Navigating Ever-Evolving Cyber Threats: Methods to Prevent Breaches of Security

Photo from Pexels.

The following article was contributed by Ed Morales, Global Vice President of Security and High-Growth Business Development at TD SYNNEX.

Cyber-attacks are evolving — becoming more prevalent and more sinister. Seemingly with each passing day, we’re witnessing expanding number of threat actors on the offensive with methods of attack that appear more sophisticated than ever. The alarming statics show how widespread security breaches are for unsuspecting and ill-prepared businesses.

Below are some of the more disconcerting numbers spanning the cybersecurity landscape:

• 91% of security breaches originate from phishing or spear-phishing emails [1].
• Small businesses spend an average of $955,000 per attack to restore normal operations [2].
• There are approximately 300,000,000 fraudulent sign-ins a day [3].

When looking at these figures, it is clear cyberattacks are impacting organizations — regardless of industry or company size. Companies of all sizes — from the largest corporations to small and medium businesses (SMBs) are susceptible to a breach of security. Those less diligent or unprepared have felt a wave of frustrating consequences most time met with reactionary responses in a mad scramble for resolution and restoration.

When one closely examines SMB firms, commonplace for most is a false perception that their businesses are too small for consideration of cyber threat actors. Compounding the vulnerability this mindset promotes is the fact that most SMB firms don’t typically staff IT personnel who are focused on ensuring a secure environment. This leaves enacting cybersecurity measures an afterthought.

The recent increase in attacks can be attributed to our ever-expanding online presence and footprint which has been accelerated by the COVID-19 pandemic. Primarily conducting business and purchasing online has now become the norm. The majority of customers are now digitally present and flock to online spaces. As such, customers expect a digitally secure environment. One breach could be catastrophic to a company — particularly those in the SMB space — who are ill-prepared to recover from data loss and can ill afford the loss of clients whose information has been compromised.

Then and Now: The Evolution of Cyberattack Methods

With the surface evolving and expanding, the amount of data and users required to be secured has increased exponentially over the past few years. Pre-pandemic, mitigation of cybersecurity attacks was primarily relegated to the corporate network. Company IT teams could readily monitor and control areas of intrusion through owned hardware and applications. With the expansion of digital transformation, organizations are migrating away from localized systems to XaaS cloud security appliances and applications, though this helps firms scale and cost-effectively address securing an evolving infrastructure, this too expands the number of opportunities for threat actors to attack — requiring businesses to be diligent and to readily adapt.

With the increased attack surface area, there is now a much larger environment from where those attacks can take place. For phishing attacks to be successful, hackers will utilize ‘social engineering’ to deceive individuals into a false sense of trust and unknowingly respond to compromised emails. Increasingly hackers are even leveraging secured communication routes such as CAPTCHA to initiate breaches.

The degree of sophistication and pervasive nature of attacks is evidence that these threats becoming a lot harder to identify and control. Technologies such as voice emulators and deepfakes make it increasingly difficult for staff to distinguish actual voices from the imposters. New technological approaches like these increase the risk to company data. Risks become amplified when co-workers become complacent, are poorly trained or are conditioned to rely solely on IT policies and applications.

Ongoing education and training become key elements of an organization’s ability to maintain a strong security posture. Corporate Security Policies are critical in ensuring the firm has a detailed plan to protect and company’s physical and IT/digital assets. Enterprise-level organizations are able to employ policies and training; however, smaller companies most times don’t have the investments nor the resources available to enact similarly. As such these smaller firms become targets and will be constantly tested. Channel partners that can act as a ‘virtual CISO’ for these smaller firms can readily fill this void and provide a clear and competitive differentiated value-add.

Proactive Microsoft Azure Preventative Measures

With the acceleration of digital transformation and adoption of cloud, providers like Microsoft, Google and Amazon Web Services and their clients are targets for hackers to exploit potential vulnerabilities. To meet these challenges, cloud providers have built platforms with an extensive array of built-in security features regularly updated to stay current with today’s threat landscape. Though these features are available, it is still incumbent upon the end clients to leverage and activate these features to secure their environments. Partners can support their clients to mitigate the recent highly coordinated attacks through the implementation of a couple of rudimentary actions.

To amplify awareness of these critical risks along with the mitigating actions, TD SYNNEX, in partnership with Microsoft, has developed a series of resources, trainings, and offerings to help ensure our partners and their customers’ cloud environments are protected. Two simple, yet extremely effective measures are:

1. Organizations activating multi-factor authentication (MFA). Microsoft indicated that activating MFA would reduce the number of breaches by 99%!
2. The second proactive measure is setting up threshold alerts and monitoring Azure cloud consumption to identify spikes and irregularities which can alert IT to audit and take action.

Supporting Partners through a Changing Landscape

As a leading global solutions aggregator and leading Microsoft distribution partner, TD SYNNEX has also been involved in leveraging its expertise to develop a new Click-to-Run™ solution focused on Microsoft Fraud Detection and pre-configured to enable partners to directly resolve these security challenges for their end client. This solution is the process of being designed to increase the security posture of end clients by:

1. Prevent Attacks — Increasing your Azure environment security posture.
2. Prevent a bill shock — Monitoring and managing your client’s budget/cost in your day-to-day operations. Reduce damage and risk in the event of a breach.
3. Detect and Remediate Issues — Stop attackers at the door with MFA and alert your teams of cost anomalies, risky logins, and out-of-policy attempts.

Interested in learning more about TD SYNNEX’s Click-to-Run™ offerings? Please visit the Solutions Factory for an in-depth look at the solutions, powered by StreamOne®, and built to dramatically reduce your cloud solution deployment time from days to minutes.

Sources:

1 Trend Micro 2020 Annual Cybersecurity Report

2 30 Surprising Small Business Cyber Security Statistics (2021) — Fundera

3 One Simple Action You Can Take to Prevent 99.9 Percent of Attacks on Your Account (microsoft.com)