Dark Web Security Risks and Dangers

/in

Dark Web Risks: Threats to Be Aware of, and How to Protect Yourself and Your Business

We offer a monitoring service for dark web risks.  In August, we received alerts for more than 40% of the companies we monitor about dark web risks and danger.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach. Learn about the dark web threats to be aware of, and learn what strategies you can implement to protect yourself, as well as your business.

Direct and Indirect Security Threats from the Dark Web

Third party breaches from the dark web pose direct and indirect security threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms, and are a big risk on the dark web.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Dark Web Dangers and Threat Sources

Sources for Dark Web security threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google cloud, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more on the dark web. This is why data protection services are highly recommended in todays environment.

Protecting Yourself and Your Business from the Dark Web

More than 70% of people use the same or similar passwords across systems, which is a huge dark web danger. When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

Mandatory Google Workspace Transitions Begin

/in ,

Google Cloud PartnerIf you have not completed your transition from G Suite to Google Workspace, Google will automatically begin Google Workspace transitions on January 31, 2022.  You will receive at least 30 days notice of your migration.

Please note that this transition includes significant changes to your subscription options, features/functions, AND PRICING.

Google Workspace

KEY POINTS TO KNOW:

  • Disruption: The transition is non-disruptive to end users and administrators, unless you decide to transition to a subscription with different features.
  • Pricing: Depending on your size and current G Suite services, keeping the same features may result in price increases of 50% to more than 300% (see below).
  • Savings: Cumulus Global can manage your transition, help you select the best Google Workspace for your business, and offer discount incentives for making your transition before the end of the year.

YOUR KEY DECISION:

You need to decide if you want to manage your transition or wait for Google to transition your subscription automatically.

If you chose to manage your transition, we can:

  • Save you money with Google-supported incentive discounts, provided we schedule your transition before the end of the year.
  • Help you select the best subscription plan/mix for your business, ensuring your business and security needs are met at the lowest cost.
  • Schedule your transition at a time that works for you and your team.
  • Educate your IT team on any new end-user, admin, and security features.
  • Support your IT team and end users.

YOUR MANAGED TRANSITION

To learn more about Managed Transitions, please contact us by email, or use the following form:


RESOURCES

In addition to more information in the “About” sections, below, we offer the following resources as well:

About: Automatic Transitions

Google will begin automatic transitions on January 31, 2022.

  • For annual subscriptions, the transition will occur at the end of your current annual or fixed term contract.
  • Companies on “Flex Plan”, month-t0-month services, Google will transition your account as quickly as possible
  • Google will determine the Google Workspace subscription based on your current product features, even if this change results in a significant price increase
  • Automatic transitions are not eligible for incentives or other discounts

About: Pricing Changes

The three biggest impacts on your Google Workspace pricing are your number of licenses,  features, and storage.

License Count

Companies with fewer than 300 users can select from three Google Workspace Business subscriptions.  Companies with more than 300 users will need to select from the two Google Workspace Enterprise subscriptions.  While you can mix and match licenses within the Business and Enterprise tiers, you cannot mix and match Business and Enterprise subscriptions.

Impact for companies with more than 300 users:

  • Companies running G Suite Basic, will see their per user license fees increase form $6 per month to at least $20 per month.
  • Companies running G Suite Business, will see their per user license fees increase form $12 per month to at least $20 per month.

Features

The biggest feature impact for most companies will be their use of Vault.  Companies running G Suite Basic and Google Vault, or running G Suite Business (which includes Vault), will need to transition to Google Workspace Business Plus. Because both Google Workspace Enterprise subscriptions include Vault, any company with more than 300 users will have Vault due to the license count-based migration requirements.

Impact for companies using Vault (with 300 or fewer users):

  • Companies running G Suite Basic plus Vault, will see their per user license fees increase form $11 per month to $18 per month.
  • Companies running G Suite Business, will see their per user license fees increase form $12 per month to at least $18 per month.

Storage

Added storage is no longer an option with Google Workspace. Because you can mix and match licenses within the Business and Enterprise tiers, you may need to transition users to different subscriptions based on their storage needs.

The Google Workspace subscriptions offer the following per-user storage:

  • Business Starter = 30GB, no Shared Drives
  • Business Standard = 2 TB, aggregated across the domain, with Shared Drives
  • Business Plus = 5 TB, aggregated across the domain, with Shared Drives
  • Enterprise Standard = Unlimited storage, with Shared Drives
  • Enterprise Plus = Unlimited storage, with Shared Drives

Other Changes: Vault Former Employee Licenses

Vault Former Employee (VFE) licenses are free or discounted Vault licenses for users that no longer have active G Suite accounts.  With the transition to Google Workspace, VFE licenses are no longer available; VFE licenses will transition to Archive User Licenses (AUL).

Archive User Licenses are NOT FREE. The per user per month pricing for AULs is as follows:

  • AUL – Business = $4
  • AUL – Enterprise Standard = $5
  • AUL – Enterprise Plus = $7

Companies with VFE licenses should plan for alternate retention strategies or potentially significant licensing fees.