What does the collapse of Silicon Valley Bank mean for cybersecurity? A commentary by Arctic Wolf’s Ian McShane.
The failure of Silicon Valley Bank (SVB) has tech companies and markets around the world on edge. Fears of a chain reaction and collateral damage are rife. However, the situation is also welcome news for cybercriminals, who could exploit the current uncertainty and unrest for extensive social engineering attack campaigns.
Based on the experience of the last few years – COVID and political elections – it can be assumed that threat actors will use the collapse of the Silicon Valley Bank for their own purposes: They will launch business email compromise (BEC) and social engineering attacks. The perpetrators are increasingly relying on tricks such as phishing emails to transmit bank transfer information to their own accounts or instruct employees to make system or account changes that give the criminals financial advantages. They can also target employees’ social media accounts, such as on LinkedIn, where they identify individuals who work at startups or other affected organizations to target them specifically.
Addressing the human risk factor: security awareness.
The most important factor in preventing BEC or other forms of social engineering attacks is awareness. This requires an actively practiced security culture and training courses that teach employees the principles of cyber hygiene. Employees need to develop an awareness of why caution is necessary and understand that emails, links and social media messages can become gateways for cyberattacks
Teams should be made aware of what compromised messages can look like and that suspicion is warranted if the sender of a message suggests a disproportionate level of urgency. They should also be encouraged to always report and double-check suspicious messages – especially if an increased number of phishing attempts are currently expected. This is the only way to avoid careless or negligent actions, even in chaotic situations.
Attention financial teams!
Given the approach of threat actors, caution is especially necessary in finance departments: Employees who carry out financial transactions should verify the authorization of the order via a second channel when they receive corresponding requests – especially for large sums – e.g., by consulting the person in question by telephone. In addition, teams should know exactly what remittance requests should look like at all times, when they are legitimate, and by whom they may be made.
Threat detection and monitoring
Creating security awareness is only one aspect of a comprehensive security strategy. It also requires powerful detection tools for BEC and threats of all kinds, as well as proactive 24/7 security monitoring, including administrative accounts. Access data must be changed regularly and authorized access must be secured by multi-factor authentication. Vulnerabilities must be closed immediately and software patched to minimize the risk of successful cyberattacks.
Organizations that do not have the resources to conduct security awareness training themselves and implement extensive detection-and-response tools and activities can work with a security partner like Arctic Wolf to perform these tasks for them and support them with expertise, manpower and technology.
One thing is certain: the current SRP incident is not the last time cybercriminals will exploit the uncertainty of a crisis for their own purposes. This makes it all the more important for companies to be prepared at all times with a comprehensive cybersecurity strategy – and its implementation!
is Vice President of Strategy at Arctic Wolf.