by David Wren
Over the last few months, we’ve seen an increase in Business Email Compromise (BEC) cases coming into our incident response team. Email has become one of our greatest tools for work, and as such is also one of our most valuable databases of information. That data is the reason bad actors are highly motivated to steal user names and passwords to gain access to your organizations data. Most companies today send and receive quotes, purchase orders, invoice and other highly sensitive information by email.
Additionally, organizations use Google, Office 365 and other communication management solutions as a means of collaboration. If a threat actor gains access to this communication, it can be very disruptive to the business as well as cause extreme financial loss and sometimes business closure.
The need to secure our technology ecosystem and company data from bad actors has never stopped growing. There are over 300 million malicious sign-in attempts against Office 365 accounts every single day and that number is increasing. Many of these attacks take a simple and widespread approach that have been wildly successful for bad actors. Our users and data owners hold the access to this company data that is often taken for granted.
Today’s threat actors are most commonly Cyber Criminals to include Organized Crime, Hacktivists, State Sponsored Hacking and even your employees known as The Insider Threat, whether malicious, unintentional or victimized.
In 2020, strong passwords alone are not enough to keep your data safe, you need Multi-Factor Authentication (MFA). Authentication is the principle in which we determine if you are who you say you are. Without Authentication, we are left in the dark as to who we are interacting with, trust would no longer exist on the internet. The rise in next-gen bot nets and targeted attacks has created data safety concerns for security professionals, technology leaders, data owners and business executives. Without proper authentication, the data we find valuable is left vulnerable to leaks and compromises of integrity. To properly implement effective authentication, layering must be made an essential function in securing our data.
Creating a mature security strategy requires strong authentication methods such as: Biometrics, Tokens, Complex Passwords or phrases, and Geofencing. Conceptually, MFA is easy, starting with something you know like your password, PIN or secure code and then something you have, smart phone, smart card, key fob to complete the additional layer.
Many of the BEC cases that we respond to today a bad actor used a multi-faceted attack approach, sometimes starting months in advance with malware or social engineering then sat dormant in the environment observing and collecting credentials prior to following up with a password spray. Today many users are making their passwords too simple leading to single points of breach for sensitive data. It is important to have a strict acceptable use and password policy to govern password compliance. Be sure to implement a more complex password or passphrase requirement to enforce and educate your workforce on security awareness and the need for confidentiality.
“Password spraying is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.”
To fully secure our data it is critical that gaining authorization to a network or sensitive data, requires using a system of Multi Factor Authentication to gain access. The implementation of Multi Factor Authentication into the security strategy of your company serves as the best defense against compromised credentials and persistent threats.
Without MFA, bad actors would only need to compromise your password. One set of credentials, causing a single point of failure in the Authentication process. With MFA we are able to setup multiple sources of Authentication to reduce the chances of compromise. This idea of multiple points is crucial in mitigating the risk to the damage that can be done by account data leaks and brute force attacks. Not only does Multi Factor Authentication prevent easy compromises, it has the ability to detect an unwanted log-in attempt and notify the user and system administrator as an early indicator of attack.
David Wren, CISM, is President of Network Technology Partners, a regional Cyber Security Intelligence firm headquartered in St. Louis, Mo. He can be reached at dwren@ntp-inc.com.
Submitted 4 years 272 days ago