Like most firms, LEO A DALY still faces an onslaught of phishing attempts, but its systems and people are able to stop them from progressing. Just recently, employees received text messages and emails purportedly from a company president. Multiple recipients questioned their legitimacy and reported them to IT. “They could have also hit the phishing alert button,” Held adds.
All the steps the firm has taken have moved it along the path toward zero trust, a holistic security mindset. One aspect of zero trust is least-privilege access. “You don’t have to open the door so wide that criminals can squeeze through along with your own people,” says Jim Taylor, chief product officer at RSA Security. “Only give people access to things that they need.”
Another component is no implied trust — always validate. “In the old world, where we could put a firewall up, we built a moat and a fence, we had a perimeter,” explains Taylor. “That doesn’t exist in the modern world. We all access Software as a Service. You can’t build a wall around the world. The criminals are on the inside. So, identify what’s important and secure those assets.”
The industry is moving in the right direction, Taylor adds. “I can honestly say, hand on heart, that this is one of the most exciting times in security,” he says. “It’s always been, ‘Oh, we’ll get to it. Security’s really important,’ but it’s No. 5 on the list. Companies are taking it seriously now.”
Lean on Cybersecurity Professionals For Help
The ransomware attack could have gone very differently for BCU. The vulnerability came from a phone vendor that leveraged Kaseya. BCU could have lost its phone system indefinitely, a significant blow to any financial institution, Jauregui says.
He was brought in to help guard against such threats. He started in February 2020, one month before the COVID-19 pandemic hit. The company already had CrowdStrike, which eased his mind, but with only four people on his team, two of whom were new to cybersecurity, he needed help. In addition to growing the team — he now has 10 team members — he suggested…