Adlumin, Adlumin Security Operations Platform and MDR Services recently won Best Managed Services Provider at the 2023 Tech Ascension Awards. In a world where cybersecurity threats loom large, small and medium-sized (SMBs) organizations often find themselves grappling with unique challenges when it comes to establishing robust cybersecurity defenses. The limitations of resources, both financial and in terms of manpower, can leave them vulnerable to cyberattacks. Kevin O’Connor, Director of Threat Research at Adlumin, sheds light on these challenges and the evolving cyber threat landscape in an insightful interview.
Why is it often challenging for small and medium sized organizations to secure enterprise level cyber security protection?
There are a number of unique challenges that small and medium-sized businesses face when trying to establish enterprise level cybersecurity posture. For many of these organizations, there is no bigger hurdle than a lack of resources. Smaller organizations often don’t have the money or manpower needed to build a comprehensive security program, resulting in gaps that cyber attackers can exploit. Even when small organizations partner with cybersecurity vendors to try to protect their assets, they often end up with a patchwork of solutions cobbled together by legacy vendors that oftentimes silo data and can leave businesses vulnerable. Because of this, smaller organizations are also often shut out of cyber insurance programs, raising the stakes of ransomware attacks and other business-disrupting events. Without access to the capital offered by insurance in the wake of a major attack, many small organizations can only afford to keep the lights on for a few days.
Can you compare and contrast the cyber threats large enterprises and their smaller counterparts face?
The unfortunate reality that research shows is large and small organizations face similar threats. The 2023 Verizon Data Breach Investigations Report found that there are almost no differences between the types of cyberattacks that impact large and small organizations. This results in a massive increase in risk for mid-market organizations since many do not have the enterprise level protection needed to secure organizational data. Over the years, cybercriminals have also begun to explicitly target smaller organizations because they understand security teams are often limited or non-existent for organizations of this size and criminals view them as low-hanging fruit.
What are the most common types of cyber-attacks facing midmarket organizations today?
The most common attacks continue to be phishing and spear-phishing attempts. These attacks have been a tried-and-true strategy of cybercriminals for years, but recent advances in technology has made them more effective and dangerous. Phishing involves sending a message to an organization’s employees, pretending to be someone else. The goal is to get employees to click on a malicious link or share sensitive information like login credentials. Sophisticated criminals will socially engineer phishing emails to include personal details about the recipient and their colleagues, making them more believable. Technologies like AI can help attackers write better phishing messages, limiting the spelling and grammar mistakes that are often a hallmark of phishing attempts – making them more believable.
Are there any sectors or industries that you feel are particularly vulnerable to cyber-attacks right now?
At Adlumin, we work with clients from a range of industries, including law firms, health systems, financial institutions, educational institutions and state and local governments. No single industry jumps out as particularly vulnerable in my eyes, but we have seen a jump in state-sponsored cyberattacks in recent months. This reality, coupled with the fact that local, gubernatorial, and state legislative elections in the U.S. are around the corner, means that state and local governments should be especially vigilant right now.
There’s been a lot of recent growth in the managed security services market. Why has this become so attractive to organizations, especially those in the mid-market?
Partnering with managed security services providers (MSPs) is in vogue because it takes a lot of pressure off organizations’ IT and security teams. While MSPs need reliable and active points of contact at their client’s companies to ultimately be successful, the reality is managing an organization’s full security apparatus is often too much for in-house IT teams – especially at small and midsized organizations. MSPs can offer clients additional products, services, and time, working as a true partner that can actively meet the evolving needs of any growing organization. In our post-pandemic digital-first world, it is next to impossible for organizations not to have a large and growing digital footprint. It differs depending on the organization and industry, but things like remote work and ecommerce are dominant trends that are clearly here to stay, and the need for a sophisticated cybersecurity partner has never been greater.
Are there any emerging trends Adlumin’s threat research team is exploring that you’d like to discuss?
Our team has seen a recent push into credential harvesting attacks. Bad actors are setting up sophisticated fake websites for organizations and businesses to lure users into sharing their credentials. Once that happens, the attackers use the information they’ve gathered to access and hack the real business or organization they imitated online. My team at Adlumin is doing some exciting work with a brand monitoring solution that we think could help minimize these attacks. We’re also continuing to see attacks involving compromised email accounts or VPNs increase and pose serious risks for companies. Once a bad actor has access to login credentials, they often bide their time, waiting days or weeks before they strike and collect significant data. Over the summer, the “Play” ransomware attack hit state and local governments and MSPs, largely by exploiting vulnerabilities in Microsoft Exchange, and that’s a trend we expect to continue.