This Cybersecurity Awareness Month we’re sharing more about the current cybersecurity threat landscape, what we are observing, and recommendations to help mitigate the latest threats. In this blog you’ll learn what you can do right now to help your business stay secure, and how to create a comprehensive cybersecurity strategy for the year ahead.
Current Threat Landscape
Attackers are highly motivated, sophisticated, and adaptive. The reality is that once a new security control is deployed, whether it is stronger authentication, new security services, or Microsoft 365 and endpoint hardening, adversaries quickly look for opportunities to exploit it. These can include:
- Technical bypasses (for example, exploiting zero-day vulnerabilities or misconfigurations)
- Human weaknesses (for example, phishing or social engineering to sidestep controls)
- Operational gaps (for example, outdated systems or unmonitored environments)
This is referred to as the Attack-defense cycle. As defenses evolve, attackers study them, share techniques, and develop workarounds. That means that a security measure can be effective today, but less so over time.
Security Posture is Dynamic
Threats shift rapidly, so security can’t be a one-time effort. Continuous review is essential to ensure people, processes, and technology remain secure. We recommend evaluating your security posture and programs at least annually, sometimes more often if there are major changes to systems, staff, or your business.
Here are key reasons to reevaluate your security posture:
- After major changes: Change introduces risk – whether it’s new systems, staff turnover, or vendor updates
- To stay current: To stay ahead of threats, you’ll need regular patching, updates, and threat monitoring
- Validate your defenses: ADNET recommends annual Security Risk Assessments and regular Penetration Testing
- Stay aligned with business goals: Regular reviews help match business operations and emerging threats
Security isn’t about building an impenetrable wall. It’s about building resilience. Ensuring that your business can endure is a critical piece of understanding your risk, and your risk tolerance.
Here’s what a complete cybersecurity strategy can do for your business:
- Layered defense (control layering) ensures that bypassing one control doesn’t compromise everything
- Resilience and detection tools should be in place so that if controls are evaded, incidents are quickly spotted and contained
- Corrective controls, like reliable backups, are essential to ensure recovery and business continuity when preventive measures fail.
- Continuous improvement by learning from incidents and adapting faster than attackers
Most Prevalent Threats
This Cybersecurity Awareness Month, we’re sharing the threats we’re seeeing most often. It’s not a comprehensive list, but here’s what we consider the biggest theats right now. Business Email Compromise or BEC continues to be a key source of cybersecurity incidents, leading to many compromises. We’re also seeing an uptick in Adversary-in-the-Middle (AiTM) style attacks. Here’s more information about each threat, along with some ways to combat them.
Business Email Compromise (BEC)
The most common threats we continue to see are Business Email Compromises (BEC). These attacks usually begin with an Account Takeover (ATO). An ATO occurs when attackers gain control of a legitimate email account (for example, by stealing credentials through phishing, credential stuffing, or similar techniques).
Once attackers control an account, they can read, send, and manipulate messages, often exploiting the trust associated with that mailbox to commit fraud.
Key Indicators and Safeguards:
- Once an attacker gains access to a mailbox, they often harvest contacts and communication history to expand their reach and credibility. This gives them a curated list of people who already trust the victim, prime targets for the next phase of the attack. Even trusted contacts can be impersonated or compromised. Remember, a familiar name doesn’t guarantee a safe message.
- Attackers often impersonate trusted brands to steal credentials or deliver malware. If you weren’t expecting a document or link from a brand, even if the email looks legitimate, treat it as suspicious. Don’t click links or open attachments you didn’t expect. Verify with the sender through a known, separate channel and report anything questionable to IT.
- If you get an email that seems suspicious, call the sender directly instead of replying to the message. Attackers who compromise an email account often monitor and control that mailbox so they can respond and continue the deception. By calling the sender using a verified phone number or another trusted method, you confirm the request through a secure, independent channel and avoid communicating with the attacker.
- Never approve an MFA prompt you weren’t expecting. Unexpected authentication requests can be a sign that someone is trying to access your account. If you didn’t just log in to a system or app, deny the request immediately and report it to IT. Approving an unprompted MFA request could give an attacker full access to your account.
Critical Point: MFA Limitations
Many people assume that multi-factor authentication (MFA) makes accounts impossible to compromise. Unfortunately, attackers have developed techniques to bypass or exploit MFA. Phishing, social engineering, and MFA fatigue attacks are often used to combat the protection MFA provides. Still, MFA remains one of the most effective defenses available. It adds a critical layer of protection that blocks the majority of unauthorized access attempts and significantly raises the bar for anyone trying to compromise your account. Similar to locking your doors, someone could get in if they really wanted to – but you can make it more difficult to discourage them.
Adversary-in-the-Middle (AiTM) Attacks:
An AiTM attack happens when a malicious actor positions themselves between a user and a legitimate website or service to steal credentials and session data. Attackers often set up fake login pages that proxy traffic to real services, capturing usernames, passwords, and session cookies to bypass protections like MFA. When users receive emails that look like they’re from well-known services and are asked to sign in, they can unknowingly become the victim of a phishing attempt designed to capture their credentials.
Why training your team to recognize cybersecurity threats is critical
ADNET recommends continual cybersecurity awareness training to help everyone on your team recognize and respond to threats appropriately. At the end of the day, all of the tools and systems in the world can’t keep someone from clicking on something they shouldn’t or inadvertently engaging with a threat actor through phishing or social engineering. That’s where Security Awareness Training comes in.
Our Security Awareness Training is regularly refreshed to cover new and emerging threats, including AI-powered phishing, BEC, MFA bypass tactics, QR-code scams, and vulnerabilities tied to hybrid and remote work. Consistency is key, which is why our training is fully managed, automated, and offers regular phishing campaigns tailored to your business. This helps you develop a baseline for your team, gives immediate training opportunities, and pinpoints frequent issues so you can dive deeper with additional educational opportunities. At a minimum, we recommend businesses require Security Awareness Training annually – which is often a compliance mandate too. Cybersecurity Awareness Month can be a great way to get your team excited about kicking off security awareness training.
Be strategic about cybersecurity
Cybersecurity Awareness Month isn’t the only time your organization should be talking about cybersecurity. It’s a helpful reminder, but at the end of the day cybersecurity should be a consideration for everything your organization does. There are a lot of things to consider when you’re looking at your organization’s cybersecurity strategy and investments, but you don’t have to do it alone. Engaging a trusted Managed Cybersecurity Services Provider like ADNET ensures you have access to highly skilled experts, industry-leading tools, and advanced partnerships.
Let us help you secure your business. Connect with us today.