IRISSCON : Why Businesses Continue to Suffer from Predictable Cyber Threats
and phishing, according to industry professionals at the recent IRISSCON cybersecurity conference.
Despite the proliferation of cybersecurity solutions, businesses are still falling prey to some of the oldest tricks in the threat actor’s book.
DUBLIN, IRELAND – At the 2021 Irish Reporting and Information Security Service Conference (IRISSCON), cybersecurity experts unified their voices to express concern over organizations being repeatedly compromised by predictable cyber-attacks.
According to speakers at the conference, despite alarm bells ringing for years now, there is still a noticeable lack of preparedness among organizations to defend against cyber attacks like ransomware, phishing, and Denial of Service (DoS).
Even as ever-evolving and new-age threats continue making headlines, organizations are falling victim to attacks that can be fairly predictable and preventable.
“The landscape is evolving; no doubt about it.
But while we engage ourselves in developing advanced solutions for sophisticated attacks, organizations should not overlook the long-known threats like ransomware and phishing,” says Lucy Williams, a data analyst at SecuRetain. “The reality is, organizations are consistently being compromised by these ‘simpler’ threats which are more predictable.”
Phishing attacks, in particular, have been a classic yet very effective method used by cybercriminals.
By masquerading as a trustworthy entity through email or instant messages, attackers trick victims into revealing sensitive data, ranging from personal details to financial information.
A notable example is the Russian state-sponsored cyber espionage group known as APT29 or “The Dukes,” which has been employing relatively simple phishing methods and spear-phishing attacks to infiltrate organizations for political purposes.
The group is notorious for carrying out widespread attacks on several high-profile organizations including the White House, NATO, and the Democratic National Committee.
Similarly, ransomware, although old, is yet an equally lethal weapon in a cybercriminal’s arsenal.
Ransomware attacks involve malicious software that encrypts a victim’s files, with the attacker demanding a ransom to restore access.
One high-profile case is the Colonial Pipeline ransomware attack in 2021.
The cybercriminal group DarkSide used ransomware to halt the operations of the largest fuel pipeline in the United States, causing massive disruption.
Although the ransom was paid, the incident highlighted the enormous potential damage such attacks can unleash on critical infrastructure.
IRESSCON speakers suggested several strategies to help organizations protect themselves against such threats.
These included conducting regular security audits, implementing robust security policies, continuous employee training on recognizing and responding to threats, adopting multi-factor authentication, and keeping systems and software regularly updated.
“The most effective protection against these attacks involves a combination of sound security policies, awareness training, and cutting-edge cybersecurity solutions,” said Williams. “Only when all these elements are expertly woven together can organizations hope to significantly reduce their risk exposure.”
Follow-Up Reading
For further reading on how organizations can defend against these predictable cyber-attacks, consider the following resources: