Category

Security

data-security

Why You Should Focus on Improving Your Cybersecurity Strategy

By | Security, Strategy

Your cybersecurity strategy has been established and now you feel confident that your organization’s data is protected. While you should be applauded for developing a cybersecurity strategy, you should never rest on your laurels. Cybersecurity requires your constant and full attention.  

The following are five reasons you should focus on improving your cybersecurity strategy:

 

1: Your organization’s personal data is valuable.

2: Recovering from a cyberattack is expensive.

3: Your organization’s reputation is at stake.

4: Cyberattacks are on the rise.

5: Your greatest security risk requires constant coaching.

 

1: Your organization’s personal data is valuable.

 

The level of sensitivity may vary, but all organizations have personal information that they need to protect.  Just consider the following three ways in which personal information  can travel within your organization:

  • Employees collect information from individuals doing business with your organization.
  • Individuals and organizations transfer and or communicate information to your organization.
  • Employees and third-party organizations access information from within or outside your organization.

In just those three methods of transmission, multiple people have interacted with data. Should all the hands that touch your sensitive data have access to it? If you don’t know the answer to that question, it’s a good idea to inventory all the data assets in your organization and determine who requires access to the most sensitive information. Creating an inventory of your data will also help you understand the level of protection you need to implement. Effective recordkeeping and evaluation are important in this area because the information can change and the people who require access to it can also change.

2: Recovering from a cyberattack is expensive.

 

According to a report published by Ponemon Institute, the average cost of a data breach in 2020 was just under $4 million. Gartner Inc., an advisory firm, predicts that the worldwide cost of security will balloon to $170 billion in just a few years. What if your organization suffers a cyberattack and it is more devastating than the average? The costs are even higher. 

Consider the costs associated with the following five historical data breaches:

    • Epsilon – This company suffered an attack in 2011 that involved the personal information for 75 of its clients. The costs to recover from the incident were in excess of $4 billion. 
    • Veterans Administration – Unencrypted data of more than a quarter of a billion records was sitting on a laptop and external drive and stolen from this respected government agency. The VA reportedly was out of up to $500 million to recover from the incident.
    • Target – More than 150 million shoppers of this top retailer received the sad news just before the 2013 Thanksgiving holiday that a hacker “compromised the retailer’s credit card readers” and their card numbers were stolen. The company spent $162 million to recover from the incident.  
    • Capital One – A previous employer of this large financial institution illegally accessed a cloud-based server and stole the personal information of more than 100 million customers. The initial estimate of the data breach was $150 million. The eventual number was closer to three times the number of customers that were impacted–$300 million. 
  • Yahoo – Considered by many as the largest data breach ever, this web services provider first announced in 2013 that 1 billion customer accounts had been compromised. In October 2017, just after it sold itself to Verizon, the company changed the estimate to being closer to three billion records.  In April 2019, their settlement with individuals of the compromised accounts was $117.5 million.

 

3: Your organization’s reputation is at stake.

 

In addition to being expensive, suffering a data breach or other cyberattack can impact how other organizations or individuals feel about your organization. According to a survey conducted by Security.org of 1,000 people (including 300 victims of data breaches), 67.3% of the respondents had less trust in a company if they had a data breach, and  21.6% would not share their personal information with such companies. 

Of course, cyberattacks are not 100% preventable. However, the organizations and individuals that you work with expect you to perform an acceptable level of due diligence to mitigate your risk. An investigation often follows a data breach, especially one that impacts a large number of people or organizations. Once an organization suffers a security breach their reputation is damaged and it while possible, it is difficult to recover from.

Consider the following companies that struggled after a data breach:

  • Capital One – Shortly after they suffered the large data breach mentioned above, the stock of this large financial institution decreased in value. 
  1. FlexMagic Consulting – This small firm operated their business successfully for 34 years, had an A+ rating with the Better Business Bureau (BBB), and reported $2 million in annual revenue. They experienced just one data breach, but the effects of it forced the company to close their doors forever.
  2. LabCorp – In 2018, this large clinical laboratory suffered a ransomware attack that compromised millions of patient records. In 2019, the laboratory learned that 7.7 million of its patient records were accessed by unauthorized individuals via their collection agency, American Medical collection Agency (AMCA), for eight months. In 2020, a website misconfiguration by the laboratory led to 10,000 company documents being exposed. In addition to their stock losing value, LabCorp is the subject of multiple lawsuits by patients impacted by the multiple data breaches. 

 

4: Cyberattacks are on the rise.

 

One constant about cyber threats is that they are increasing. There are many reasons for the increase. One of the most common is that cyber threats are closely tied to major shifts in technology. Advancements in technology provide convenience but also new opportunities of exploitation for cyber criminals. 

Cyberattacks are also on the rise because of a series of special events. The 2020 presidential election was a major event with such increased cyber activity that the director of the National Counterintelligence and Security Center (NCSC) issued a press release warning Americans about international threats. Most recently, the Federal Bureau of Investigation (FBI) reported an increase in cyberattacks due to the COVID-19 global pandemic. Healthcare organizations have been targeted for vaccine information, video communication (increased during this time of social distancing) is being hacked, and social engineering attacks abound amid the news of government stimulus checks, COVID-19 vaccinations, and unemployment benefits.

The following are three additional reasons cyberattacks are increasing:

  • IT departments are understaffed and can’t keep up with cybersecurity demands.
  • A new digital currency (bitcoin) is available to exploit or use as ransom payment.
  • Cyber criminals want fame and compete to orchestrate the largest attack.

 

5: Your greatest security risk requires constant coaching.

It’s a common belief that the weakest link of a cybersecurity strategy are employees. A great example is a report by Trend Micro that uncovered that nearly 100% of the cyber threats based on the COVID-19 pandemic were spam or phishing threats. Human error is difficult to improve and probably one of the most important reasons you should focus on improving your cybersecurity strategy.

Training employees about phishing and other types of social engineering cyberattack methods is the obviously the best method of increasing employee awareness. However, you should focus the training on the weak areas of your employees’ behavior. The HubSpot Your Guide to Employee Phishing Scams document includes a suggestion of simulating phishing attacks to both train employees about them and test their awareness. You can easily carry out the simulations on a regular basis and adjust your cybersecurity strategy as needed.

 

Next Steps

Effective cybersecurity requires a dynamic process for protecting your organization’s data against the sophisticated and increasing threats of cyber criminals who are constantly changing their tactics.  When should you review your cybersecurity strategy? That depends on your organization. If your organization operates within an industry, such as financial institutions, with security compliance requirements, those standards will mandate the intervals in which updates are required. 

If there are no mandates or regulations for your organization to contend with, consider improving your cybersecurity strategy on a regular interval your security team determines proactive or when there are major changes in your organization or industry, there is an increase in a type of cyber threat that is a weakness for your organization, or there is a shift in technology or information that impacts your organization.

Here are five steps you can take to improve your cybersecurity strategy:

  1. Review the objectives from the last iteration of your strategy. 
  2. Evaluate the current protection of your sensitive data. 
  3. Evaluate employees’ security awareness.  
  4. Update the cybersecurity strategy based on your findings. 
  5. Obtain approval from key roles in the organization.
  6. Repeat steps 1 to 5 on a regular basis or during specific shifts that impact your business. 

If your security team is struggling to develop a comprehensive cybersecurity strategy, the security consultants at BACS can provide assistance. We understand that every organization is unique in its cybersecurity needs. We conduct in-depth assessments of IT infrastructures to learn the scope of an organization’s security needs.  We can then work with you to develop an effective strategy for your organization.

