Posts

Business Email Compromise – The Costliest Type of Cybercrime

Email, Communications, & MobilityBusiness Email Compromise

While the massive number and scale of ransomware attacks get the most media attention, Business Email Compromise (“BEC“) attacks are the costliest type of cybercrime.

What is a Business Email Compromise (BEC)?

In a BEC attack, the criminal impersonates you and convinces somebody who trusts you to send money. While successful attacks often begin with unauthorized access to your email account, savvy criminals use email and domain impersonation techniques. They trick others into thinking that you are asking for, or instructing them to complete, a money transfer.

As we noted in a recent post, real estate agents and brokers are prime targets of Business Email Compromise attacks because they regularly discuss transferring large amounts of money with their clients. As noted in this recent email scam article from the Associated Press, however, BEC attacks are hitting a wide range of small businesses, nonprofits, and schools.

Business Email Compromise attacks succeed when cyber criminals are able to collate enough information about you to gain access to your account or impersonate you.  Here is how they do it:

  • Given that you use your email address to log into many systems, a third party breach can provide attackers with your email address and enough information to calculate your password.
  • Third party breaches often provide hackers with enough personally identifiable information (PII) about you to launch a successful phishing attack that captures your username and password.
  • Scanning social media posts can also provide hackers with enough PII to successfully phish for your identity.
  • Malware, known as an Advanced Persistent Threat (APT), that makes it past your endpoint protections can gather usernames, passwords, and other information while running undetected on your computer.

How to Prevent Business Email Compromise

Protect Your Identity

To keep your email account secure, you need to protect your identity.

  • Understand the risks and follow practical advice for safe online hygiene. Use unique, complex passwords across systems; avoid oversharing personal information; and learn to recognize phishing and impersonation attacks.
  • Use “Next-Gen” endpoint protections to prevent zero-day attacks, APTs, and more traditional forms malware.  These solutions use heuristics, AI, and behavioral analysis of files to identify an attack. They can also “roll back” changes to stop an attack.

Secure Your Email Service, and All of Your Services

Even as you protect your identity, you still need to secure your email service through proper data protection and security services.

  • Advanced Threat Protection (ATP) protects your account from phishing attacks, bad links, infected attachments, and other risks. ATP verifies sender information and test links and attachments in a “sandbox”, allowing safe messages to arrive in your inbox.
  • Two-Factor Authentication (2FA), or Multi-Factor Authentication (MFA), can prevent access to your accounts if your username and password are compromised.
  • Ensure that all of your information is encrypted at-rest and in-motion. Your email service should use Transport Layer Security (TLS) to encrypt messages between sending and receiving services.  Encrypt files on your local disk, on any file servers, and in the cloud.

Prevent Email and Domain Impersonation

As noted in a recent blog post, you can use three (3) different levels of email security to prevent email and domain impersonation.

  • Sender Policy Framework (SPF): Authenticates addresses you use to send email.
  • DomainKeys Identified Email (DKIM): Digitally signs messages to ensure emails are not altered en-route.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): Authenticates email origin and instructs recipients how to process bad messages. A DMARC service will track and report any potential issues.

These protocols and a DMARC monitoring service offer the best protection against BEC and impersonation attacks. They also help improve the deliverability of your email. Our ebook, Email Security: Good, Better, Best, dives deeper into this topic.

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

 

Security Trends Will Impact Small Businesses

Security, Privacy, & ComplianceSpeaking at a recent CRN-hosted security summit for midsize enterprises, Paul Furtado, Gartner’s Vice President of Midsize Enterprise Security stated, “The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself.”  His comments reflect current security trends from our historic “Trust but Verify” security model to one that is “Never Trust; Always Verify” — also known as Zero Trust.

Expectations are changing and our tolerance for breaches is dropping.  More than 56% of successful attacks exploit known vulnerabilities with patches available for more than 90 days.  Frankly, many of us are failing at the fundamentals of IT security and this needs to change.

While smaller in size, SMBs remain prime targets of cyber attacks.  With “Ransomware as a Service” readily available, finding and attacking vulnerable small businesses is inexpensive and effective.  SMBs are more likely to have fewer security protections; SMBs are less likely to be able to recover from an attack and more likely to pay ransoms.

Here are 7 security trends that warrant our attention and action:

1 Zero Day Exploits

As the name implies, Zero-Day  Exploits take advantage of newly discovered security holes before our tools and systems can be updated to prevent an attack.

Next Gen solutions are needed to protect from attacks on devices, in the flow of email, and in web traffic.

2 Insider Threats

Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts. Insider threats, meanwhile, are the small percentage of insiders actually doing something that will cause a security incident, intentionally or not.  For example, the increased use of QR codes allows attackers to create malicious QR codes that install keyloggers and screen grabbers to steal identities and multi-factor authentication tokens.

We need Security Awareness Training to help individuals understand the risks and build safe habits.

3 Regulatory Changes

As noted, security expectations are changing.  State and federal laws are changing. Passed by the Senate this year, the Strengthening American Cybersecurity Act will require businesses to report significant cyber events within 72 hours and ransomware payments within 24 hours. These requirements lay on top of other federal regulations, multiple states’ privacy laws (CCPA, MA PII, etc.), and industry regulations (PCI-DSS, etc.).

With cyber insurance and cyber response services in place, small businesses are more likely to avoid fines, losses, and legal actions.

4 IoT

Internet of Things devices, and similar automation technologies are popular and often lack basic security features.

As IoT-based solutions move into smaller businesses, we need to secure and monitor devices and the networks on which they run.

5 Supply Chain

Bad actors know that attacks on supply chains can be more effective than attacking an intended target.

If your smaller business is in the supply chain of a larger company, expect security to become an issue.  They are likely to request — or demand – additional security measures as a condition of your business relationship.  And, be ready to demonstrate (prove) that you actually do what you claim on the security checklist.

6 Data Mining

Data mining enables attackers to not only go after your business, but your vendors and customers as well.  Imagine attackers telling your customers their private data will be released if you do not pay the ransom.  Even more common, imagine your customers receiving emails “from” (impersonating) you instructing them to send money.

We need to start protecting unregulated data in the same ways we protect regulated data.  Encryption, for example, does not prevent a breach but ensures the data cannot be used.

7 Ransomware

It would be nice to think we are past the ransomware pandemic, but we are not.  Over 80% of ransomware attacks are on small and mid-size businesses. Because attacks have moved beyond encryption to data exfiltration, attackers are likely to understand your business and set ransoms that are steep, but payable (often 1% to 1.5% of annual revenue).  Businesses hit by ransomware average more than 20 days of significant business disruption. On average, they permanently lose more than 35% of their data.

A response and recovery plan that includes business continuity ensures that you can keep your business running while you recover from and respond to an attack.

Your Next Step

Please contact us to evaluate your security footprint and needs, and discuss possible next steps, or schedule a no-obligation introductory call with one of our Cloud Advisors.

Real Estate Cyber Security

Cyber Attacks on Real Estate Agents and Brokers Victimize Clients

As cyber attacks on real estate agents and brokers increase, clients are paying the price.

Security, Privacy, & ComplianceMost of the country is facing high demand for housing with extraordinarily low supply.  This creates a highly competitive sellers’ market in which buyers compete to have offers accepted. The urgency and need to move fast makes real estate agents, and their clients, prime targets for cyber crime. As noted in a recent bulletin from CRES Insurance, brokers and agents need to protect themselves and their businesses from cyber attacks, which can include adding cyber insurance for real estate organizations.

The Scenario of Cyber Security for the Real Estate Industry

Imagine being a real estate agent and receiving a call from client excited that their offer was accepted and confirming that they have wired the deposit, only to realize that their offer was not accepted.  They share the email with you with the instructions.  The email looks like is from you, your assistant, or your firm.  The message uses words and phrasing that you and others at your firm regularly use.  Without close inspection, the message appears to be legitimate.

Your email domain and/or your identity has been successfully impersonated. Your client has lost thousands of dollars. Your reputation is damaged. You may be facing legal action. All reasons to pursue proper data protection and security services to prevent real estate cyber attacks.

Real Estate Cyber Attacks

This form of attack, a Business Email Compromise (BEC), is on the rise and real estate agents and brokers are the target.  Attackers compile information about you, and how you work, from public sources and social media.  In some cases, you may be an unknowing victim of an advanced persistent attack. In these attacks, hackers install software the sits quietly on your computer, tracking your activity, and sending information back to the attacker’s servers. The attackers then use this information to impersonate you and/or your business.

Once an attacker can impersonate you or your business, your clients become the financial victims. You face a loss of clients and reputation, and potential legal action.

