The good news on the cybersecurity front is that ransomware attacks are down this year. The bad news is that attempts at credentials thefts have skyrocketed.
People at MSP Expo 2023 learned what they’re up against from a panel discussion titled “The Many Faces of Cyber Threat”
Moderated by security-industry veteran Mark Daley, CEO of DaleyPros Consulting, the talk featured experts from companies that sell cybersecurity software to MSPs and other networking companies.
“We are seeing many more business email compromises,” said Kieran Frost, chief operating officer at email security provider Sendmarc. “We’ve seen a trend away from impersonation used to immediately take cash and a move toward obtaining credentials.”
Frost, who came from Australia to speak at the conference, said tackling cybersecurity is a never-ending task. “It takes a lot,” he said. “You never achieve it. You’re always chasing it. Threats change every day.”
To guard against today’s ever-evolving threats, companies need layers of protection within their IT stack, said Mikey Pruitt, MSP evangelist at content-filtering software provider DNSFilter.
The average attack costs hundreds of thousands of dollars to recover from, Pruitt said. “Phishing is a big deal,” Pruitt said. “There’s lots of ways to mitigate phishing.”
Distributed networking offers its own set of issues, he said. “Identity is really the big vulnerability when you’re going to the cloud,” he said. “Each of these machines have their own vulnerability points.”
“They protect themselves from the most common things, except the thing that will put them out of business,” said Jacob Thankachen, CEO and co-founder at cybersecurity software provider CybrHawk.
“Probably the biggest threat is credentials theft,” Thankachen said. Once bad actors have access, they can upgrade their permissions and begin to destroy you.
Configuration is another issue, Frost said. Many customers don’t take the time to deploy their security software properly. “Don’t just go with the default settings on MSFT Defender,” he said.
Implementing multi-factor authentication should be required, Thankachen said. “Get away from test messaging,” he said. “It is not secure.”
Frost likes the Zero Trust approach, with appropriate access granted to only those who need it. He said to classify data appropriately so that leaked IDs can do the least damage possible. “You can actively minimize risk,” he said.
All panelists were frightened by the capabilities of generative AI. “Every tool used by the good guys are used by the bad guys too,” Thankachen said.
“The number of deep fakes we see this year is going to blow your mind,” Frost said.
Frost said engines like ChatGPT have the capability to analyze and upgrade threat scripts used by bad actors. Pruitt said there’s a danger that bad actors can more successfully “model real people who you know and trust.”
Thankachen said there’s little understanding – and no use – of generative AI in the cybersecurity field. “Everyone is fighting to develop it now,” he said.
Like all cybersecurity experts, Thankachen said training is the key to minimizing human error. “Train people what to spot and how to report it,” he said. Companies need to encourage people to not respond by clicking, but by logging into the private network that supposedly issued the email.
Ultimately, the message has to come from the top. “Don’t make security an option,” Thankachen said.
“If we’re talking to the executives about security, we should be talking about risk,” Frost said. “Remediation costs can be cataclysmic.”
Edited by Greg Tavarez