It’s been three years since COVID first made headlines, and although we’ve come a long way since then, some of our pandemic-coping strategies have become commonplace. For example, the shift to remote work has been embraced by employees who report they have a better work-life balance and are happier, more productive, and more engaged in their work. So now, after two years into our 2000’s twenties, we would like to wrap it up with our most popular blog posts from the last year cover the most read cybersecurity topics.
But do you know who else has become more productive and engaged in their work? Threat actors of all kinds: novices and hardened criminals, lone wolves, and state-sponsored hacking groups. Together, their attacks have wreaked havoc on government agencies, educational institutes, and businesses of all sizes.
Threat actors have become bolder, stealthier, and more inventive with their tactics, taking advantage of security gaps, visibility issues, and expanded attack surfaces resulting from, in many cases, dispersed employees.
Just consider these alarming statistics:
- Overall, cybercrime is up 600% due to the pandemic.
- According to IBM, in 2019, the global average cost of a data breach was $3.92 million; in 2022, that figure rose to $4.35 million, a jump of almost $150,000 every year.
- 2020 saw a massive increase in attacks exploiting vulnerabilities in remote access products: Citrix attacks were up 2,066%, Cisco attacks spiked by 41%, VPN attacks rose 610%, and RDP hits surged by 85%.
- By mid-April 2020, daily brute force attacks increased 6-fold compared to pre-pandemic times.
- Verizon’s 2022 Data Breach Investigation report noted that 2021 saw a 13% rise in ransomware, the same as the previous 5 years combined.
- SlashNext’s State of Phishing Report 2022 revealed a 300% increase in phishing attacks since 2019, a 61% rise in malicious URLs, a 50% increase in mobile phishing threats and a 54% increase in zero-hour threats, with 78% of those delivering zero-hour phishing attacks.
What these numbers make crystal clear is that cybersecurity professionals have their work cut out for them as they face familiar and unfamiliar foes, attack methods, and a growing number of vulnerabilities due to larger attack surfaces.
As a cybersecurity company, we believe part of our responsibility is to educate others about existing and emerging threats, cybersecurity strategies, and industry insights. Below, we’ve rounded up our five most-read articles, so if you don’t tune into our blog regularly, be sure to give each of these insightful and actionable posts a read.
Proactive vs. Reactive Cybersecurity
Although this post was published at the end of 2021, it earned a top spot in CYREBRO’s 2022 most-read content because it speaks to the balancing act most security teams find themselves in. With smaller teams and budgets, SMBs often emphasize reactive strategies, but as cybercrime skyrockets and SMBs increasingly become targets, that approach is no longer sufficient.
The article crystallizes the differences between reactive and proactive cybersecurity while noting the dangers and drawbacks of only having a reactive strategy. Dive into this article to learn why it’s imperative to complement a reactive approach with a proactive one and how you can achieve both, even with limited resources.
Common Entry Points #4 – RDSH
The CYREBRO team created a series of posts highlighting five common entry points hackers exploit over and over. With the vast adoption of remote work, it’s no surprise that the Common Entry Points #4 – RDSH proved the most popular.
In the post, we discussed what happened when a client deployed an RDSH platform without proper protections in place. While the solution enabled productivity, the server contained cached domain admin credentials and wasn’t isolated from the company’s server network. A threat actor compromised the client’s domain, gained access to Domain Controllers, and generated a ‘Golden Ticket’.
The incident highlights the dangers of unsecured gateways and the need for stringent security protocols. If your company uses an RDSH solution, this post is a must-read. It focuses on the need for perimeter security and best practices for using RDSH.
Disaster Recovery vs. Cyber Recovery – Different Plans Preparing for Different Struggles
A comprehensive cybersecurity strategy requires advanced planning for a multitude of possible, if not likely, scenarios. Although many companies have recovery plans in place, most haven’t been updated to address their current complex environments.
In this post, the CYREBRO team discusses how companies focus on a disaster recovery plan to ensure business continuity. Of course, that’s critical, but it is a macro tool and not the only type of recovery plan needed. The article dives into the objectives, requirements, and management of a cyber recovery plan and the best practices for securing cyber recovery repositories.
Read this post to gain a deeper understanding of each type of recovery plan and how they work hand in hand to ensure larger security objectives.
Why SOC Has Become a Top Requirement for Cyber Insurance
In pre-pandemic days, cyber insurance companies were ready and willing to hand out policies as they believed most covered incidents were unlikely to occur. Then attacks grew exponentially, and insurance companies began hemorrhaging money. One company had to pay a $40 million ransom on behalf of their covered client. Needless to say, many insurers were discouraged from creating new policies in 2022, and companies that obtained them faced an 89% increase in rates.
To get a cyber insurance policy today, insurers require companies to take proactive measures that limit their risk exposure. Many even go as far as dictating security components such as an MFA mandate and a SOC to ensure 24/7 monitoring and fast detection and investigation into suspicious traffic, digital behavior, and security events.
Planning to get cyber insurance for 2023? Read this post to learn more about the requirements to qualify and the benefits of a SOC (regardless of insurance policies).
Utilizing SOC Infrastructure vs. MDR – An MSSP Perspective
The MSP market is crowded, and while there is always room for more, many MSPs are looking for ways to differentiate themselves, better serve the needs of their clients, and expand business and revenue opportunities. Those transitioning into MSSPs must answer a critical question that this post addresses in-depth: which infrastructure – an MDR or SOC – is best?
There is a lot of confusion between SOCs and MDRs because they share many commonalities, but, as they say, the devil is in the details, which are covered at length to help MSSPs make the right choice for their business and for the services they provide clients.
The article is relevant for anyone wanting to understand the distinct differences between the two options and required reading for decision-makers at any MSSP.
Use the Past to Prepare for the Future
Over the last few years, we’ve seen a significant increase in cyberattacks; there’s no reason to expect that to slow down. As long as there is a payoff for criminals, they will keep launching attacks.
Cybersecurity teams should let the past serve as an indicator of what’s to come. Leaders must keep their finger on the pulse by staying abreast of industry news and new attack patterns and then preparing accordingly. Otherwise, it’s just a matter of time before you become a target and a statistic.