For 2019: Focus on Outcomes

UncertaintyAs we close out 2018, we reflect on a year that has been a bit of a wild ride.  For our customers, we clearly are leaving a period of sustained growth into more uncertain economic times. At the macro level, the economy shows competing signs of growth and contraction. Our political climate is less certain and predictable.

We Live in Uncertain Times

Economies and business climates vary by region. Taking a look at a non-scientific survey of businesses in central New England (Worcester Business Journal, Central Massachusetts Economic Forecast 2019, December 24, 2019), we get a pulse of where are are and where we may be going. We also see a new way forward for small and midsize organizations looking to weather whatever stormy or calm seas may be in our future.

  • Only 35% see the economy improving in 2019, while 65% see the economy stagnating or declining in the coming year.  This is a significant change from a year ago when 65% expected the economy to improve.
  • While the number of business leaders who believe the economy has improved over the past year is at 77%, the number of those uncertain of our current economic health more than doubled from 7% for 2018 to 15% for 2019.
  • On the positive side, the number of business leaders expecting to hire additional staff in 2019 jumped to 49% from 40% a year ago.
  • At the same time, 72% of those surveyed are “very concerned” about finding qualified talent to hire, a major increase from only 50% of hiring employers a year ago.

In short, we see the economy as having improved over the past year, but are uncertain what course it will chart in 2019.  Many of us plan on growing but are concerned about being able to find, hire, and retain the right people.

Charting a Course

Economic uncertainty can, and sometimes should, cause us to pause and re-evaluate our plans. We often see businesses reacting quickly and pulling the plug or delaying technology projects and changes. Often, these decisions make it more difficult for you to manage changes you want or need to make in order to adapt to a changing business climate. Here are some thoughts on evaluating technology decisions during changing or uncertain times.

  • Understand What is Possible
    2018 is the year in which Machine Learning, AI, and Bots came into the mainstream. These technologies can, when deployed properly, can improve operations, expand the productivity of your workforce, and mitigate operating costs.
  • Remember the Cloud
    Most small businesses have not yet fully adopted a cloud computing strategy. Cloud computing is a means to scale IT resources and costs to the size of your business without sacrificing features, capabilities, or security.
  • Focus on Outcomes
    Don’t worry about the technology, focus on the outcome. What do you want to achieve? What do you need to happen? How do you want things to be different after making a change? Understand and clearly define the endpoint, as this will drive how you define and manage the projects and changes that will get you from Point A to Point B. Let the outcome guide priorities and, subsequently, the technologies and changes needed to make a difference.
  • Balance the Quantitative and Qualitative
    Not all outcomes will have a specific dollar value.  When deciding on outcomes, consider the near-term and long-term value to your business. Employee engagement and satisfaction improves retention. Automating repetitive tasks improves productivity. Training and support improves morale and fosters innovation.
  • Consider All Opportunities
    “Cut to Survive” rarely works.  Look beyond quick hits and savings. Look for opportunities that: (1) reduce operating expenses; (2) improve team and individual productivity; (3) simplify your IT services; (4) differentiate your business in your markets; (5) help employees do their jobs better; (6) improve customer service and engagement; (7) empower team collaboration and innovation; and/or (8) help you better understand your business and the metrics that measure success.

Change, particularly in uncertain times, often come with increased risks. Deciding to invest or make changes is more difficult. Not doing anything, however, is a decision.  It is a decision to NOT actively manage how your business moves forward; it is a decision to let external forces determine your future. How you move forward may require more thought and analysis, but continue to move forward.


We are here to help!  Wondering how you can get more value from your current IT services, cloud solutions, or emerging technologies?  Contact us to schedule a complementary Cloud Advisor session. 


Drive-by Downloads

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Brute Force Attacks: What are They and How to Protect Against Them

What is a brute-force attack?

A brute-force attack is a method used by cybercriminals to crack passwords or encryption by trying all possible combinations of characters until the correct one is found. It involves using automated software that systematically tries different combinations of characters until the password or encryption key is discovered. Brute-force attacks can be successful if the password is weak or if the encryption key is short. They can also be time-consuming and resource-intensive for the attacker if the password or encryption key is long and complex. To prevent brute-force attacks, it’s important to use strong passwords, enable multi-factor authentication, and use encryption methods that are difficult to crack.

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

How to prevent brute force attacks

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Revisit the four pillars of cloud security, and make sure you fully understand the most important strategies for protecting from brute force attacks.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

FAQs

How common are brute force attacks?

Brute force attacks are one of the most common types of cyberattacks and are used by attackers to gain unauthorized access to user accounts, servers, or other systems. The frequency of brute force attacks depends on various factors, including the target system’s popularity, the type of authentication mechanism used, and the complexity of the password or encryption key. For example, systems that use weak passwords or no multi-factor authentication are more vulnerable to brute force attacks. According to a recent report by Akamai, brute force attacks accounted for more than 30% of all login attempts on web applications in 2020. As such, it is essential to implement robust data protection and security measures to prevent brute force attacks and protect sensitive data from unauthorized access.