Security Protocols

Mitigating Potential Threats with Sound Security Protocols

By | Cloud, Data Protection, IT Support, managed It services, Networking, Security

As cybersecurity becomes increasingly more complex, many organizations lack the resources or knowledge they need to create an effective security strategy. That’s why you need a trusted expert who not only understands the latest security trends but can accurately define your business requirements and implement a plan that aligns with your current and long term needs.  This is especially critical as companies move toward more hybrid cloud environments.  

 

One of the biggest advantages of the cloud―flexible data access―can also be a major weakness if security isn’t effectively factored into the equation. Safeguarding systems and assets against rising threats is crucial, but levels of protection should be carefully balanced against your unique business objectives.  

Technology plays a critical role, but equally important is the need to work with an experienced security expert capable of creating and maintaining effective security practices. Bad actors and cybercriminals s are continuously exploring new ways to penetrate your defenses, which underpins your need to develop and implement sound policies based on defined user preferences and your unique business needs.

 

Your managed service provider should be capable of implementing advanced security techniques and practices, including strong access controls, the latest malware protection, and proactive security scanning. You’ll want to make sure the provider you work with can adapt to change and growth and remains on the cutting edge of technology innovation.  

 

Your service provider’s security operations team should be able to clearly demonstrate the practices and processes it uses to safeguard vital business assets. To protect sensitive data, IT policy controls should be automatically enforced through technical elements, such as authorization, authentication, access controls, password complexity, alerting, and system monitoring. 

 

Your security provider should be clear about its procedures for keeping you informed about the ongoing performance and support issues. Your service provider should be able to clearly outline and define its response capabilities. What is the expertise level of support staff? What is the standard response time? What are your protocols for data access? 

 

Most managed security teams operate 24/7, with staff working in shifts to continually track and record activity and mitigate potential threats. Among the core operational protocols and security responsibilities include: 

 

 

Manage access. 

 

Strong application controls like encryption and authentication can help safeguard information across networks and on endpoint devices, helping to thwart attackers from transferring or copying critical business data. Your cloud provider should be able to provide documentation that shows a separation of duties for administrative functions, disclosing the level of access that each user has and how those levels are maintained. 

 

Define policies and procedures

 

Usage policies define what behaviors are and aren’t acceptable. You most likely have some protective measures in place to address internal threats. To help bolster this vital layer of defense, your security provider will work with you to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market.

 

Data protection. 

 

Data encryption is critical for organizations operating in a cloud environment, helping to make sure critical data remains protected while in use, at rest, or in transit. For even greater protection, consider full-disk encryption, which it encrypts the complete hard drive, safeguarding the data as well as the applications and operating system.  

 

Manage deleted data. 

 

Within a typical cloud environment, sensitive data can easily find its way into uncontrolled and hidden systems and services. When it’s time to delete confidential data, or remove resources storing sensitive data, it’s important to consider the potential spread or replication that often occurs during normal IT operations. Your service provider will analyze your cloud environment to determine where confidential data may have been cached or copied and decide the proper steps to help ensure successful deletion of the data.   

 

Preventative measures

 

To help potential threats, effective security protocols include preventative measures designed to keep team members up to date on the latest cybersecurity trends, recent advances in security techniques, and updates on new emerging threats. This knowledge can help shape your security roadmap and improve disaster recovery planning, helping to guide and prioritize your response in the event of a data breach. Preventative measures and protocols also include actions to mitigate potential, including regular updates to existing systems; modernizing firewall policies; identifying and correcting vulnerabilities.

Continuous monitoring

 

Security controls define the methods and protocols used by the operations team to monitor the network to identify anomalies or suspicious activity. Continuous network monitoring helps ensure your security team is immediately informed of potential or impending threats, putting them in the best position to prevent or mitigate impact. Continuous monitoring enables security teams to strike and optimum balance between proactive and reactive measures as any abnormality in activity is immediately detected.  

 

Effective recovery. 

 

In the event of a disaster, security protocols will be executed to recover systems and restore compromised or lost data. Actions may include wiping endpoint devices, reconfiguring and testing security systems, or implementing effective backups to circumvent the attack. Effective recovery execution will return your cloud infrastructure to its original state. Procedures and steps should also be in place to figure out what happened and how it happened. The security team will use event and log data to track the problem and identify the source.

Ensure compliance

 

Many cloud security processes are shaped by established protocols and best practices, but some are guided by compliance requirements. Your managed service provider is tasked with regularly auditing of enterprise systems to help ensure consistent regulatory compliance. Following regulatory protocols not only helps safeguard confidential data, it can also protect your organization from legal challenges and reputational damage resulting from a data breach.

 

A strategic approach to cloud security

As with any IT investment, migrating to the cloud comes with certain risks. Minimizing those risks and capitalizing on the full potential of cloud requires a strategic, pragmatic approach, evaluating essential infrastructure requirements, security protocols, risk factors, performance needs, and cost considerations.

it network assessment

Everything You Need To Know About Network Assessments

By | Cloud, IT Support, Networking, Security

Some businesses may think that once your network is set up you no longer need to invest any time or resources in it, but that is simply not the case. Your business’s network is constantly evolving and changing. Your network needs to be able to handle the growth of your business to ensure that there are no disruptions. One way to make sure your network goals and business goals align is by performing a network assessment

 

Unfortunately, assessing a network is often one task that is left at the bottom of any team’s to do list. This can create a number of problems that will send shockwaves throughout any organization. Any organization’s network can quickly become too complex and tangled to secure and manage if not properly managed. Companies that do not perform network planning and management miss out on optimization opportunities that could drive quality improvements and cut costs. 

 

Understanding the importance of a network assessment starts with a basic understanding of what a network assessment entails. 

 

What Is A Network Assessment?

 

A network assessment is a comprehensive analysis of your organization’s entire IT infrastructure, management, security capabilities, and overall network performance. Network assessments are powerful tools that can be utilized to identify performance gaps, areas for improvement, and network functionality. The knowledge obtained during a network assessment can help executives make key decisions around IT infrastructure and strategy going forward. 

 

Often organizations will order network assessments when their IT systems become too big or too complex. There may be issues popping up that are difficult to pinpoint through standard IT analysis. At this point, it can be difficult for organizations to gain a full understanding of what is happening throughout their network. Companies should be performing network assessments often to ensure that their systems are never out of control. 

 

What Does A Network Assessment Include?

Every organization’s network is different, which means that every network assessment will also be unique. A majority of network assessments have a few commonalities that organizations can use to build their own network assessment strategy. 

 

Take A Physical Inventory

Any network assessment has to include accounting for all IT inventory that your organization has. If your organization has no idea how many servers and users have, then you will certainly have a difficult time understanding all of your IT infrastructure. Accounting for all of your physical assets can help your organization properly assess your network. For some organizations accounting for all IT assets could take weeks or even months. Identifying all of the physical IT assets can help teams identify which assets are being underutilized and what infrastructure needs are being neglected. 

 

Cybersecurity Evaluation

Another key part of any network assessment is identifying any vulnerabilities present in your IT systems. The cybersecurity assessment portion of a network assessment examines current security controls and how effective they are in reducing overall cybersecurity risk. This portion can identify any vulnerability in a network, such as an inefficient firewall or outdated software applications. 

 

A cybersecurity assessment does not just involve hardware and software; a proper network assessment will also look at how users interact with the network. Employees and customers are often the greatest risk in regards to cybersecurity. Understanding how big of a risk human error is in the context of a network can help an organization reduce that risk. 

 

Network Performance Evaluation

Assessing your network will also involve evaluating the overall performance of your network. A slow network can frustrate not only employees, but potential clients and customers using your network as well. Poor network performance can lead to lost revenue and missed opportunities. 

