Category

Data Protection

Security Protocols

Mitigating Potential Threats with Sound Security Protocols

By | Cloud, Data Protection, IT Support, managed It services, Networking, Security

As cybersecurity becomes increasingly more complex, many organizations lack the resources or knowledge they need to create an effective security strategy. That’s why you need a trusted expert who not only understands the latest security trends but can accurately define your business requirements and implement a plan that aligns with your current and long term needs.  This is especially critical as companies move toward more hybrid cloud environments.  

 

One of the biggest advantages of the cloud―flexible data access―can also be a major weakness if security isn’t effectively factored into the equation. Safeguarding systems and assets against rising threats is crucial, but levels of protection should be carefully balanced against your unique business objectives.  

Technology plays a critical role, but equally important is the need to work with an experienced security expert capable of creating and maintaining effective security practices. Bad actors and cybercriminals s are continuously exploring new ways to penetrate your defenses, which underpins your need to develop and implement sound policies based on defined user preferences and your unique business needs.

 

Your managed service provider should be capable of implementing advanced security techniques and practices, including strong access controls, the latest malware protection, and proactive security scanning. You’ll want to make sure the provider you work with can adapt to change and growth and remains on the cutting edge of technology innovation.  

 

Your service provider’s security operations team should be able to clearly demonstrate the practices and processes it uses to safeguard vital business assets. To protect sensitive data, IT policy controls should be automatically enforced through technical elements, such as authorization, authentication, access controls, password complexity, alerting, and system monitoring. 

 

Your security provider should be clear about its procedures for keeping you informed about the ongoing performance and support issues. Your service provider should be able to clearly outline and define its response capabilities. What is the expertise level of support staff? What is the standard response time? What are your protocols for data access? 

 

Most managed security teams operate 24/7, with staff working in shifts to continually track and record activity and mitigate potential threats. Among the core operational protocols and security responsibilities include: 

 

 

Manage access. 

 

Strong application controls like encryption and authentication can help safeguard information across networks and on endpoint devices, helping to thwart attackers from transferring or copying critical business data. Your cloud provider should be able to provide documentation that shows a separation of duties for administrative functions, disclosing the level of access that each user has and how those levels are maintained. 

 

Define policies and procedures

 

Usage policies define what behaviors are and aren’t acceptable. You most likely have some protective measures in place to address internal threats. To help bolster this vital layer of defense, your security provider will work with you to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market.

 

Data protection. 

 

Data encryption is critical for organizations operating in a cloud environment, helping to make sure critical data remains protected while in use, at rest, or in transit. For even greater protection, consider full-disk encryption, which it encrypts the complete hard drive, safeguarding the data as well as the applications and operating system.  

 

Manage deleted data. 

 

Within a typical cloud environment, sensitive data can easily find its way into uncontrolled and hidden systems and services. When it’s time to delete confidential data, or remove resources storing sensitive data, it’s important to consider the potential spread or replication that often occurs during normal IT operations. Your service provider will analyze your cloud environment to determine where confidential data may have been cached or copied and decide the proper steps to help ensure successful deletion of the data.   

 

Preventative measures

 

To help potential threats, effective security protocols include preventative measures designed to keep team members up to date on the latest cybersecurity trends, recent advances in security techniques, and updates on new emerging threats. This knowledge can help shape your security roadmap and improve disaster recovery planning, helping to guide and prioritize your response in the event of a data breach. Preventative measures and protocols also include actions to mitigate potential, including regular updates to existing systems; modernizing firewall policies; identifying and correcting vulnerabilities.

Continuous monitoring

 

Security controls define the methods and protocols used by the operations team to monitor the network to identify anomalies or suspicious activity. Continuous network monitoring helps ensure your security team is immediately informed of potential or impending threats, putting them in the best position to prevent or mitigate impact. Continuous monitoring enables security teams to strike and optimum balance between proactive and reactive measures as any abnormality in activity is immediately detected.  

 

Effective recovery. 

 

In the event of a disaster, security protocols will be executed to recover systems and restore compromised or lost data. Actions may include wiping endpoint devices, reconfiguring and testing security systems, or implementing effective backups to circumvent the attack. Effective recovery execution will return your cloud infrastructure to its original state. Procedures and steps should also be in place to figure out what happened and how it happened. The security team will use event and log data to track the problem and identify the source.

Ensure compliance

 

Many cloud security processes are shaped by established protocols and best practices, but some are guided by compliance requirements. Your managed service provider is tasked with regularly auditing of enterprise systems to help ensure consistent regulatory compliance. Following regulatory protocols not only helps safeguard confidential data, it can also protect your organization from legal challenges and reputational damage resulting from a data breach.

 

A strategic approach to cloud security

As with any IT investment, migrating to the cloud comes with certain risks. Minimizing those risks and capitalizing on the full potential of cloud requires a strategic, pragmatic approach, evaluating essential infrastructure requirements, security protocols, risk factors, performance needs, and cost considerations.

Reasons Your Cybersecurity Is Broken

3 Reasons Your Cybersecurity Is Broken (And How to Fix It)

By | Data Protection, Security

Fixing cybersecurity problems in your organization should be a priority. As the tactics of cybercriminals become more advanced and the number of attacks increases, fixing cybersecurity problems narrows the opening by which these malefactors can pass through. An incident that occurred at the close of 2020 and hammers home the importance of strengthening cybersecurity is the FireEye data breach. A cybercriminal was able to infiltrate the top security firm’s network and steal tools it uses for testing customer security methods. By all accounts, the security firm did everything right to prevent an attack. The unauthorized access in this incident was characterized as one that was custom designed to infiltrate FireEye’s specific data security system. If an experienced security firm can encounter a cyber incident, it can happen to any business.

