Posts

Best Practices

Cyber Protection: Time for New Best Practices

Best PracticesAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  The average cost of ransomware downtime jumped from $46,800 to $141,000, and increase of more than 200%.

To add to your concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

Traditional cyber security solutions are no match for many cyber attackers. We need a new approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our CPR model:

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Time for Action

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.


 

Automation Cyber Security

Manufacturers Beware: Attacks on Industrial Equipment are on the Rise

Automation Cyber SecurityWe have seen the issue ourselves: A malware attack crosses the bridge from your network PCs to the controllers in your industrial machines. Your shop floor comes to a halt until you can recover. The effort is painful as you deal with embedded and stand-aside controllers running out-dated versions of Windows, limited network options, and compatibility issues.

The risk is so great, that ZDNet is reporting that the world’s largest and most well-known hacking contest, Pwn2Own, will focus on software for industrial equipment.  Reflecting the reality of current threats, the sponsoring organizations and the “white hat” hackers themselves see an urgent need to bring the issue of protecting your industrial equipment to the forefront.

Fortunately, best practices can help protect your operations.

While it is not always possible to protect your industrial equipment with “next gen” endpoint protection, you can take steps to protect yourselves from potentially devastating attacks and accidents.

  • Segregate
    • The network on which your production systems run should be physically or logically separate from other networks — office, voice, etc. — running in your business.
  • Isolate
    • Unless the equipment needs to communicate with the manufacturer, cloud-based systems, or other locations, the production systems network should not have paths to the outside world.
    • If the equipment needs to communicate externally, setup secure VPNs for all traffic.
  • Maintain
    • Whenever possible, update and maintain your industrial systems to run current versions of the manufacturer’s software and the underlying operating system.  Too many production machines are running obsolete versions of Windows that cannot be secured from attack.
  • Scan
    • Before moving any software or programming to a system, explicitly scan the files for malware.
  • Educate
    • Communicate with your employees about the risks and steps they can take to prevent a cyber attack to your industrial equipment as well as their computers and other devices.

Please contact us for more information or to assess your risk and discuss solutions.


 

Drive-by Downloads

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Brute Force Attack

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

What to Do:

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Distributed Denial of Service Attacks

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals can cripple your business without every breaching your security. By using systems and botnets, they blast garbage Internet traffic at your public IP address(es).  The Denial of Service Attack is distributed (hence the name) across many sources, making it more difficult to block.

DDOS attacks stop your Internet traffic. They block communications and access to applications and services. In some cases, DDOS attackers demand ransom payments to halt the attack.

What to Do:

Move your computing to cloud services. Google, Microsoft, Amazon, and other public cloud providers build their networks to prevent DOS attacks.  They have multiple entry points and routes to their services and manage multiple layers of DDOS protections.

Upgrade to “Next Gen” routers with improved DDOS protections. These routers can identify attacks and help reroute your Internet traffic around the attack.

Add an alternate Internet connection.  Having a second connection can allow your network traffic to circumvent the attack or can provide a failover connection when needed.

Maintain strong endpoint protection to prevent botnet malware from being installed on internal systems.

Subscribe to hosted DDOS services that can route traffic around, and prevent, DDOS attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Hostile Network Probes and Scans

This post is part of our Cyber Threat Series.

The Challenge:

Hostile network probes and scans check your network devices and systems for security holes. Hackers and bots scan specific IP address for open and unsecured ports. While most scans come from the outside, hackers use malware to infect systems and probe networks from the inside. Once they find a security hole, hackers access information, install malware, or gain control systems.  Some probes look for specific vulnerabilities, others use brute force.

What to Do:

Close as many Internet-facing ports as possible across firewalls, routers, and other Internet-facing devices. Close ports on network devices that are not needed for internal communications. If a port isn’t open, it cannot be hacked.  

Avoid consumer-grade and low-end firewalls to protect your physical network.  Low-end devices lack features needed to protect your business. With advanced protection features and tools, “Next Gen” firewalls offer better protection from modern threats. With models designed for SMBs, you fill find these new solutions affordable.

Scan your network for vulnerabilities on a regular schedule. Finding problems before an attack is worth the effort and relatively low cost.

Configure alerts, when able, to notify you of potential risks.  While you and most SMBs cannot afford and do not need a network and security management system, you can configure many devices to send basic alerts by email. These alerts give you an early warning you can evaluate and manage.

Move to cloud solutions and hosting service providers and increase your cyber security profile.  Google, Microsoft, and Amazon depend on the security of their environment to earn and maintain the trust of customers like you. They staff security teams with thousands of experts, follow best practices, and deploy the most advanced threat protection technologies.  Your risk of a network scan or probe attack when using Google Cloud Platform, Microsoft Azure, or Amazon AWS is orders of magnitude less than running systems in-house.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Cyber Threat Series Overview

Protecting your network, systems, apps, data, and people is no easy task as the scope and variety of attacks continues to multiply.  You want and need to protection, but must make smart buying and decisions. Too little or too much means higher risk or unnecessary cost.

We see your business as a target not because we know cyber criminals have you in their sights, but because most cyber attacks throw a wide net and catch those who are unprepared. Appropriate measures to prevent, protect, and respond to cyber attacks has business value and should be part of your IT strategy and plans.

As a series of blog posts, this Cyber Threat Series intends to educate and inform. We will cover the types of risks and attacks and how to prevent them. We discuss solutions. We take a pragmatic approach that respects priorities and budgets.

Topics will include


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.