Fundamentals First: Mastering the Essentials of Cybersecurity Defense
By John Rostern, Vice President, Cybersecurity & Digital Forensics, Marcum Technology
In 2023, the global average cost of a data breach was $4.45 million. Keep in mind however that The Clorox Company recently disclosed in a filing with the U.S. Securities and Exchange Commission (SEC) that the cost of their 2023 cyber breach would have a $49 million impact on their full year financials. Clorox further disclosed that they expected to incur additional breach related costs of $40-60 million in 2024. One thing is clear, the threat environment is elevated, and the number of breaches (and their impact) is increasing.
The seemingly endless barrage of cybersecurity breaches serves as a stark reminder of the importance of getting the basics right. It’s crucial to grasp two key concepts: the significance of cybersecurity fundamentals as the bedrock of defense and the perils of succumbing to “shiny object syndrome” – the temptation to chase after the latest trends while neglecting core vulnerabilities.
BLOCK, TACKLE, WIN: YOUR CYBERSECURITY DEFENSE
Imagine cybersecurity as a game of football. To succeed, you need to excel at the basics – blocking and tackling. Similarly, in the digital realm, mastering cybersecurity fundamentals is essential. Let’s delve into some real-world examples to illustrate the importance of this analogy.
RANSOMWARE: DISH NETWORK
In 2023, Dish Network grappled with a damaging ransomware attack that disrupted operations and compromised the data of over 290,000 individuals, primarily employees. The attack, occurring on February 23, required Dish Network to file an 8-K form with the SEC, revealing the breach’s swift detection within four days. Despite no specific ransomware group claiming responsibility publicly, Dish Network later disclosed that they had opted to pay a ransom, although they assured affected individuals that their data hadn’t been misused and purportedly deleted data had been confirmed.
In this case, the attackers exploited well known vulnerabilities that were still exposed in the Dish environment. This provided initial access to the systems from where the attackers launched their ransomware. This incident underscores the critical importance of proactive cybersecurity measures, such as effective vulnerability and patch management in safeguarding against the ever-looming specter of ransomware attacks.
PHISHING: GOOGLE AND FACEBOOK
In one of the most significant social engineering attacks on record, Lithuanian national Evaldas Rimasauskas defrauded Google and Facebook of over $100 million through a sophisticated phishing scam. Rimasauskas and his team established a fake company, complete with fabricated invoices, and targeted specific employees with deceptive emails, directing them to deposit payments into fraudulent accounts. This audacious scheme spanned from 2013 to 2015, exploiting the trust and regular business transactions of the tech giants to siphon off substantial sums of money.
This incident highlights the need for employee education on phishing awareness, empowering their workforce to recognize and thwart such attempts. Deploying advanced email filtering tools capable of identifying suspicious communications and implementing stringent verification procedures for financial transactions could have added crucial layers of defense against phishing attacks. The Rimasauskas case underscores the imperative for constant vigilance and proactive cybersecurity measures in circumventing social engineering threats.
PASSWORD ATTACK: MICROSOFT
In 2023, Microsoft faced a devastating cyberattack orchestrated by the Russian threat group Midnight Blizzard, employing a ‘password spray attack’ to breach corporate email accounts, including those of senior leadership. This attack, discovered in January 2024, highlighted vulnerabilities in Microsoft’s security infrastructure. While Microsoft asserted that the breach did not exploit any inherent flaws in its products or services, questions arose regarding the exposure of a ‘legacy non-production test tenant account’ and its role in facilitating access to critical systems.
Ironically Microsoft has often pointed out that multi-factor authentication is one of, if not the most, effective way to mitigate the impact of a cyber-attack. Implementing multi-factor authentication, significantly could have significantly reduced the risk posed by password spraying attacks.
AVOIDING SHINY OBJECT SYNDROME
Shiny object syndrome refers to the tendency to chase after the latest trends or technologies without addressing underlying vulnerabilities. Giving in to the temptation to ‘chase the headlines’ and worry about the latest ‘zero-day exploit’ makes it easy to neglect the day to day ‘heavy lift’ that can deter or mitigate the vast majority of cyber-attacks. The cybersecurity profession and vendors bear some responsibility here as well. It is easier to market the ‘next big thing’ in the market, rather than reinforcing the need for risk-based cybersecurity governance that would include identification, protection and monitoring as well as the ability to effectively respond and recover to a cyber-attack.
DON’T WAIT FOR A BREACH
While the allure of shiny objects might entice you to chase the latest cybersecurity trends, remember: strong foundations win the game. Neglecting the fundamentals can have devastating consequences when it comes to the ability of your organization to defend against or respond and recover from a cyber-attack.
Remember, security is not a destination, but a continuous journey. Stay focused on addressing your unique vulnerabilities, conduct regular risk assessments, and integrate innovation strategically.
Don’t wait for a breach to be your wake-up call. Invest in building a robust cybersecurity posture that starts with the fundamentals and evolves with focus. At Marcum Technology, we’re equipped to guide you on this journey. Contact us today and let’s secure your digital future, together.