The FireEye data breach has undoubtedly become a wake-up call for many organizations to fix the broken aspects of their cybersecurity. Unfortunately, there is no one-size-fits-all guide for resolving cybersecurity weaknesses. If you aren’t sure where to start with fixing cybersecurity issues, addressing the following three common problems can help to mitigate your organization’s cybersecurity risk:

 

1: Unpatched Security Flaws

2: Inadequate Access Controls

3: Human Error

1: Unpatched Security Flaws

Neglecting to patch flawed security is a significant problem because cybercriminals are aware that organizations often neglect to patch security flaws in a timely matter and search for these vulnerabilities to exploit them. A popular example of the consequences of unpatched software is the Equifax data breach. Equifax used third-party software for a consumer-based service (credit disputes) and were notified by the company that a security vulnerability existed. Just two months later, Equifax still hadn’t patched the software and cyber criminals gained access to internal servers containing customer data. Nearly 150 billion of Equifax’s U.S. consumer base was compromised. The unpatched security vulnerability ended up costing Equifax more than $500 million which includes their settlement to mitigate the damages caused by the incident.

Here are five tips for addressing unpatched security flaws:

The obvious first thing you should do is make sure all security patches are applied. According to a report published by Project Zero, a group of Google security analysts, 25% of the 0-days detected in 2020 could have been prevented by patching software.

Keep an eye on critical security vulnerabilities that may impact third-party organizations that have access to your network. One of the regular activities of the Cybersecurity and Infrastructure Security Agency (CISA) is to publish a list of Current Activity related to “high-impact types of security” that affect the U.S. While the listing includes basic information, vulnerabilities requiring software updates are most prevalent.

Patching software can be a tedious task, especially when you have multiple systems to update. Consider using a patch management tool that allows you to remotely deploy a software update to several systems at once from an interface that you can set up with your organization’s specifications.

If your organization is concerned about potential problems that a software update can cause, implement a patch evaluation process that consists of first testing patches on non-critical systems and monitoring the final deployments for any disruptions.

Another option for automating your patching efforts is to consider a cloud patch management service. These services usually consist of scanning systems for known vulnerabilities and deploying software updates, as necessary.

2: Inadequate Access Controls

You should know all the people, devices, and systems that are able to access your network and implement adequate access controls. How important is controlling access to your critical data? The notable Capital One security breach is an example of what can happen when there are insufficient access controls. A singleton cybercriminal (eventually discovered to be a former Amazon employee) was able to gain access to their server hosted by Amazon Web Service (AWS). The criminal obtained personal information for more than 100 million Capital One customers. Capital One estimated that recovering from the incident would cost the company about $150 million.

Implementing adequate access controls not only protects your organization from external intruders but also internal malicious attacks. According to recent research performed by Ponemon Institute LLC that was based on interviews of IT security professionals around the globe, insider breaches cost organizations as much as $871,686 and has tripled in frequency since 2016.

The following are five ways you can improve access to systems and data within your organization:

Create an inventory list of all the employees, resources, and data in your organization that have access to the network. Determine the level of access each of these requires. For example, specific individuals in a financial department require access to the company’s accounting information.

Develop an access control policy that specifies the employees and resources that are granted access to critical systems and data. Make sure you store the information in a safe place.

Implement an authentication system that verifies the identity of employees accessing critical data. To complement this step, consider investing in monitoring software that analyzes access to your network for unusual activity.

Prohibit employees or third-party vendors from connecting to your organization’s network using unsafe public Wi-Fi networks. As an alternative, consider implementing a virtual private network (VPN), which uses an encrypted virtual tunnel to connect to a network, for remote access users.

Hopefully, you already backup all data to a central server or cloud service and all employees know to use strong passwords. In case a system or device that is used to connect to your network lost or stolen, consider installing software on these systems that is capable of remote access that allows you to locate it and prevent unauthorized access to its data.

3: Human Error

If your organization’s cybersecurity plan is focused primarily on protecting the network from outside intruders, you likely have a critical weakness in your system. According to a Verizon Data Breach Investigations Report (DBIR), 34% of the more than 40,000 security events they analyzed were committed by internal actors. There are many data breaches that have exposed the importance of addressing human error. In September 2020, the U.S. Department of Veterans Administration (VA) suffered a security breach due to cyber criminals obtaining access to a financial system used by the organization. In addition to attempting to divert funds from the VA, the cyber criminals were able to access the personally identifiable information (PII) of nearly 50,000 veterans. Modifications to how the VA performs its financial operations are projected to cost $2.5 billion. The VA security breach highlights the consequences of social engineering. The cybercriminals were able to access the VA system using social engineering to trick employees into providing their credentials.

The types of social engineering include smishing (phishing via phone calls or text messages), harpooning (phishing by impersonating executives and using information from social sites), deepfakes (editing a legitimate video or voice clip for the purpose of acquiring personal information), and vishing (impersonation via phone calls or voice message).

The following are five tips for addressing human error in your organization’s cybersecurity plan:

Continuously train employees about social engineering, including, how to identify and report suspicious email, neglecting to provide personal information requested via email, and refraining from clicking a link in an email unless you are 100% sure it is from a legitimate source (contact the sender via phone or other means besides email to confirm).

Use network and email security solutions such as firewalls, antivirus software, antimalware software, anti-phishing solutions, and email spam filters.

Implement a multifactor authentication (MFA) system to add an additional method of validation.

Use SSL digital certificates to encrypt all data flowing to and from your network.

Create an accepted list (also referred to as a whitelist) of applications and email addresses that employees can access. Review this list regularly and make any necessary changes.

Next Steps

Hopefully, the FireEye data breach mentioned earlier doesn’t cause you to relinquish the quest to fix the problems with your organization’s cybersecurity. While such custom cyberattacks occur, they are not the most prevalent. Practicing due diligence and fixing cybersecurity problems that are impacting your organization will strengthen your defense system and help to prevent security incidents that can negatively impact your business and the relationships with your customers. If your cybersecurity team doesn’t have the resources to fix the critical problems mentioned above, it’s a good idea to partner with an experienced cybersecurity team to ensure all the cybersecurity problems impacting your organization are addressed.

BACS is a team of consultants with a full range of IT security experience. We are equipped with the tools necessary to perform comprehensive infrastructure analysis to determine where vulnerabilities exist and develop a comparable plan to resolve the issues and establish a robust foundation. We also offer assistance with developing a thorough cybersecurity training program to educate employees and help fix security issues associated with social engineering.

