The Real Deal on Cybersecurity Failures

The Real Deal on Cybersecurity Failures

Written by Scott Hall on . Posted in Computer Security

A 2018 study revealed that small to medium businesses increasingly face the same cybersecurity risks as enterprise and well-known corporations, but only 28 percent of SMBs rate their ability to mitigate threats and attacks as “highly effective.”

The quantity of breaches and attacks, including malware, phishing attempts and ransomware attacks is steadily rising — with 67 percent of SMBs experiencing a cyber-attack, and 58 percent experiencing a data breach in the last year. Despite that, nearly half of respondents (47 percent) say they have no understanding of how to defend their businesses from these attacks.

As this vulnerability increases, the risk of employees, vendors, and outside contractors causing data breaches or being inadvertently complicit in these attacks is simultaneously increasing — 60 percent of study respondents cited a negligent employee or contractor as being the root cause for a breach, compared to 37 percent pointing to an outside source. Still, 32 percent of survey participants stated that they could not determine the root cause of a breach or attack they experienced in the past 12 months.

40 percent of respondents say an attack occurred with the compromise of employees’ passwords in the past year, with the average cost of each being $383,365. Accordingly, 19 percent more IT and security professionals consider password protection and management to be increasingly critical in 2019 as compared to 2018.

Part of creating an environment that is vulnerable to outside attack is a failure to use strong passwords, two-factor authentication and unique passwords for every website, application and system. These steps are often inconvenient, but have stopped attacks from occurring, limited the intrusion that occurs, and even notifying of a breach before it can actually occur. In this vein, respondents indicated their two biggest password-related pain points are having to deal with passwords being stolen or compromised (68 percent) and employees using weak passwords (67 percent). Almost certainly, this is cause and effect at work. Often, human memory and/or insecure spreadsheets are used to store and protect passwords. Only 22 percent of respondents say their companies require employees to use a password manager. Of the 74 percent of respondents who say password managers are not required, more than half say their companies rely upon unreliable methods to protect passwords.

SMBs, by nature, do not necessarily have the funds or the expert staff to have effective security, and as a result 74 percent of respondents note this as a huge obstacle. The remaining 26 percent of respondents who believe they are ‘highly effective’ at mitigating vulnerabilities and attacks state that the reason for this belief is due to a higher investment in both personnel and funding to adequately face these threats. These companies also dedicate a higher percentage of their IT budget to cybersecurity efforts.

As time progresses and technology evolves, cyber criminals are often ahead of the curve, and companies, no matter how big or small, are only as strong as their weakest link and their ability to react to an ever-changing security landscape. Staying ahead of threats in this area pays untold dividends by fostering a healthy respect for security and the responsibility of being good stewards of consumer data.

 

A Practical Guide to Data Encryption

Written by Scott Hall on . Posted in Computer Security

There are few organizations that do not hold some kind of sensitive data, be it something as simple as customer addresses for delivery, or something as serious as patient medical records. Breaches of this data are happening every day, and not knowing the consequences of a successful breach is not a valid defense in modern times.

If a breach occurs in an industry with any government oversight at all, any organization found to be careless or deviating from industry best practices on security can face substantial penalties, not only reputational damages but monetary fines as well.

On the other side, maintaining proper security protocols can open up a number of business opportunities. For example, a start-up engages in a partnership with an established company that needs to ensure its new vendors are taking security seriously as to not jeopardize their own operations. This is but one case where failure to adhere to security standards can impact your organization.

For whatever reason a company would need to encrypt their data, it may seem like a daunting and intensive task, however critical it may be. It doesn’t have to be difficult at all. Ideally, encryption functions best when it is absolutely unobtrusive and invisible to daily users.

While large company data breaches make the headlines and cable news, it’s often small and medium businesses that are harmed by these intrusions. Potential fines, loss of reputation and lack of consumer confidence can be an often fatal blow to SMBs, whereas larger enterprises can absorb that kind of damage. When taking the potential loss into account, encryption and data security is critical in the small to medium business space.

