Keiter 2024 Risk Advisory Services Update

Understanding cybersecurity threats and mitigation strategies

In today’s digital age, cybersecurity has become a critical concern for businesses of all sizes. During Keiter’s 2024 CPE seminar, Scott McAuliffe, Risk Advisory Services Partner, and Chris Moschella, Risk Advisory Services Senior Manager, discussed several key aspects of cybersecurity, focusing on common attack vectors, trends, and effective mitigation strategies.

Trends regarding cyber attacks

Multiple trends and insights were shared from the IBM Security 2023 Cost of Data Breach Report to showcase various attack vectors used by cybercriminals.

Phishing and Social Engineering remain the most common cyber threats, with 54% of attacks originating from end-user vulnerabilities.

Business Email Compromise (BEC) and ransomware are significant concerns, especially as attackers increasingly target email systems and exploit weak authentication protocols. Nearly 1 in 4 cyberattacks result in ransomware incidents.

Detailed scam scenarios

The seminar provided detailed scenarios of common scams, including vendor record scams, wire fraud scams, and data theft. These scenarios illustrated how attackers exploit vulnerabilities within organizations to steal money and sensitive information.

Vendor record scam: This scam involves a hacker gaining access to an employee’s email account and sending fraudulent payment instructions to update vendor records. The hacker then receives the payments intended for the legitimate vendor.

Wire fraud scam: In this scenario, a hacker impersonates a company executive and sends urgent wire transfer requests to the finance department. The urgency and authority of the request often lead to the transfer being completed without proper verification.

Data theft: This scam involves a hacker posing as an internal auditor and requesting sensitive payroll information. The hacker then uses this information for malicious purposes.

Mitigation strategies

To combat these threats, the seminar highlighted several key mitigation strategies:

1. Security awareness training: Regular training sessions for employees to recognize and respond to phishing attempts and other cyber threats.
2. Multifactor authentication: Implementing multifactor authentication to add an extra layer of security to user accounts.
3. Internal controls: Establishing robust internal controls, such as requiring multiple approvals for significant transactions and conducting regular audits.
4. Advanced technical solutions: Utilizing advanced technical solutions like endpoint protection, sophisticated firewalls, and network monitoring to detect and prevent cyberattacks.

The importance of cyber insurance

The seminar also discussed the role of cyber insurance in mitigating the financial impact of cyberattacks. Having a comprehensive incident response plan and involving legal and insurance professionals quickly can help organizations recover more effectively from a cyber incident.

Conclusion

The 2024 Fall Risk Advisory Services CPE session provided valuable insights into the evolving landscape of cybersecurity threats and the strategies businesses can employ to protect themselves. By staying informed about the latest trends and implementing robust security measures, organizations can better safeguard their assets and maintain the trust of their customers.

Learn how Keiter can help your business mitigate cyber security risks.