 

Network performance can suffer due to a number of causes, such as faulty software configurations or a high number of users. Identifying bottlenecks can help your organization resolve any network performance issues. A performance evaluation will help your organization identify the root causes of slow network functionality. 

 

Potential Network Assessment Benefits

Network assessments are not just for show; they provide a number of advantages to organizations who put the time and effort into performing them correctly. Companies who invest in network assessments will have an edge over competitors who neglect their networks. 

 

Patching Security Holes

A network assessment can help your organization find security vulnerabilities throughout your IT network. A network assessment that is properly done will uncover risks throughout a network. Typically, a network assessment will rank risks based on their threat level and likelihood of occuring. Decision makers can then take the appropriate measures to prevent the risks from turning into reality. Organizations can utilize the cybersecurity assessment to prevent catastrophic IT events, such as data hacks. A data leak can result in the loss of customer trust and hefty government fines. 

 

Identify Cost-Savings Opportunities

Another advantage that network assessments offer organizations is the chance to identify inefficiencies in IT infrastructure. A majority of organizations have networks that are ripe with inefficiencies. Even the simplest network assessment can identify low-hanging fruit that teams can easily work on. Executives can then capitalize on these opportunities and drive down costs and improve efficiencies. 

 

If your organization does not have the capabilities to properly conduct a network assessment, you may want to consider hiring some outside help. BACS has worked with various organizations to help them perform network assessments.  

 

BACS Helps Organizations Optimize Their Networks

The experienced team at BACS can help your organization perform a proper network assessment that will give you the big picture of your IT infrastructure. No matter how complex or simple your network is, BACS will ensure that you make the right IT infrastructure decisions going forward. From identifying security flaws to creating cost savings, network assessments can help drive your business grow. 

 

The BASC team is here to help you and answer any questions you may have regarding network assessments. Reach out to BACS today to learn more about network assessments and how a network assessment can help you drive business growth. We can develop a customized network assessment plan that meets your business needs. 

ent plan that meets your business needs.

Reasons Your Cybersecurity Is Broken

3 Reasons Your Cybersecurity Is Broken (And How to Fix It)

By | Data Protection, Security

Fixing cybersecurity problems in your organization should be a priority. As the tactics of cybercriminals become more advanced and the number of attacks increases, fixing cybersecurity problems narrows the opening by which these malefactors can pass through. An incident that occurred at the close of 2020 and hammers home the importance of strengthening cybersecurity is the FireEye data breach. A cybercriminal was able to infiltrate the top security firm’s network and steal tools it uses for testing customer security methods. By all accounts, the security firm did everything right to prevent an attack. The unauthorized access in this incident was characterized as one that was custom designed to infiltrate FireEye’s specific data security system. If an experienced security firm can encounter a cyber incident, it can happen to any business.

The FireEye data breach has undoubtedly become a wake-up call for many organizations to fix the broken aspects of their cybersecurity. Unfortunately, there is no one-size-fits-all guide for resolving cybersecurity weaknesses. If you aren’t sure where to start with fixing cybersecurity issues, addressing the following three common problems can help to mitigate your organization’s cybersecurity risk:

 

1: Unpatched Security Flaws

2: Inadequate Access Controls

3: Human Error

1: Unpatched Security Flaws

Neglecting to patch flawed security is a significant problem because cybercriminals are aware that organizations often neglect to patch security flaws in a timely matter and search for these vulnerabilities to exploit them. A popular example of the consequences of unpatched software is the Equifax data breach. Equifax used third-party software for a consumer-based service (credit disputes) and were notified by the company that a security vulnerability existed. Just two months later, Equifax still hadn’t patched the software and cyber criminals gained access to internal servers containing customer data. Nearly 150 billion of Equifax’s U.S. consumer base was compromised. The unpatched security vulnerability ended up costing Equifax more than $500 million which includes their settlement to mitigate the damages caused by the incident.

Here are five tips for addressing unpatched security flaws:

The obvious first thing you should do is make sure all security patches are applied. According to a report published by Project Zero, a group of Google security analysts, 25% of the 0-days detected in 2020 could have been prevented by patching software.

Keep an eye on critical security vulnerabilities that may impact third-party organizations that have access to your network. One of the regular activities of the Cybersecurity and Infrastructure Security Agency (CISA) is to publish a list of Current Activity related to “high-impact types of security” that affect the U.S. While the listing includes basic information, vulnerabilities requiring software updates are most prevalent.

Patching software can be a tedious task, especially when you have multiple systems to update. Consider using a patch management tool that allows you to remotely deploy a software update to several systems at once from an interface that you can set up with your organization’s specifications.

If your organization is concerned about potential problems that a software update can cause, implement a patch evaluation process that consists of first testing patches on non-critical systems and monitoring the final deployments for any disruptions.

Another option for automating your patching efforts is to consider a cloud patch management service. These services usually consist of scanning systems for known vulnerabilities and deploying software updates, as necessary.

2: Inadequate Access Controls

You should know all the people, devices, and systems that are able to access your network and implement adequate access controls. How important is controlling access to your critical data? The notable Capital One security breach is an example of what can happen when there are insufficient access controls. A singleton cybercriminal (eventually discovered to be a former Amazon employee) was able to gain access to their server hosted by Amazon Web Service (AWS). The criminal obtained personal information for more than 100 million Capital One customers. Capital One estimated that recovering from the incident would cost the company about $150 million.

Implementing adequate access controls not only protects your organization from external intruders but also internal malicious attacks. According to recent research performed by Ponemon Institute LLC that was based on interviews of IT security professionals around the globe, insider breaches cost organizations as much as $871,686 and has tripled in frequency since 2016.

The following are five ways you can improve access to systems and data within your organization:

Create an inventory list of all the employees, resources, and data in your organization that have access to the network. Determine the level of access each of these requires. For example, specific individuals in a financial department require access to the company’s accounting information.

Develop an access control policy that specifies the employees and resources that are granted access to critical systems and data. Make sure you store the information in a safe place.

Implement an authentication system that verifies the identity of employees accessing critical data. To complement this step, consider investing in monitoring software that analyzes access to your network for unusual activity.

Prohibit employees or third-party vendors from connecting to your organization’s network using unsafe public Wi-Fi networks. As an alternative, consider implementing a virtual private network (VPN), which uses an encrypted virtual tunnel to connect to a network, for remote access users.

Hopefully, you already backup all data to a central server or cloud service and all employees know to use strong passwords. In case a system or device that is used to connect to your network lost or stolen, consider installing software on these systems that is capable of remote access that allows you to locate it and prevent unauthorized access to its data.

3: Human Error

If your organization’s cybersecurity plan is focused primarily on protecting the network from outside intruders, you likely have a critical weakness in your system. According to a Verizon Data Breach Investigations Report (DBIR), 34% of the more than 40,000 security events they analyzed were committed by internal actors. There are many data breaches that have exposed the importance of addressing human error. In September 2020, the U.S. Department of Veterans Administration (VA) suffered a security breach due to cyber criminals obtaining access to a financial system used by the organization. In addition to attempting to divert funds from the VA, the cyber criminals were able to access the personally identifiable information (PII) of nearly 50,000 veterans. Modifications to how the VA performs its financial operations are projected to cost $2.5 billion. The VA security breach highlights the consequences of social engineering. The cybercriminals were able to access the VA system using social engineering to trick employees into providing their credentials.

The types of social engineering include smishing (phishing via phone calls or text messages), harpooning (phishing by impersonating executives and using information from social sites), deepfakes (editing a legitimate video or voice clip for the purpose of acquiring personal information), and vishing (impersonation via phone calls or voice message).