Multi-Factor Authentication

Increasing Security with Multi-Factor Authentication

By | Data Protection, Security

Multi-factor identification (MFA) involves additional security measures required when logging in to an online account. While it is true that every website requires the user to sign in with a password, MFA adds additional security.

Indeed, a website may require two or three MFA classifications, including identification via a face scan, the user’s voice, or optical recognition. Alternative MFA types include bank cards, keys, and secret tokens. For instance, an ATM user has a debit card combined with a Personal Identification Number (PIN).

Bank and investment websites use MFA technology to protect account owners from hackers. You have most likely already used MFA software to log in to your online checking account or other financial services firms when you provided numerical codes in addition to your passwords. A Multi-Factor Authentication verification works as follows:

  • MFA software calls the phone number associated with your account.
  • MFA software may send your cell phone a verification text instead of a phone call.
  • You answer your phone and receive a numerical code.
  • Alternatively, you may receive the code via a text message.
  • Next, you enter the code into your online account via the website or an app.

A website views your phone as a trusted device. Consequently, receiving the code on your cell phone or landline phone indicates that you are not an impersonator attempting to hack into someone else’s account. MFA might also use your fingerprint as a form of identification. If you lose or forget your password, MFA is sometimes used to verify that you are the authentic account owner. Once verified, you can proceed to change your password.

Websites may require users to answer several security questions before they can access their accounts. Nevertheless, answers to security questions do not constitute the most secure types of MFA authentications.

 

Why is MFA Needed?

MFA is needed to ensure that both the small business owner and the consumer receive protection from people who want to steal identities or funds. MFA requirements protect small businesses from having to deal with identity theft issues. Furthermore, MFA provides an invisible protective wall surrounding the user or account owner. Think of MFA as a moat that defends your account from the malicious intents of ne’er-do-wells.

Unfortunately, hackers get their entertainment from observing users who choose weak passwords. MFA is needed because people often choose insufficient passwords that are too short or lack sufficient letters, numbers, and characters. In addition to selecting an inferior password open to security breaches, a user may enter the identical password on 100 different websites.

Using the same password numerous times can send alert signals to potential hackers. Hackers delight in finding users who continue to use the same passwords for months or years. Many users continue to use the same passwords for multiple applications and store them in insecure locations. Using software to store passwords also presents problems. Using a password manager to store one or more passwords is not always a good idea because of possible security vulnerabilities.

 

What are the advantages of using MFA?

If you manage a small business, you may think it unnecessary to ask customers for MFA authentications. You may worry that your clients will regard receiving and entering numerical codes as heavy burdens on their time and patience. Nonetheless, your customers will thank you if your requirement to use MFA software results in protecting their identities and accounts. Benefits of using MFA software include:

  • Providing clients with additional account protection
  • Protecting a business by offering clients ways to defend themselvesdata-security
  • Preventing a breach of trust
  • Keeping clients happy because they feel secure

Using MFA technology as additional security measures can protect businesses, customers, and employees from hackers. Gaining access to valuable information, an accomplished hacker can wreak all kinds of havoc for everyone involved in the attack.

Hackers can steal medical records, social security numbers, and physical addresses. While the mere thought of a hacker gaining access to confidential account information may send shivers up and down your spine, your use of MFA technology can help prevent this type of situation from taking place.

 

What are the disadvantages of using MFA?

An account owner may not want to spend additional time verifying their account. It is already somewhat of a nuisance to enter a username and password for verification purposes. Receiving an email, voicemail, or text with a numerical code is an extra burden. Plus, the person then needs to take the time to enter the code before they can access their account.

A user may receive the dreaded message implying that the website does not recognize their computer. Lack of recognition may result from using a junk file cleaner. While deleting unnecessary information, a private usage data cleaner may also eliminate a trusted site verification. An updated browser can also cause a website to require additional identifiable information from the user.

A person may not have their phone within proximity. Perhaps someone recently stole the person’s mobile phone. If MFA requires receipt of a unique code via a voicemail, this can cause an issue. In this case, a user will not have the ability to access their online account.

MFA software is not 100% foolproof. A hacker can figure out how to mimic a person’s voice or even their iris. Yet utilizing MFA technology makes common sense because the authentication adds extra security.

 

How does MFA work?

Multi-Factor Authentication occurs when a person wants to log in to their online account. A one-time password (OTP) is a common requirement before an individual can access their online data. The code only works for a short time. Once the allotted time expires, the user will need to obtain a new OTP and enter it into the website.

A website that does not require the user to enter an OTP may ask the person to answer one or more security questions. As stated earlier, security questions are not foolproof because a hacker may have the ability to ascertain the correct answers.

Another method involves recognizing a person’s trusted device. In this scenario, the individual would have already granted the website permission to use the same cell phone or computer. Providing ample evidence constitutes the best way to describe how MFA works. A person who provides two or more pieces of evidence demonstrating correct identification can access their online account.

Even though requiring the use of MFA may cause a person to have a minor inconvenience, the benefits far outweigh any disadvantages. Scrambling to find a cell phone to obtain a numerical code is worth the slight hassle if it means protecting the person from identity theft.

Small businesses benefit from using MFA software because the authentication method offers extra protection for their clients, resulting in satisfied customers. Every business owner knows that keeping a customer happy is a vital aspect of growing a company.

Business owners should familiarize themselves with Multi-Factor Authentication software before they choose a system. It is useful to determine if they can get support and whether the software is easy to use. Providing clients with an extra measure of safety, a small business owner has the satisfaction of going the extra mile for their customers.

cybersecurity trends

TECH TALK: 7 Trends You May Have Missed About Cybersecurity

By | Data Protection, Security

At any given point in time, there are numerous trending topics in cybersecurity. Change is one aspect of technology that we can always depend on, and that’s a good thing. We’re able to do more in less time than ever before. Of course, advancements in technology goes together with the cybersecurity landscape. As someone who has a key role in IT, keeping up with changes in technology and cybersecurity should be a routine task. However, there trending topics that are just beginning to emerge that you may not yet be aware of.

