Security stats. Here we go!
Worldwide, just 46% of small and medium-sized enterprises (SMEs) have implemented recommended multifactor authentication (MFA) technology, and only 13% mandate its use for employee account or application use. That’s from the Cyber Readiness Institute. What’s worse, 55% of SMEs said they were not very aware of MFA, 47% said they didn’t understand or see its value, and 60% had never even discussed it with their employees.
Microsoft has warned about a large-scale phishing attack that has hit over 10,000 organizations since Sept 2021. They’re also finding ways around MFA … using a man-in-the-middle attack. Of note, physical security keys help, which has been highlighted not to dissuade the use of MFA but to educate users on learning about scams.
New ransomware strain out there – Bumblebee. Already linked to several operations, it provides the attackers with a backdoor onto the PC, enabling them to take control of operations and run commands. From here, the attackers run Cobalt Strike on the system for further control and the ability to gather more information from the machine that can help to conduct the attack. After this, Bumblebee drops the Quantum ransomware payload, encrypting files on the victim’s machine. How’d they get it? It was coming in via phishing emails.
Finally, let’s note the first report coming out of the new Cyber Safety Review Board. While considerable efforts went into resolving Log4J, the report calls the issue an “endemic vulnerability” — meaning unpatched versions of the omnipresent software library will remain in systems for the next decade, if not longer.
Why do we care?
Is it a huge opportunity, or has the industry failed on security? Yes. Yes, Yes, yes.
That seems to be the theme of the day.
Log4J? The colossal effort, and it’s still going to be endemic.
MFA? So much more effort to go.
Phishing? So much more effort.
I don’t have any magic answer here. Maybe, just maybe, listeners will come up with another approach that differentiates. If doing the same thing over and over again and expecting the same results is the definition of insanity, there’s gotta be a space here for doing something different.
