This article is part of Panther’s new Future of Cyber Attacks Series which features interviews with cyber security experts, thought leaders, and practitioners with a goal of better understanding what organizations can do to prepare themselves for the future of cyber attacks.
The following is an interview we recently had with Haseeb Awan, Founder & CEO of Efani.
How have cyber attacks evolved over the past 12 months?
Cyberattacks have significantly evolved. Ransomware, phishing, and sim swaps cyberattacks have grown from a threat that many firms formerly dismissed as a minor annoyance to one that frequently causes extensive economic disruption, sensitive data disclosure, and reputational damage – all at the same time.
What lessons can be learned from the biggest cyber attacks in recent history?
There are plenty of lessons that could be learned. For instance, never rely on SMS backed 2FA rather use MFA (multi-factor authentication). For phishing, never entertain malicious links at minimum and recognize such scams initially. Obtain basic cybersecurity training to secure your online presence.
What will cyber attacks look like in the future?
The widespread use of new tactics, methods, and procedures (TTPs) related to the deployment of cyberattacks on corporate and personal networks was one of the most significant trends of 2020, affecting companies all over the world.To maximise their attacks and drive influencers and the c-suite to pay their unsolicited demands, threat actors have increasingly employed new techniques such as big game hunting and double extortion in the last year. Future years will see a rise in interest in cybersecurity practices, raising awareness towards others, etc.
What are three pieces of advice for organizations looking to get ahead of cyber attacks in the future?
Today, many cyber-attacks are extremely targeted. Attackers spend a significant amount of time (typically months) acquiring information on their victim and watching for any opportunity to pounce.In the face of such attacks, organizations who do not invest in cyber threat intelligence are the most vulnerable.
1. C-suit personal information should be secured from mobile-based attacks. This is a real loophole that is ignored and could be used to snoop in sensitive information related to the company.
2. Endpoint Protection. If you strip cybersecurity down to its most basic components, you’ll discover that it’s all about endpoint protection. However, as more work is done remotely, endpoint security has grown more important. With Mr. A working from home, Mr B. from another city, and Mr. C from another nation, protecting entry points to prevent malware and other hostile entities from getting access to networks has never been more difficult. Not to mention the expanding impact of BYOD policies. Although some endpoint security solutions are supplied as SaaS, they typically function on a client-server approach. Although firewalls and VPNs are important for breach prevention, they are not the same as endpoint security. Both can, however, be featured on the platform.
3. Response Plan (critical). In general, most firms might improve their response to cyber-attacks.The following are the most common cyber-breach responses:
- Attempting to locate the source
- Assigning defined roles and tasks to individuals
- Evaluating the consequences
- Keeping a documented record of incidents
Key Message: Thinking ahead of the attackers is the safest way to prepare your company’s data protection for a future of advanced attacks.The three-pronged approach of intelligent analysis and defence, comprehensive endpoint security, and a proactive response plan in the event of an attack is the best way to ensure this.