Here are seven cybersecurity trends you may have overlooked:

1: Bring Your Own Device (BYOD)

2: Internet of Things (IoT) Devices

3: Fifth Generation (5G) Technology

4: Social Engineering

5: Bitcoin Ransomware

6: Smart Contracts

7: Insider Threat

New call-to-action

1: Bring Your own Device (BYOD)

 

BYOD programs that allow employees to use their personal devices to access business assets on the job have been accepted by IT programs for a while now. They can be a bit unwieldy in terms of control, but the benefits to production and costs are difficult to ignore. Unfortunately, the security concerns are increasing. The main concerns with allowing personal devices to access a corporate network is that IT personnel are usually not aware of their connection to the network, there is usually minimal security features, they are easily stolen or misplaced, it is difficult to control how employees use them (they can easily download apps).

History has proven that the concerns listed above are serious. In 2017, the cryptocurrency firm Bithumb experienced a data hack that was traced to an employee’s home PC. That data breach exposed the personal information of 30,000 of the Korean company’s customer base.

If your organization supports a BYOD program, you can mitigate your risk by first developing a policy that outlines the requirements for use in the organization. It is a good idea to add controls to your organization’s Wi-Fi. These are often easily accessible by anyone who knows the password. There should be an acknowledgement before a device can connect to the organization’s corporate network. This could consist of requiring employees to register any device they want to connect to the network and implement security safeguards such as multi-factor authentication. You might also consider implementing a Mobile Device Management System (MDM) that functions like a global positioning system (GPS). These toe a fine line to privacy infringement, but there are MDM systems available that are less invasive.

 

2: Internet of Things (IoT) Devices

 

Wikipedia defines Internet of Things (IoT) as a “network of physical objects—’things’—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet.” While IoT devices include many of the popular smart devices that individuals use on a regular basis (watches, fitness trackers, alarms, biometric scanners), there is a growing use of these by organizations. For example, the healthcare industry uses IoT-connected sensors to improve the services they provide to patients.

The main security concern for IoT devices is the amount of data that is shared among interacting devices. According to a report by KPMG, 84% of IoT adopters have experienced a security breach. The advisory and audit firm offers the following three best practices for securing IoT devices:

  • Asset management – know the devices that connect to the organization’s network and the path they travel once they are outside the organization’s network.
  • Device Security – In addition to granting only authorized users access to business data using IoT devices, make sure these devices are protected by antivirus and encryption software, are kept updated with the lasts security software, and are monitored for suspicious activity.
  • create a vulnerability management program – “identify and fix weaknesses with a device”

 

3: Fifth Generation (5G) Technology

 

The growing use of IoT is stressing our mobile capabilities. The good news is fifth-generation wireless technology has arrived! Just as with its predecessors, this advancement in mobile communication offers faster download speeds, decreased latency, and more network capacity. The transition to 5G is just beginning and is predicted to reach full evolution by 2022.

Many of the cybersecurity risks associated with 5G networking will be addressed through the network’s builders. However, there are more responsibilities of IT departments. The increase in bandwidth that 5G provides also increases network monitoring tasks for IT departments. With data traveling much faster on the network, new strategies for monitoring the traffic will be necessary. 5G also transitions from a network that is based on hardware switching to one that relies on software digital routing. IT departments that are unable to keep up with the 5G advancements can expect an increased threat of distributed denial-of-service (DDoS), man-in-the-middle (MiTM), and botnet attacks.

 

4: Social Engineering

 

According to Verizon’s 2019 Data Breach Investigations Report, social engineering threat actions in data breaches have increased significantly more than any other type of threat in the past seven years. In the past, phishing (pretending to be someone else to persuade an individual to disclose their personal information) has been the most used form of social engineering.

The social engineering threats that are trending now include the following:

  • Smishing – Phishing via phone calls or text messages
  • SIM Swap – Fraudulently switching another individual’s mobile account information to gain access to bank and credit card accounts
  • Harpooning – Phishing by impersonating executives and using information from social sites
  • Pharming – Fraudulently installing malicious code on a PC or server. The code redirects any click to another fraudulent website without the user’s consent.
  • Deepfakes – Editing (using advanced AI technology) a legitimate video or voice clip for the purpose of acquiring personal information.
  • Vishing – impersonation via phone calls or voice message

Hopefully, your organization has already implemented email safeguards to detect and block suspected phishing communications.

Social engineering involves human interaction. The best safeguards are educating employees about the different types of social engineering tactics and how they should be cautious before responding to any type of communication, even if it appears to be from someone reputable. If possible, employees should use an alternate method to verify suspicious communications.

 

5: Bitcoin Ransomware

 

Using malevolent software for the purpose of blocking access to another’s system and requiring payment to unblock it is referred to as ransomware malware, or ransomware for short. This type of attack is often carried out by someone clicking a bad link that installs the ransomware on the system. The sophistication of the ransomware can vary. The most advanced types use encryption to prevent access to systems or files and require a decryption key. The latest form of requested payment for ransomware attacks is bitcoin because it is a digital currency that is quickly exchanged.

Ransomware is a serious problem. This was highlighted with the 2017 WannaCry ransomware attack that involved computer systems all over the world that had not applied a Microsoft software patch. Unfortunately, the trend is continuing. The most significant ransomware attacks as of June 2020 cost the victims more than $100 million to recover from the incidents.

Network and security monitoring software maker NetFort recommends the following five tasks to protect and recover from ransomware attacks:

  • Back up your data regularly
  • Make sure all systems that connect to the network have the most recent security updates
  • Implement anti-intrusion detection systems
  • Monitor network traffic for unusual activity
  • If a system is infected with ransomware, disconnect it from the network immediately and rebuild it

 

6: Smart Contracts

 

Blockchain, the technology that powers bitcoin, is being used in a variety of methods of exchange. Smart contracts are one of those. A smart contract is a daisy chain of encoded actions that are saved within a blockchain and digitally self-executing without the assistance of a third party such as a bank or attorney. Smart contracts are gaining popularity because of their transparency, speed, permanency, and non-editable characteristic. Although smart contracts are inherently secure (the data they contain are encoded), they are comprised of program code that is susceptible to vulnerabilities. The main security concerns with smart contracts are access control and undiscovered bugs in their programming code. One of the most newsworthy incidents occurred in 2017 when the code of a multi-signature wallet was exploited by a user by accident. The incident caused users of the wallet to lose more than $280 million because they were unable to withdraw funds from the digital wallet.

