Posts

More Than 40% of SMBs Face Dark Web Risks

We offer a monitoring service for dark web risks.  In August, we received a alerts for more than 40% of the companies we monitor.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach.

Direct and Indirect Threats

Third party breaches pose direct and indirect threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Threat Sources

Sources for Dark Web threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more.

Protecting Yourself and Your Business

More than 70% of people use the same or similar passwords across systems.  When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

Cyber Protection Solutions for SMBs

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

When Your Identity is on the Dark Web

Dark Web Threat AlertsAs a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.

The results are fascinating.

Of 200 domains recently scanned:

  • 87.4% had at least one potential identity compromised
  • The average number of potentially compromised identities is 41%
  • 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources

What does this mean?

Just because employee@yourcompany.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.

It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.

How does it work?

Chances are, your employees are using their work email address, employee@yourcompany.com, as their login identity for other systems.  These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.

If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems.  If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.

A compromised identity on a third party service can easily lead to a breach of your systems.

What to do:

  • Get the Details:
    Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
  • Mitigate Your Risk:
    Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
  • Communicate:
    Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
  • Challenge:
    Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
  • Monitor:
    Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.

Next Steps

Your best next step is to contact us (email or web) to

  1. Request a detailed Dark Web Scan
  2. Discuss security education and testing services
  3. Setup on-going monitoring for your domain

 

 

The Best Unknown Add-on for Office 365

MS Office 365Microsoft Office 365, from the entry level Exchange Online plans through the Business and Enterprise plans, includes a robust infrastructure for spam/virus protection. As we have blogged about on numerous occasions, cyber attacks continue to get more sophisticated and are using social engineering to trick and trap more people than ever.

Advanced Threat Protection

Advanced Threat Protection (ATP), a little know add-on for Exchange Online and Office 365, offers additional protection against cyber attacks. Using a secure “sandbox”, ATP tests and validates links within email messages and tests attachments for malware and other threats before the message makes it to your inbox. With minimal latency, ATP can block messages or strip them of the offending item(s).

With the increasing threats of ransomware and identity theft, ATP is well worth the nominal per user fee.


If you want to add ATP to your ecosystem, please contact us.


 

Webcasts

Next Normal: IT Efficiency

3T@3 Webcast Series: Tuesday, Feb 23rd at 3:00 PM

COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses.  While some of these changes are temporary, many will become part of our next normal. For many of us, these changes came in a scramble to work from home. With respect to IT, this has many businesses using new, often redundant apps and systems.

Are the IT choices made during the crisis the best for your business in the long term?

This month’s 3T@3 Webcast, is the first in our “Next Normal” series looking at how we adapt, prepare, and respond to economic, social, and business changes.  We start the series exploring “IT Efficiency.”  We see where many small businesses signed on to services in order to adapt to mandatory closures, reduced office capacity, and parents’ need to be present for children learning remotely. Many of these service duplicate features in other systems, resulting in excess cost and lost productivity.  Join Cumulus Global CEO Allen Falcon to identify how you may streamline your IT services, reduce costs, and improve efficiencies.

Watch the recording on-demand



Data Protection & Security

library

15 Best Practices for Cyber Protection

eBook Source: Cumulus Global

As our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
  • Protect & Prevent
  • Recover & Respond

Policies and procedures, technologies, and people are all part of the equation, as is cyber insurance for financial protection. Deciding where and how to invest is a value proposition balancing costs, benefits, and the risks of inaction. 

In this eBook, we look at 15 Best Practices for Cyber Protection. We rank solutions from “bad” to “best”. Your business may not need the “best” solution for every area; you can match services and costs to your risks and needs. 

These best practices improve your protection, mitigate liabilities, and facilitate affordable cyber insurance coverage.

Please confirm you information below to view and download the eBook.