Hackers are now relying on phishing more than ever to steal sensitive corporate data. In fact, there have been 8.5 times more phishing scams in 2017 than malware attacks.
A practice that used to happen primarily over email and the telephone, phishing now occurs regularly through chat and messaging applications, as well as online promotions, giveaways, fake learning resources and fake technical support scams, among other channels.
The challenge is that most businesses today are completely inundated with phishing attacks as well as other threats like keystroke loggers, denial of service (DoS) attacks, viruses and SQL injections. At a certain point, it literally becomes impossible to shield your network from all incoming attacks. And for this reason, it’s critical to set up multiple layers of defenses.
This sentiment was recently echoed by Jeffrey Tricoli, Section Chief for the Cyber-Division of the Federal Bureau of Investigation (FBI).
"Organizations need to layer defenses in front of the things they need to protect," Tricoli said during a recent keynote address at the infosecurity North America conference on Oct. 5.
Tricolo outlined the three fundamental elements of a layered defense system:
A baseline for user behavior: All employees who access the network and interact with company data need to understand the rules outlining acceptable online behavior. It’s critical to train all end users about cybersecurity best practices, and establish a strong cybersecurity culture. By training end users about how to stay safe online, businesses can reduce instances where end users accidentally fall for phishing scams and other harmful tricks.
An intrusion prevention system: In addition to training your end users about cybersecurity best practices, you’ll also want to use automated technologies like firewalls, traffic filtering systems and even cloud access security brokers (CASBs) to detect and eliminate abnormal activities. Many businesses, it should be noted, are now working with third party cybersecurity providers for affordable access to cutting-edge technologies. In one study, 37 percent of respondents indicated that on many occasions, cyber intrusions would have gone undetected if not for an outside party alerting them about malicious behavior in their networks.
Heuristics for anomalous actions: This refers to the practice of detecting and eliminating new and unknown cyberthreats. Heuristic detection may involve a few different methods, most commonly file emulation, file analysis and signature detection, or tagging malware so that it can be identified in the future.
Apex Technology Services is a managed services provider (MSP) offering cybersecurity assistance to businesses throughout greater New York City, Westchester county, Fairfield county and beyond. To learn more about how Apex can help you set up and maintain a layered network defense system, click here.
A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York City; White Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.
To ensure your security, consider one of our most popular services — Auditing & Documentation — which pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.