A Practical Guide to Data Encryption

A Practical Guide to Data Encryption

Written by Scott Hall on . Posted in Computer Security

There are few organizations that do not hold some kind of sensitive data, be it something as simple as customer addresses for delivery, or something as serious as patient medical records. Breaches of this data are happening every day, and not knowing the consequences of a successful breach is not a valid defense in modern times.

If a breach occurs in an industry with any government oversight at all, any organization found to be careless or deviating from industry best practices on security can face substantial penalties, not only reputational damages but monetary fines as well.

On the other side, maintaining proper security protocols can open up a number of business opportunities. For example, a start-up engages in a partnership with an established company that needs to ensure its new vendors are taking security seriously as to not jeopardize their own operations. This is but one case where failure to adhere to security standards can impact your organization.

For whatever reason a company would need to encrypt their data, it may seem like a daunting and intensive task, however critical it may be. It doesn’t have to be difficult at all. Ideally, encryption functions best when it is absolutely unobtrusive and invisible to daily users.

While large company data breaches make the headlines and cable news, it’s often small and medium businesses that are harmed by these intrusions. Potential fines, loss of reputation and lack of consumer confidence can be an often fatal blow to SMBs, whereas larger enterprises can absorb that kind of damage. When taking the potential loss into account, encryption and data security is critical in the small to medium business space.

There are many technical methods of data security, and while these are essential, they work best in tandem with employee awareness and training. Employees can minimize the organization’s risk profile and even limit the data’s exposure to the world at large, just by being aware of best practices and the consequences of mishandling.

Developing non-obtrusive methods of data encryption & security are imperative, as humans naturally seek out ways to be most productive, even if it means cutting corners for access to critical data in the name of efficiency. These process shortcuts can sometimes become the very method of attack used by criminals to steal data, or insert malicious programs behind firewalls.  Common issues that occur are passwords written and left in proximity to the PC or device they belong to, or removing hardware from a secured facility to an unsecure one, and not preventing access by unauthorized persons, such as ex-employees or vendors. Recognizing your vulnerabilities through an objective assessment can go a long way in minimizing your risk profile and ensuring that even in the event of a breach, your organization has taken great care in adopting standard practices to ensure data security is taken seriously.

Contact the professionals at SOS if you believe your organization can benefit from an in-depth review of data security practices.

Cybercrime and Real World Terrorism: Strange Bedfellows?

Written by Scott Hall on . Posted in Computer Security

We know the impact of cyber-crime as it relates to every day users. Credit card theft, sensitive personal data stolen, and much more have been attributed to so-called ‘cyber terrorists’. Is it then possible that more ‘conventional’ terrorists would be interested to use similar tactics? This may sound extreme, especially due to the limited and reversibility nature of the impact of certain cybercrime tactics and the precautions that forewarned businesses and organizations can take. However, it is difficult to brush off the threat in an external inspection of both the dynamics and methodology of these types of attacks, and the tools used to perpetrate them.
Conventional terrorists–regardless of ideology have engaged in the digital space for any number of reasons, most having been born of necessity. For things like covert communication, recruitment, propaganda, transferring illicit funds undetected, and, most importantly, sharing amongst a geographically dispersed command structure. Information disseminated in the cyber space also includes target assessments for real-world terrorist acts, and tactical assignments.

However, this could change with increasing technical competency and capability for network-based attacks and growing number of bad actors in the online community. Opportunity for online interaction and training has compensated terrorists the loss of physical space for such activities on the ground. Current social networking tools such as Facebook, Twitter, and Instagram, among others, provide platforms not only to share information and expertise but also practice it in virtual space. It’s simply a foregone conclusion that funding terrorist acts, either directly or via support and logistical infrastructure, through cybercrime and ransomware is ongoing.
Ransomware tools like WannaCry and others have the potential to reduce the opportunity cost for conventional terrorist attacks as well. Al Qaeda and the Islamic State of Iraq and Syria (ISIS) have demonstrated much interest along with some capability to develop and use chemical, biological, radiological, or nuclear weapons (CBRN), and while there has been no successful mass casualty terrorist attacks involving them, there is the concern that these groups might lose control over the consequences of such an attack, in such that they could affect the members of the communities they are purportedly fighting for. However, use of weapons of “mass disruption” like ransomware as against weapons of “mass destruction” will enable terrorists to cause large-scale damage (loss of data and equipment), chaos (in hospitals and other public utilities) and fear, while simultaneously filling their coffers. Imagine the impact if terrorist groups like Al Qaeda or ISIS were involved in WannaCry attack. For terrorists, it’s a win-win tactic as they can achieve almost similar attention and without firing a shot or exploding a bomb, all without garnering the attention of conventional law enforcement and military tactics used in stopping them.

If you are concerned about your organization’s susceptibility to cyberattack, contact us today.

WannaCry A Year After

Written by Scott Hall on . Posted in Computer Security

wannacry

WannaCry was a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. While infecting a target computer, it encrypts the contents of the hard drive, denying access to the user, then demands a ransom payment, in the form of untraceable bitcoin, in order to restore access.

 

WannaCry arrives on the infected computer in a self-contained program that extracts the other components embedded within itself, which include the encryption keys, and a copy of Tor, a dark web browsing tool.

 

The program code was easy for professionals to analyze. Once launched, WannaCry proceeds to encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s, then displays a ransom note, typically demanding $300 in Bitcoin to restore access.

