By all measures the bad guys are winning, dramatically. You may not be aware of just how lopsided the current state of things has become, but while most businesses have done little to nothing in the last 5 years to upgrade their defensive maturity, the bad guys have matured LIKE CRAZY. It’s really difficult to overstate this or use superlatives that are an exaggeration. In fact the bad guys have largely matured to the point that they have become totally invisible to the IT departments who are charged with the company defenses. Malicious actors routinely sneak right past all the anti-virus software and firewall appliances in place and easily breach the environment, stealing data for months or even years right under the security teams noses, totally undetected. See our BLOG article on the Solar Winds breach for a mind blowing example, and we could share many, many others.
The volume and frequency of these breaches has also escalated dramatically, not just the sophistication. Consider this (shortened) list of significant breaches curated from the excellent ID Agent Week In Breach report for the month of September 2023:
| Tesla | Malicious Insiders stole and leaked 100gb data |
| Clorox | Operations shut down after ransomware attack resulting in product shortages |
| Geico Insurance | Caught up in ongoing MoveIt breach, private data stolen |
| Mom’s Meals | Network breach resulting in private data stolen |
| University of Minnesota | Data breach of 7 million Social Security #s |
| London Metropolitan Police | Personal details of 47,000 personnel stolen |
| France’s Unemployment Agency | Caught up in ongoing MoveIt breach, private data stolen |
| Northern Ireland Police | Accidentally posted all personnel details online for 2 hours, lives now at risk |
| CloudNordic Cloud Host | All customer data lost including backups in network breach |
| Seiko Watches | Network breach resulting in private data stolen |
| Paramount Global | Network breach resulting in private data stolen |
| Forever 21 | Network breach resulting in private data stolen |
| U.S. National Safety Council | Data posted openly by accident |
| Callaway Golf | Network breach resulting in private data stolen |
| Montreal Electricity Organization | LockBit ransomware attack |
| University of Sydney, Austrailia | Supply chain vendor breach |
| National Center of Incident Readiness and Strategy for Cybersecurity | China nation state attack |
| Johnson & Johnson / IBM | Network breach resulting in private data stolen |
| Sabre Travel Platform | Network breach 1.3tb data stolen |
| Freecycle Recycling Website | Network breach 7 million people’s data stolen |
| MGM Resorts | Operations shut down for weeks and everything stolen with 10 minute phone call |
| Ceasars Entertainment | Caught up in MGM attack |
| US/Canada Waters International Joint Commission | Network breach resulting in private data stolen |
| Canadian Nurses Association | Network breach resulting in private data stolen |
| UK Greater Manchester Police | Supply chain vendor breach |
| Airbus | Stolen user credentials |
| Sony | Bad guys told them their entire organization has been compromised, they didn’t know |
This is what an annual list of major breaches used to look like and now this is just a single month. Once again, many entities didn’t know they were breached had had to be told, the likes of Sony, MGM Resorts, Johnson & Johnson, and IBM. The bad guys are now invisible.
What have you done to upgrade your defenses?
Unfortunately in the face of this dramatic escalation in both the volume and sophistication on the part of the bad guys,many businesses have done nothing or very little to enhance their defenses. In our BLOG article here we covered a recent survey by insurance giant Nationwide which showed that 40% of small business owners expect a cyber-attack to cost less than $1,000, when in reality it will probably cost millions.
According to the IANS 2023 Security Budget Report businesses have increased cybersecurity spending in 2023 by only 6%, when it should be increasing by 35% or more to remain safe. Making it worse, in many cases other IT operational spending was cut in order to provide the increase in cybersecurity spending.
Meanwhile year after year the bad guys are perfecting their processes and getting tools that are better and better. When the bad guy asks his boss for a new tool he gets it, he doesn’t get told to wait for next year’s budget or generate an ROI request, which is why the bad guys have now matured right past your IT department to the point of invisibility.
How do you spot an invisible adversary in your environment who is quietly stealing all your data?
This will sound simple, but the bad guys are invisible because they are hiding where you’re not looking. This was true of NASA and the Pentagon in the SolarWinds breach in 2021, and it’s still true for Sony this week, who just got told by a ransomware group that their entire global organization was breached. In none of these cases did an alarm go off or an alert notify them that they had a problem. The anti-virus and a firewall you have don’t begin to address this problem. They represent no resistance at all to the modern threat actor regardless of which brand you have.
In order to spot the invisible adversary you have to start looking in all the hiding places, and on a regular, ongoing basis. You should immediately begin doing the following things if you are not already:
- Get a complete IT security assessment by a third party expert like Rocky Mountain Cybersecurity. We know where the invisible bad guys are hiding in your network, and because you can’t audit yourself, this should be a third party service. An expert like Rocky Mountain Cybersecurity knows what to look for, and uses special tools in combination with our expertise to dramatically reduce our clients business risk.
- Perform a complete cloud services assessment and hardening for Microsoft 365, Google Docs, AWS, OneDrive, SharePoint, etc.. Microsoft and Google cloud services are horribly insecure and must be intentionally hardened for security.
- Implement 24x7x365 SIEM/SOC and/or Managed Intrusion Detection / Threat Response services. These services look in the nooks and crannies for the bad guys around the clock by monitoring all activity for anything suspicious. While these services used to be too expensive for the typical small business, Rocky Mountain Cybersecurity now has extremely affordable options for every small business owner that wants to be secure.
- Get an external penetration test / vulnerability scan by a third party expert like Rocky Mountain Cybersecurity to check public facing gateways and cloud applications for security problems.
In addition, as always be sure to:
- Maintain at least 3 immutable and restorable backups of all your data
- Implement Multi-Factor (MFA, 2FA) authentication on everything
- Use education and leadership to create a culture of awareness within the organization
Partnering with a cybersecurity expert like Rocky Mountain Cybersecurity
When your adversary has matured so far that they are now invisible, partner with a cybersecurity expert like Rocky Mountain Cybersecurity. We know where the bad guys hide and have the knowledge and expertise to sniff them out. Get in touch with us to talk today!.
Contact us today! – 307-288-0222 – www.rmcybersecurity.com – info@rmcybersecurity.com
