Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
4 min read

Cybersecurity Tips from GroupSense Analysts

Oct 5, 2022 9:14:23 AM

This October, GroupSense is celebrating Cybersecurity Awareness Month (CSAM). As a CSAM champion, it’s our duty to pass on lessons learned and practical advice that will make you and your organization more secure. This year, Stay Safe Online, CISA, and CSAM champions are exploring four key behaviors: 

  • Enabling multi-factor authentication
  • Using strong passwords and a password manager
  • Updating software
  • Recognizing and reporting phishing

To better understand the impact of these behaviors, we spoke with four of our intelligence analysts. Check out their stories, advice, and expertise below. 

Multi-Factor Authentication

Sean Jones, senior intelligence analyst

Multi-factor authentication is a way of providing a user access to a service or resource. This authentication requires a user to provide more than one piece of information, such as a username and password. Another type of information needed may include what the user has, such as a token. The token may be a cell phone with special authentication software or a USB security key.

The system may also require something the user is, including biometric data such as retina or fingerprint information. Additionally, MFA may ask where a person is. This information could include a GPS location or specific workstations on the network.

Multi-factor authentication provides more protection than a username and password alone. This form of authentication does not stop dictionary attacks, which use a dictionary file to enter as many passwords as possible, or credential stuffing attacks, in which attackers use maliciously obtained credential pairs to try breaking into a system. It does, however, assist in defeating attacks by requiring extra information during authentication that an attacker would not have.

Using Strong Passwords

Robert Roccio, threat intelligence analyst

Weak passwords make you and your organization an easy target.

Recall the joke about the two friends and the bear? It goes something like this:

Two friends are in the woods. They spot a bear running at them.  One friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching.

“Are you crazy?” the other friend shouts, looking over his shoulder as the bear closes in.  “You can’t outrun a bear!”

“I don’t have to outrun the bear,” said the other.  “I only have to outrun you.”

Passwords work in much the same way. Threat actors want easy targets and there are few things easier than guessing your dog’s name or your child’s birthday. Weak passwords make you the slowest friend in the woods.

Technical security solutions can not compensate for weak passwords.

Would you pay to install an expensive security system with smart locks on your house only to leave the front door wide open? When your passwords are weak, all the technical security and software solutions in the world won’t stop threat actors from walking through your digital front door. Strong passwords are often your first line of defense and they can ensure that your other weak points are never tested in earnest.

Consider using a password manager.

The unfortunate reality is that making passwords secure by creating complex passwords and never reusing passwords also makes them difficult and inconvenient for users. A partial solution to this tradeoff is a password manager. Password management solutions make it easy and convenient for users to follow best practices for keeping their own and their organization’s data secure. Many also include features like shared logins that can benefit security and productivity in other ways. I would recommend LastPass or Dashlane. 

Updating Software

Carmen Deng, junior threat intelligence analyst

Patch management is important for your organization's cyber hygiene because it can address vulnerabilities in your software, greatly reducing the cyber risk for your organization. In 2017, Equifax faced a big data breach after they neglected to patch a flaw in their software. They lost over $500 million and put approximately 140 million customers’ data at risk. The negative consequences that follow are not worth putting patch management to the side. Unfortunately, it can be easy to neglect update notifications. As can be seen, delaying update notifications can make the job easier for threat actors to potentially exploit these software vulnerabilities. Threat actors will continue to become more sophisticated, and it is up to each of us to be responsible and stay many steps ahead of them.

Humans will always be the weakest link in security, so taking these steps to protect your organization will make a big impact:

  • Always stay up-to-date with the latest version of your software.
  • If possible, enable automatic software updates to reduce the chances of delaying or forgetting about updates.
  • Do not use software that reached its end of life.

Recognizing and Reporting Phishing

Samira Pakmehr, senior threat intelligence analyst

Phishing has far-reaching effects on an organization’s data, including impacting the confidentiality, integrity, and availability of both organizational or client information. Unfortunately, it’s also a cheap and easy method for threat actors looking to get your data. Phishing typically acts as the entry point for malware, ransomware, and data breaches. 

Once threat actors gain access to your accounts through phishing, they can get ahold of financial information and PII (personally identifiable information) like social security numbers. The potential financial and reputational losses associated with phishing attacks can be far more expensive than implementing a phishing awareness program. With attacks increasing by 6% from Q1-Q2 of 2022, it’s in your organization’s best interest to start educating employees on recognizing and reporting phishing.

Our team has seen an increase in phishing attempts on our clients’ new employees. Threat actors exploit public LinkedIn job updates, likely leading to a recent attempt to conduct fraudulent background checks requesting PII like social security numbers and direct deposit information from a GroupSense client. Without security training, new and existing employees are at risk of exposing your organization. 

I would recommend implementing phishing training that includes training modules, simulated phishing campaigns, phishing reporting mechanisms and filters, and more targeted training for users with elevated privileges or more vulnerable departments and users. Phishing training reduces susceptibility to attacks by 75%.

Together, we can decrease the number of cyber attacks on our organizations. Implementing these cybersecurity behaviors benefits us all. If you’d like guidance on strengthening your organization’s cybersecurity posture, contact us today.

Topics: Blog

Written by Editorial Team