The following are five tips for addressing human error in your organization’s cybersecurity plan:

Continuously train employees about social engineering, including, how to identify and report suspicious email, neglecting to provide personal information requested via email, and refraining from clicking a link in an email unless you are 100% sure it is from a legitimate source (contact the sender via phone or other means besides email to confirm).

Use network and email security solutions such as firewalls, antivirus software, antimalware software, anti-phishing solutions, and email spam filters.

Implement a multifactor authentication (MFA) system to add an additional method of validation.

Use SSL digital certificates to encrypt all data flowing to and from your network.

Create an accepted list (also referred to as a whitelist) of applications and email addresses that employees can access. Review this list regularly and make any necessary changes.

Next Steps

Hopefully, the FireEye data breach mentioned earlier doesn’t cause you to relinquish the quest to fix the problems with your organization’s cybersecurity. While such custom cyberattacks occur, they are not the most prevalent. Practicing due diligence and fixing cybersecurity problems that are impacting your organization will strengthen your defense system and help to prevent security incidents that can negatively impact your business and the relationships with your customers. If your cybersecurity team doesn’t have the resources to fix the critical problems mentioned above, it’s a good idea to partner with an experienced cybersecurity team to ensure all the cybersecurity problems impacting your organization are addressed.

BACS is a team of consultants with a full range of IT security experience. We are equipped with the tools necessary to perform comprehensive infrastructure analysis to determine where vulnerabilities exist and develop a comparable plan to resolve the issues and establish a robust foundation. We also offer assistance with developing a thorough cybersecurity training program to educate employees and help fix security issues associated with social engineering.

dark web

Dark Web/Deep Web ID Monitoring

By | Security

Almost everyone has heard of the dark web, and most know it poses risks and dangers that wise internet users try to avoid. However, misconceptions exist about its identity and what it does. Not something to regard lightly, the dark web deserves dogged detection and strict avoidance. The challenge that faces many users lies in not knowing when personal and private information appears on it. Still, deep web ID monitoring provides alerts that indicate the need to act.

What does the dark web mean?

If you think an internet area with an ominous and foreboding name does not pose a danger, some facts may surprise you. The deep web, a much less dire sounding name, provides a space where illegal activities and other nefarious pursuits can occur.

It got its name for a reason, and you do not want to go there. While you may chance upon some legitimate activities, most of its contents tend to serve customers who seek access to illicit data.

As a minor component of the deep web where most internet activity occurs, it has the unique capacity to hide the information that it contains. Inaccessible by the search engines that you regularly use, it remains out of touch except by unique kinds of browsers. Considering the illegal purposes that it most often serves, you may expect the anonymity that it offers to have a strong appeal to some users. Websites that mask their IP address provide a level of privacy and anonymity unavailable in any other place on the deep web.

What can you find on the dark web?

Almost every kind of illicit and illegal information you cannot find on legitimate websites may show up on sites that pander to prurient or malevolent interests. The type of personal and private information that you hope never falls into the dark space on the deep web includes your credit card numbers, subscription accounts, medical records, Social Security numbers, and information about your passport if you have one. However, the intrusiveness reaches much further than that. The personal information you supply when you need a unique id, such as your mother’s maiden name, can exist on the deep web.

Individuals

Your sensitive data provides a source of illegal income for hackers who traffic in buying and selling it, putting everything in your computer at risk. Even more significantly, the anonymous transactions involving your information allow identity thieves to become you. It gives them a license to steal with impunity as the sensitive data enables them to apply for loans that lenders expect you to repay. Finding and buying your government ID can allow a thief to request a tax refund in your name and receive a check from the IRS. Identity theft affects millions of Americans who may find the damage too late to do anything about it. Aside from the sensitive and private information that exists there, hardcore child pornography, human traffic, violent videos, and sites that sell drugs and firearms also appear.

Businesses

Companies experience exposure to risk when criminals buy hacking tools and malware. Like private citizens who do not know of the invasion into personal data, businesses have no way of knowing about data theft either. Hackers can use the purloined tools to steal company files and disrupt the normal flow of business. However, much worse outcomes can occur. When the malware includes ransomware, the threat can harshly damage a company until the thieves receive whatever price they set.

Reports of malicious breaches that often appear can show that they do not target businesses by size but by the ease of access. With the care that you take to prevent prying eyes from seeing your intellectual property, you can succeed in denying access to the people you know. The greater risk, however, exists with those you do not know. Illicit activities on sites can allow malicious operators to damage your brand and cause loss of market share while you do not even know about it.

How does monitoring work?

A monitoring service can accomplish the task of detecting threats on the web with technology and expertise that private individuals and businesses cannot match. As an effective form of surveillance, it uses software to crawl the internet and detect your website’s availability. As it checks on connectivity, it can alert you to its operational status and ensure that the server and the site perform properly. It may find performance problems that you can fix before they create downtime. Transaction monitoring can produce information about visitor activity and other insights that help businesses ensure website availability and consistent performance. Monitoring provides information about unavailable or slow sites that can send customers elsewhere, causing the loss of a potentially competitive edge. It may produce a notification that illicit sites offer stolen information for sale in the cyber market that appeals to user interests’ darker side.

What advantages does monitoring provide?

Awareness of essential facts about your website informs you of your customers’ view of it. An inaccessible site produces an effect similar to a “closed” sign on a brick-and-mortar store. Downtime almost always means a loss of business, and you may not know about it unless you spend much time on your site. A sudden increase in traffic may overburden your site when you expect it to handle the requests for the sale you offer.

Maintenance requires downtime, but it needs to occur when traffic to your site reaches its lowest user activity level. Monitoring can let you choose the right time. An alert to a hacker attack gives you a chance to respond to malicious codes that can bring your site to a complete stop. The value of the heads-up alerts that monitoring provides may vary according to the importance that you place on your proprietary information.

What kinds of monitoring tools exist?

Two tools offer different types of monitoring capability. One can run locally on a server in your home or office, and it may provide access to some facts that help you keep your site running properly. A more commonly used tool offers access from the cloud and tests much more than your web server. With indicators for uptime, downtime, an array of functionality measures, and a highly efficient alerting system, it can provide the notifications that ensure the productive performance of your presence on the web.

Recommendations

Network administrators cannot watch for everything, and you probably do not want them to spend their valuable time doing so. However, you can protect yourself with deep web ID monitoring. Potential risk exposes you to damage to your brand and loss of market share, but you can avoid them with preventive measures.

cybersecurity training and awareness

Cyber Security Awareness for Small Businesses

By | Security

Online attacks are a chronic problem in the business world. If you have any sort of online component to your organization, you are vulnerable. When people imagine cybercriminals, they think of movie-style hackers frantically typing at a keyboard to break through a firewall. However, the reality is rarely so dramatic.

 

What is Cyber Security awareness?

It only takes one downloaded attachment for a criminal to gain access to the data on your server. It used to be that suspicious emails were easy to spot. These days, criminals have moved from general phishing attacks to direct spear-phishing or whaling attacks. Part of their preparation includes learning personal details about the target from public sources like social media. The cyberattack is now hidden in what looks like a legitimate email from a friend or colleague.

Security awareness involves teaching employees about the most recent threats to a business’s data and how to avoid them. It also includes explaining a business’s security standards and policies. By helping employees understand the reasons for security practices, they are more likely to follow the rules.

 

Why is security awareness critical?

Malware and ransomware threats continue to grow. With every new piece of hardware or software, cybercriminals look for vulnerabilities. Small businesses that do not have a large IT department must be especially aware of these dangers. Although they may not have as much customer data as a large corporation, weaker security practices can make them attractive targets.

