Posts

Protecting Your Assets: Lessons from the MGM & Caesar’s Recent Cyberattack

In our rapidly evolving digital landscape, the significance of airtight cybersecurity is paramount. The recent incidents at MGM & Caesar’s highlight this urgency.

The Incident

MGM faced operational hiccups when slot machines and hotel room key cards went haywire. Likewise, Caesar’s experienced a breach, exposing sensitive data like driver’s license numbers and social security details of their loyalty program members. The shocking part? A phone call to the casino’s helpdesk was the entry point.

These establishments were seemingly on the radar of ransomware-as-a-service (RaaS) groups ALPHV/Blackcat and Scattered Spider. These groups adeptly used social engineering tactics to infiltrate, specifically targeting the company’s Okta platform, a popular identity and access management (IAM) provider for the cloud.

Their Tactics

The attackers claimed to have breached MGM’s systems by accessing the company’s Okta Agent, which connects to an organization’s Active Directory. After gaining access, they lurked around, collecting passwords, and subsequently launched ransomware cyberattacks on a massive scale. The ALPHV group has even threatened further action if their demands aren’t met.

Okta’s chief security officer, David Bradbury, acknowledged the cyberattack’s social engineering component. He emphasized that while the human aspect of the attack was straightforward, the subsequent stages were intricate. Bradbury also highlighted the importance of adding a visual verification step for high-access privilege users to prevent such breaches.

The MGM attack is resulting in daily losses of $8 million for the casino. This underscores that even seemingly secure organizations can still fall prey to cybersecurity breaches. The continued success of social engineering as a tactic demonstrates that humans are often the weakest link in the chain.

How to Fortify Your Defenses

This recent incident has left companies asking themselves if they are safe from similar attacks. Coretelligent emerges as a beacon of trust and reliability in this tumultuous cybersecurity climate. Episodes like this are more prevalent than ever, and we’re constantly making sure to analyze point by point where things could have been improved, even for victims who are not our clients. Learning and growing from every new event is part of what makes us a trusted organization in the cybersecurity space. That’s why we’ve outlined some of the solutions we offer to help prevent an attack like these for our clients.

Let us fortify your defenses with the following:

CoreArmor

  • Real-time Monitoring: Detect unusual IT system activities, thwarting unauthorized access.
  • 24×7 US-based SOC: Our cybersecurity experts are always on standby, ready to neutralize threats.
  • Incident Response: Swift actions to curtail and mitigate security breaches.
  • Penetration Testing & Reporting: Identify vulnerabilities proactively, ensuring they’re addressed before exploitation.
  • End-user Security Awareness Training: Arm your employees with the knowledge to sidestep potential cyber threats.

CoreComply

  • Managed Security Controls: A holistic approach to security controls, from access control reviews to ensuring no accounts are overprovisioned.
  • TPRM Program Development: Our team delves deeper than just compliance checkboxes, ensuring a comprehensive vendor categorization based on data criticality.
  • Hyperproof: A continuous compliance management tool.
  • RiskRecon: A vigilant eye on external cyber hygiene and third-party risks.
  • Risk Assessment: Comprehensive analysis and mitigation of potential compliance gaps.

Take Action

We’re offering a free Risk Assessment, your first step towards unparalleled security, compliance, and risk management. Join the ranks of thousands who’ve bolstered their defenses with Coretelligent.

risk assessment

by
what is third party risk management

What is Third-Party Risk Management?

As business operations become increasingly complex and interconnected, third-party risk management (TPRM) is no longer optional.

what is third party risk management

You Are Only as Safe as Your Vendors

Companies rely heavily on third-party vendors, suppliers, and partners to perform critical functions in today’s business landscape. A recent study reports that 71% of organizations have seen their third-party networks increase in the last three years. While these relationships can drive growth and efficiency, they also introduce potential risks that need to be carefully managed.

What is Third-Party Risk Management?

Third-Party Risk Management refers to the strategies and processes used to identify, assess, and mitigate risks from doing business with third-party entities. These external entities can include suppliers, vendors, contractors, affiliates, or any other organization your business interacts with.

The risks associated with third-party relationships can be varied, ranging from operational and financial risks to reputational and legal risks. For instance, if a vendor suffers a data breach, your company could be exposed to operational risks, financial losses, regulatory penalties, reputational damage, lawsuits, and even dissolution.

The Importance of TPRM in Today’s Business Environment

In recent years, high-profile incidents have highlighted the significant risks that third-party relationships can pose. 59% of organizations reported experiencing a data breach caused by a third party, with 54% reporting breaches within the last 12 months.

The consequences of not effectively managing third-party risks can be severe, from data breaches involving third-party vendors to operational disruptions caused by supplier failures.

Furthermore, regulatory bodies are increasingly focusing on third-party risk management. Data regulations like HIPAA, SEC, CCPA, and the New York Shield Act, among others, include requirements for data protection that require robust third-party risk management practices in place.

Implementing Effective TPRM: Key Steps for Business Executives

Effective third-party risk management requires a strategic and proactive approach. Here are some key steps that business executives should consider:

  1. Conduct Thorough Due Diligence: Before engaging with a third party, conduct a comprehensive due diligence process to understand their capabilities, reliability, and track record. This process includes assessing their financial stability, compliance status, and cybersecurity measures.
  2. Establish Clear Contracts: Ensure your contracts with third parties clearly outline roles, responsibilities, and expectations, including defining performance metrics, data protection requirements, and penalties for non-compliance.
  3. Regularly Monitor Third Parties: Continuous monitoring of your third parties is crucial for detecting and responding to potential risks promptly. Implement regular audits, performance reviews, and compliance checks.
  4. Develop a Response Plan: Have a contingency plan in place to respond to incidents involving third parties. This plan should include steps for mitigating damage, notifying stakeholders, and resolving the issue.
  5. Leverage Technology: Utilize technology solutions to streamline your TPRM processes. This can include a solution that will automate due diligence, monitor third-party performance, alert you to potential risks, as well as strategic guidance.
  6. Conduct a Risk Assessment: Regularly review your third-party relationships to identify any potential risks and address them promptly.

The reality of today’s digital ecosystem means that third-party risk management is a critical aspect of modern business strategy. By understanding the potential risks and implementing effective solutions, business executives can protect their organizations, enhance operational resilience, and drive sustainable growth.

DOWNLOAD THE FREE GUIDE → Comprehensive Guide to Third-Party Risk Management

 

by

Cost of Cyber Attacks: One Company’s Worst-Case Scenario

Cyber attacks are becoming increasingly common, and cybercriminals see small to medium-sized businesses as prime targets. The devastating consequences of a cyber attack can be long-lasting and far-reaching, as demonstrated by the chilling story of Expeditors, a logistics company that fell victim to a ransomware attack in 2022 and discovered the true cost of cyber attacks.

cost of cyber attacks

The Immediate Effects of Expeditors’ Cyber Attack

The ransomware that hit Expeditors left their data and infrastructure at risk, forcing them to halt operations. The immediate effects of the attack were catastrophic, resulting in $47 million in lost revenue, overages, and payouts to customers. Additionally, the company spent $18 million on remediation and recovery efforts, further impacting its bottom line.

Ongoing Impacts: The 2023 iRobot Lawsuit

The fallout from the cyber attack didn’t end with the initial shutdown. In February 2022, Expeditors CIO Christopher J. McClincy said, “The cyber-attack limited our ability to arrange shipments or manage customs and distribution activities, or to perform certain accounting functions, for approximately three weeks after the attack.” Later in the statement, he added, “We continue to navigate residual effects.”

Then in 2023, the company was hit with a lawsuit from iRobot, one of their biggest customers. The lawsuit claims “Expeditors’ own inattentiveness and negligence exposed its systems to attack, and Expeditors lacked and/or failed to implement the necessary business continuity plan to ensure that it could continue providing services to iRobot.”

This legal action added to the ongoing financial impact faced by the company and reignited news stories about the attack—likely impacting the company’s reputation with potential clients, current clients, partners, investors, and other stakeholders.

What’s Your Risk Exposure?

The story of Expeditors should serve as a stark example of the increasing threat that cyber attacks pose to all businesses, but especially to small and mid-sized companies. According to a recent report, 47% of all U.S. businesses suffered some kind of cyber attack in 2022. At the same time, another report found that companies with less than 1,000 employees are three times as likely to be the target of a cyber attack as larger businesses like Expeditors.

Cybersecurity experts say that it’s not if a company will be a target, but when. In fact, a study of penetration testing results found that cybercriminals can penetrate 93 percent of company networks.

Invest in Proactive Measures

Small to medium-sized businesses are seen as easy targets by criminals since they often invest less in cybersecurity and lack security expertise. Cybercriminals understand this and take advantage of these weaknesses, using techniques like phishing, malware, ransomware, and other malicious tactics to gain access to sensitive data or disrupt operations. As a result, it is essential for businesses to invest in robust cybersecurity solutions that can help protect them from cyberattacks.

However, according to the Cyberspace Solarium Commission, many “cybersecurity budgets at U.S. organizations are increasing linearly or flat” when they should be growing in response to the exponential growth of cyber threats.

Best Practices to Mitigate the Risk from Cyber Attacks

Investing in multi-layered cybersecurity is the surest way to keep you and your company out of the headlines. By implementing cybersecurity solutions utilizing best practices, businesses can significantly reduce the likelihood and severity of a cyber incident.

Some key strategies include:

  1. Investing in robust security solutions: Deploying firewalls, real-time monitoring, and intrusion detection systems can help identify and prevent unauthorized access to your network and data.
  2. Regularly updating and patching systems: Keeping software and systems up to date ensures protection against known vulnerabilities, making it more difficult for cyber criminals to exploit your systems.
  3. Implementing strong access controls: Restricting access to sensitive data and systems through multi-factor authentication and the principle of least privilege minimizes the risk of unauthorized access.
  4. Educating employees on cybersecurity best practices: Regular training on topics such as recognizing phishing emails and creating strong passwords can reduce the risk of employees inadvertently compromising your network.
  5. Developing a comprehensive incident response plan: A well-defined incident response plan outlines the steps to be taken during a breach, including containing the incident, assessing the damage, and recovering from the attack.

