Now in its 18th year, Cybersecurity Awareness Month—previously known as National Cybersecurity Awareness Month—continues to raise awareness about the importance of cybersecurity across the country. The CISA and National Cyber Security Alliance (NCSA) use October to encourage individuals and organizations to protect their part of cyberspace, stressing personal accountability and taking proactive steps to enhance cybersecurity.
Rental spoke with Kilian Englert, director of field engagement, Varonis, about the latest cyberthreats and advice for companies that are looking to improve their cybersecurity awareness and practices.
Q: Ransomware is a huge concern these days. Hardly a day goes by without another company getting hit. What can companies do to ensure they are not the next victim? Is an attack inevitable?
A: While nothing in cybersecurity is an absolute certainty, businesses need to shift to an “assume breach” mentality, which means that they need to operate under the assumption the attackers are already inside. With that in mind, companies need more than luck to prevent and recover from an attack. They need to plan and prepare, assuming the attack will come and hoping it never does. If your company has sensitive data, somebody either wants it or knows they can force you to pay to get it back. Ransomware is packaged and sold to cybercriminals to deploy, and new variants are created all the time. Training will go a long way to ensure your employees are on their guard – phishing emails are looking better and better, making it easier to trick savvy users.
Years ago, employees would save files to their computers. Now, that information is being stored on shared servers and in the cloud. When ransomware hits, it doesn’t affect just one computer – it can take entire companies offline. Imagine not being able to access your electronic files or use email. Cybercriminals place a high ransom on your files hoping that you will pay to get that data back. They may threaten to leak or post information that they find unless they're paid. We call this “big game ransomware” – that is, targeted attacks intended to take businesses down and result in a big payday for cybercriminals.
A big step companies can take is to reduce the damage attackers can do. This is the “blast radius,” or the amount of damage any individual user could do if they were to get compromised, and specifically, any and every file to which they have access on your network that could be stolen or encrypted in the event of an attack.
We found that, on average, every employee can access over 17 million files on their first day on the job. That’s because companies will set themselves up for collaboration -- they save files on their servers and allow just about anyone in the company to view and open any file. In the event of an attack, the ransomware will encrypt any and all files it can touch. Limiting access in advance will help minimize the damage an attacker can do.
Q: Many companies are now using cloud-based solutions to share information, collaborate, and basically, work. What cybersecurity concerns should companies be aware of as they turn to the cloud?
A: The biggest thing to remember is that the cloud isn’t foolproof. Companies are turning to software-as-a-service and infrastructure-as-a-service applications and tools. These solutions can range from an application like Slack or Google Workspace to Microsoft 365 and Teams. While these tools have built-in security, it’s up to you to ensure your company’s sensitive information is kept secure. And that can be a huge burden. While the cloud offers benefits like collaboration, it can also make it easy to expose your critical information to just about anyone who is online. To help keep your data safe, you need to protect it wherever it is – and that includes the cloud.
The end-user experience in the cloud tends to be more seamless and integrated between apps and platforms through API connections. However, the management of SaaS and IaaS platforms, and the individual security controls and alerts for each one, tend to be siloed. This can give attackers an advantage – they hope that even if an organization gets an alert about suspicious activity on one platform, they won’t be able to connect the dots across multiple SaaS apps before the attacker is able to complete their mission of finding and stealing valuable data. It becomes more critical for organizations that rely heavily on the cloud to take a holistic view across their multiple platforms.
Q: What about threats coming from within a company? Are insider threats common?
A: Insider threats do not get as much publicity in the news as ransomware, but they definitely have not gone away. If employees feel like their jobs are at risk, they might try to gain an advantage by copying, deleting, or even changing sensitive information. In one case, we helped a company identify an employee who was copying pricing lists to give to a competitor. Insider threats are not something most companies want to think about – after all, you should trust your employees. Also, temporary employees are also a potential risk.
Start by locking down important internal-only documents – anything you would not want to walk out the door. This could be sensitive employee information, like home addresses and social security numbers, that are protected by law. Other examples include salary information, business plans, and sales contracts. Only grant access to sensitive files on a need-to-know basis. Also, monitor unusual file access or uploads to places like Gmail. When employees leave your company, ensure IT removes their access immediately and completely.
Q: What is the best overall advice you can give to business owners and leaders?
A: Business leaders should be aware that there is massive risk and follow the “assume breach” approach – that is, anything and anyone can be compromised. The best approach is to be proactive. Plan to reduce the impact and the damage from an attack. Put your data first, lock it down, and watch for abnormal activity when one of the applications or technologies you rely on for your business could be turning against you. Cybercriminals are relentless – and you need to be prepared.
