Last week someone on our team fell victim to a phishing attack! An attachment came through claiming to be an RFP from a known client. Against their better judgment the teammate replied to the email and asked if this was legit (rather than calling the end-user). To make matters worse, they attempted to open the attachment/link and were asked to log-in to their Microsoft account. Their first thought was that this was an encrypted message that needed security credentials to properly view. Once they were logged in, they noticed a suspicious URL in the Microsoft logo on the site and realized what they had done.
Two great lessons from this event. First, we know that even the most cautious and knowledgeable user can fall victim to phishing on occasion. It really can happen to anyone and we all have lapses of judgement from time to time. Second, because we utilize Microsoft’s entire security apparatus utilizing–literally–trillions of data points to determine a user’s risk score, Microsoft Azure Identity Protection was able to flag this suspicious login attempt and instantly alert me. I was able to quickly confirm the login attempt was illegitimate, and all logged-in sessions (Teams, Web, Outlook, etc) were shut down immediately. Our teammate was not considered “high risk” and access to our most critical client data was immediately revoked until further review.
The end user will always be the weakest link in the security chain. A few easy practices can dramatically strengthen your security posture. First and foremost, make sure you have two-factor authentication setup for all systems. This can be easier when using tools like Microsoft Azure Identity or third-party products like Okta that integrate with third-party products giving you a single location to manage accounts (instead of dozens of usernames, passwords and multi-factor prompts across different applications). Second, ensure users are properly trained. Security Awareness Training is dollar for dollar the best money you can spend to strengthen your security–bar none! This isn’t a ‘one and done’ service – it must be ongoing as the security landscape continually evolves and changes.
If the Solarwinds hack has taught us anything, it’s that anyone is susceptible to attack. It’s critical that after a known attack, you’re able to respond in a quick and meaningful way. Solarwinds software was hacked for months before being detected. It’s critical to have a third party reviewing network devices and checking for these bad actors at all times. And in the event of a breach, be able to react quickly to ensure your business continues to run smoothly.