By learning from the Expeditors case study and prioritizing cybersecurity, businesses can better protect themselves from the devastating consequences of cyber attacks and ensure long-term success. Protect your business from cyber threats with a comprehensive security risk assessment that can help identify any areas of vulnerability and provide guidance on best practices to shield your organization.

by
Cybersecurity for RIAs

RIA Cybersecurity: Prepare for New SEC Cybersecurity Requirements (2023)

Last year the Securities and Exchange Commission (SEC) voted to implement new and amended SEC RIA requirements to the Advisers Act of 1940 for cybersecurity risk management for registered investment advisers (RIAs) and funds.

Is your firm ready?

sec ria cybersecurity requirements

The proposed SEC rule changes would oblige RIA firms to develop and implement written policies and procedures to reduce cybersecurity risks that could harm clients and fund investors. The proposed regulations would also force advisers to report cybersecurity incidents like data breaches involving client information to the SEC.

Additionally, the proposed changes call for publicly disclosing cybersecurity risks and significant incidents from the last two fiscal years in their marketing materials and registration statements.

“The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” said SEC Chair Gary Gensler.

While comments initially closed in April 2022, comments were reopened on March 15, 2023. Once comments are fully closed, the finalized rules will most likely become effective later in 2023. We will be providing future updates once the final regulations are published.

What do the New SEC RIA Cybersecurity Requirements Entail?

The four significant proposed changes include the following:

  1. The proposal consists of new rule 206(4)-9 under the Advisers Act and new rule 38a-2 under the Investment Company Act. In addition, the proposed cybersecurity risk management rules require public companies to adopt and implement policies and procedures for identifying, assessing, and mitigating cyber risks.
  2. The proposal also includes a reporting requirement under new rule 204-6 mandating companies report significant cybersecurity incidents affecting the adviser, its fund, or private fund clients.
  3. The updated rules include changes to Form ADV Part 2A requiring advisers and funds to publicly disclose cybersecurity risks and significant cybersecurity incidents that occurred in the last two fiscal years in their brochures and registration statements.
  4. The proposal also includes new recordkeeping requirements under the Advisers Act and Investment Company Act Rule 204-2 to improve the availability of cybersecurity-related information and help facilitate the Commission’s inspection and enforcement capabilities.

RELATED CONTENT → Security vs. Compliance: Differences & Similarities

What Can You Do to Prepare for RIA Cybersecurity Enforcement?

Here are some expert tips on being ready for enforcement when the changes go into effect later this year.

  •  Develop and Implement Policies and Procedures

RIAs and funds must create comprehensive cybersecurity policies and procedures to mitigate cybersecurity risks per the proposed rules. Keep in mind that these policies and procedures must be both compliant and actionable.

  • Conduct a Risk Assessment

Evaluate cybersecurity risks by identifying, categorizing, and prioritizing cybersecurity risks related to your systems and operations. By conducting an effective risk assessment, you’ll have the necessary information to develop compliant policies and procedures to combat potential cybersecurity risks.

  • Prepare for Disclosure Obligations

When it comes to disclosures associated with cybersecurity risks or incidents, develop procedures for clear, accurate, and timely disclosures to the SEC, clients, investors, and other market participants.

  • Continuity Planning

In the event of a cybersecurity incident, you must be able to maintain system operations. So, test your incident response and business continuity plans through tabletop exercises to ensure compliance with the requirements.

  • Reporting and Documentation

Employing a governance, risk, and compliance (GRC) solution will ensure you have well-documented evidence that your cybersecurity program is compliant.

In addition to ensuring that your firm will align with the changes, these suggestions are also considered best practices for mitigating the risks from data breaches and other cyber attacks. Following these and other practices makes good sense whether your firm is required to or not.

To learn more about GRC, download our free guide →  Understanding Governance, Risk Management, and Compliance for Financial Services.

By employing these practices, you’ll be ready for any forthcoming changes to cybersecurity regulations and well-protected against potential security threats. One solution for preparing now or later is to work with an experienced and knowledgeable IT service provider. An IT partner experienced with RIA firms, and one employing robust cybersecurity and compliance solutions can reduce the time and resources it takes to comply with and implement these and other cybersecurity compliance standards.

by
security vs compliance

Security vs. Compliance: Differences & Similarities (2023)

Security and compliance are often used interchangeably in IT, but that is actually a misnomer as they are not equivalent. So, just what are the differences between security vs. compliance?

security and compliance

Security Vs. Compliance

In understanding security vs. compliance, it’s important to recognize that they are both equally important but for varying reasons. Whereas security drivers are related to mitigating business risks, compliance drivers are regulatory or legal in nature. Compliance and security have similar objectives around managing risks and securing sensitive data and systems. However, they have different processes and workflows to accomplish these goals.