What are the two types of brute force attacks

The two types of brute force attacks are:

  1. Online brute force attack: In this type of attack, the attacker tries to guess the password or encryption key by repeatedly attempting to log in or decrypt data using different combinations of characters. Online brute force attacks are typically carried out against web applications or online services and are often automated.
  2. Offline brute force attack: In this type of attack, the attacker obtains a copy of the encrypted data or password hashes and attempts to crack them offline by running automated software that tries different combinations of characters until the correct password or encryption key is found. Offline brute force attacks are more time-consuming than online attacks, but they can be more successful as the attacker has more time to try different combinations of characters.

What are the signs of a brute force attack?

Here are some signs that your system may be experiencing a brute force attack:

  1. Multiple failed login attempts: If you notice multiple failed login attempts from the same IP address, it could be a sign of a brute force attack. The attacker may be trying different combinations of usernames and passwords to gain access to your system.
  2. Unusual account activity: If you notice unusual activity on a user account, such as logins from different locations or at odd hours, it could be a sign of a successful brute force attack.
  3. Slow system performance: A brute force attack can cause a system to slow down or crash due to the high volume of login attempts.
  4. Unusual network traffic: A brute force attack can generate a large amount of network traffic, which can be detected by monitoring network activity.
  5. Brute force attack tools: If you find tools used for brute force attacks on your system, such as password cracking software or script files, it could be a sign that your system has already been compromised.

If you suspect that your system is being targeted by a brute force attack, it’s important to take action immediately to prevent further damage and protect your sensitive data.


Contact us to discuss cyber threat protection best practices, and ensure you are set up properly to avoid a brute force attack in the future. The Cloud Advisory session is complimentary and without obligation.


 

Distributed Denial of Service Attacks and How to Prevent Them

What is a Distributed Denial of Service Attack?

A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted website, server, or network by overwhelming it with a flood of internet traffic from multiple sources.

An example of a distributed denial of service attack

One well-known example of a distributed denial of service (DDoS) attack happened in October 2016, when a botnet comprised of Internet of Things (IoT) devices such as cameras and routers was used to execute an attack on Dyn, a domain name service provider. The attack resulted in widespread internet outages, affecting popular websites such as Twitter, Netflix, and Reddit, among others.

The Mirai botnet overwhelmed Dyn’s servers with massive amounts of traffic, overwhelming them and causing the domain name resolution service to fail. As a result, users could not access the websites affiliated with Dyn’s service, effectively shutting them down for several hours.

The Mirai botnet carried out the attack by exploiting weak passwords and other security flaws in IoT devices, allowing the attacker to gain control of them and use them to conduct the DDoS attack. This attack highlighted the potential threat posed by unsecure IoT devices, as well as the necessity for enhanced security measures to protect against DDoS attacks.

The Challenge With Distributed Denial of Service Attack Prevention:

Cyber criminals can cripple your business without every breaching your security. By using systems and botnets, they blast garbage Internet traffic at your public IP address(es).  The Denial of Service Attack is distributed (hence the name) across many sources, making it more difficult to block.

DDOS attacks stop your Internet traffic. They block communications and access to applications and services. In some cases, DDOS attackers demand ransom payments to halt the attack.

DDoS attacks are often carried out with the goal of causing financial or reputational damage to a business or organization, or to extort money from them. They can also be used as a distraction to divert attention from other cyberattacks or to disrupt critical infrastructure.

To protect against DDoS attacks, organizations can use various techniques such as load balancers, firewalls, and intrusion prevention systems. Additionally, cloud-based DDoS protection services are available from many providers to help mitigate the effects of such attacks.

5 Ways to Stop a Distributed Denial of Service Attack:

If you’re looking for the best defense against a distributed denial of service attack, the top five techniques below can help organizations protect themselves.

  1. Move your computing to cloud services. Google, Microsoft, Amazon, and other public cloud providers build their networks to prevent DOS attacks.  They have multiple entry points and routes to their services and manage multiple layers of DDOS protections.
  2. Upgrade to “Next Gen” routers with improved DDOS protections. These routers can identify attacks and help reroute your Internet traffic around the attack.
  3. Add an alternate Internet connection.  Having a second connection can allow your network traffic to circumvent the attack or can provide a failover connection when needed.
  4. Maintain strong endpoint protection to prevent botnet malware from being installed on internal systems.
  5. Subscribe to hosted DDOS services that can route traffic around, and prevent, DDOS attacks.

Overall, it is important for organizations to implement a multi-layered approach to DDoS protection, using a combination of strategic services and techniques to ensure maximum protection against DDoS attacks.


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


This post is part of our Cyber Threat Series.