Greg and John speak with special guest Cole Halpin of Avitus Group IT Security.
As a former Organized Crime Ring Investigator in the private sector I learned a lot about security within a physical space. Often, we had to capture evidence to support our case in an environment that we had no control of. Safety was always paramount as we assessed the surroundings in a matter of seconds as we drove or walked through the area. During this pass through assessment we had to determine the best position for a physical or video surveillance that would optimize the proper angles and distance to capture the details needed to support the crime, all while keeping an exit strategy in mind in the event we needed vacate the area to protect ourselves. Every little detail was taken into consideration from shrubs, walls, fences, animals, fixtures, and general activities of others in the area, to name a few. Could we blend into the crowd, could we sip a cup coffee while working on a laptop, etc. Dealing with the physical world around us always had its challenges, however, we could see the challenges and work towards a solution. Now imagine if you couldn’t see or touch the environment in which the crime took place. This is what businesses are dealing with as cyberattacks continue their rise in a COVID world.
“IBM saw a 6,000% increase in spam attacks…” (KnowBe4) during COVID and according to a compiled list of COVID-19 statistics on wander.com, “46% of global businesses have encountered at least one cybersecurity scare since shifting to a remote working model during the COVID-19 lockdown”
Numerous companies have already announced continued remote work until 2021 and many have even changed their service delivery model to remain remote permanently. The shift makes a lot of sense from a financial standpoint as it can save an employer thousands of dollars annually per remote employee. Cost savings from smaller office spaces, less office equipment, increased productivity and lower turnover are all very attractive reasons to make the switch. But businesses must have a more robust IT security strategy in this “new normal”. The traditional approach has centered in protection of company data on servers and computers. An employee physical enters a secured workspace each day and remains protected because they are utilizing company hardware, software, connections, etcetera within their workspace. This is easy to solve for because the business maintains a level of control within the physical presence of their four walls. There have been documented incidents where companies have been breached, the breach was discovered with security software, and IT was able to quickly disconnect from the internet eliminating the connection, ultimately securing company and client data. In order to survive, many businesses had to make an immediate move to remote work during COVID, exposing millions of individual end-users and their employer’s information to cybercriminals. Many employees had to use their home computers to access company and client data without the protection security software nor the control within their physical office space. Business and client data no longer had the same level of security, now what?
According to Cole Halpin, Director of Technology Services for Avitus Group, businesses need to change their cybersecurity strategy to a multi-layered approach, think of an onion, like Shrek.
- Antivirus or an Endpoint Detection and Response (EDR), a more advanced solution than an antivirus – this software looks at data coming to a device and searches for known threats and suspicious acts.
- Anti-malware – software that protects a device from adware, spyware, ransomware, etcetera.
- Content Filtering – software that can prevent certain websites from being visited as well as preventing access to “blacklist” sites known for malicious activity.
- 3rd Party Email Filtering – software that checks inbound and outbound email activity preventing known risks from reaching recipients.
- Phishing Simulator – tests employees with controlled “phishing attempts” to increase their ability to detect a real attack and provides training for those that are identified as vulnerable to attacks.
- Virtual Desktop Infrastructure (VDI) – cloud based technology so nothing is stored on a local device or server providing an increased level of security greater than that of a Virtual Private Network (VPN). This technology also allows two-factor authentication (2FA) with Geo or IP address restrictions.
No amount of layering will protect company data if an employee unknowingly allows a cybercriminal access into the company system because they were outwitted. Therefore, businesses need to include comprehensive training in their cybersecurity strategies as continued attacks on end users versus attacks on their infrastructure have exploded and are expected to continue. Social Engineering or End-User Targeting matches wits between cybercriminals and one’s employees whereby cybercriminals often have the upper hand. One technique cybercriminals use is to create a sense of urgency in a request and drop names of high-level members of one’s organization to trick employees into providing them what they want, often allowing access to not only the company’s information, but their client’s information as well. Proper training and application through simulations are crucial to a business’ overall strategy as it teaches employees how to recognize these tactics and stop the threat. IT security is very reactive, but with the right software and educated team members, companies can prevail.