Compliance involves applying regulatory standards to meet contractual or third-party regulatory requirements.  In contrast, security constitutes the implementation of adequate technical controls to protect digital assets from cyber threats.

Still, again, they are similar but not equal. So why is the distinction between security and compliance important? It is significant because implementing one without the other could lead to devastating consequences for your company.

Cybersecurity

That’s the motivation behind implementing cybersecurity—the desire to protect the confidentiality, integrity, and availability of company assets through security controls and best practices.

IT security is unique to each organization—the measures set by one entity may be entirely different from those of another. Security focuses on comprehensively mitigating any risk that may threaten an organization’s data confidentiality, availability, and integrity—it relates to all the electronic and physical data of an organization and not just those covered by compliance.

We don’t walk around with our bank account or social security numbers on our foreheads—that would be reckless. Instead, we do our best to secure sensitive information from individuals who want to steal it because securing valuable data is a prudent action to reduce the associated risks of identity theft and drained bank accounts.

Cybersecurity acts the same way. Recognizing the risks, smart business leaders choose to secure assets to protect their business from harm and keep their business. The fallout from inadequately securing business assets can lead to loss of business revenue, costly lawsuits and settlements, theft of intellectual property and proprietary information, reputational loss, inability to operate, and business shutdown.

Related Content →  Evaluate your security readiness with our  Cybersecurity Checklist.

Compliance

The confusion between the two functions arises because the outcomes from implementing compliance measures often overlap with implementing security measures. However, the motivation behind organizational compliance is to ensure that obligations and requirements are satisfied to avoid negative consequences and ensure business viability.

These external compliance requirements and standards include a range of often intersecting and complicated networks of government, industry, financial, and even customer requirements. Cybersecurity is often a small part of a greater set of requirements. Examples include:

  • Self-regulatory organizations like PCI Security Council (PCI DSS) and Financial Industry Regulatory Authority (FINRA)
  • Governmental bodies like the U.S. Securities and Exchange Commission (SEC)
  • Government regulations, including Gramm-Leach-Bliley Act (GBLA), FTC Safeguard Rule, Sarbanes-Oxley (SOX)
  • Privacy standards, including HIPAA/HITECH, GDPR, CCPA
  • Technical Standards and Certifications, including ISO27001, SOC2
  • Control frameworks, including NIST CSF, CIS Critical Security Controls
  • Client SLAs
  • Due Diligence requests (DDQ)
  • And more depending on your industry and other factors.

Looking at the worst possible outcomes, the legal and financial ramifications of non-compliance with these and other standards would lead to your organization paying hefty fines and penalties, facing costly lawsuits, being blocked from working in certain locations and industries, not being able to take payments, loss of financing and investors, not being able to acquire insurance, and more.

Related Content → What is Governance, Risk, and Compliance?

Security vs. Compliance the Big Picture

The reality is that neither IT security nor compliance lives in a vacuum. Instead, they are complementary—symbiotic even. They successfully function from a mutually beneficial association that enhances and reinforces the benefits of each other. One without the other would be like trying to make water without oxygen or hydrogen.

Being compliant with a specific set of standards is not the same as having an effective and robust information security system. Compliance simply measures whether your security protocols meet a given set of one-size-fits-all security standards at a given point in time.

A robust security system makes it easier for an organization to meet compliance standards since most of the needed controls will already be in place. All that would remain to attain compliance would be documentation work and adherence to industry-specific policies.

It’s All About Managing Risk

The real question every business leader should be asking is how to leverage both security and compliance to reduce exposure and risk. Compliance establishes a comprehensive baseline for covering an organization’s overall posture. At the same time, security practices build on that baseline to ensure that the business is protected from every angle.

It’s all about risk. Or, more accurately, reducing risk. And security combined with compliance is the one-two punch every business needs to minimize risk and protect assets.

For companies of any size, Governance, Risk, and Compliance (GRC) is about aligning cyber and information technology with business objectives, while managing risk and meeting regulatory compliance requirements. Therefore, an effective GRC strategy is essential because it pulls together the complexity of various risk, compliance, and governance functions into a single strategy.

Successful companies address cyber risk in a business context. From that point of view, avoiding fines and data breaches are preferable. In establishing and implementing compliance and security, smart leaders treat them as a risk-management concern and not just an “IT problem.” Integrating your security and compliance teams into your risk assessment program will lead to mutually assured success.

Additionally, certain industries, like financial services and life sciences, have overlapping requirements originating from a variety of sources which can make fore a complicated matrix to follow. Working with an IT vendor who specializes in your particular industry is ideal to ensure compliance across all regulations.