Teaching security awareness is essential because a data breach can bring painful consequences to a business. Resolving a successful ransomware attack is an expensive proposition whether you pay the ransom or hire an IT service to fix the problem. Stolen customer data will lead to a long-term lack of trust and a loss of loyal clients. If your business is involved with global clients, you can be fined under the EU’s General Data Protection Regulation for failure to comply with safety precautions.

 

What are the benefits of developing an awareness program?

Preventive training can be a tough sell. The main benefits of online safety training are the adverse events that will not happen. Businesses that engage in this type of education are protecting themselves from dealing with worst-case scenarios.

However, cyber safety training will bring positive benefits to your organization. Educated employees will minimize the amount of time and money lost to recovery after a breach. They will also feel more confident as they use new technology. Cyber threats will become less of a mystery when your employees know what to look for.

It is also an excellent practice to let your clients know that you pay regular attention to data security and online safety. Knowing that you care about protecting their information will increase their confidence in your business. A commitment to safety can help you stand out from your competition.

 

What topics should you cover?

Information technology covers a broad range of topics, and no one expects your employees to become security experts. However, security awareness training should cover the areas where human error is most likely to open the way for a breach.

 

Current Cyber Threats

While employees do not need to know the technical specifics of each type of malware, they should have a general sense of how these programs work. Most importantly, they must understand the strategies criminals use to deploy them. Armed with this information, they will avoid opening unfamiliar emails or downloading unexpected files.

 

Password Protection

Weak passwords are the bane of small businesses. Due to limited budgets, smaller organizations often share equipment among employees. To minimize the inconvenience of remembering a strong password, they may use the same password for every device or fail to use a password at all. After training, employees should understand what makes a strong password and why using one for every device is a necessary practice.

Device and Network Policies

Some businesses employ remote options for their employees. Workers can connect to the business network from a home computer. Sales staff may use smartphones or tablets while they are on the road. While these practices offer flexibility, they can also create security hazards. An unattended laptop with an active network connection can give a criminal direct access to sensitive data. Every business must establish and explain its security protocols around remote devices and connections.

 

Reporting Threats

When there is a breach, it is critical to handle it right away to minimize any damage. No one wants to receive blame for the problem, but it will not go away on its own. Employees must learn the procedure for reporting security attacks whether they are successful or not. When employees recognize a bogus email, they can alert their coworkers so that everyone is on the lookout for the latest phishing attack.

 

How does security awareness training work?

Developing security awareness is an ongoing process. There are always new threats in development, and employees must learn how to avoid them. An annual training session may not be enough to meet the challenge. Business leaders should look for several opportunities for security training every year.

 

During Onboarding

When you welcome new employees to your business, online safety should be part of the training. Explaining your policies will help establish a culture of Cyber Security.

 

Hardware or Software Upgrades

Adopting new technology is an appropriate time for a refresher course on safety. As people sep up their new devices, you can remind them of the importance of strong passwords.

 

After an Attack

If there has been an attempt to breach your network, it is a good idea to gather employees and remind them of the best security practices.

 

At Regular Intervals

One of the challenges of online security is complacency. If a business does not experience a breach, employees may assume they are not a target and get lazy about security protocols. Regular reminders will help maintain safe practices.

 

How to get started?

Every small business is different. The first step is to assess your risk. Some of the questions to ask include:

  • How valuable or sensitive is your data?
  • Is your data stored on a local server or the cloud?
  • Do you allow remote connections?
  • What types of devices do your employees use?

By looking at your online setup, you will learn the spots in your network that are most vulnerable to an attack. These weak points should be the primary focus of your security education efforts.

Depending on your business’s size, hiring a local consultant to manage the training may be a good solution. Also, many online programs address the most common cyber safety issues. However you carry out the training, you are making a positive investment in your business’s security and reputation.

Mitigate Your Organization's Cybersecurity Risk

Tech Talk: 20 Things You Must Do to Mitigate Your Organization’s Cybersecurity Risk

By | Security

Is your organization equipped with at least cybersecurity basics? If you don’t know the answer to that question, the following information will help you learn the essentials that can create a starting point for reducing your organization’s security risk.

The 20 most critical elements of cybersecurity basics can be broken into the following five key categories:

  • Asset Tracking
  • Access Management
  • Risk Management
  • Security Controls
  • Incident Response and Recovery

Asset Tracking

  1. Create an asset inventory.

What should be included in the inventory? IT departments typically focus on assets that are most critical to the organization and that are connected to the network. That makes sense (and we’ll discuss those next). However, any asset within the organization that stores or processes information about the organization can be used by cybercriminals. There are numerous asset discovery and logging tools available to help you ensure that you have listed all assets in the organization. In addition to technology assets (hardware, software, and data), you should also include people.

 

  1. Determine the most critical assets in your organization.

Once you’ve created an asset inventory, you then need to determine which assets are considered the most critical. In addition to highlighting this group in your asset inventory, make sure you add important information about the asset such as location, employee who uses it, and technical details (i.e., date of last software update).

 

  1. Analyze the details about the assets in your organization.

You should now have a good picture of the assets in your organization. This basic information can help you start thinking about the level of security and security measures you need to implement. For example, if a large percentage of the organization works from a remote location, it’s probably a good idea to invest in security controls that provide protection for assets in such an environment.

 

  1. Continually update your asset inventory list.

Keeping your asset inventory list current will help you keep track of important information about your assets, such as when software updates are required. One of the most common sources of a data breach is neglecting to apply a software patch. The consequences of this neglect can be exorbitant. The Equifax data breach that occurred in 2017 is an example. Nearly 150 million records were compromised during the breach, and the organization was still dealing with the impact three years later. Equifax eventually had to pay a $425 million global settlement.

 

Access Control

 

  1. Determine the employees in the organization that have access to the critical assets.

The first step of implementing access control to your assets is to learn which employees in the organization have access to the most critical assets and how they access them. It’s also a good idea to determine how access to your critical assets is monitored. The First American Financial data breach of 2019 is a good example of why this step is important. The data breach, which resulted in nearly a billion sensitive records being exposed online, was linked to a website for privileged users that was not designed to verify the identity of the user.

 

  1. Implement strong authentication and authorization controls.

Multi-factor authentication and password encryption are examples of advanced access controls that have been considered the basics for protecting critical assets. In the summer of 2020, we learned that they too can be compromised. Twitter announced on their blog that they were subjected to a social engineering attack. The social media company divulged that the attack was driven by the criminals being able to bypass multi-factor authentication, reset passwords, successfully log in to “high-profile accounts” and send unauthorized Tweets.

 

  1. Use privileged access management (PAM) solution to protect your organization’s critical assets.

A PAM solution enables you to securely control and monitor your organization’s privileged accounts, which are targets for cybercriminals. However, access control isn’t just for preventing people outside your organization from gaining unauthorized access to your organization’s critical assets. According to The Cost of Insider Threats (2020) benchmark study performed by Ponemon Institute, the negligence of insiders in an organization was the top cause of 63% of incident reports and cost organizations nearly $5 million.

 

  1. Consider implementing a Zero Trust access security model.

Microsoft defines a Zero Trust access security model as one that “assumes breach and verifies each request as though it originates from an open network”. By assuming everything in the organization is at risk and must be verified, the process of identifying and granting access to critical assets is much stronger. Implementing a Zero Trust access security model will require that you modify your infrastructure and security policies.

 

Risk Management

  1. Develop a comprehensive cybersecurity plan that is specific to your organization.

There is no one-size-fits-all cybersecurity strategy. You must analyze your situation and determine the threats that your organization are most vulnerable to, and then create a plan that mitigates your risk.

