2020 has been a banner year for cybercriminals. They have stolen billions of dollars and data on billions of individuals by preying on widespread fear and uncertainty brought on by the COVID-19 pandemic.
Their efforts have unfortunately been aided by the hastily executed transition of millions of employees from office work to working at home. Many companies expected this transition to be temporary and acted accordingly; in fact, according to one recent survey by Bay Leaf Digital, nearly 80 percent of senior management diverted less than 20 percent of budget to support the transition. This failure to plan -- or at least to proactively patch -- is likely part of the reason why hackers are enjoying such success.
However, the work-from-home trend is now expected to stretch through 2021 at the least; in fact, in the above-referenced survey, 70 percent of respondents want to work from home more than half the time. The time for securing your email and other systems so that your employees can safely work remotely is no later than right now.
Cyber Damage, So Far
Cybercrime in 2020 has been so widespread that you can pull up articles on the worst data breaches in 2020 and read about different cases in almost every one (and we still have months left in the year!). Here’s a summation of a few of the most publicized data breaches from just this spring.
- In March, the hotel chain Marriott disclosed a security breach that impacted the data of more than 5.2 million hotel guests who used their company’s loyalty program. It’s believed that hackers obtained the credentials of Marriott employees either by credential stuffing or phishing and were able to siphon off guests’ personal data for a month.
- Also in March, hackers launched a ransomware attack against pharmaceutical research company ExecuPharm. They used a phishing campaign targeted at employees to gain access to thousands of employee files containing personal information ranging from Social Security numbers to bank and credit card numbers.
- The video conferencing app Zoom became the most used application for virtual meetings — so it’s no surprise it was targeted for attack. In April, 500,000 Zoom account login credentials and personal meeting URLs were stolen and made available for sale on the dark web.
- Also in April, the Fortune 500 company Magellan Health was struck by a data breach and ransomware attack. Attackers leveraged a phishing email scheme that impersonated a client and then installed malware to steal employee login credentials. Approximately 365,000 patient records were affected.
If you’re paying close attention, you might see a recurring theme there. We’ll get to that in a moment.
Lessons Learned from Verizon
For a better look at the bigger picture, let’s examine Verizon’s Data Breach Investigations Report 2020, a highly anticipated, in-depth report on the state of cybersecurity around the world. The latest report includes data on 3,950 breaches, which they define as “an incident that results in the confirmed disclosure — not just potential exposure — of data to an unauthorized party.” They also analyzed a record total of 157,525 security incidents. Overall, the data showed that:
- 85% of attacks were financially motivated
- 73% of cloud breaches involved an email or web application server – and 77% of those also involved breached credentials
- 70% were perpetrated by external actors, not employees or ex-employees
- 45% featured hacking
- 43% involved web applications
- 37% involved credentials
- 22% involved phishing
- 22% included social attacks (96% of which arrive through email)
Report authors noted that attackers become increasingly efficient over time and have come to lean more heavily on high-volume, high-reward, low-risk attacks such as phishing and credential theft. They also made an observation that doesn’t make one feel warm and safe during a year when so many employees work from home:
“Errors definitely win the award for best supporting action this year. They are now equally as common as social breaches and more common than malware, and are truly ubiquitous across all industries…. There is no getting away from the fact that people can, and frequently do, make mistakes.”
Keep that thought about errors in mind while we revisit that recurring theme.
Protecting Your Business
The Verizon reporters made another helpful observation:
“Attackers rarely attempt long paths. This means anything you can easily throw in their way to increase the number of actions they have to take is likely to significantly decrease their chance of absconding with your data.”
That is how phishing – the entry point of most of those cases outlined above, and so many others perpetrated this year – got its name. Of the email-based cons, phishing for unwary responses is the quickest and easiest; if one simple phishing email produces results by even the most miniscule standards, it still opens new doors for other, more lucrative cons. And all it takes is one employee error to let that con start running in your networks.
In short, you must do whatever you can to protect your systems while you minimize human error. Here are a few reminders:
- When migrating to and using the cloud, password protect all sensitive data and apply the same controls you would apply in your on-premises networks.
- Implement and enforce password policies such as requiring strong passwords and regular password changes.
- Institute additional safeguards like multi-factor authentication and endpoint protection, detection and response tools.
- Require remote employees to configure their email clients to send email over a secure, encrypted connection using port 587 instead of the standard port 25, which does not use SSL.
- Set up automatic, real-time monitors for suspicious behavior. In the case of Marriott above, efficient monitoring would have tagged two employees accessing millions of records as an anomaly that deserved a closer look.
Along those lines, MDaemon Technologies solutions include behavioral screening features to detect password guessing or hacking attempts; the MDaemon Email Server features automated dynamic screening capabilities, and Security Gateway includes a variety of screening options.
- Take employee cybersecurity training seriously. Make it ongoing and regularly update the content; your employees need to be aware of every evolution of attack as it’s exposed. (For example, you’ve told them about Business Email Compromise scams, right?)
Consider MDaemon Technologies
It’s also often recommended to engage a third-party provider that specializes in data security. MDaemon was founded to protect the email services of small and mid-sized businesses; both MDaemon Email Server and Security Gateway for Email have features designed to block spam, spear-phishing, and malware attacks. These features include:
- Data leak prevention
- Dual antivirus engines and Zero-Hour Virus Outbreak Protection that can identify the latest spam and malware within minutes (or even seconds) of an outbreak.
- Content filtering and OpenPGP email encryption
- Secure instant messaging on desktop and mobile devices
- Two-factor authentication
Both solutions provide total control over the most secure email options to suit your business needs. That holds true for our hosted services as well as on-premise deployments, so you can meet the challenges of securing online communications as your employees work from home. For more information on how MDaemon Technologies can help you mitigate the threat of data breaches, visit www.mdaemon.com.