Choosing the right security and compliance solutions is also critical. Operating with a “checkbox” approach to either compliance or security will lead your organization toward a rocky future. Instead, focus on developing and adhering to robust policies and choosing the right solutions based on your industry needs, risk assessment, and business goals to satisfy and streamline your compliance and security activities.

by
Data Breach Detection

Breach Detection: Could You Detect a Data Breach?

With the increasing reliance on technology in today’s business world, the risk of data breaches is at an all-time high, making breach detection a crucial factor in protecting sensitive data.

Data Breach Detection

Detecting a data breach early on can help organizations limit the damages, preserve their reputation, and prevent further unauthorized access to their systems. Despite this importance, many businesses struggle to identify data breaches as they happen, only realizing something is wrong when it’s too late. We outline some helpful insights about the importance of breach detection and the strategies they can adopt to improve their breach detection capabilities to protect their business before, during, and after a data breach.

Causes of a Data Breach

A variety of factors can cause a data breach, including human error, malicious attacks, and software errors. Human error includes misconfiguring security settings or sending sensitive data to the wrong recipient. Malicious activities, such as ransomware attacks or phishing scams, are escalating and increasing in frequency and can lead to unauthorized access to sensitive information or data loss. Additionally, software system errors or vulnerabilities can provide entry points for attackers to exploit.

The growing reliance on third-party vendors and the complexity of supply chains have also increased the potential for supply chain attacks, where attackers target a third-party vendor’s systems to get access to valuable information. Therefore, understanding the causes of data breaches is vital for businesses to identify vulnerabilities and implement appropriate security measures to prevent them.

Data Breach Detection

The majority of data breaches are discovered by external sources, meaning that an external entity, rather than the affected business, was the first to recognize the breach. This makes it clear companies need to improve their data breach detection systems to monitor and detect potential breaches in real time.

With so many data breaches occurring every day, it’s critical for organizations to stay vigilant and invest in the latest technologies, and to detect potential breaches as soon as possible. By prioritizing breach detection and response, businesses can mitigate the damage caused by a breach, protect their customers’ data, and maintain their reputation.

Identifying High-Value Data

Identifying and securing high-value data is critical in protecting sensitive information from unauthorized access, loss, or theft. High-value data can include business trade secrets, intellectual property, financial information, personally identifiable information, and other sensitive information that could harm your business or customers if leaked or breached. To identify high-value data, a company must conduct a thorough inventory of data assets, categorize data based on sensitivity, and apply appropriate security controls to protect it from unauthorized access.

Effective security controls should include access controls, encryption, multi-factor authentication, and data loss prevention tools. Protecting high-value data may require additional resources and investment, but the potential cost of a data breach can be devastating. By prioritizing data protection for high-value data, businesses can minimize the risks associated with a data breach and build a trusted reputation with their customers.

Active Monitoring Processes

Active monitoring processes are essential for preventing data breaches and protecting sensitive information from unauthorized access. Active monitoring involves continuous monitoring of a system’s security posture to identify potential threats, suspicious activities, or vulnerabilities. By proactively monitoring networks, applications, and data usage, businesses can quickly detect and respond to security incidents before they become full-blown breaches.

Active monitoring processes can include but are not limited to, security information and event management (SIEM) solutions, intrusion detection and prevention systems, network and endpoint protection tools, and data analytics platforms. These tools provide a holistic view of the organization’s security posture and enable businesses to take timely action against probable security threats. Through active monitoring and timely response, organizations can prevent data breaches, protect sensitive information, ensure compliance, and maintain their reputation.

Rapid Remediation After a Data Breach

Rapid remediation is a crucial step in limiting the damage caused by a data breach. Once a breach has been detected, acting quickly and decisively to contain it and minimize the harm is essential. Rapid remediation strategies may include, among others, isolating affected systems, disabling breached accounts or systems, restoring from backups, identifying and removing malware or other malicious software, and conducting forensic analysis to determine the extent and root cause of the breach. The ultimate goal of rapid remediation is to lessen the severity of the breach and protect sensitive data from further exposure.

By responding to a breach quickly, businesses can reduce their financial and legal liabilities, safeguard their reputation, and mitigate operational disruptions. Effective remediation requires a well-defined incident response plan, including clear roles and responsibilities, thorough documentation, and continuous improvements in response to changing threat landscapes.

In conclusion, data breaches are becoming more sophisticated and prevalent, making breach detection an essential component of data protection strategies. Therefore, organizations must stay up to date with the latest technologies and adopt a multilayered approach to cybersecurity, including monitoring, training, and incident response planning.

Related Content

Looking to evaluate your organization’s current security coverage? Use our Cybersecurity Evaluation Checklist to help you appraise your firm’s cybersecurity readiness. This checklist is a jumping-off point to help your enterprise determine its ability to mitigate the risk of cyberattacks before it is too late.