Real Estate Cyber Security Solutions

Like any business, agents and brokers need to ensure their systems are safe and secure with proper real estate cyber security best practices.  They should also take steps, specifically, to prevent domain and email impersonation. Here are three cyber security steps you can take to protect your real estate business from attacks.

  • Ensure you and your team understand cyber risks and how to minimize your risk of attack.
  • Use protective technologies:
    • Next-gen endpoint protection to prevent malware and ransomware on your computers
    • Email advanced threat protection to prevent phishing and other email-based attacks
    • Multi-factor authentication to protect your identity.
  • Configure different email security solutions that prevent domain and email impersonation

Feel free to contact us to discuss your security profile or for a security assessment.

 

 

XChange of Ideas – Security

XChange EventsLooking at what we learned during three packed days at the XChange 2022 Conference, we have much to share.  The XChange conferences help IT service providers, like Cumulus Global, explore emerging trends, challenges, products, and solutions.  While we attend to improve our service offerings and business, many of the insights will benefit your business as well. This XChange of Ideas shares three emerging security trends.

1 Security is Not a Technology

Most small and midsize businesses see themselves as having security because they have some security technologies and systems in place.  Security, however, is not a technology; security is an ecosystem that spans people, processes, and systems, as well as a lifecycle of prevention, response, and recovery. As important, we need to understand that managing our security

Most businesses still lack the basic set of security protections that span the security lifecycle. A solid security foundation should include advanced threat protection, next-gen endpoint protection, DNS security, web protection, multi-factor authentication, and encryption. A solid backup/recovery is also necessary; having a business continuity solution is preferred.

With the dynamic nature of threats and cyber attacks,  many businesses are at higher risk and should be deploying advanced security services. Advanced security services may include managed security incident detection and response (MDR) services, internal application whitelisting, segmentation, and other protections that can detect, halt, and stop the spread of an attack.

2 Cyber Insurance is Not Assurance

Cyber Insurance is more than a good idea, it is a necessity for almost every business.  But cyber insurance is not assurance that you can quickly recover from a cyber attack.

  • Cyber insurance underwriters have you complete a questionnaire or audit about your cyber protections, policies, and procedures. When you submit a claim, most cyber insurers will ask you to demonstrate that the protections were in place, how they were functioning, and that you follow the policies and procedures noted in your application.  If you cannot show that you do what you promise, expect your claim to be denied.
  • Your cyber insurance underwriters may prevent you from starting your systems and data recovery. Recovery typically destroys evidence of the attack, it’s cause, and it’s method of propagation. You may be unable to restore your systems and data for days — or even weeks — while your insurer completes a forensics investigation.

Having the right protections in place, and being able to demonstrate compliance, is a clear expectation to resolve cyber insurance claims.  Having a continuity solution in place that allows you to return to operation in parallel with a forensics investigation should be considered.

3 HIPAA is Not Just For Doctors

HIPAA is the regulatory cornerstone for protecting personal health information (PHI). These regulations control how we store, transmit, and share — procedurally and technically — PHI. Compliance, however, is not just required of healthcare providers, insurers, and others direct access to patient records. Businesses serving healthcare providers — those that sign a Business Associates Agreement — face compliance requirements as well.

HIPAA enforcement is expanding beyond Covered Entities to Business Associates, as is notable on the US Department of Health and Human Services Office of Civil Rights HIPAA “Wall of Shame

If you are not sure that your security services are up to par, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

Expect an Increase in Cyber Attacks

Data Protection & SecurityThe U.S. Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, is warning businesses to be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.

Our security vendors, analyzing aggregate data, are starting to see a definitive increase in the number and frequency of attacks.

Fortunately, you have a range of tools at your disposal to protect you business:

  • Next-Gen endpoint protection
  • Advanced threat protection
  • Multi-factor authentication
  • Cyber-awareness training
  • DNS/Web protection
  • Third party breach monitoring

These services, paired with recovery and continuity services, can prevent your business from succumbing to an attack. And, if you do fall victim, ensure your business can be back up and running on hours, not days or weeks.

Please contact us if you have any questions or would like a no-obligation review of your security footprint.  You can also schedule a call with one our Cloud Advisors, below.


Technology Solutions for Solopreneurs and VSBs

Technology Solutions for Solopreneurs

Entrepreneurs are a unique breed.  Solo entrepreneurs, solopreneurs, even more so.