There are many technical methods of data security, and while these are essential, they work best in tandem with employee awareness and training. Employees can minimize the organization’s risk profile and even limit the data’s exposure to the world at large, just by being aware of best practices and the consequences of mishandling.

Developing non-obtrusive methods of data encryption & security are imperative, as humans naturally seek out ways to be most productive, even if it means cutting corners for access to critical data in the name of efficiency. These process shortcuts can sometimes become the very method of attack used by criminals to steal data, or insert malicious programs behind firewalls.  Common issues that occur are passwords written and left in proximity to the PC or device they belong to, or removing hardware from a secured facility to an unsecure one, and not preventing access by unauthorized persons, such as ex-employees or vendors. Recognizing your vulnerabilities through an objective assessment can go a long way in minimizing your risk profile and ensuring that even in the event of a breach, your organization has taken great care in adopting standard practices to ensure data security is taken seriously.

Contact the professionals at SOS if you believe your organization can benefit from an in-depth review of data security practices.

Cybercrime and Real World Terrorism: Strange Bedfellows?

Written by Scott Hall on . Posted in Computer Security

We know the impact of cyber-crime as it relates to every day users. Credit card theft, sensitive personal data stolen, and much more have been attributed to so-called ‘cyber terrorists’. Is it then possible that more ‘conventional’ terrorists would be interested to use similar tactics? This may sound extreme, especially due to the limited and reversibility nature of the impact of certain cybercrime tactics and the precautions that forewarned businesses and organizations can take. However, it is difficult to brush off the threat in an external inspection of both the dynamics and methodology of these types of attacks, and the tools used to perpetrate them.
Conventional terrorists–regardless of ideology have engaged in the digital space for any number of reasons, most having been born of necessity. For things like covert communication, recruitment, propaganda, transferring illicit funds undetected, and, most importantly, sharing amongst a geographically dispersed command structure. Information disseminated in the cyber space also includes target assessments for real-world terrorist acts, and tactical assignments.

However, this could change with increasing technical competency and capability for network-based attacks and growing number of bad actors in the online community. Opportunity for online interaction and training has compensated terrorists the loss of physical space for such activities on the ground. Current social networking tools such as Facebook, Twitter, and Instagram, among others, provide platforms not only to share information and expertise but also practice it in virtual space. It’s simply a foregone conclusion that funding terrorist acts, either directly or via support and logistical infrastructure, through cybercrime and ransomware is ongoing.
Ransomware tools like WannaCry and others have the potential to reduce the opportunity cost for conventional terrorist attacks as well. Al Qaeda and the Islamic State of Iraq and Syria (ISIS) have demonstrated much interest along with some capability to develop and use chemical, biological, radiological, or nuclear weapons (CBRN), and while there has been no successful mass casualty terrorist attacks involving them, there is the concern that these groups might lose control over the consequences of such an attack, in such that they could affect the members of the communities they are purportedly fighting for. However, use of weapons of “mass disruption” like ransomware as against weapons of “mass destruction” will enable terrorists to cause large-scale damage (loss of data and equipment), chaos (in hospitals and other public utilities) and fear, while simultaneously filling their coffers. Imagine the impact if terrorist groups like Al Qaeda or ISIS were involved in WannaCry attack. For terrorists, it’s a win-win tactic as they can achieve almost similar attention and without firing a shot or exploding a bomb, all without garnering the attention of conventional law enforcement and military tactics used in stopping them.

If you are concerned about your organization’s susceptibility to cyberattack, contact us today.

WannaCry A Year After

Written by Scott Hall on . Posted in Computer Security

wannacry

WannaCry was a ransomware worm that spread rapidly through across a number of computer networks in May of 2017. While infecting a target computer, it encrypts the contents of the hard drive, denying access to the user, then demands a ransom payment, in the form of untraceable bitcoin, in order to restore access.

 

WannaCry arrives on the infected computer in a self-contained program that extracts the other components embedded within itself, which include the encryption keys, and a copy of Tor, a dark web browsing tool.