Cybersecurity Checklist

 

Only by adopting a proactive, comprehensive approach can organizations hope to prevent significant breaches, mitigate their impact, and protect sensitive data. However, when it comes to data breaches, it’s not a matter of if but when. Therefore, businesses must continuously assess their IT security posture and adopt proactive measures to detect and respond to potential breaches. Only then can they safeguard sensitive data, ensure compliance, maintain operations, avoid liability, and avoid the headlines.

by
How to Spot a Phishing Email

10 Tips to Better Spot Phishing Emails

How to Spot a Phishing EmailEmail phishing activity is reaching a new high, especially in the financial services sector. According to KnowBe4, the overall phish-prone percentage baseline average across all industries and size organizations was 32.4%.

Common attacks are nothing more than online scams involving gift cards, while some are targeted spear phishing campaigns with the goal of gaining access to corporate networks. The best defense against fraudulent emails is educating end-users on how to spot suspicious emails. Phishing schemes often have signs that can trigger recipients to question their veracity. The key is to slow down and pay attention to the details. To that end, we have put together a list of ten common phishing email characteristics.

10 Signs of a Phishing Scam

  1. It just doesn’t look right – Is there something a little off with the emails? Too good to be true? Trust your instincts about the warning signs of potentially suspicious activity.
  2. Generic salutations –  Instead of directly addressing you, phishing messages often use generic names like “Dear Customer.” Using impersonal greetings saves the cybercriminals time so they can maximize their number of potential victims.
  3. Links to official-looking sites asking for sensitive data – These fake websites are often very convincing, so before revealing personal information or confidential data, examine the site to make sure it’s not a fraudulent website.
  4. Unsolicited email that uses personal details about you – Information like job title, previous employment, or personal interests can be gleaned from social networking sites like LinkedIn and then used to make a phishing email more convincing.
  5. Unnerving phrases – Thieves often use phrases meant to scare you (such as saying your account has been breached) to trick you into acting without thinking and in doing so, revealing information you ordinarily would not.
  6. Bad grammar or spelling – Grammar mistakes and misspelled words are a dead giveaway in a basic phishing attack. The use of unusual syntax is also a sign that something is wrong.
  7. Urgent request – For example: “If you don’t respond within 48 hours, your account will be closed.” By convincing you the clock is ticking, phishing scammers hope you’ll make a mistake by clicking on a phishing link or opening a malicious attachment.
  8. You’ve won the grand prize – This phishing technique is common but easy to spot. A similar, trickier variation asks you to complete a survey (thus giving up your personal information) in return for a prize.
  9. Verify your account –  These types of phishing attacks spoof real emails asking you to verify an online account with a site or organization. Always question why you’re being asked to verify – there’s a good chance it’s a scam.
  10. Cybersquatting – Often, cybercriminals will purchase and squat on website names that are similar to an official website in the hopes that users go to the wrong site, such as www.google.com vs. www.g00gle.com. Always take a moment to check out the URL before entering your personal information.

Related content: 6 Steps to Reduce Phishing 

Coretelligent’s Recommendation:

It is essential for your organization to have comprehensive solutions for cybersecurity designed by a trustworthy, proactive provider. Our CoreArmor solution offers 24/7 intrusion detection and monitoring, in-depth assessment to identify vulnerabilities, best-in-class phishing testing and end-user awareness training, and more. Your organization must be protected against emerging email threats in 2022 and beyond. Contact us today for strategic guidance on how to mitigate the security risk from phishing attempts.

by
IT Priorities

7 Top IT Priorities for Executives in 2023

Over the past few years, we’ve seen rapid technological changes, a trend set to continue in 2023. As a C-suite leader, it is vital that you are aware of the top IT priorities for this year and beyond. From ensuring robust security measures are implemented to accelerating digital transformation initiatives and managing costs effectively, executives must be prepared in this shifting environment.

7 Top IT Priorities for Executives in 2023

 

IT Priorities

 

With the speed at which technology shifts the business landscape, it’s essential to remain ahead of the curve to make the most of technology investments. So here’s a look at seven of the most critical IT priorities for C-suite executives and tech leaders in 2023.

Cybersecurity

If current events are an indicator, cyber incidents will remain a top concern in 2023. There will be plenty of cybercriminal activity from the ongoing conflict in Ukraine, bank failures, a fluctuating economy, technological advancements, and other forces.

According to a recent poll, 34.5% of executives report that cybercriminals targeted their organizations’ financial data. And in that same poll, 48.8% expect the number and size of cyber events to increase in the year ahead.

With that in mind, it is essential for business leaders to continuously review and refine cybersecurity protocols. As the threats become more frequent and intense–from government-backed intrusions to heightened supply chain attacks–security specialists forecast an even more challenging 2023. To stay safe, organizations must remain vigilant and take active steps towards proper protection now.

Some key areas to consider strengthening are MFA, endpoint security and user awareness, zero trust policies, and better evaluation of partners’ and vendors’ security policies and practices by implementing a third-party risk management program.

Privacy and Compliance

Various privacy laws from a slew of agencies and organizations are getting updated or coming on board. As a result, experts anticipate that by the end of 2023, 75% of the world’s population will be covered by a complex network of data privacy regulations and increased enforcement of those laws. As a result, executives will need to allocate more resources toward security and compliance to mitigate risk and avoid costly data breaches and fines and penalties for non-compliance.