The best way to mitigate your risk with smart contracts is to:

  • Make sure the smart contract is 100% encoded (every record from start to finish). Access via private key should only be distributed to specific users.
  • Don’t lose your private key! Even better, your organization should consider engaging in smart contracts that use multi-access so that there is more than one point of failure.
  • Ensure the underlying code is bug free. This means to test, test, and test some more to make sure there are no vulnerabilities that malicious actors could take advantage of.

 

7: Insider Threat

 

An unfortunate trend that is increasing is that people who have or previously had legitimate access to an organization’s data may intentionally or unintentionally cause destructive actions. Insider threat occurs through multiple methods. An example of the significant damage an insider can cause is the ex-Cisco employee who caused $1.4 million in damages. The criminal left the company in 2018 and shortly thereafter installed malicious code from his old Google Cloud Platform account and subsequently deleted the nearly 500 virtual machines hosted by Cisco WebEx applications. Within two weeks, 16,000 WebEx accounts were deleted. In this case, the ex-employee somehow managed to maintain his access to Cisco’s cloud infrastructure after he left. It is not known how.

The Insider Threat Mitigation Guide  published by the Cybersecurity and Infrastructure Security Agency provides the following tips for establishing an effective inside threat mitigation program:

  • Identify and focus on those critical assets, data, and services that the organization defines as valuable
  • Monitor behavior to detect and identify trusted insiders who breach the organization’s trust
  • Assess threats to determine the individual level of risk of identified persons of concern
  • Manage the entire range of insider threats, including implementing strategies focused on the person of concern, potential victims, and/or parts of the organization vulnerable to or target by an insider threat
  • Engage individual insiders who are potentially on the path to a hostile, negligent, or damaging act to deter, detect, and mitigate

 

Conclusion

 

Is your IT department equipped to address the emerging cybersecurity threats? If you’re unsure, now is the time to determine your level of vulnerability and implement the necessary safeguards to ensure your organization’s assets are fully protected.

If you require assistance with assessing your needs and implementing the “right” IT security solutions for your organization, BACS can help. We are an experienced team of IT service professionals that work closely with clients to assess, develop, and implement security solutions that offer an ideal level of protection.

The Anatomy of Great Cybersecurity

The Anatomy of Great Cybersecurity

By | Data Protection, Security

If security professionals were asked to define the anatomy of great cybersecurity, it would likely be significantly different than a few years ago. IT departments are allocating more resources to improve their cybersecurity outlook. This is due in part to the large number of security breaches that have exposed critical data. The developers of the  Norton anti-virus software report that of the 3,800 publicly disclosed security breaches reported in the first six months of 2019, a record number of 4.1 billion records were exposed (more than a 50% increase over 2018 for the same time period). There is probably a lot more that are not publicly disclosed. While there isn’t a single “right” way to implement a cybersecurity strategy, there are areas of importance in which you should direct your focus.

Here are three key tale-tale signs of effective cybersecurity:

1: Leadership Buy-In

2: A Comprehensive Cybersecurity Framework

3: Security Awareness

Leadership Buy-In

As a security professional, your ideas about the best cybersecurity strategy for the organization are important to leadership (typically includes the board of directors, executive team, and security officers and managers). The weight that an organization places on cybersecurity begins at the top. This is because the top executives usually have the final authority to approve the cybersecurity budget that is appropriate for an organization’s needs. However, it’s not enough that you have the knowledge and a good picture of your organization’s cybersecurity stance. You must also effectively communicate this information to leadership, often for the purpose of persuading them.

Here are ideas to help you communicate your cybersecurity plan to leadership and obtain their buy-in:

  • Focus on providing metrics instead of explaining technical jargon.
  • Outline your recommendations. Make sure you provide multiple effective options that vary in cost. Explain the pros and cons of each option.
  • Explain how increasing the cybersecurity budget fits in with the organization’s goals. Focus on revenue cost savings, ROI, and customer satisfaction.
  • Emphasize any weaknesses that your analysis or an expert’s assessment has uncovered and the potential threats that your organization could become victim to if the weaknesses are not addressed.
  • Highlight security breaches of organizations that are similar to yours and the devastating results. If your organization isn’t one of the top organizations that are threatened most often (financial, healthcare, manufacturing, or government), leadership may not worry about security as much. Do your research and point out an organization that is similar to yours that has experienced a devastating breach. For example, if your organization is a gaming company, you could point out the data breach of mobile gaming producer Zynga that resulted in 218 million records of customers (the largest data hack of 2019).

Once you’ve prepared your list of ideas, make sure you also prepare answers to questions that leadership may have. Think of the pros and cons of the ideas you present to them and any other questions that may come up. It’s also a good idea to communicate with other cybersecurity professionals who have successfully obtained leadership buy-in and how they obtained it.

New call-to-action

A Comprehensive Cybersecurity Framework

A cybersecurity plan must address the methods of protecting information assets. Since this involves a variety of components, a comprehensive cybersecurity framework is the best choice. When you are considering your framework, you should focus on how you want to handle potential threats. You want a framework that helps you understand your organization’s needs (assessment and analysis), provides components for implementing and managing risk controls and enables you to continually monitor your progress.

When you are considering the cybersecurity framework to implement in your organization, you should also check if there are any regulations specific to your organization or industry. An example is  the Healthcare Insurance Portability and Accountability Act (HIPAA) that provides security requirements for healthcare organizations.

To implement a comprehensive cybersecurity framework, you will likely combine multiple systems and controls. Here are five notable cybersecurity structures that are available for organizations:

 

National Institute of Standards and Technology (NIST) Cybersecurity Framework

This framework was developed specifically for organizations that manage critical systems in the United States but identifies five elements that any organization can use for managing and mitigating their cybersecurity risks. The five elements include Identify, Protect, Detect, Respond, and Recover. NIST provides the framework as downloadable files from their website. They also provide additional resources.