 

The program code was easy for professionals to analyze. Once launched, WannaCry proceeds to encrypt files in a slew of important formats, ranging from Microsoft Office files to MP3s, then displays a ransom note, typically demanding $300 in Bitcoin to restore access.

 

The initial spread of WannaCry was particularly noteworthy, in that it struck a number of high-profile & critical systems, such as the National Health Service in the UK, Nissan Automotive’ s manufacturing facilities in the UK, the University of Montreal, Boeing Commercial Airplanes in the US, and PetroChina, just to name a few. Victims were advised against paying the ransom demands, as the attackers were not restoring access after the ransom had been received. After the initial attack, payments totaling $130,635 USD were reported to the bitcoin wallet assigned to the ransom payments.

 

The last week in March 2018, Boeing Aircraft was hit by an evolved version of WannaCry, which is incredibly surprising, given the scope of last year’s initial attacks and the notoriety they gained. The vulnerability used by WannaCry was reasonably easy to patch and correct, so why did a Fortune 100 company with a massive and competent IT staff fall victim to it a year after Zero Day?

 

It seems security patching is still an overlooked practice. It’s routine, time-consuming and basic, but very important, considering that known vulnerabilities are still used in attack exploits up to 10 years after they’ve been exposed. Knowing that a solution exists but not implementing the patches and updates needed to close the vulnerability still leaves your enterprise vulnerable to exploitation. Managed service providers are critical partners in your business because you rest assured that all available upgrades and patches for known vulnerabilities are occurring regularly, and in accordance with best IT practices across the board.

 

Business continuity and disaster recovery devices are also part of a mature defense against ransomware. By allowing data from compromised systems to be recovered with minimal losses, you can minimize the impact from attacks of this caliber.

 

SOS Technology Group is always available to assist with implementing these solutions, call us today.

7 out of 10 Affected: Will You Be One?

Written by Scott Hall on . Posted in Computer Security

Seven out of ten medium to enterprise level businesses expect to be impacted by cybersecurity breaches in 2018, with more than 25% of those anticipating a breach to occur within the next six months.

 

Most businesses are in the dark with the true efforts involved in the breaches that have occurred, and because of that, most businesses are not very confident that they would even be able to detect a breach, let alone how to remediate the damage done in the aftermath.

 

Around half of all security breaches are employee-related, either through bad actors using inside knowledge, or through lapses in attention or awareness. Most senior IT professionals agree that the insider breach is the biggest threat in network security. With this in mind, it’s important to constantly monitor what your internal users are doing on a daily basis, to form a complete and comprehensive strategy based on real-world actions and behaviors. Learning where your vulnerabilities lie is the first step into determining possible vectors for a breach, and creating a balance between employee education and security technology is crucial to attacking an insider breach, either accidental or overtly malicious.

 

Protection from the breach includes antivirus & spyware detection programs, email filtering, firewalls, and a robust data backup/archiving platform. But these tools are only as good as the people who use them, and the people protected by them. Your employees need to understand all the potential harmful effects of risky behavior, like clicking links in unknown emails, sharing passwords on sensitive systems, or downloading attachments from unknown sources, even if those sources look legitimate.

 

Being mindful of your human attack surface is critical as well. Human attack surface is defined as the totality of all exploitable ‘holes’ in security that are created solely by the activities and vulnerabilities of human beings within the organization. This includes things like employee illness, terminations, negiliance, errors and an individual’s susceptibility to social engineering through sites and apps like Facebook, Instagram, and the like.

Increasingly, social engineering is such a serious threat that is now being considered as an attack surface all on its own. One way to combat social engineering is to conduct routine penetration testing that simulates common attack methods used in social engineering breach attempts. Penetration testing can also determine vulnerabilities from negligence and routine errors, especially focusing on employees with specialized access, high-level administration or critical duties within your organization, as these individuals are likely to be key targets in social engineering attempts.

 

SOS Technology Group can assist your business in facing these threats confidently and knowledgably. Consult with us today.

Tech Headaches? We can help! Contact us now »