Can your cybersecurity strategy handle an attack? Do you have the latest tools and techniques to prevent fraud and data breaches? Get them and more at our FREE Second Annual Data Breach Defense Virtual Conference on September 7. Register for the FREE online event Now! 

1. Update Email Policies.  

The FBI warned of a 270% increase in CEO scams, also known as BEC frauds, in 2015. This situation is no better in 2016 and organizations thought as unsusceptible to attack are now in fraudsters' crosshairs.

To gain company insight, cybercriminals harvest personal information and learn business processes. Once armed with this data, they target carefully selected employees with a spear-phishing email designed to obtain access to confidential company information or transfer money into an unknown account.

One recent example involved Ubiquiti Networks' finance department, which transferred $46.7 million into an overseas account held by external third parties.

Agari suggested organizations must introduce policies that ensure that no one person or single email can authorize transactions. There also needs to be a mixture of communication channels verifying requests for confidential or financial information.

2. Plan for ID Theft After a Data Breach.

Over the last year, Agari witnessed a trend in spear-phishing attacks aimed at stealing employee payroll information. Hackers use the accessed confidential information to facilitate a variety of frauds. For example: the Snapchat messaging app made headlines when it's payroll department handed over confidential information on current and former employees to a scammer impersonating the CEO.

ID theft often follows data breaches. Organizations need to plan for the worst-case scenario with a post-breach response plan in place.

3. Regular OS Updates and Backups.

On both the enterprise and consumer side, ransomware is becoming a steadily growing form of malware that infects a machine and renders it unusable until it is either unlocked or data decrypted after paying the ransom.

Most ransomware threats hinge on two factors: tricking people into clicking on malicious content, usually email attachments, and banking on devices not having advanced threat protection.

The Hollywood Presbyterian Medical Center had computers taken hostage by the Locky ransomware strain, which Forbes claimed infected approximately 90,000 systems per day. After being offline for a week, officials eventually paid $17,000 in bitcoin to regain access to patient records.

Agari suggested operating systems, firmware, software and applications need regular patching, updating and backing up to limit the vulnerabilities available for criminals to exploit. Organizations should invest in cyberinsurance to enable a full recovery.

4. Implement Message Authentication.

Consumers reportedly receive up to 20 phishing emails a month and it remains one of the most common, and successful, scamming methods. Fraudsters increasingly target specific individuals with spoofs feigning to be from government departments, banks and major brands. The Agari report stated, "It's becoming progressively difficult for consumers to distinguish between mimics and genuine correspondence."

Agari recommended businesses must protect their brand reputation and restore trust in the inbox. Any organization that relies on email to communicate with its customers, citizens or members needs to implement the Domain-based Message Authentication Reporting and Conformance standard in order to help prevent email spoofing. DMARC provides businesses with threat intelligence whenever somebody attempts to spoof their email addresses.

5. Increase Collaboration Efforts.

Many hacktivists rely on high volumes of email communication to provide a new attack window of opportunity. Evidence emerged that sophisticated phishing scams aim at diverse targets such as political candidates and industrial controls companies. Symantec revealed a Trojan called Lozaik, masquerading as an Excel spreadsheet, targeted workers in the energy industry across the UAE, Kuwait, Saudi Arabia, United States, United Kingdom, and Uganda.

Hacktivisim countermeasures include greater collaboration and information sharing between public and private sectors. Having a multi-layered approach to security practices also puts organizations in a better position to mitigate attacks and reduce the impact of any breaches. 

Can your cybersecurity strategy handle an attack? Do you have the latest tools and techniques to prevent fraud and data breaches? Get them and more at our FREE Second Annual Data Breach Defense Virtual Conference on September 7. Register for the FREE online event Now!