 

  1. Monitor, analyze, and monitor your organization’s network for potential threats.

There are many threat monitoring, detection, and analysis tools and services available on the market. Many of these allow you to pick and choose the services your organization requires. There are some services available that monitor security threats for you. For example, the Department of Homeland Security’s (DHS) Enhanced Cybersecurity Services (ECS) program provides an intrusion prevention capability service to both public and private entities. If your organization is a government entity, you may be able to sign up for the service with little or no cost.

 

  1. Maximize the cybersecurity IQ of all IT security professionals in the organization.

Cybersecurity is an advanced technical practice that requires a specialized set of skills. The individuals in your organization that are responsible for cybersecurity may manage that task alone or function as IT professionals with a myriad of technical responsibilities. Cybersecurity certification isn’t required, but these individuals should know more than cybersecurity basics. Cybersecurity has become an important aspect of doing business. Your cybersecurity staff can easily enroll in training courses in person or online. The training should be ongoing to ensure the security staff is prepared for the ever-changing cybersecurity landscape.

 

  1. Educate all employees in the organization about cybersecurity awareness.

Security awareness training is also important for non-IT employees in your organization. This training teaches employees about security threats and how to avoid them. Your analysis of your organization’s threat landscape will help you determine the most significant information to include in your security training program.

The following are the basics of a security awareness training program:

  • Types of cybersecurity threats and the danger they pose to the organization
  • Policies regarding use of company equipment and networks, bring-your-own-device (BYOD), and remote work
  • Handling sensitive data
  • Communicating with people outside the organization
  • Social media interactions
  • The importance of strong passwords

Employee security awareness training should be a continual event. The goal is to create a culture of security awareness.

Security Controls

  1. Implement controls that protect the organization’s network infrastructure.

The network in your organization is responsible for the transmission of data and one, if not the most, critical assets in your organization. The network is the main entry point that you want to protect.

Here are the most common types of basic network security controls:

  • Firewall
  • Anti-virus solutions
  • Intrusion detection systems

 

  1. Implement security controls that protect data (onsite and in the cloud).

The security controls mentioned in the previous section are measures designed to keep the perimeter of your infrastructure safe. Your protection shouldn’t stop there. You should also take steps to protect the data that is inside the organization or that is managed by a third-party cloud solution.

 

  1. Implement security controls that protect remote connections.

Using a virtual private network (VPN) is the most common method of protecting remote connections to corporate networks. Alternative solutions include permission-based strategies such as identity and access management (IAM) platforms and VPN-like encryption-based strategies such as The Onion Router (Tor).

 

  1. Adopt an adaptive security model.

The cybercriminals in the Twitter breach mentioned previously were able to bypass common access controls. Technology is constantly changing and, unfortunately, cybercriminals are modifying their tactics to keep up with the changes. Implementing a security model that is adaptive to the changes in the threat landscape for your organization is essential.

 

Incident Response and Recovery

  1. Develop a security incident response plan.

Your incident response plan should be specific to your organization and outline how the organization will respond after an attack.

Here are the basic steps of creating a security incident response plan:

  1. Create an incident response team and assign responsibilities.
  2. Identify critical assets and alternate storage solutions.
  3. Determine the procedure for handling compromised assets.
  4. Determine data backup strategy.
  5. Outline the internal and external communication plan.
  6. Document the details from the steps above and have it approved by top-level executives in the organization.

 

  1. Create detailed logs of all security incidents.

Incident logs can help you uncover weaknesses in your security solutions and prevent future incidents. Your organization may also be required by compliance regulations to log all security incidents. The basics of a security incident log answer the when, what, and who questions: When did the incident occur? What was the incident? Who discovered the incident? Make sure you include as much information as possible about the security incident.

 

  1. Consider purchasing insurance to lessen the effects of a cybersecurity issue.

A security incident such as a data breach can have a significant impact on your organization’s reputation and revenue. Cybersecurity insurance can help your organization recover more smoothly from an incident. In addition to mitigating some of your financial losses, cybersecurity insurance may provide security consultants to assist with the recovery process.

 

  1. Test your security incident response plan.

Determining the effectiveness of your security incident response plan is a critical task to perform once your plan is created. The common practice is to replicate a specific type of cyberattack that is realistic as possible for your organization and walk through your plan. Make sure you make notes about any flaws or weaknesses you discover.

 

Next Step

Learning cybersecurity basics can be an eye-opening experience for security professionals. If you realize that your organization has not yet met the baseline of IT security, your next step is to work toward that goal. If you require assistance with performing an in-depth analysis of your business needs, BACS can help.

BACS is an IT services firm of security professionals that specializes in working one-on-one with organizations to first understand what their IT security needs are, and then determine the most robust, flexible, and cost-effective solution.  BACS consultants are also experienced with assisting organizations with strengthening their security foundation.

Multi-Factor Authentication

Increasing Security with Multi-Factor Authentication

By | Data Protection, Security

Multi-factor identification (MFA) involves additional security measures required when logging in to an online account. While it is true that every website requires the user to sign in with a password, MFA adds additional security.

Indeed, a website may require two or three MFA classifications, including identification via a face scan, the user’s voice, or optical recognition. Alternative MFA types include bank cards, keys, and secret tokens. For instance, an ATM user has a debit card combined with a Personal Identification Number (PIN).

Bank and investment websites use MFA technology to protect account owners from hackers. You have most likely already used MFA software to log in to your online checking account or other financial services firms when you provided numerical codes in addition to your passwords. A Multi-Factor Authentication verification works as follows:

  • MFA software calls the phone number associated with your account.
  • MFA software may send your cell phone a verification text instead of a phone call.
  • You answer your phone and receive a numerical code.
  • Alternatively, you may receive the code via a text message.
  • Next, you enter the code into your online account via the website or an app.

A website views your phone as a trusted device. Consequently, receiving the code on your cell phone or landline phone indicates that you are not an impersonator attempting to hack into someone else’s account. MFA might also use your fingerprint as a form of identification. If you lose or forget your password, MFA is sometimes used to verify that you are the authentic account owner. Once verified, you can proceed to change your password.

Websites may require users to answer several security questions before they can access their accounts. Nevertheless, answers to security questions do not constitute the most secure types of MFA authentications.

 

Why is MFA Needed?

MFA is needed to ensure that both the small business owner and the consumer receive protection from people who want to steal identities or funds. MFA requirements protect small businesses from having to deal with identity theft issues. Furthermore, MFA provides an invisible protective wall surrounding the user or account owner. Think of MFA as a moat that defends your account from the malicious intents of ne’er-do-wells.

Unfortunately, hackers get their entertainment from observing users who choose weak passwords. MFA is needed because people often choose insufficient passwords that are too short or lack sufficient letters, numbers, and characters. In addition to selecting an inferior password open to security breaches, a user may enter the identical password on 100 different websites.

Using the same password numerous times can send alert signals to potential hackers. Hackers delight in finding users who continue to use the same passwords for months or years. Many users continue to use the same passwords for multiple applications and store them in insecure locations. Using software to store passwords also presents problems. Using a password manager to store one or more passwords is not always a good idea because of possible security vulnerabilities.

 

What are the advantages of using MFA?

If you manage a small business, you may think it unnecessary to ask customers for MFA authentications. You may worry that your clients will regard receiving and entering numerical codes as heavy burdens on their time and patience. Nonetheless, your customers will thank you if your requirement to use MFA software results in protecting their identities and accounts. Benefits of using MFA software include:

  • Providing clients with additional account protection
  • Protecting a business by offering clients ways to defend themselvesdata-security
  • Preventing a breach of trust
  • Keeping clients happy because they feel secure

Using MFA technology as additional security measures can protect businesses, customers, and employees from hackers. Gaining access to valuable information, an accomplished hacker can wreak all kinds of havoc for everyone involved in the attack.

