency, or other forms of psychological distress. Cybercriminals trick or scare users into opening malicious files, click on malicious links, or reveal sensitive information. A sense of urgency prompts users to act quickly before they have had a chance to properly weigh the request and consider it rationally. By the time users or their superiors realize something fishy is going on, it may already be too late.

Protecting Your Presents: Steps Your Organization Can take to Safeguard Your Digital Assets

Adjust Your Cybersecurity Strategy

Most cybersecurity strategies were developed with on-site workers in mind, so it is vital to review your cybersecurity strategy in light of remote work and adjust accordingly. You should already be reviewing your security practices at least once per year, but if your next scheduled review isn’t for a while, it might be a good idea to add an additional review to your list of New Year’s Resolutions.

You should also make sure you have a robust yet flexible cybersecurity incident response program in place. If you don’t already, you may want to consider drafting one as soon as possible. You should also review your incident response program and ensure that it takes remote workers into account and is still able to meet your organization’s security needs.

Secure Your Endpoints

An endpoint refers to any device such as a computer or mobile phone that can be used to access your network. While all the endpoints in your physical office may already be secure, you need to ensure that any home devices being used to access your network meet your security standards. Organizations that rely on BYOD (Bring Your Own Device) policies are particularly vulnerable to cybersecurity attacks since organizations don’t have direct and complete control over how those devices are being used, what other programs are installed on them, and other factors that may compromise your network’s security and leave your digital assets vulnerable.

Regular Cybersecurity Training: The Gift that Keeps On Giving

This holiday season, consider giving your workers the gift of cybersecurity training. All employees, from the lowest ranking intern up to the CEO, should receive cybersecurity training as part of their onboarding process and undergo regular refresher training. 

The sudden pivot to remote work has likely affected how workers complete their daily tasks, so you should consider adjusting your current cybersecurity training program to account for these changes. You should also make sure that, as part of this training, you explain to workers why certain steps, procedures, and policies are important and how they contribute to the overall security of your company; When workers understand the “why” behind the “what,” they are more likely to see the value in additional steps and make sure to take them. 

Run More Exercises

Exercises such as pen (penetration) tests and tabletop exercises are incredibly valuable.

Pen tests involve hiring an ethical hacker to stress-test your network and look for vulnerabilities. Your team can then use the insight gained by the hacker to improve your overall security. Running a pen test on your network, with a focus on any new software your remote workers are using, can help ensure that your organization isn’t left vulnerable.

Tabletop exercises act like cybersecurity fire drills: workers are given a hypothetical scenario (such as a hack or data breach) and tasked with responding to it effectively. Tabletop exercises allow workers to apply the knowledge they gain in cybersecurity training in a no-risk environment. Once the scenario is complete, you and your team can sit down and review your response’s efficacy and identify any gaps or problems that need to be addressed.

Know When to Call in the Experts

Not everyone is a cybersecurity expert, and that is okay. After all, even Santa relies on his elves for their skills and expertise. That’s why the experts at VirtualArmour are here to help. From drafting a cybersecurity strategy to monitoring your network 24/7/365 for suspicious activity, our team is here for you. 

Should you experience a breach or hack, our team can help you fend off the attack, identify the root cause of the issue, and identify steps you can take to mitigate or even avoid damage and create concrete plans to help you prevent similar attacks going forward.To learn more about the cybersecurity threats 2021 is likely to bring, and what steps you can take to safeguard against them, please contact our team today.