Cyber security defense is a hot topic in boardrooms globally. The (almost) all-digital era is upon us!
It is no secret that over the past few decades technology has exploded to new heights and given us some incredible new capabilities. And just about as quickly as we put all of these new technologies to good use.
The bad guys, just as quickly… well… continued being bad guys trying to exploit these new and vulnerable technologies.
This is essentially why cyber security exists and why this blog is here in the first place. Without technology and “bad guys”, we wouldn’t need cyber security defense.
In cyber security, these “bad guys” are called a variety of names, from “hackers” to “attackers” or “threat actors”. No matter what you call them they all have the same common goal: cause harm to your organization and your organization’s assets.
Cyber security defense against hackers?
So to defend against these “bad guys”, we built up our perimeter defenses…threw up our firewalls, email spam filters, intrusion detection systems, and so on. These defense types still do the heavy lifting blocking off attacks. But like everything, not all is perfect. How many odd and suspicious emails have made it to your inbox?
These days, attackers are starting to shift their tactics. Perimeter attacks are still occurring constantly, but instead of trying to attack at the perimeter as frequently, they are going after something incredibly valuable: identity.
Why you need a cyber aware employee population
In this context, your “identity” is your user account, and the ticket to accessing company resources. The concept of “identity” is even more important in today’s computing environment and cyber security defense strategies.
So how do attackers target this “identity”? Take a guess. Phishing!
Attackers are now constantly targeting user credentials with phishing emails branded around a particular cloud service. It is now incredibly common for attackers to stand up a webpage that looks identical to the legitimate Microsoft and O365 or Google login screens.
If an attacker successfully tricks an end-user to click on the link in the email and enter their user credentials into the malicious site, their credentials are now in the hands of the attacker. The user is essentially giving an attacker control of an account in the domain; That is if the company doesn’t have additional cyber security defense controls around the account (ex. Multi-Factor Authentication).
Why attackers go after the “identity” and end-user more often
Humans are notoriously trusting and vulnerable individuals. Attackers try to take advantage of this.
So what do we do to prevent this and protect our “identities”? Have a security awareness program deployed within your organization! These days it is paramount that your user-base is cyber-aware and understands basic cybersecurity practices. They need to understand how to dissect an email and locate warning signs. Employees must be involved in cyber security defense at every level of the organization.
Being able to do so may just be the difference which prevents your company from making headlines due to a security breach.
So what are you waiting for? It can happen to anyone. Contact us to help prepare your employees for cyber security defense.