John Piazza | August 12th, 2022

Threat actors are relentless in their pursuit of your business-critical data and actively seek the path of least resistance to achieve their objectives. The unfortunate reality is that humans are most often front and center in this path. In fact, SpearTip threat intelligence—which is supported by industry data—indicates that over 90% of security breaches are the result of human error through phishing attacks. This is not to disparage employees or ascribe malicious intent to any security incident, but rather to make clear the importance of building a security posture based on the basics.

One of the most basic and vital components of cybersecurity is discernment. The reality is that no security tool offers a panacea preventing all attacks, which increases the value of focused and aware individuals optimizing an organization’s overall security posture.

The first step in enhancing the discernment of employees, and any internet user for that matter, is regular and ongoing training for how to spot phishing emails. There are several immediate clues indicating that a particular email may be malicious: asks for personal information, induces panic with time-sensitive requirements, uses a domain different from what is expected, or includes unsolicited links and attachments. Most often, it’s the final element that transforms a threat into a full-blown incident. Training employees to vet the details of each email and avoid clicking on links or attachments will go a long way in preventing your business from being victimized by threat actors.

Similarly, offering regular, ongoing education for how to maintain awareness and avoid falling victim to social engineering attacks will immediately boost a business’ defenses. Social engineering is a common follow-on attack after phishing used in Business Email Compromise (BEC). Like the phishing training, social engineering training modules cannot be one-and-done sessions. Employee performance should be tracked so those who are not catching on can be provided additional remedial training. The concept of a chain being no stronger than its weakest link is the right metaphor as threat actors will work to find the slightest gap to infiltrate their targeted environment.

A lot of organizations fail to emphasize the importance of discernment in their team as a security component, which regularly leads to falling victim to phishing attacks or social engineering. A tried-and-true phishing attack method is utilizing a keylogger—tools that collect every keystroke made on a compromised endpoint—with which threat actors can acquire user passwords, including those for executive accounts. These command a high profit margin on the dark web as they often have access to the most profitable intellectual property or the ability to approve transfers of large sums of money. Once credentials are acquired, threat actors have a foot hold. They can begin moving laterally throughout an environment, looking to escalate privileges or maintain persistence. There are security tools that can prevent all of this from manifesting, but none of those preventative measures are as valuable as human discernment.

Having a properly configured stack of security tools is necessary to optimize a business’ overall maturity and prevent the devastation of BEC or ransomware. Multi-Factor Authentication (MFA), for example, is an excellent safeguard and prevents upwards of 99% of attacks from advancing within an environment and should be enabled whenever possible.

It’s that remaining 1%, however, where so much damage is done. Like all threat actor tactics, techniques, and procedures, phishing attacks are growing in sophistication and can in certain cases bypass MFA protections. One emerging tactic threat actors are using to capitalize on human susceptibility related to phishing attacks and bypass MFA processes is known as adversary-in-the-middle (AiTM) phishing. AiTM attacks occur when threat actors establish a proxy server between the targeted victim and the site they are accessing. In doing so, threat actors can steal passwords and cookies, which allows network persistence with authenticated access. From there threat actors are positioned to launch follow-on BEC campaigns.

To create the greatest security around your business’ most critical data, it is recommended to offload your cybersecurity to a company that can provide you 24×7 protection from a Security Operations Center and collaborate on ongoing employee training and education. Doing so will allow you to rest easy and focus on building your business by re-establishing brilliance with the basics.