1. Secure Third-Party Supply Chains

Vulnerabilities in trusted partners’ tools or services could provide backdoor access to your systems, as in cases like the breach of Progress Software’s MOVEit file transfer solution.

By compromising the security of vendors, contractors, and suppliers, attackers can access the networks of countless organizations around the world.

Lesson: Assess supplier, vendor, and partner relationships thoroughly, scrutinizing security measures and limiting integration points that grant access to your infrastructure.

  • Continuously audit third parties and ensure you have visibility to their changing risk profiles as you scale reliance.
  • Prioritize partners demonstrating advanced and evolving capabilities to withstand sophisticated attacks targeting them or their clients.

2. Train Staff Against Phishing and Social Engineering

Despite increased awareness of cyber risks and training against threats like phishing, social engineering is an alarmingly pervasive and effective attack vector.

Recent incidents, including the breach of MGM Resorts, which (if the hacking group which claimed credit is to be believed) was enabled by “vishing” or phone call trickery, highlight persisting vulnerabilities to human manipulation.

Lesson: Comprehensive, continuous, and creative approaches to security awareness education are imperative to combat social engineering threats.

  • Exhaustively train staff in scrutinizing communication attempts across channels, identifying subtle manipulation red flags in emails, calls, and even coworker requests.
  • Reinforce clear reporting procedures for suspected phishing, vishing, and suspicious contacts.
  • Understand that technology alone cannot protect against exploits weaponizing human trust and psychology against us.

3. Restrict Access and Least-Privilege Permissions

The ability of hackers to access the personal information of over 37 million T-Mobile customers highlights the perils of improperly managed credentials and excessive access.

Lesson: Reduce risk exposure through stringent access control policies ensuring least-privilege permissions to users across infrastructure, systems, services, and data repositories.

  • Review access levels to sensitive areas regularly and remove outdated clearances no longer required for specific roles and applications.
  • Integrate stringent multi-factor authentication (MFA) requirements across authentication gateways to critical systems, tools, apps, and network segments.
  • Manage, identify, and access governance vigilantly via best practices to keep cybercriminals at bay.

4. Don’t Delay Software Updates and Patches

The ransomware attack inflicting over six weeks of severe postal service disruption in the UK by exploiting flaws in the security of Royal Mail, the British mail company, underscores how technical debt and inadequate patch management regimens render organizations vulnerable.

Lesson: Prioritize timely patching and upgrading software assets across the environment, focusing most urgently on internet-facing services and tools exposed to higher risk.

  • Consider automation opportunities to streamline update processes wherever possible.
  • Don’t allow oversights in updates and improvements to provide unnecessary openings for ransomware and malware already addressed by software publishers.

5. Manage the Risks of Remote and Hybrid Work Environments

Distributed, hybrid work magnifies attack surfaces through home networks, remote access paths, and unmanaged devices operating off corporate premises.

Multiple studies have revealed that remote or hybrid work is linked to increased cyber exposure.

Lesson: Implement a zero-trust framework for secure remote work environments, ensuring that employees have least-privilege access to corporate resources regardless of their location.

  • Establish VPN-protected corridors for remote access to internal systems.
  • Enforce device compliance for remote access via mobile device management and endpoint protection software.
  • Institute data loss prevention controls tailored to cloud apps and storage solutions, among remote staff and the need for enhanced security measures in these areas.

6. Lock Down and Monitor the API Attack Surface

While APIs drive efficient automation and connections between crucial business applications, they also increase exposure. The breach of T-Mobile highlights the growing imperative of managing this enlarged attack plane.

Lesson: Comprehensive API security must complement business priorities, leveraging these interconnections through scaled platforms securing authentication, authorization, encryption, activity logging, and continuous scanning against evolving threats.

  • Conduct rigorous testing specific to uncovering API weaknesses.
  • Treat APIs as gateways to your most critical assets, necessitating controls on par with traditional network access.

7. Guard Against Ransomware Spread

Prominent attacks like those launched against Royal Mail and manufacturing giant Clorox demonstrate ransomware’s devastating potential if protections fail to limit blast impact. Infection on one system enables threat actors to achieve widespread encryption and irreparable destruction rapidly.

Lesson: Network microsegmentation, multi-factor authentication protocols for admin roles, and air-gapped offline backups provide fundamentals for reliable business continuity if ransomware hits core infrastructure.

  • Prepare response capabilities to isolate and shut down infected machines automatically.
  • Rehearse crisis scenario management via regular simulations to confirm adequate precautions against worst-case scenarios involving ransomware.

8. Prioritize Early Anomaly Detection in Threat Analytics

T-Mobile’s second data breach of 2023 lasted nearly a month before it was detected. And Royal Mail’s immense disruption downed export services for weeks.

These extended opportunities for adversaries to inflict more significant harm spotlight the severe risks of lengthy dwell and down times.

Lesson: Early detection is vital to rapid recovery.

  • Prioritize continuous analysis via tools like behavioral analytics engines strengthened by machine learning.
  • Shorten incident response through enhanced focus on automation and analytical capabilities on unstructured threat hunting.

9. Maintain Resilience Through Incident Response Plans

While efforts to prevent successful attacks are essential, you should also be prepared for the fallout of a breach. Lacking an incident response plan renders organizations vastly more vulnerable to destructive attacks — not to mention fiduciary and legal liabilities.

Lesson: Develop and continually update detailed response plans encompassing containment procedures, internal and external communications, legal disclosure duties, and more.

  • Conduct simulated breach scenarios to fully exercise and evaluate plans with key stakeholders throughout the enterprise.
  • By preparing for the worst, it’ll make all the difference in managing impacts.

10. Reinforce Human Defenses with Continuous Security Awareness Training

Technical controls inevitably have limits in stopping attacks, especially social engineering threats. This reality emphasized the importance of empowering staff to recognize and resist manipulation.

Lesson: Establish a formal security awareness training regimen tailored to your organization’s activities and risks, molded by insights into current staff vulnerability.

  • Look beyond one-off compliance checkbox requirements and arm personnel with a more profound understanding.
  • Awareness is no longer a once-a-year requirement but an ongoing system, keeping the workforce equipped to repel high-tech and social threats.

What are the next steps for businesses?

The time is now for extreme cyber vigilance.

To begin applying these lessons, prioritize assessing risks and vulnerabilities. Conduct simulations and testing to uncover gaps and dedicate leadership and resources to integrating security across systems and staff.

All businesses of any size should think and act proactively and invest now in improved cybersecurity. By implementing these measures, business owners can safeguard their financial and personal data and keep their businesses running smoothly.

Would you like some help?

If you are a client and would like to book a consultation, call us at +1 (212) 382-3939 or contact us here to set up a time.

If you aren’t a client, why not? We can take care of your accounting, bookkeeping, tax, and CFO needs so that you don’t have to worry about any of them. Interested? Contact us here to set up a no-obligation consultation.

Stay informed

Interested in receiving updates in your mailbox? Check out our newsletter, full of information you can use. It comes out once every two weeks, and you can register for it below.