6/18/2023 0 Comments Krebs stamos ransomwhere![]() They embrace a culture of, ‘We can do this we can get this done. “What I love seeing is executive teams, C-Suites, Boards of Directors, and CEOs that embrace a culture of security. The technical aspect involves knowing who is on your network and practicing proactive identity and asset management.įinally, these enterprises have an effective process in place for monitoring, detecting, and responding to threats as well as an understanding of what’s needed from a resilience and recovery perspective. In Chris’ experience, successful enterprises share six characteristics across three categories: strategic, technical, and tactical.įrom a strategic standpoint, these organizations have support from the C-suite and encourage a culture of security at all levels of the company. Protecting your organization requires six key initiatives. Threat actors capitalize on this by sending innocuous phishing emails disguised as notifications from ticketing systems and password reset requests-messages that employees wouldn’t think twice about clicking through, especially when distracted. Because professionals are tasked with switching between work responsibilities and personal responsibilities throughout the day, distractions abound. ![]() Over the past two years, work-life balance has been somewhat replaced with work-life fluidity. Cybercriminals are taking advantage of the shift to remote work. Rather than launching high-volume, low-value attacks, cybercriminals leverage information on LinkedIn, SEC disclosures, and even the target organization’s website to create more convincing emails that are more likely to trick employees. ![]() This is exactly what modern threat actors do as well. Most companies pride themselves on business intelligence and their ability to effectively target customers by conducting extensive research on their audience. Following his departure from CISA, Krebs co-founded Krebs Stamos Group, a cybersecurity consultancy, with Alex Stamos, formerly the CISO at Facebook.Īmong other topics, Chris and I discussed the evolution of business email compromise why BEC is still impacting enterprises, and how organizations can minimize their vulnerability to cyberattacks.īelow are three of the biggest takeaways. Read on for highlights and memorable quotes from our Modern Email Attacks series.įrom 2018 to 2020, Chris Krebs was Director of the Cybersecurity and Infrastructure Security Agency (CISA), leading the national effort to recognize, manage, and reduce cybersecurity risks. Throughout the virtual event series, we discussed how advanced email attacks started, how they’ve evolved, and why they should be a top concern for security professionals worldwide. Recently I was joined by cybersecurity heavy-hitters for a three-part webinar series on this topic. Email attacks have shifted, and email security needs to shift too. Instead, they’re focused on high-value, high-impact attacks like business email compromise (BEC), account takeovers, and ransomware. In fact, losses due to email fraud are up 64% since 2020, with the FBI reporting $6.9 billion in cybercrime losses last year.īut cybercriminals aren’t nearly as interested in basic malware, spam, and simple phishing as they were in the past. Threat actors recognize this, which is why email’s popularity as an attack vector has grown considerably in recent years. And with the transition of hundreds of thousands of organizations to fully remote or hybrid work environments, our collective dependence on email has only gotten stronger. Over the last decade, email has affirmed its position as the preferred channel for communication in the workplace.
0 Comments
Leave a Reply. |