Posts

The Kaseya Attack Effect

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

The State of SMB Cyber Security

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Security Threats: 3 You Know and 1 You Should

Data Protection & SecuritySecurity threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

1 Viruses

According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management, including:

  • Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
  • Use web filtering and monitoring services to prevent infection, even from trusted sites
  • Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
  • Enforce the use of multi-factor authentication as part of an integrated identity and access management solution

2 Ransomware

Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.

While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. Here are some solutions and services you should have in place:

  • Backup your data and system images, in the cloud, to ensure your ability to restore and recover
  • Encrypt all data, at rest and in motion
  • Deploy business continuity services to spin-up copies of servers in parallel with remediation
  • Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
  • Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue

3 Phishing Attacks

The majority, 67 percent, of cybersecurity professionals surveyed consider phishing to be the greatest security threat facing your business and employees. To protect your people, your data, and your business:

  • Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
  • Monitor inbound and outbound email traffic
  • Provide your team with awareness training to recognize problem emails, and how to respond/act
  • Instruct your team to report suspicious messages, links, and attachments
  • Deploy domain level services to prevent identity-spoofing

!! Internal Leaks & Threats

Insider security threats are often overlooked. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.

These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business.  Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.

While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.

To prevent data leaks and breaches, you should:

  • Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
  • Leverage features within your systems that help you manage and protect confidential and proprietary information
  • Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control

>> Take Action

All of the suggestions, above, fall within our CPR best-practice model for cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Risk and Reward – Protecting the Value of Your Business

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

Ransomware: Prevention versus Cure

Looking at the frequency and scope of ransomware attacks, and the number of small and midsize businesses falling victim, we remain surprised at how many SMBs are not yet taking steps to prevent the problem.

A Ransomware attack with no data loss can still cost your business $1,500 per employee, or more, in recovery costs and lost productivity.

Back in July, our 3T@3 Webcast focused on Ransomware, we published a Business Guide to Ransomware.  Both highlighted the need for CPR:

  • Communicate:
    • Educate and train employees on how not to fall victim; provide clear policies and procedures that reinforce positive behaviors.
  • Prevention:
    • Deploy technologies in support of your policies and procedures with multi-layered protection against malware and, specifically, ransomware.
  • Recover:
    • No prevention is perfect; have backup and continuity systems in place that enable a quick return to normal operations.

While most of the SMBs and schools we speak with understand and have some of the prevention and recovery solutions in place, the up-front education is missing. These businesses and schools remain vulnerable targets.


Earlier this October, we announced a strategic partnership with Privacy Ref, offering affordable Privacy Solutions for SMBs, including a subscription-based Privacy Education Program. For a small base fee and $10 per employee per year, we help ensure your team understands the risks, the importance of awareness, and how to avoid becoming a victim.

For a fraction of the cost of an attack, you can empower your team to avoid and prevent it from happening.

Contact us for more information.


 

 

Changing the Focus on Backup Protection

Recovery-Point-Objective-RPO
As we’ve stated before, “Backup is easy; Recovery is hard”.  Every business should, at this point, understand the risks of poor data backup and protection. The risks come from the types and amount of data that is lost and, if it can be recovered, how long that recovery takes. And remember, recovery often takes more effort than simply restoring files from a backup set.

Perspective = Priority

When looking at how well your backup system is protecting your business, two factors should be top of mind:

RTO: Recovery Time Objectives — How long will it take to return to normal operations. RTO is not just the time it takes to load your data back onto your systems, RTO includes the time it takes to repair and recreate damaged information and data created or modified since the last backup.

RPO: Restore Point Objectives — Your RPO determines how much data you are willing to lose, or can afford to lose. Most small and mid-size businesses backup daily. On average, a system failure will result in half a day of lost data. For an office worker editing a report, this is traumatic and inconvenient. For a manufacturer or retail business, half a day can represent hundreds or even thousands of orders and financial transactions.

As always, quicker RTOs and smaller RPOs come with trade-offs.  Recovery methods like image snapshots, for example, can provide rapid RTOs and small RPOs. In exchange, you are likely losing granularity — the ability to recovery individual files.

Understand the reasons  you are protecting your data.  Protection from system failure, in which you need to recovery a full server, lends itself to imaging and other snapshot methods.  Recovery of files or data lost to program error, malware, or user activity, needs a solution with granularity.

