Safer Internet Day is celebrated globally in February each year to endorse the safe and positive use of digital technology. On this occasion, TECHx spoke with Mujtaba Mir, Senior Sales Engineer, META at Barracuda Networks to learn about current cybersecurity threats for businesses, remote working scenario – and cybersecurity risks on social media.
TECHx: In the context of Safer Internet Day, what are the internet-based threats most important for businesses to be aware of in 2021?
Mujtaba: Credential stuffing is perhaps one of the types of attacks that is most overlooked by businesses, but also one that has the potential to cause a significant impact as it is difficult to guard against. While figures pertaining to cybercrime are often hard to come by, it’s estimated that credential stuffing costs US firms alone over $5bn annually.
This type of attack involves the abuse of compromised usernames and passwords which have been acquired through malicious activities such as data exfiltration, phishing, insider attacks and other means. Vast lists of compromised credentials also frequently turn up for sale on the dark web and using these, cybercriminals are able to attempt valid logins on various online services. Because the credentials themselves are legitimate and login attempts are not fraudulent in and of themselves, it makes it incredibly challenging for businesses to protect against these threat vectors.
A way in which cybersecurity companies such as Barracuda help businesses protect against this is through bot protection. Our Advanced Bot Protection (ABP) system uses a cloud-based database of breached credentials to validate incoming login requests. When a match for the incoming credentials is found, the Barracuda Web Application Firewall is configured to alert the admin and/or block such login requests.
TECHx: With the rise of social media, how can we nurture and increase public awareness on cybersecurity, so that people become more responsible when using technology and digital gadgets.
Mujtaba: The responsibility for raising security awareness doesn’t lie solely with one organization, or one department. Everyone from cybersecurity vendors and governments to the media and even social media influencers has a role to play in increasing cybersecurity awareness. We have seen many organizations embrace this responsibility – as an example, it’s now commonplace for your bank to regularly send you emails informing you about the latest threats and advising you about the best practices you can take to stay safe. And there are clear benefits for businesses to invest in raising cybersecurity awareness. Research shows that organizations that prioritize security awareness are less likely to fall victim to the 13 email threat types.
Going a step beyond email updates and security tips, an effective way to enhance employee security awareness is through a well-designed security awareness training program. Such programs leverage regular attack simulations and hands-on education exercises to inform and test users against a multitude of attacks including phishing, malware, ransomware, and spyware.
If your business is not using a security awareness training solution, it should be! Your users are the first AND last line of defense against cybersecurity threats. Consider a solution that offers completely customizable simulation and education campaigns or pre-built templates for efficient and effective awareness programs.
TECHx: On the occasion of Safer Internet Day 2021, give us some tips on how to stay safe on the internet in today’s remote working scenario.
Mujtaba: Perhaps the most important tip is to prioritize password management and to adopt good password practices as passwords remain the first and often the only barrier to protecting our online identities and data. Of course, this is often a challenge as one company estimates that the average employee today has to manage over 190 passwords. Attackers have been quick to exploit this fact and attacks such as credential stuff rely on the fact that many organisations still allow customers and employees to use password-only logins, and the fact that these users have so many to manage that they resort to sharing credentials across multiple sites and accounts.
To overcome this, I would advise the use of two-factor authentication that most online services now offer. This involves user verification through the use of a password, combined with another piece of short-lived information such as an SMS code. Also highly effective is the use of password managers that eliminate the need to memorize large numbers of passwords while still ensuring unique passwords are used for each service.