Automation with AI, ML, and Low Code/No-code

As we grapple with cybersecurity and compliance demands, resources must be made available for leveraging the potential of artificial intelligence, machine learning, and low-code/no-code solutions to optimize productivity and profitability by 2023.

These solutions are now considered mainstays for market relevance for many verticals, including financial services and life sciences. These technologies enable streamlining workflows and processes and recouping time spent on routine tasks for investment into revenue-boosting tasks. Coupled with personnel labor shortages, AI, ML, and low code/no-code will become integral to aligning IT strategy with business strategy.

Hybrid Workplace

CTOs, CISOs, and executives facing a hybrid model should continue to focus on applying best practices in their implementation. Undeniably, the hybrid model places additional burdens on IT resources, especially regarding cybersecurity and support. But with the right strategy, a hybrid workplace can offer an organization greater flexibility and efficiency. To this end, IT professionals should focus on solutions that enable secure, remote access and collaboration across different teams and offices.

Hiring and Staffing Challenges

Labor shortages in IT and IS will continue to be an issue. As the need to further invest in IT capabilities becomes necessary, many organizations struggle with filling vital roles within their IT departments. Numerous experts are warning that this talent void won’t dissipate anytime soon, so shrewd executives and technology professionals will look beyond internal resources by partnering with a Managed Service Provider (MSP) to supplement their existing capacities.

Emerging Technologies and Trends

And if increased cyber threats, compliance, and labor shortages are not enough to juggle, leaders must also keep up with what is on the horizon with 5G, quantum computing, and other emerging technologies.

5G will continue to transform the banking and financial sectors from improvements like increasing the speed of payments to creating environments for superior data collection and more efficient backend processes. Additionally, quantum computing will bring many challenges and opportunities, including protecting data from quantum-empowered cyber criminals. Working with a strategic IT partner can help executives determine what emerging technologies to invest in and prepare for in the future.

Cyber Insurance

As the rate, intensity, and cost of cybercrime rise, the cyber insurance market is growing more competitive. Many insurers are reevaluating their underwriting requirements and giving greater scrutiny to risk mitigation and security programs. From increasing costs to more reporting requirements, more consideration will need to be given to factoring these changes into your IT roadmap.

Planning and Strategy are Key

With careful planning and strategizing, CXO and IT leaders will be ready to take on these and other critical initiatives this year. With cybercrime and data breaches on the rise, allocating resources to cybersecurity and responding to shifting compliance standards is more important than ever. Automation with AI and ML can help improve workflows and increase productivity. Outsourcing some (or all in some cases) of your IT functions can help alleviate skill gaps and other challenges from labor shortages. Executives must also stay ahead of emerging technologies and changes to the cyber insurance landscape to ensure their businesses remain competitive. By preparing for these challenges, IT leaders can ensure their organizations achieve success this year and beyond.

by
Multi-layered Security

Multi-Layered Security: How to Improve Your Cybersecurity Strategy

Are you utilizing a multi-layered security solution? In today’s escalating environment, it is not enough to just have a cybersecurity solution, instead, your company needs a robust multilayered security solution that includes multiple checks and protections against intrusions.

 

Multi-layered Security

Multi-Layered Security: How to Improve Your Cybersecurity Strategy

Cyber attacks are increasing at an alarming rate. In fact, global cyber attacks were up by 38% in 2022 over the previous year–and this trend doesn’t appear to be slowing down for 2023 either.

In light of this increase, are you putting yourself and your business at risk because of your deficient posture? The consequences of not being prepared for a data breach, ransomware, or other cyber incident are severe and include:

  • Financial loss from shutdowns and restoration efforts
  • Reputational damage
  • Personal liability
  • Fines and penalties from regulators
  • Permanent loss of proprietary data
  • Exposure of confidential and proprietary data
  • Costly lawsuits from clients, employees, and others impacted by data breaches or loss of productivity from stoppages
  • The complete failure and dissolution of your company

In evaluating your current posture,  it is important to ask yourself the following questions:

  1. When was your company’s last vulnerability assessment?
  2. Have you made the recommended improvements?
  3. Do you know how to address your security vulnerabilities?
  4. Could you defend your current strategy to investors and regulators if a breach occurred?

Defend Against Escalating Threats with Layered Security

The potential risk from a deficient or merely adequate cybersecurity posture are just too significant. The escalating cyber threat landscape requires a rigorous, dynamic, and proactive security strategy. The only way to truly protect your firm from cyber threats is with a robust cybersecurity position. The most secure approach is utilizing multi-layered security protection, often referred to as defense-in-depth. Without this method, your company is an easy target for cybercriminals, and it could  be considered negligent in the event of a cybersecurity incident.

To provide some context—your lax security approach is just as negligent as leaving your front door wide open and announcing to the world that you are out of town for the week.