If you are a solopreneur, or lead a very small business, you face some unique business and IT challenges. One of these challenges is balancing your business and your personal lives.  To do this, you want and need your technology solutions to save you time and energy.

If you are like most solopreneurs and very small business owners, you are probably

  • Paying for duplicate services
  • Unware of features that can improve your productivity
  • Not taking time to explore ways to work more efficiently
  • Missing security and data protections
  • Not getting the guidance and support you need

At the same time, you most likely lack the time, energy, or expertise to research, select, deploy, and learn the right IT services. As a part of our managed cloud services, we offer technology solutions, tools, and apps for solopreneurs that are tailored to meet your specific business needs.

Managed Services are a Technology Solutions for Small Businesses

Often used by larger businesses, managed services provide your information technologies, support, and services as a comprehensive bundle for a set monthly or annual fee. By definition, managed services are designed to offload your IT responsibilities and place them in the hands of experts. These managed service providers should start with guidance, get your systems up and running, administer your services, and provide you with support.  If they are performing their services well, these technology solutions for small business and solopreneurs should also help you identify features and functions that improve your work processes — make you more efficient.

5 Ways How to Move Towards Managed Services as a Technology Solution

Before moving forward with managed services, we recommend taking a step back and assessing how you want your IT services to help you and your business.

1. Start with A Goal and Objectives

  • Your technology and services need to empower you and enable your business.  Regardless of the devices, applications, and tools they use, your IT should:
    • Be easy to use
    • Save you time
    • Secure your data, and that of your customers
    • Keep your business data private
    • Support any compliance requirements you may have
    • Fit within your budget.

2. Focus on the Benefits

  • Discuss which capabilities will help you work more efficiently, more productively
  • Avoid the technology trap. Instead of thinking, for example, about email, calendars, and file sharing, think about automating appointment scheduling, protections for confidential information, and one-click video conferencing.

3. Define Your Baseline Services

  • Map your benefits to technologies
  • Base your IT decisions on your prioritized needs and wants
  • Define the minimum set communications, collaboration, and security tools to run your business
  • Explore and leverage ways to work more efficiently

4. Add / Enhance as Needed

  • If your business must be compliant with legal or industry regulation, add the technologies and services you need to meet these requirements.
  • If you find ways that technology can improve productivity, determine if the gains are worth the investment.

5. Managed Cloud Services

As the name implies, Managed Cloud Services are managed service that, whenever practical, leverage cloud services and solutions. Cumulus Global has the expertise and experience to move your business to managed cloud services. By leveraging cloud solutions, baseline services and foundational security are affordable and can easily be tailored to meet specific business needs.

Learn More About Our Technology Solutions, Tools, and Apps for Solopreneurs and Small Business

To learn more about our IT solutions that are tailored to meet your specific business needs, get in touch or view our additional resources below.


4 Pillars of Cloud Security: The Most Important Strategies to Know

Learn about the four pillars of cloud security that can help you reduce risk, increase agility, and run more efficiently: (C/I/A), external threat protection, data loss protection, and compliance.

While Cyber Security month comes and goes, the four pillars of cloud security remain integral to long term business success.  In what seems like a never-ending process, we continue to face new and advancing cyber security threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Four Strategies for Cloud Security

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, with the four pillars of cloud security in place, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four pillars of cloud security.

1. Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This first pillar of cloud security establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2. External Threat Protection

Identify and protect against reasonably anticipated threats.

This pillar of cloud security focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3. Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Proper data protection and security solutions will help protect against these internal risks and threats.

4. Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics for Implementing the Four Pillars of Cloud Security

To ensure your cornerstones are set and your cloud security foundation is place, conduct a security footprint assessment.  For each pillar of cloud security, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

Dark Web Security Risks and Dangers

Dark Web Risks: Threats to Be Aware of, and How to Protect Yourself and Your Business

We offer a monitoring service for dark web risks.  In August, we received alerts for more than 40% of the companies we monitor about dark web risks and danger.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach. Learn about the dark web threats to be aware of, and learn what strategies you can implement to protect yourself, as well as your business.

Direct and Indirect Security Threats from the Dark Web

Third party breaches from the dark web pose direct and indirect security threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms, and are a big risk on the dark web.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Dark Web Dangers and Threat Sources

Sources for Dark Web security threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google cloud, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more on the dark web. This is why data protection services are highly recommended in todays environment.

