Cybersecurity Expert Recommendations, New Threats in Security 2021 | The Cyber Review

May 26, 2021
Written by Farah

Cybersecurity author recommends ‘password hygiene’ to curb online threats

Source (News 1130)

Conversations about the Colonial Pipeline hack are endless, but also a chance for others to learn and protect their organizations.

Brennen Schmidt, a cybersecurity author and speaker says threats like this happen due to security barriers not being there in the first place. Given the remote work conditions, phishing scams are likely hitting emails of employees and customers.

Schmidt says a good first step is ‘password hygiene.’

“To start off smart and to start off simple … just trying to make sure that there are passwords that are rotated, that are robust, that are different for different applications, and so that if somebody was to get in, that it wouldn’t be compromised as easily.”

Obviously strong passwords are a must, but people need to be careful about not sharing your passwords and recovery question answers on social media.

In addition, multi-factor authentication can reduce your chances of getting cyber hacked.

New cybersecurity threats you need to focus on

Source (My tech decision)

Software supply chain

"Zero Trust" concept helps ensure that every system and every device has to be authenticated, validated and authorized to access an organization’s network. But, it is still implemented using a software.

Zero Trust only works if it is also applied to the software you use to manage too.

To help defend against these kind of attacks:

  • Taking good inventory of your software so you know where a potential compromise could come from.
  • Ask for a software bill of materials (SBOM) so you know exactly what goes into the software your purchasing and using.
  • Implementing file integrity management and threat hunting solutions, or contracting with a third-party provider

Improper sessions handling

Remote works and security professionals have to consider how to secure mobile devices and applications when working from home.

Even with multi-factor authentication, attackers could compromise devices or trick users into giving them the code.

To mitigate against these kinds of attacks:

  • Keeping your session safe by always logging out
  • Use tokens that expire or kick users off the network
  • Be responsible with single sign on
  • Validate that applications are secure
  • Look at the permissions for what you’re installing

Ransomware gets more sophisticated

Cybercriminals are getting smart with their attacks by using legitimate file sharing tools, and exfiltrating last steps of encryption to lock users out of files and systems.

To boost your ransomware protection:

  • Prevention by not only using offline backups, but also taking other preventative measures like disallowing file sharing tools not needed for your network.
  • Invest in adequate detection. You can’t rely on the encryption and ransom note to realize you’ve been hit with ransomware.
  • Assume there’s a possibility of exfiltration and that you’ll never get your data back.

Machine learning and AI

Current cybersecurity trends are making use of machine learning and artificial intelligence (AI) to detect threats. However, given how advanced cyber attackers are getting, these same systems can be used against networks to compromise them.