[ad_1]
T.Data storage and cybersecurity company Datto Inc. hosted a recent forum on data breaches hosted by the Norwalk Chamber of Commerce.
Mike DePalma, Datto’s vice president of business development, said that most victims of cybercrime in the United States are small and medium-sized businesses (SMBs), and that the total value that cybercriminals can extract globally from these targets ranks first in the world. 9th largest economy.
“There is so much money in the world,” says DePalma. “And our survey results show that only 3 out of 10 companies are very concerned about it. This year will be the best for criminals. They are focused on the small business community. .”
According to DePalma, SMB is a favored target for cybercriminals. Because SMB lack of concern leads to vulnerabilities that can be exploited. And because SMBs are less likely to have full backups or tolerate downtime, they are most likely to reward ransomware attacks. System Restore.
All forum panelists agreed that the two most important steps SMBs can take are implementing multi-factor authentication (MFA) and properly training staff to protect against phishing and “spear phishing” attacks. I agree with you.
MFA is a system that requires users to log in to another app installed on their smartphone or other device every time they try to log on to the system. Such systems make it very difficult for hackers to access the system. The solution can also improve security with minimal disruption to workers and systems.
Despite the benefits of MFA, Allen Santana, senior security consultant at Bridgeport-based Advanced Computer Technologies, warned of a new attack vector.
“There is this new thing, ‘MFA Fatigue. I added that it is the best solution.
Spear phishing targets specific individuals, unlike phishing attacks that seek as many targets as possible. By combing social media accounts for relevant information, spoofing phone numbers and emails of his address, and leveraging publicly available data, the spear phishing crook has a convincing profile that seems credible. You can compose a message.
“If you look back maybe 10, 15 years ago, a malicious attacker would send thousands of people at random in hopes that someone would click on an email and gain some access to something. I was sending an email.” Chief Operating Officer of Norwalk-based Apex Technology Services. “And that’s kind of what that landscape looked like. But it’s gotten a lot more sophisticated since then.”
U.S. Secret Service Special Agent Mike Schaub said his own family was targeted in a sophisticated attack.
“We get cold calls from banks, and they’re really bad guys,” says Shove. “So someone in my family got a call and I thought it was the bank they were talking about. Then another call with the bank where they pretended to be a member of that family trying to use their credit. There was his second bad guy, Card.”
The scammers then had the bank send a verification code to Shove’s family and asked them to read it.
Jay Parisi, a partner at Norwalk-based Aegis Technology Partners, said that email “from” addresses can be questionable, and to ensure safety, the body of the email must be legitimate. I warned you that you need to be able to determine whether.
“You can write anything in the top left box, just like a regular letter you can mail. You can make it look like it came from the White House,” he said. “Otherwise, you’ll need to implement specific tools to track and verify spoofing.”
Al Alper of Wilton-based CyberGuard 360 told the forum audience: So looking at the cybersecurity landscape can give you thousands of points on how it intersects, but ultimately it intersects with the people in the organization, so leaders see their organization through that lens. Seeing is essential. ”
Alper also advised that cybersecurity should be viewed as a personnel matter. Vulnerabilities in organizations need to be tested and addressed, he added, and if employees continually fall for phishing attacks, the entire organization could be at risk.
[ad_2]
Source link