 

Center for Internet Security (CIS) Controls

These 20 controls are prioritized best practices that CIS has developed to help organizations prevent cyber attacks. The controls are prioritized as basic, foundational, and organizational and are downloadable in their entirety in PDF or Microsoft Excel format. CIS provides information for implementing the 20 controls as well as other cybersecurity resources on their website.

 

Information technology — Security techniques — Information security management systems — Requirements (ISO/IEC 27001)

This compliance specification, which provides requirements for managing information management systems (IMS), was officially adopted into the International Organization for Standardization (ISO) in 2005 and has been modified over the years to address the advancements in cyber threats. Organizations can choose to simply follow the requirements or request an audit to become ISO 27001 certified. Meeting these requirements can help organizations develop a cybersecurity framework. Companies that meet the rigorous requirements can choose to request an audit to become ISO 27001-certified organizations. This is an added benefit that provides proof to leadership, customers, and partners that a company has met a high standard for cybersecurity and is serious about protecting its information assets.

 

Federal Deposit Insurance Corporation (FDIC) Cybersecurity Framework

In 2016, the FDIC announced this framework to provide guidance to banking organizations for mitigating cyber risks that are specific to the industry. According to a report by the Keeper Security firm, of the thousands of IT professionals they surveyed, two-thirds of the financial organizations experienced cyber-attacks. This framework identifies four areas of focus to reduce cybersecurity risks: Corporate Governance of Cybersecurity, Threat Intelligence, Security Awareness Training, and Patch-Management Programs.

The FDIC also lists other cybersecurity resources on their website. In January 2020, the FDIC issued the Joint Statement on Heightened Cybersecurity Risk document to “remind supervised financial institutions of sound cybersecurity risk management principles.” The document outlines six areas of focus: Risk Management, Identity, and Access Management, Network Configuration and System Hardening, Employee Training, Security Tools and Monitoring, and Data Protection.

 

Plan-Do-Check-Act (PCDA) Methodology

Wikipedia defines PCDA as “an iterative four-step management method used in business for the control and continuous improvement of processes and products.” It was part of the ISO 27001 compliance standard for many years and has been incorporated in a variety of other cybersecurity frameworks. Organizations can use this system to improve their security implementation by using four steps: Plan, Do, Check, and Act.

Security Awareness

Security awareness refers to the ability to identify a potential threat and take appropriate action to alleviate it. An effective cybersecurity strategy would be incomplete without a plan for establishing awareness in employees. According to a study by the information security firm Shred-It, employee negligence poses the greatest information security risk to organizations. If employees in the organization do not understand security risks and make bad choices, leadership buy-in, and implementing a comprehensive cybersecurity framework will have a limited effect. Creating an environment characterized by employees having security awareness involves providing employees the information they need to understand the cybersecurity landscape and educating them on the behavior that is best in that landscape.

The following are the ways your organization can increase security awareness:

  • Develop a training program that identifies the types of cybersecurity threats and provides best practices for preventing security issues (recommended behavior when using email, social media, and company assets). The training should be mandatory for all employees and should be repeated and updated on a regular basis.
  • Make security policies (part of your cybersecurity framework) easily accessible by employees. Adding hardcopies to new hire packages is a good idea.
  • Send regular reminder notifications about cybersecurity best practices via email and text messages.
  • Hang up posters and security reminders in common areas of the organization.
  • Incentivize good employee behavior. For example, reward an employee that comes across a potential phishing email and performs the steps outlined in the training manual or security policy.

Next Steps

Developing and implementing an effective cybersecurity strategy can be a daunting task. Not only does it require resources, but it also requires an understanding of your organization’s needs in relation to the current cybersecurity environment. Developing an effective cybersecurity strategy shouldn’t be a singleton task. Engage your security team and other members of the organizations to perform specific tasks. If you decide to reach out to a security firm for assistance, choose one that is experienced in all facets of cybersecurity.

BACS specializes in providing a full spectrum of IT services to companies of all sizes. They can help you assess your security requirements and develop the most effective strategy to mitigate your organization’s security risks.

data protection - IT security services

TECH TALK: 3 Steps to Developing an Effective Cybersecurity Strategy

By | Data Protection, Security

Has the task of developing an effective cybersecurity strategy landed on your To-Do list? As the average worldwide cost of a data breach is estimated as $3.92 million (from The Cost of a Data Breach Report for by Ponemon Institute), it’s an important responsibility for all organizations that manage digital data. A cybersecurity strategy can be defined as a set of policies that outline your organization’s plan for mitigating the cyber risks to its assets. The key then to creating an effective strategy is aligning the plan to the specific needs of your organization. You can scour the Internet for a model to use for your organization’s strategy, but know that for it to be effective, you’re going to have to make it very personal to your organization. How do you do that?

Here are three basic steps:

1: Define Your Threats

2: Inventory Your Assets

3: Outline Your Protection Measures

New call-to-action

1: Define Your Threats

The first step of developing a successful cybersecurity strategy is to identify the threats to your organization. If you’re not sure what the threats are, consider the general threats to all businesses, threats common to your industry, and the threats that are currently gaining momentum.

  • General Cyber Threats to Your Business

The technology company Cisco acknowledges the following six types of cyberattacks:

Malware

Malware, formally known as malicious software, refers to a group of computer software that cybercriminals design to gain access to a system and cause havoc, usually in the form of damaging or disabling the system. The most common types of malware are adware, ransomware, viruses, worms, and spyware.

Phishing

Cybercriminals use phishing attacks to obtain sensitive data such as social security numbers, credit card numbers, and passwords. This type of attack occurs via email or any other means of digital communication.

Man-in-the-Middle (MitM)

Just as it sounds, a MitM attack occurs when a cybercriminal gets in the middle of an exchange of data between two parties, such as a computer and a server, for the purpose of performing malicious acts.

Denial-of-service

One of the most dangerous types of threats to businesses is a distributed denial-of-service attack. A cybercriminal commits this threat by gaining access to a system, often by exploiting a vulnerability, with the goal is to overload it to the point of blocking people (your employees and/or customers) from accessing the system.

SQL injection

A SQL injection attack refers to malicious SQL code that is created to access and cause havoc to a vulnerable SQL database.