Hackers can steal medical records, social security numbers, and physical addresses. While the mere thought of a hacker gaining access to confidential account information may send shivers up and down your spine, your use of MFA technology can help prevent this type of situation from taking place.

 

What are the disadvantages of using MFA?

An account owner may not want to spend additional time verifying their account. It is already somewhat of a nuisance to enter a username and password for verification purposes. Receiving an email, voicemail, or text with a numerical code is an extra burden. Plus, the person then needs to take the time to enter the code before they can access their account.

A user may receive the dreaded message implying that the website does not recognize their computer. Lack of recognition may result from using a junk file cleaner. While deleting unnecessary information, a private usage data cleaner may also eliminate a trusted site verification. An updated browser can also cause a website to require additional identifiable information from the user.

A person may not have their phone within proximity. Perhaps someone recently stole the person’s mobile phone. If MFA requires receipt of a unique code via a voicemail, this can cause an issue. In this case, a user will not have the ability to access their online account.

MFA software is not 100% foolproof. A hacker can figure out how to mimic a person’s voice or even their iris. Yet utilizing MFA technology makes common sense because the authentication adds extra security.

 

How does MFA work?

Multi-Factor Authentication occurs when a person wants to log in to their online account. A one-time password (OTP) is a common requirement before an individual can access their online data. The code only works for a short time. Once the allotted time expires, the user will need to obtain a new OTP and enter it into the website.

A website that does not require the user to enter an OTP may ask the person to answer one or more security questions. As stated earlier, security questions are not foolproof because a hacker may have the ability to ascertain the correct answers.

Another method involves recognizing a person’s trusted device. In this scenario, the individual would have already granted the website permission to use the same cell phone or computer. Providing ample evidence constitutes the best way to describe how MFA works. A person who provides two or more pieces of evidence demonstrating correct identification can access their online account.

Even though requiring the use of MFA may cause a person to have a minor inconvenience, the benefits far outweigh any disadvantages. Scrambling to find a cell phone to obtain a numerical code is worth the slight hassle if it means protecting the person from identity theft.

Small businesses benefit from using MFA software because the authentication method offers extra protection for their clients, resulting in satisfied customers. Every business owner knows that keeping a customer happy is a vital aspect of growing a company.

Business owners should familiarize themselves with Multi-Factor Authentication software before they choose a system. It is useful to determine if they can get support and whether the software is easy to use. Providing clients with an extra measure of safety, a small business owner has the satisfaction of going the extra mile for their customers.

Malware Threats

Safeguarding Assets from Evolving Malware Threats

By | Security

The digital age has greatly expanded the range of opportunities and avenues of attack for hackers to penetrate your IT security defenses and gain access to critical business systems and applications. Many of these breaches are the result of weak security defenses and poor email usage practices.

 

Malware infections can be particularly devastating for businesses. By interrupting critical workflows and stealing or encrypting crucial data, malware can cause serious financial and reputation damage.

 

According to one report, 66 percent of malware enters enterprise networks through email attachments.

Therefore, the importance of implementing solid email security defenses and best practice measure can’t be overstated, particularly considering the extensive use of email for day-to-day business communications.

 

At the same time, today’s threats are becoming increasingly more sophisticated as cyber criminals create more dangerous variants of ransomware and malware, along with more devious phishing schemes. Whether caused by software failure or human error, a single malware attack can prove catastrophic for businesses of any size.

 

While there is no silver bullet method for preventing all malware attacks, there are reliable, best practice measures to detect and block threats. These baseline methods provide a solid framework for helping to protect sensitive business systems from unwanted intrusions without hampering productivity.

 

Install anti-virus software.

Anti-virus and spam filtering tools offer an effective front-line defense in helping to prevent malicious malware, ransomware and other viruses from sneaking into your network and infecting your applications and systems. These programs scan your email and attachments, checking for vulnerabilities as they enter your inbox. If malicious content is identified, the software will alert users of the suspicious content and typically will quarantine the affected email to prevent it from being inadvertently released. It is your responsibility to check your security settings on your spam filter and enable the specific options you need. You can often change the settings to block out any emails that contain specific words or phrases, which can be helpful in guarding against specific types of scams or email phishing schemes. To help defend against the latest threats and vulnerabilities, make sure your anti-malware software is consistently updated with the latest definitions.

Use secure authentication.

Once an access point is compromised, attackers will often reuse the password to gain access to other systems. Authentication will help obstruct these attempts no matter how the hacker gains access to the password. Options within your email client typically give you a range of authentication capabilities. While the concept is simple, authentication offers a highly effective data loss prevention technique. For a more streamlined security approach, consider consolidating your authentication, encryption, and advanced threat protection into a single security suite. Compared with point tools, these integrated systems require a fraction of the IT resources required to maintain effective threat protection.

 

Keep software updated.

While no system or application is completely safe against malware attacks, software providers regularly provide patches and updates to close any new vulnerability that may emerge. As a best practice, validate and install all new software patches and check for signs of malware in log reports. Be sure to implement routine maintenance including updating your operating systems, software tools, browsers and plug-ins. Make backups of all your data and software on a storage device that is not attached to your network or computer. Confirm that all your backups are operating properly and test them on a regular basis to make sure they will perform when you need them. Also, don’t overlook your email servers, which are a frequent target of hackers. Make sure your IT team has all the necessary tools and information to effectively secure your email servers.

Safeguard email with encryption.

Popular email platforms like Gmail and Outlook typically don’t have sufficient enterprise-level encryption capabilities to fully protect applications and systems against all cyber threats. Third-party add-in encryption services can close these corporate email security gaps, helping to safeguard information in transit and on endpoint devices. For even greater protection, consider full-disk encryption, which encrypts the complete hard drive, safeguarding the data as well as the applications and operating system. Keep in mind that some encryption services can add friction to the user experience. Any encryption tool is only effective if users can easily make it a part of their regular workflow. Carefully weigh your options by testing trial versions before making a final decision.

.

Monitor for suspicious activity

Proactive email scanning can identify vulnerabilities and provide reports on detected gaps in security and recommendations for security patches or vendor updates. These reports describe the types of risks found and a potential cause for each area of vulnerability. Many of today’s leading email monitoring solutions will monitor all user accountsfor suspicious activity and provide an alert if there is any reason for concern. Core capabilities typically include: logging all incoming and outgoing traffic; baselining normal user activity and proactively looking for aberrations; and promptly investigating unusual actions. Network monitoring can also be used to confirm the health of software and firmware throughout system startup, operation and during sensitive upgrade periods.

 

Educate end-users

While implementing the right technology is important, it’s not the entire solution. The users who interface with your business systems must also be educated on how to perform their tasks. Work with your internal team to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market. Create a culture in which people talk about security, and make security a clear priority. Teach users about secure online practices such as how to recognize potential threats and phishing attempts.

 

Continue to build awareness of malware risk attacks and check user awareness with in-house hacking attempts and interactive security activities.  Make sure policies and procedures are consistently enforced.

  • Keep users informed on the latest cybersecurity threats and best practice security techniques.
  • Educate users on how to identify phishing schemes and what to do if a hidden threat is uncovered.
  • Empower and encourage users to be proactive in reporting suspicious behavior.
  • Instruct users on how to use secure networks and follow best practice processes when working remotely.

 

Staying ahead of today’s advancing threats

Safeguarding your vital IT and enterprise infrastructure is not just a security concern; it is a fundamental business issue. It requires an intelligent investment in resources to meet an increasingly complex threat landscape.

