The cyber black market operates much like any other industry when viewed from a broader perspective. Attackers have built profitable businesses, offering services based on their skills and tools. We see offerings like botnets-as-a-service — where distributed denial of service (DDoS) attacks can be purchased by the hour — and malware kits that allow even unskilled individuals to build their own botnets, complete with command-and-control (C&C) servers. There are even ransomware helpdesks and call centers designed to assist victims in navigating payment methods. The list goes on.

This billion-dollar industry thrives by exploiting vulnerable technologies and preying on people unaware of the sophistication behind these attacks. Throughout the pandemic, attackers have only intensified their focus on user-centric attacks, so we must be vigilant. The good news is, many of these challenges already have solutions.

On a brighter note, pressure often leads to innovation. As the saying goes, necessity is the mother of invention. I’m excited to see how companies are adapting to this new landscape with creative approaches.

That said, it’s always a good time to reinforce the basics and take control of what’s within reach.

Get Visibility into Your Remote Assets

Renew your focus on endpoint protection and visibility. Given the current state of the world, attackers know users are exposed and are largely unprotected on their home network. A study from the Ponemon Institute found that nearly two-thirds of respondents had a lack of confidence in their ability to monitor endpoint devices off the corporate network.

[Related Reading: What Is Endpoint Security?]

Reduce Friction for Users

Make sure there’s a low friction and safe method that allows your users to share information internally and with customers. Security needs to become the department of “YES,” instead of “NO.” If you sanction a tool, then people will use it. It’s also important to ensure it can accommodate large files — don’t give your people an easy excuse to go off-script.

Shift Your Mindset to Passphrases

Two-factor (2FA) and multifactor (MFA) authentication offer excellent protection, but a simpler starting point — without needing new technologies — is using passphrases. On average, English words have five letters, and typical phrases contain around 20 words. While not all password fields support that many characters, the key takeaway is that the strength of a passphrase lies in its length, not its complexity. Each additional character makes the passphrase exponentially harder to guess or crack.

Additionally, password managers can be a great help. There are plenty of options available, and if I can get my grandma to use one, then anyone can, regardless of their technical expertise. For even greater security, consider implementing and enforcing 2FA or MFA — but be ready to provide the necessary support to users.

Fortra's Alert Logic Staff
About the Author
Fortra's Alert Logic Staff

Related Post

Ready to protect your company with Alert Logic MDR?