FEATURE : CYBERSECURITY targeting . Traditional security cannot even differentiate between the vital components of Microsoft Office 365 , such as instances of Microsoft Teams that the organization has sanctioned , and third-party accounts . . . so if they are attacking from the cloud they are ‘ wolves in sheep ’ s clothing ’ and can often easily walkthrough open ports .
What can we learn from this ? Embrace cloud security both for its scalability and cost advantage , and because that way your security is much better placed to spot an attack . Apply a Zero Trust approach not only to network access , but also to cloud security and data protection .
3 ) Bad actors innovate
Many organizations see innovation as being inherently risky – and there are doubtless new risk exposures when you try new things – but the opposite is also true . If your systems , tools and practices are not up to date , then the cybercriminals that are targeting you will run rings around your defense . your attacker does so you can cut it off . This might mean simply improving hygiene around patch management , or it could be proactively building better visibility over the ‘ mystery corners ’ of your IT real estate .
4 ) Attackers are well funded
I mentioned earlier that there are a few different sources of income for cybercriminals . Some attackers are tactically funded through ransomware wins , or with shops on the Dark Web selling data war-chests or specialist attack services . Others undertake regular ‘ salaried ’ jobs for nation-states , but everyone behind enemy lines has a clear understanding of the link between money and results .
I recommend that it ’ s well worth helping your stakeholders understand the funding behind the attackers you are defending against . Even a teenage boy carrying out attacks from their garage is not working for nothing . Attacks are big business .
5 ) Most attackers are opportunistic
Yaroslav Rosomakho , Field CTO at Netskope
Bad actors are always changing their approach and business model ; ransomware wasn ’ t a thing a few years ago and while it now dominates security discussions the attackers are already evolving away from the original ‘ pay to unlock the data ’ approach into new forms of nuisance , such as threats of public exposure . As we gain some distance and evaluate the first half of 2022 retrospectively , there ’ s a good chance we will find a complete swing from ransomware to attacks prioritizing disruption , reflecting changed motivations aligning with geo-politics . In the face of this innovation , we cannot stand still in defense .
Keep up to date on trends in attack methodology , and try to think ahead and identify the opportunity before
Everything I have said so far paints a picture of highly calculating and very focused attackers , but the reality is that most are incredibly opportunistic . They often find their victims by simply scouting for easy opportunities . The learning here is : don ’ t be the easy hit . Keep your windows and doors shut and , in all probability , the attackers will find an easier target to go after .
The vast majority are not after your organization but after your money . To avoid being hit by these ones you just have to avoid being the easiest target , so good security hygiene is key . There is really no point spending a fortune on expensive firewalls and VPNs if your employees are leaving Google Docs and AWS buckets open in the cloud . p
www . intelligentcio . com INTELLIGENTCIO LATAM 55