While building an effective email security framework is a long-term process, you cannot afford to hesitate. Cybercriminals are constantly looking for new ways to break through your defenses, which is why you need a solid technology foundation, combined a strong culture of awareness and responsiveness to today’s evolving threats.

 

 

 

 

 

 

 

 

 

cybersecurity

The Biggest Trends in Cybersecurity We Saw in 2020

By | Security

What were the most significant cybersecurity trends of 2020? As you might expect, they were closely tied to the prominent events of the time. The year 2020 could easily be summed up as one of great stress and anxiety. In early March, the COVID-19 global pandemic caused remote connections to become the “new normal”. There was an immediate pursuit for a vaccine to alleviate the strain on people infected with the virus and the healthcare system caring for those individuals. There was also the presidential election that raised new security concerns as the option for mail-in ballots became a heated debate. What we discovered about the cybersecurity trends of 2020 is that cybercriminals did not let up their ploys. Instead, they increased and even updated their tactics during an uncharacteristic year in which many organizations were simply just trying to stay afloat.

The following are five of the biggest trends in cybersecurity we saw in 2020:

  • The technology used by remote workers became big targets.
  • Email hacks continued to increase.
  • The healthcare industry became the top target.
  • Attacks on cloud solutions based on new strategies emerged.
  • Ransomware attacks increased in specific industries.
New call-to-action

The technology used by remote workers became big targets.

As our learning, working and socializing shifted to remote connections during the emergence of the COVID-19 pandemic, cybercriminals also shifted their tactics. Meeting applications such as Zoom gained popularity. Shortly thereafter, there were reports of threats related to the increased virtual activity. The Boston division of the FBI issued a warning in March of 2020 for users of video-teleconferencing (VTC) platforms to take measures to protect themselves from teleconferencing hijacking. As fingers continued to point to Zoom as the culprit, the company posted a message on their blog explaining that they “did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.” Zoom eventually made some changes to their application. In early January 2021, the company released a new version 5.0 of its application that is supposed to address several of its security issues.

Videoconferencing wasn’t the only remote technology under attack in 2020. The Dark Nexus bot was first revealed in late 2019 but continued to evolve in 2020 and target a growing list (up to 1372 as of this writing) of Internet-of-Things (IoT) devices such as home routers. The bot initially exploited system vulnerabilities and then evolved to most recently using brute-force attacks on Telnet connections that used default credentials. Because the bot has been quickly spreading to IoT devices, cybersecurity professionals are concerned that its threat could extend to 2021.

Email hacks continued to increase.

In addition to remote technology, cybercriminals also continued to focus on a common target—business email. The COVID-19 crisis turned out to be a breeding ground for phishing attacks. One of the most staggering cybersecurity statistics is phishing attacks increased 220% in 2020. In the 2020 Phishing and Fraud Report, the application services and application delivery networking company F5 reports that while the usual tactics related to emotional appeal were observed, cyber criminals that chose this social engineering form of attack discovered new ways of submitting attacks.

One of the most notable email attacks was on the federal government.  As reported by Reuters, the email system of several U.S. government offices, including the treasury and commerce departments, were infiltrated. It is believed that malicious code by a foreign agency was inserted into the government network during the automatic update processes and were undetected for several months. The Trump administration announced the attack in early December 2020, but details about the depth of the attack and the exact nature of the data was taken (if any) have yet to be communicated to the public.

The healthcare industry became the top target.

Healthcare is one of five industries most targeted by cybercriminals. It’s no surprise that since the COVID-19 pandemic, healthcare has moved to the number one spot. This became public knowledge in the middle of November 2020 when the American Hospital Association (AHA) reported that the Cybersecurity and Infrastructure Security Agency, FBI and Department of Health and Human Services were concerned about “credible, ongoing and persistent” threats.”

There were several major cyber attacks on the healthcare sector in 2020. The following are the two most notable:

  • The UVM Health Network was forced to lock down their network for more than 30 days due to an attack that infected thousands of their computers. UVM brought in government cyber professionals to assist with restoring their systems. The organization estimated that their losses were about $1.5 million per day and would probably end up costing more than $50 million when the issue is resolved in 2021

 

  • Between February and May 2020, nearly 50 health-related organizations that used the cloud computing vendor Blackbaud to store donor information were impacted by a ransomware attack that resulted in individual records being compromised; the largest impact being the more than 1 million Inova Health System records. The incident, which involved the cyber criminals gaining access to unencrypted data (including bank information, social security numbers, and log in credentials), led millions of the victims filing individual and class-action lawsuits against Blackbaud. The attack originated in early February and wasn’t discovered until late May 2020. Blackbaud is a cloud computing vendor for a variety of organizations. The company paid the ransom once they received confirmation that the exfiltrated (copied) data was destroyed. The company neglected to publicly disclose the amount of the ransom.

Attacks on cloud solutions based on new strategies emerged.

Health-related organizations aren’t the only organizations using cloud services. The benefits of reduced IT costs and increased accessibility are attractive benefits that have led many organizations to move to the cloud. As more organizations choose to move their critical data to cloud solutions, these systems are becoming bigger targets for hackers.

Given the increase in cloud system attacks, organizations are observing data for vulnerabilities. Research by Aqua Security of 16, 371 attacks on cloud systems that spanned June 2019 to July 2020 uncovered a new trend in cyber attacks on cloud solutions. While mining cryptocurrency continued to be the major aim of the attacks, a small amount (about 5%) in 2020 were used for a new purpose—setting up distributed-denial-of-service (DDoS) infrastructure. The research by Aqua shows that the miners were deployed as malicious image containers published on Docker Hub. This is a significant development because it signifies that cyber criminals are using more sophisticated means of infiltrating systems and are more interested in financial gain.

Docker defines a container image as “a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings.” It’s like a virtual machine in terms of its self-contained characteristic but differs in that it  virtualizes an operating system instead of OS hardware. This new development environment will likely draw more malicious activity in the near future.

Ransomware attacks increased in specific industries.

A report by the cybersecurity company FireEye may have been wrong about predicting that the 2020 elections would stir up hackers to attack electoral systems, but they were right on the mark about ransom attacks continuing to be a problem. Halfway into 2020, there were about 11 major ransomware attacks that resulted in the victims of those attacks paying nearly $150 million to recover.

According to the IBM Security X-Force Threat Intelligence Index for 2020, ransomware was one of the top methods of attacks in the U.S. Not only were ransomware attacks up in 2020, but the malefactors used more bold attempts to force organizations to pay the ransoms. Global risk consulting firm Kroll reported that ransomware criminals set up websites exposing obtained personal data and, in many cases, sought to connect with the owners of that data directly which forced the organizations to alert customers and respond more quickly. Kroll reported that technology, healthcare, and professional services were the key target industries of ransomware attacks in 2020.

Conclusion

Understanding the trends in cybersecurity can provide some insight into what your organization can expect in the coming year. What is apparent from the uncharacteristic year of 2020 is that it is more important that your organization not only implement cybersecurity measures but make sure those measures are the “right” ones for your organization for a variety of technical situations. One of the side effects that the COVID-19 pandemic has had on businesses is that many had to scale down their workforce. This included cybersecurity professionals. There was already a great need for these professionals. The 2020 economic outlook meant that companies had to be more creative in how they planned for cybersecurity challenges. Is your organization prepared for the cybersecurity trends of 2021?

BACS is a cybersecurity firm ready to help you obtain an understanding of your organization’s needs and what you need to mitigate your cybersecurity risks in the coming years.

 

Contact Us for a FREE Security Assessment