“Cybercrime will be one of the greatest threats to our economy.” says James Morrison, former FBI agent of 22 years, including 8 years working in the Cybercrime division. So how do organizations address cybercrime? Both Morrison and NetGain’s Director of Security, Scott Logan, used their expertise to advise attendees during the “FBI Insights on Fighting Cybercrime” webinar. Eric Powers from HPE moderated. Read on, or view the webinar recording, to see what insights these experts had to share.
The COVID-19 Pandemic and Cybercrime
The pandemic has opened new avenues for attackers to use in cyberattack attempts. From fake COVID-19 outbreak maps, to malicious links that direct users to “claim their stimulus check”, the threat landscape has been altered due to the Coronavirus outbreak. In March alone, scam emails went up 667%, Morrison said. People are more likely to click on links related to COVID, he added, allowing hackers to use this to their advantage.
Organizations need to make sure that security is built into new products they implement, not added on. It must be one of the top considerations for all organizations today, according to Morrison.
Logan said due to the nature of the pandemic, remote work was implemented quickly for accessibility to a company’s infrastructure, and not protective of their infrastructure. Working from home also causes end users to potentially let their guard down more, Logan added, which is why the scams Morrison mentioned have been successful.
Morrison explained that it is important to secure any access to the corporate network when employees are working from home. Home WiFi is something many businesses may not consider as a security risk, but it is important for remote employees to have a strong WiFi password since they now use it to connect to the organization’s network. Both panelists stressed using different passwords for different accounts. If a hacker gets one password, and the individual uses the same password for everything, the hacker can access all work accounts, causing a larger breach.
Who Are Cyber Attackers?
Logan explained that both individuals and nation states are responsible for cyberattacks. Crime syndicates are a part of attacks as well, as cybercrime is easier than robbing a bank, for example. Data backups and recovery plans are important, he says, to protect against today’s attacks that are much more involved. 4000 attacks are happening a day post-COVID-19 pandemic, a large increase from prior to 2020.
Morrison agreed that many hackers are crime syndicates, as it is very lucrative. He says that many companies think that hackers are just one attacker, but in reality these groups are larger and organized than many believe. Innovation and security preparation are the best way to combat this, as these hackers aren’t going away.
The cost of a cyberattack is 3.9 million for small to medium sized businesses alone. Morrison said that cybersecurity insurance is absolutely something companies should have, but often companies stop there and pursue no further protection from attacks. It is vital, he explained, to have many more security measures than cybersecurity insurance alone. Virtual Chief Security Officers (vCIOs) are a great way to afford security help for SMBs.
Logan agreed, and added that certain stipulations in cybersecurity insurance may prevent you from getting a payout post-cyberattack if you do not take additional precautions such as educating employees.
So, How Do You Prepare Your Organization Against Cybercrime?
Morrison recommended beginning with an Incident Response Plan that is written down so that anyone can follow it. He and Logan also stress the importance of buy-in from the entire organization, top to bottom, so everyone is on the same page. Following this, the plan must be tested so that it can be confirmed that all steps of the plan work smoothly.
Logan added that educating employees on how to identify cyberthreats is one of the most important aspects of cyberattack defense. Employees are the first line of defense against incoming threats, so being able to identify threats and notify the organization can help stop a potential attack in its tracks. Consistent, ongoing training is the best method to educate employees on cybersecurity, Logan said.
To wrap up, Logan said that security should be treated with the highest level of importance, and ensure that both I.T., C-Levels, and end-users are educated on cybersecurity. A multi-layered approach to security, rather than relying on one particular security measure to protect you, is the best approach, he says. Morrison said that every step you take towards protecting your business and making a security plan will save you money in the long run. He stressed that it is important to have an ongoing discussion about security within your organization.
Want to watch the full webinar and get even more cybersecurity insights? Click here.