Protecting Yourself and Your Business from the Dark Web

More than 70% of people use the same or similar passwords across systems, which is a huge dark web danger. When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

5 Effective Ways to Improve Work from Home

Ways to Improve Work from Home

The Covid-19 pandemic proved that work from home and remote work was viable and productive for more employees than previously believed or acknowledged.  Necessity is a great motivator. Our businesses, employees, and customers responded, adapted, moved forward.  In the process, we have identified effectives new ways to improve work from home, as well as new benefits and pitfalls with remote work. Looking forward, our emergence from the COVID-19 pandemic is not a clear as hoped or predicted. The virus is here to stay and the impact on our lives is yet to be fully understood.  Our normal is not necessary “new”, but continues to evolve.

Considerations for Improving Work From Home

While we cannot predict the full extent of the shift, remote work, hybrid work, and work from home will be the norm. Learn how to work from home better, and remember to continue to reassess your work from home arrangement. This means asking yourself questions like, what can I do to improve my work-from-home setup? Could I boost my home productivity with additional productivity tools or technology? Is my work-from-home setup secure enough? What can I do to improve my communication skills while working from home?

5 Ways How to Improve Work From Home Effectiveness and Increase Productivity

Business need to continue to assess, plan, and adapt.  Here are 5 ways we can improve work from home and hybrid remote in-office work environments.

1. Device-as-a-Service

Device-as-a-Service, particularly remote desktop and virtual desktop infrastructure solutions, have clear benefits for new office norms. You can:

  • Provide a secure access to applications and systems with consistency regardless of where your employees are working
  • Better manage the computing environment, separating your business’ computing from the local device
  • Use existing, older laptops and desktops, thereby reducing hardware upgrade costs driven by operating system and application upgrades
  • Leverage Chromebooks as end user devices, lowering your total cost of ownership

2. Pick a Video Conferencing Service

Picking a standard video conferencing service lets you manage how you communicate internally and with customers. The right choice can also save you hundreds of dollars per year per employee while giving you and your team the features and functions they need to manage meetings and work efficiently.  By selecting a preferred service, you can invest the time and effort to integrate the service with your productivity and collaboration suites. An small investment in teaching employees how to fully use the solution also pays dividends.

3. Improve Employees’ Internet

You would never allow your Internet service to slow down work at the office. You should not allow home Internet speeds to slow down your remote employees. Reimbursing employees for increasing their Internet speeds improves productivity and morale. Providing employees with better WiFi routers and access points ensures their connections are available and reliable. Note: a few states require employers to reimburse home Internet services based on the percentage used for work.

4. Secure Your Remote Workers

Unless you provide the equipment and services, you cannot control your employees’ home networks and systems. At the same time, you want and need to secure your applications, data, and network. To do so:

  • Use multi-factor authentication (MFA) or two-factor authentication (2FA) whenever possible to control network, system, and application access.  MFA and 2FA are the simplest means of preventing hackers from using compromised user identities or credentials.
  • Upgrade home computers with additional, advanced threat protection services.  Many of the next-gen solutions offer greater protection from modern attacks and are designed to work with existing anti-virus solutions that may be installed on the device. Some of these solutions also provide tools for remote support.
  • Consider using physical security keys that provide authentication codes without the need for a smartphone or other device.

5. Protect Your Remote Resources

Whether using a company provided laptop or a personal computer, problems at home are disruptive and take longer to diagnose and repair than in-office problems. Things to improve working from home such as Device-as-a Service solutions separate the risk from the physical device, however employees using their local machines are still at risk.  At a minimum, ensure that you are backing up and can recover applications and data on remote laptops and desktops. If an employee performs critical or time-sensitive tasks, consider a continuity solution that enable the employee to return to work within minutes rather than hours.

Conclusion on How to Improve Work From Home

Whether work from home, remote work, or hybrid work will be strategic or tactical for your business, you can improve remote work security and employee experience with minimal cost.  We are here to help you assess, plan, and update your IT strategy and services to best meet your needs — and budget.  Contact us for an initial consultation, and to discuss how we can help you improve the work from home environment for your business.

 

The Kaseya Attack Effect

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Webcasts

Next Normal: WFH and Remote

(4/20/2021) – We explore how Work From Home and remote workers alters your IT service needs. Taking a holistic view, we look beyond using apps and accessing files, discussing factors that protect your business and support productivity

Next Normal: Apps & Servers

(3/16/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Explore how your team accesses the applications, systems, and data they need to succeed, whether in the office or working remotely.