Zero-day exploit

A zero-day exploit is a cyber threat that is designed to exploit a vulnerability that has not yet been discovered and patched by the designer.

DNS tunneling

The domain name system (DNS) protocol is a legitimate method of exchanging data across the Internet. Cybercriminals can manipulate the DNS protocol to create a path or “tunnel” for infiltrating a network and exposing sensitive data.

 

  • Threats to Your Industry

You should also consider cyber threats that are specific to your organization’s industry. The following are common industries and the threats that they often face.

Financial

Organizations that handle financial transactions are big targets for cyber criminals. Insight, a cyber intelligence company, reported findings of  that malware attacks in 2019 were targeted more often in a specific area—financial institutions (25.7 percent). Malware isn’t the only threat to these organizations. According to a report by technology consulting firm Mindsight, the top three cyber threats to the financial industry are web application attacks, DDoS attacks, and backdoors and supply-chain attacks.

Healthcare

Healthcare companies are a common target for cyber criminals because of the large amounts of personal data they manage. The Fact Sheet of the Cybersecurity Act of 2015 lists the following as common threats to healthcare organizations: Ransonware, email phishing attacks, loss or theft of equipment or data, internal, accidental or intentional data loss, and attacks against connected medical devices that may affect patient safety are common threats to these industries.

Government

The IT systems of governmental organizations, federal agencies in particular, are responsible for managing critical infrastructures and are often targeted by cyber criminals. According to the U.S. Government Accountability Office, the Department of Homeland Security received more than 35,000 security incidents reports from federal executive branch civilian agencies in 2017. Of those incidents, the largest number (31%) were from an unidentified source. The remaining incidents were from improper usage (22%), email/phishing (21%), loss or theft of equipment (12%), web-based attack (11%), multiple attack vectors (2%), and attrition, external/removable media, and physical cause made up 1%.

Manufacturing

The infrastructures that are critical to keeping countries moving smoothly require manufacturing operations. Cyber criminals know this and have been increasing their threats on this industry. According to a study by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) nearly 40% of the surveyed manufacturing companies were affected by cyber incidents in the prior 12 months, and 38% of those impacted indicated cyber breaches resulted in damages of $1 million or less.

The National Institute of Standards and Technology (NIST) identifies the following threats to manufacturing: Identity theft, phishing, spear phishing, spam, and compromised webpages

 

  • Trending Threats

As the world changes, we see old cyber threats improve and new ones emerge. Sometimes, we see threats increase on the radar of cyber intelligence trackers because of specific events. In 2020, for example, the COVID-19 global pandemic was associated with the following three significant cyber attacks, as reported by MonsterCloud:

Corporate ransomware attacks

Large corporations are often the target of ransomware attacks. During the COVID-19 pandemic, cyber criminals have been threatening doxware (extortionware), which is a type of ransomware that involves a cyber criminal threatening to sell or publish sensitive data.

Research and vaccines

As companies are in the midst of developing a vaccine for COVID-19, cybercriminals are increasing their attacks to obtain information to sell to other companies and governments wanting it.

Social engineering (Twitter)

In the summer of 2020, a teenage hacker managed to scam high-profile Twitter users out of more than $100,000. He was arrested, but not before obtaining $100,000 from his victims.

An additional threat that many companies neglect to acknowledge is within their organization. In the article “The Biggest Cybersecurity Threats Are Inside Your Company” , insider threats account for 60% of all threats to an organization.

2: Inventory Your Assets

Once you understand the threats to your organization, you should then understand your assets that could be threatened. The plan you develop will be effective only if you understand the assets you need to protect. The best way to learn this information is to perform an inventory. The National Initiative For Cybersecurity Career and Studies (NICCS) defines an asset as “A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.”

Here are a few examples of common assets within an organization:

  • Data that flows through your organization. This includes personal data (sensitive data about employees, vendors, and third-party companies and the work data the organization obtains or produces.
  • Physical assets or endpoints that employees use connect to your organization’s network.
  • Network that employees connect to.
  • Infrastructure resources such as databases and servers that store your data.
  • Software that employees use in the company (note the identifying information as well as dates).

A simple spreadsheet is a good way to manage the assets, but it shouldn’t be a laundry list of your assets. You should include details that help you determine the critical value of the asset. This includes adding information about its intended use, how it is accessed, by whom is it accessed, and an assessment of its value. You should devise a system for noting those assets that are critical to the business.

3: Outline Your Protection Measures

Once you understand the threats to your organization and the most critical assets you need to protect from those threats, you are ready to specify how your organization plans to protect its assets from cyber threats.

The following are examples of types of cybersecurity protection methods referenced in an effective cybersecurity strategy:

  • Training to develop cybersecurity awareness among all employees.
  • Security policies for every type of asset (examples listed below):
    • Perimeter security such as network security includes firewall and anti-virus protection, and encryption
    • Endpoint security that protects the systems that connect to your network
    • Application security methods such as sandboxing and encryption
    • Password security that requires employees to use strong passwords
    • Email security measures such as multi-factor authentication and email security gateway protection
    • Remote access security measures such as virtual private networks (VPNs) and end-to-end encryption
  • Insurance that protects your organization from liability should you suffer a cyber attack

Next Steps

The information presented above will help you develop your cybersecurity strategy. Keep in mind that your cybersecurity strategy is not a document that you develop and forget about. It should be a dynamic document that you revisit often to ensure it is up to date.

Seeking the assistance of a cybersecurity expert is a good plan of action to ensure that your cybersecurity strategy addresses all the needs of your organization. BACS is an IT services company that partners with organizations to help them solidify effective security strategies that are based on in-depth analysis.

data protection - IT security services

Reaping the Benefits of Proactive Data Protection

By | Data Protection, IT Support, Security

The rapid proliferation of digital technologies offers businesses vast potential for expansion and innovation, but it also creates a host of new security risks. As the growth in the number of connected devices continues to accelerate, one major challenge is determining the optimum level of security for certain types of data. Some assets require minimal protection while others may need more robust security measures.