 

Multi-layered Security

This infographic demonstrates the multilayered approach to security, specific best practices, and their associated Coretelligent solutions.

What Does Layered Cybersecurity Encompass?

Defense-in-depth is a system of overlapping security layers that range from easy-to-implement controls to complex security tools. These layers are designed to create an interlocking barrier, not unlike the security system at your home, which might include a door with a deadbolt, motion-detection lights, security cameras, and an alarm system that act as overlapping protections designed to safeguard your home. These individual protections combine to work as a system that is continuously protecting your home. Multilayered cybersecurity operates in the same manner. And just like your home security defends on two fronts—as a deterrent to criminals and as a barrier for any criminals foolish enough to attempt to break in—a strong cybersecurity posture defends on two fronts.

Our defense-in-depth infographic highlights the cybersecurity best practices that Coretelligent employs, including next-generation firewalls, endpoint detection and response, patch management and security updates, access management policies, advanced spam filtering, and more.

Evaluate Your Current Cybersecurity Solution

Looking to evaluate your organization’s current security coverage? Use our Cybersecurity Evaluation Checklist to help you appraise your firm’s cybersecurity readiness. This checklist is a jumping-off point to help your enterprise determine its ability to mitigate the risk of cyberattacks before it is too late.

Cybersecurity Checklist

After completing the checklist, reach out for questions about how Coretelligent can help to strengthen your cybersecurity. Learn more about what we offer, including cloud-based solutions, backup and business continuity services, IT planning and strategy, compliance solutions, and more here.

by
How to Avoid Increased Risk from Phishing Attacks

How to Avoid Increased Risk from Phishing Attacks After SVB Shutdown 

Reports of cybercriminals registering suspicious domains after the Silicon Valley Bank shutdown indicate potential coordinated campaigns to trick account holders and users across industries, including tech, life sciences, and investment firms. Learn how to avoid these phishing attacks.

 

What is a common indicator of a phishing attempt

 

Since the news about Silicon Valley Bank (SVB) dropped, much of the focus has been on how the shutdown happened and the implications for the industry and the economy at large. However, amidst the worry about the impacts lies another danger—the risk of increased cyber-attacks, particularly from phishing attempts and other social engineering. Of course, it is essential always to remain vigilant, but bad actors often take advantage of opportunities like this to ramp up their efforts.

A sudden change in business procedures can create a vulnerable window of opportunity for cybercriminals to launch malicious campaigns. As we’ve seen with other incidents, attackers have taken advantage of any vulnerabilities arising from the disruption to perpetrate attacks on other companies.

It has been reported that cybercriminals have been registering suspicious domains after the Silicon Valley Bank shutdown that can be used in coordinated campaigns to trick end-users into sharing sensitive information.

With this in mind, organizations must remain extra vigilant for phishing attempts and other social engineering tactics during times of uncertainty that cybercriminals can exploit.

How to Avoid Phishing Attacks?

Here are some tips to help your firm avoid phishing attacks:

  • Expect an increase in phishing, social engineering, and phone calls and email attempts to gain access to your data and accounts.
  • Attackers will use language to appeal to your emotions. For example, click this now, urgent, your money is running out, etc.
  • Finance teams must carefully verify and validate any account changes or new account requests.
  • Implement multifactor authentication if your organization does not already employ it.
  • Ensure that employees are aware of the increased risk and ensure they can recognize social engineering and phishing attempts.
  • Follow up with a regular training program for end-users to ensure employees are always ready to identify the latest tactics utilized by cyber attackers.

What is a common indicator of a phishing attempt?

  • Here are some of the usual signs of an email phishing attempt. Often phishing schemes will include several of these markers.
  • An email sent from an address that does not match the domain associated with the sender. For example, if you receive an email from someone claiming to be from SVB but with a different domain name in the “from” field, this should be a red flag.
  • Emails with misspelled words and grammatical or syntax errors could also signal a malicious attempt.
  • Emails that include links or attachments should be carefully scrutinized. It is always best to err on the side of caution and not click links or open attachments until you can confirm that they are from a trusted source.
  • Unsolicited emails that ask for or direct you to a link or document asking for personally identifying information (PII) like passwords, wire transfer details, login credentials, or other sensitive data should be treated with extreme caution.
  • Finally, if an email contains a sense of urgency, includes offers of immediate assistance, or requests payment now, this could be a sign of a phishing attempt. Again, be sure to take the time to independently verify the request before taking any action.

If you encounter any of these signs, it is best to flag the email and alert your IT department immediately. Taking precautions to protect yourself from phishing attempts is critical in safeguarding your company’s data.

Related Content: Why are Phishing Emails so Dangerous, and How Can You Spot Them?

It is essential to remain vigilant when there is heightened risk from cyber criminals taking advantage of a highly volatile situation like SVB’s recent closure. By following best practices such as implementing multifactor authentication, conducting end-user training, and relying on a multilayered cybersecurity program, you can protect your business from cyber criminals looking to take advantage of the uncertainty during this and the next inciting incident.

by