 

The initial spread of WannaCry was particularly noteworthy, in that it struck a number of high-profile & critical systems, such as the National Health Service in the UK, Nissan Automotive’ s manufacturing facilities in the UK, the University of Montreal, Boeing Commercial Airplanes in the US, and PetroChina, just to name a few. Victims were advised against paying the ransom demands, as the attackers were not restoring access after the ransom had been received. After the initial attack, payments totaling $130,635 USD were reported to the bitcoin wallet assigned to the ransom payments.

 

The last week in March 2018, Boeing Aircraft was hit by an evolved version of WannaCry, which is incredibly surprising, given the scope of last year’s initial attacks and the notoriety they gained. The vulnerability used by WannaCry was reasonably easy to patch and correct, so why did a Fortune 100 company with a massive and competent IT staff fall victim to it a year after Zero Day?

 

It seems security patching is still an overlooked practice. It’s routine, time-consuming and basic, but very important, considering that known vulnerabilities are still used in attack exploits up to 10 years after they’ve been exposed. Knowing that a solution exists but not implementing the patches and updates needed to close the vulnerability still leaves your enterprise vulnerable to exploitation. Managed service providers are critical partners in your business because you rest assured that all available upgrades and patches for known vulnerabilities are occurring regularly, and in accordance with best IT practices across the board.

 

Business continuity and disaster recovery devices are also part of a mature defense against ransomware. By allowing data from compromised systems to be recovered with minimal losses, you can minimize the impact from attacks of this caliber.

 

SOS Technology Group is always available to assist with implementing these solutions, call us today.

7 out of 10 Affected: Will You Be One?

Written by Scott Hall on . Posted in Computer Security

Seven out of ten medium to enterprise level businesses expect to be impacted by cybersecurity breaches in 2018, with more than 25% of those anticipating a breach to occur within the next six months.

 

Most businesses are in the dark with the true efforts involved in the breaches that have occurred, and because of that, most businesses are not very confident that they would even be able to detect a breach, let alone how to remediate the damage done in the aftermath.

 

Around half of all security breaches are employee-related, either through bad actors using inside knowledge, or through lapses in attention or awareness. Most senior IT professionals agree that the insider breach is the biggest threat in network security. With this in mind, it’s important to constantly monitor what your internal users are doing on a daily basis, to form a complete and comprehensive strategy based on real-world actions and behaviors. Learning where your vulnerabilities lie is the first step into determining possible vectors for a breach, and creating a balance between employee education and security technology is crucial to attacking an insider breach, either accidental or overtly malicious.

 

Protection from the breach includes antivirus & spyware detection programs, email filtering, firewalls, and a robust data backup/archiving platform. But these tools are only as good as the people who use them, and the people protected by them. Your employees need to understand all the potential harmful effects of risky behavior, like clicking links in unknown emails, sharing passwords on sensitive systems, or downloading attachments from unknown sources, even if those sources look legitimate.

 

Being mindful of your human attack surface is critical as well. Human attack surface is defined as the totality of all exploitable ‘holes’ in security that are created solely by the activities and vulnerabilities of human beings within the organization. This includes things like employee illness, terminations, negiliance, errors and an individual’s susceptibility to social engineering through sites and apps like Facebook, Instagram, and the like.

Increasingly, social engineering is such a serious threat that is now being considered as an attack surface all on its own. One way to combat social engineering is to conduct routine penetration testing that simulates common attack methods used in social engineering breach attempts. Penetration testing can also determine vulnerabilities from negligence and routine errors, especially focusing on employees with specialized access, high-level administration or critical duties within your organization, as these individuals are likely to be key targets in social engineering attempts.

 

SOS Technology Group can assist your business in facing these threats confidently and knowledgably. Consult with us today.

Social Media Monitoring: Organic Front Line Cybersecurity

Written by Scott Hall on . Posted in Computer Security

If you’ve done business in the last decade, you know how important a social media & web presence can be. It maintains your brand, grows your new customer base, and allows focused engagement with your current clients. Anywhere where people talk, they might not be saying just good things about your business. They might be offering honest feedback, or they could be dishonestly disparaging you. At worst, they could be planning to rob you, or make your business a victim of tragic circumstance.

What is social media monitoring?

By searching publicly accessible social media like Twitter, Facebook and Instagram in near real time for keywords or phrases, valuable intelligence can be gained. These social sites are crawled and indexed, and then the indexes built are scoured for key terms, phrases or word strings, and are then collated through an interface to present in a more usable form. By seeing which other words are connected more frequently to your business name, you can get an idea of how you’re presenting socially on the Internet. Taken a bit further, you can see demographics that are interested in your business, and what else they may be interested in to.

But the heart of this utility is security.

Planned protests at your business, or shoplifters showing off their wares can really impact your brand and your profits. Simply knowing that your place of business is close to areas known for a specific kind of crime or risk is immeasurable. Most social media monitoring tools go beyond social networking platforms and can scour the web at large, given an even more accurate picture. And there’s still another piece of security this monitoring can touch.

Suppose you are a victim of a breach, and someone has taken credit card information from your point of sale servers. Eventually, those stolen credit cards will probably wind up somewhere on the dark web, to be bought and sold by users around the globe. Certain metadata, or very basic information that is always tied to a person, like date of birth or social security number, is almost always attached. By turning to a monitoring service that is constantly searching and indexing the dark web for, say, your business’s email addresses or phone numbers, or the names of customers you know might be affected by the breach, you can provide valuable warning to the public and law enforcement in real time. Knowing what was taken can also provide you with the steps needed to remediate the problem in the future, addressing any vulnerabilities you have with your IT department or provider.

Giving your patrons quick notification of breaches and exploits, and the steps you’re taking to prevent them from happening again, shows that you are concerned with their security as well as your own, and are taking every effort you can to keep them safe….

Tech Headaches? We can help! Contact us now »