Data breaches represent the most immediate need for effective enterprise data protection. Better protection means better compliance and reduced monetary losses and less risk of reputational damage. Improved security processes are also critical for emerging business priorities, including digital transformation, regulatory compliance, and privacy and reporting requirements.

While building an effective data protection strategy can be challenging, the effort can deliver immense business value on multiple levels. A robust data protection and privacy plan can help build and maintain stronger customer relationships, enhance brand value, and reduce the potential for non-compliance and its associated penalties. Whether through a targeted attack or an internal security lapse, businesses are at risk for potentially crippling loss of revenue through a single data breach.

Building a strong security foundation requires advanced tools and technology and an organizational culture that not only protects data and minimizes risk, but helps improve business agility, responsiveness, and transparency. It starts with a detailed assessment of your IT infrastructure and overall security requirements.

New call-to-action
  • Assessment: First, it’s essential that you build a solid understanding of your data, including how it is stored, how it is accessed, how critical it is to your business, and the potential risks if were lost or stolen. What types of data are most vital to your business? What is the level of confidentiality of the data you manage? What are your current methods of storage and will this change in the future? What are the protocols for data access? This insight will provide the framework for defining your security requirements and shaping a solution that strikes an optimum balance between data control, protection and access flexibility.
  • Controls: The next step is to implement higher-level controls. These are enterprise data protection and security tools that will help protect data when it’s being accessed or used. Strong access control and user authentication methods help ensure only approved users can obtain access to your networks and data. Encryption is also critical to safeguard data and provide additional reinforcement barriers to network-based attacks.
  • Monitoring: At the center of a proactive strategy is the ability to record events and execute actions based on those activities. This is where ongoing monitoring can help, providing important insights that can help safeguards against gaps in application and perimeter defenses by notifying you of issues before any serious damage occurs. Automated monitoring tools track data access and usage details and provide important insight into areas of risk and vulnerability, helping to improve the likelihood that a potential intrusion will be quickly identified.

 

Implementing the right technology is critical, but it’s not the whole solution. The users who interface with IT systems must also be educated and instructed in how to perform their tasks. And, the policies and procedures that define the actions must be properly designed and consistently enforced.

While there is no silver bullet to protect against all threats, new techniques and innovative approaches to blocking malware and securing endpoints can help safeguard your digital assets without hampering productivity or mobility.  Following some proven best practice measures can help protect against a barrage of new and emerging threats.

 

  • Strengthen access controls: Once an access point is compromised, attackers will often reuse the password to gain access to other systems. Authentication will help obstruct these attempts no matter how the hacker gains access to the password.
  • Utilize encryption: Encryption helps safeguards information in transit and on the endpoint devices, preventing attackers from copying or transferring that data. For even greater protection, consider full-disk encryption, which it encrypts the complete hard drive, safeguarding the data as well as the applications and operating system.
  • Tighten controls: Application controls can help prevent prohibited users from launching or downloading applications on endpoint devices. They also help shield the network from possible security threats with their ability to block departing employees from access to critical business systems and applications.
  • Use proactive scanning. Vulnerability scans provide reports on detected gaps in security and recommendations for security patches or vendor solutions. These reports describe the types of risks found and a potential cause for each area of vulnerability.
  • Ensure business continuity. In the event of a disaster or security breach, you need to be able to recover quickly. Work with a qualified security expert to assess your current environment and develop a disaster recovery plan that safeguards infrastructure and data and protects against ongoing threats
  • Monitor lifecycles. Network monitoring tools can help confirm the health of software and firmware throughout system startup, operation and during sensitive upgrade periods. Software updates and security patches should be delivered automatically by default.
  • Implement advanced threat detection. Advanced detection techniques, including machine learning and analytical tools, can help identify irregularities and weaknesses in ways that aren’t possible with traditional network security These tools analyze that data in real time to correlate events and spot individual anomalies or patterns of behavior that may indicate a security breach.
  • Define policies and procedures. Usage policies define what behaviors are and aren’t acceptable. Work with your internal team to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market.

As cybersecurity becomes more complex, many organizations lack the resources or knowledge they need to mount an effective defense. That’s where working with an experienced security expert can play a vital role, helping you define your business requirements, identify data priorities, and implement a security framework that aligns with your business goals.

The good news is that with the right mix of defensive measures, smart policies and sound technology planning, achieving a secure IT environment is possible. Establishing a secure and well-protected IT environment in today’s world requires a proactive approach—assessing vulnerabilities, updating technology and security defenses, and monitoring for vulnerabilities.

This is where additional proactive measures can prove critical, providing reinforcing layers of defense as part of a comprehensive security strategy.

 

  • Create a culture in which people talk about security, and make security a clear priority. Teach users about secure online practices such as how to recognize potential threats and phishing attempt. Check their security awareness with in-house hacking attempts and interactive security activities.
  • Simplify and streamline security with solutions that consolidate authentication, encryption and advanced threat protection into a single security suite. Compared with point tools, these integrated systems require a fraction of the IT resources required to maintain effective threat protection.
  • Deploy updated anti-malware to help prevent malicious software such as ransomware and viruses from sneaking into your network, and make sure your anti-malware software is consistently updated with the latest definitions.
  • Keeping patches current―make sure your practices include automated patching to help enforce policies and keep systems up to date and enforced with the latest software patching.

 

  • Make backups of all your data and software on a storage device that is not attached to your network or computer. Confirm that all your backups are operating properly and test them on a regular basis to make sure they will perform when you need them.

Cybercriminals are constantly looking for new ways to break through your defenses, which reinforces the need to create a strong culture of security knowledge, awareness and responsiveness.

Every IT environment is different, and hackers are constantly refining their techniques. Therefore, it’s imperative that you stay up to date on the latest techniques and remain diligent in your effort to shield your business and safeguard your infrastructure from today’s relentless barrage of cyberattacks.

A comprehensive data protection and regulatory compliance strategy is no longer a flexible option, but rather a must-have plan for businesses of all sizes. Although building an effective IT security framework is a long-term process, businesses cannot afford to wait. Plans are being developed today, and proactive organizations are already taking action now to help ensure their IT environment is ready to safely and securely support the rapid proliferation of connected infrastructure and devices.

 

New call-to-action