Train Employees to Recognize Spear PhishingCIS previously explained what spear phishing is and why power utilities are vulnerable. A phishing email is designed to prompt a response from the recipient, such as clicking on a link or opening an attachment. Through the response, the recipient may download malware or be redirected to a website prompting them to provide sensitive information, such as login credentials, that will be sent to the cyber threat actors.
It's important to educate employees so they can recognize suspicious emails and handle them appropriately. (CIS offers phishing engagements to test and educate an organization’s workforce.) The IT department should also use filtering, blocking, and validation techniques to prevent emails with known phishing indicators from reaching employees in the first place.
Limit Password Reuse to Prevent Credential GatheringHow many people really follow the advice of creating a separate password for each individual login? With dozens of accounts per person, it’s likely that passwords are being reused. And while it may not seem like a big deal that your department store account was hacked, cyber threat actors compile that information and use it to break into other – more important – accounts.
Credential reuse can result in data breaches, system compromises, loss of brand reputation, as well as financial losses. Some cyber threat actors target login credentials instead of vulnerabilities because it is easier to exploit credentials and gain access to resources through elevated credentials. Credentials with elevated permissions expose organizations to greater risk, allowing for the installation of software or reconfiguration of security controls. If a cyber threat actor is able to use elevated credentials, they can access additional hosts, install malware, steal data, and/or disable or modify security controls.
Organizations should identify unauthorized logins and unusual IP addresses, use two-factor authentication, remind employees not to use work email addresses for personal activities, and take other steps to prevent credential gathering.
Monitor for Network ReconnaissanceTesting a computer network for potential vulnerabilities is known as network reconnaissance. This may be a legitimate activity by the network owner but it can also be a precursor to malicious attacks. The intruder can learn from the attack to gather information about the network’s vulnerabilities.
A network monitoring solution can be used to accurately identify and report malicious activity. An intrusion detection system (IDS) monitors raw network packets and converts data into a netflow format for efficient storage and analysis.
CIS offers 24x7 network monitoring in a U.S.-based security operations center (SOC). Called Albert, it is a unique network monitoring solution that provi
des automated alertson both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk. SOC analysts provide event notification when a legitimate alert is detected.
Learn About Albert, CIS’ Network Monitoring Solution