February 9, every year, marks Safer Internet Day. A day that is meant to focus on creating a safer cyberspace. The Safer Internet Day came into existence in 2012 when the U.S. DHS and European Commission decided to focus on making the internet safer for a growing number of youngsters who were starting to get accustomed to a connected-virtual lifestyle through the internet.
Ever since then, several nations have joined the bandwagon of celebrating this day to commemorate internet safety and establish best safety practices. The theme this year is “Together for a better internet.”
While this day majorly focuses on internet safety for children and young people, the surge in the remote workforce due to COVID-19 has broadened, and now even includes adults. While common threats like malware, phishing, and ransomware campaigns are still wreaking havoc on the digital landscape, more sophisticated forms of attacks are also cropping up, often exploiting people’s fears. We approached industry leaders to seek insight on the cybersecurity implications of these threat vectors, what CISOs must do to safeguard their companies and employees, and how to make the internet a safer space for children and adults alike.
1Security Awareness Training Should be a Top Priority for CISOs
“Safer Internet Day is a great reminder of the ever-evolving threats we face online. Every photo we post, job update we share, and person or place we tag, reveals valuable information about our personal and professional lives. Today, hackers are taking advantage of this level of detail to craft effective social engineered attacks. For example, we are seeing people post on their public social media pages the names of their pets, children, families, and interests. Meanwhile, employees are revealing too much information in their out-of-office messages, like where and how long they will be gone. Hackers can use all of this to try to crack passwords or convince colleagues to wire money. The solution isn’t to stop using out-of-office messages or social media. Rather, it’s about being educated and knowing how those details about your personal and professional life can be used against you or your company.
Implementing security awareness training should be a top priority for CISOs today, as it’s vital to educate employees about the dangers of sharing too much online. However, training needs to evolve to keep up with the constantly changing threat landscape by using real-world examples to provide context, like impersonation and BEC scams. It’s critical that business leaders today understand the risks in order to maximize the strength of their security posture.”
2Deepfakes will be the Bigger Concern
“This Safer Internet Day, reliability of information is the theme, and with ‘fake news’ entering popular lexicon as a symptom of the massive amount of misinformation available online, this year we explore how fakery — as well being used for simple mischief-making — can be part of highly-targeted attacks.
We see the potential for Deepfakes to become a feature of enterprise attacks, amplifying existing social engineering techniques by making them appear even more credible. Deepfake footage is already available on the Dark Web; it is not too much of a stretch for attackers to lift video and recordings of senior business leaders from employers’ social media channels, marketing collateral, or from individual employees’ own digital footprint, for example, and using their properties to generate deepfakes that act as a strategic follow-on to phishing attempts.
We anticipate threat actors creating deepfakes in which they build a deepfake persona of a colleague in a position of trust – for instance, an IT team member – to highly-targeted, unsuspecting employees over a series of videos calls to earn their trust, before requesting credentials and using this information to access systems. Many of us, after all, haven’t even met our colleagues in these pandemic-dominated times. In fact, we believe this technique may well already be in use in certain scenarios, though the nature of such a highly-targeted attack would make this something which an attacker would go to great lengths to disguise.”
3Collectively Make the Internet Safer for Everyone
“The internet has long been an important means for most of the globe to operate on a day-to-day basis, and the recent pandemic has elevated it to an even more essential component of our daily lives. Safer Internet Day is a significant observance and serves as a call to action for organizations and consumers alike to make the global online network a more valuable and protected resource.
In light of recent data breaches and hacks, organizations have even more of an obligation to protect customer information. Consumer trust is drastically low regarding data privacy, with 79% of adults expressing concerns over how companies are using and collecting data. To truly make the internet a better place, enterprises must adopt crowdsourced cybersecurity as an integral component of security posture. By making strategic investments in a layered cybersecurity approach to protect consumers, who are ultimately the biggest victims when cyberattacks and data breaches occur, organizations can meet the challenges of a distributed workforce and protect sensitive data from evolving threats.
From a consumer standpoint, identity theft and data breaches have been rising at a rapid pace — but there are numerous ways to ensure online browsing and interactions are safeguarded. Parental controls can be installed to ensure young children aren’t viewing explicit content, and users can opt out of data collection wherever possible to keep sensitive information confidential. Additionally, using multiple strong passwords, implementing two-factor authentication across accounts, sending encrypted files, and installing spyware and anti-virus software on devices can provide protection against viruses and malicious threat actors. It takes a community of defenders to combat a community of adversaries, and when we all come together, we can collectively make the internet a safer environment for everyone.”
4Safer internet day is perhaps more important than ever this year
“Safer Internet Day is perhaps more important than ever this year. In the last twelve months, the way we work or access education has changed beyond recognition. Organizations have opened up networks to accommodate a remote workforce. Students are using apps and services, typically the realm of the corporate world, to participate in virtual classes. Many of these cloud-based tools and services are accessed using personal devices that are unsecured or beyond the remit of the IT or security team. This expanded attack service presents an attractive target for attackers who frequently use personal devices to not only steal data on the device itself, but also look to move laterally across networks and cause further harm.
Research by Tenable’s Security Response Team, examining details from 730 publicly disclosed data breaches in 2020, found that threat actors rely on unpatched vulnerabilities in their attacks. These ‘broken windows’ are primarily used to gain initial access into a target network. From there, attackers leverage serious vulnerabilities, like Zerologon, to elevate privileges, granting themselves the ability to gain access to domain controllers within the network.
Most of these attacks are avoidable with basic safety steps. Good security awareness and basic cyber hygiene prevents mistakes that can cause serious harm. In tandem, it is critical that users take responsibility for updating and securing their devices to close these broken windows.
With technology now an integral part of modern life we all have a part to play in securing the devices we use.”