Start with an understanding of the type of protection you need and your RPOs and RTOs.  From there, you can pick the solutions (yes, you may want or need more than one method) for recovering data and your business.


We offer  a range data protection solutions, with a range of products, for on-premise and cloud-based data. Contact us for a free assessment of which type of solution is best for you.


 

 

Tuesday Take-Away: Your Backup System is (sort of) Irrelevant

As you may know, I participate in several on-line IT discussion forums.  Every few weeks, a new member will post a question like “I have an xyz server, what should I use for backups?”.  Seemingly helpful forum members quickly jump in and start throwing out vendor names, do-it-yourself solutions, discussions about NAS versus SAN and disk-to-disk versus disk-to-tape, and so on.

It makes me want to SCREAM?  Why?  Because …

What you use for backup is irrelevant unless you know what you are backing up, why, and how quickly you need to restore!

Said another way, before you pick ANY backup solution, you should know:

  • What you need to restore
  • Why you expect you will need to restore or recover it
  • How quickly you will need to restore or recover it

Note that the answers you provide may vary for the different types of data.  For example, you may be able to live without your accounting system for two days, so long as you can ship orders within 4 hours.   You may need current project files immediately, but could wait a week for projects completed more than a year ago.

Understanding your “Why”

When considering why you might need to restore or recovery information or systems, think of the full spectrum of activities that can go wrong.  As an informal set of definitions:

  • Restore operations are usually performed on individual files or small sets of data, often resulting from accidental overwrites, deletions, or component (disk) failures.
  • Recovery operations are usually geared for large data loss, such as a drive array failure or server loss due to a disaster.

The key difference, restore operations bring back select data from a specific point in time while recovery operations bring back entire systems or data environments.

For example, you might restore email messages accidentally deleted from a user’s account on an MS Exchange server.  If the disk array dies, however, you would need to recover the entire mailbox store for the server.

Backup/Recovery protects you from disaster; Backup/Restore protects you from component failures and user errors (or intentional misconduct).

How you backup for recovery will often differ than how you backup for  restore.

Backup solutions that efficiently restore data, are not optimized for recovery.  Most backup solutions designed for fast recovery, such as image snapshots, lack the ability to restore individual elements.  For the Exchange server, above, we would recommend running two backups — one designed for recovery and one for individual mailbox and message restores.

Additionally, backups for restore generally give you more retention points than backups for recovery.  Being able to select a specific time or version of data is a key feature for backup/restore solutions.

Understanding you “How Quickly”

How quickly you need your data depends on the data and your business.  Keep in mind that you do not need all of your data all at once.  Generally speaking, however, when you need to restore an active file or two, you want to be able to do this quickly.  While you want quick recovery as well, you are more likely to be bound by factors beyond your backup/recovery solution, such as purchasing new hardware or moving to temporary office space.

Focus first on how quickly you need to Return To Operations.  Your RTO will drive your selection and investment in backup/recovery solutions.  Once you have your RTO, identity the critical data and systems you need to get your business up and running.  Your RTO will be shorter than your window for full recovery, and includes only the critical subset you need to get up and running.

The shorter your RTO, the more expensive the solution.  A realistic RTO will prevent you from over-buying.

First Steps First

By first understanding your requirements — the what, why, and how fast — of your restore and recovery needs, you can select backup solutions that accurately match your needs and effectively protect your data and your business.  By defining your needs, your solution will be relevant and your investment well-made.

 

library

State of Security for Small and Midsize Businesses

State of Security for SMBseBook | Source: Microsoft

If you work at a small or medium-sized business (SMB), you probably juggle multiple roles, including cyber security.

Gone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk regardless of their size or industry. Businesses recognize that a cyber security  program is an essential part of running a company.

This eBook identifies key findings from studies and surveys for small and midsize businesses and makes recommendations to ensure your business is protected, and can recover, from cyber attacks.

Please confirm the information, below, to view and download the ebook



Protect Your Business – Top 3 Security Threats

Protect Your BusinesseBook | Source: Microsoft

Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

You face many of the same threats as larger organizations, but also the unique challenges around budgeting and setting priorities as the leader of a small or medium-sized business.

This eBook explores how you can safeguard your business against the top three security threats, plus the one threat your business is probably overlooking.

Please confirm the information, below, to view and download the ebook