Security Archives | Dataprise Custom Theme By Huemor Tue, 21 Nov 2023 18:23:20 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.dataprise.com/wp-content/uploads/2022/12/cropped-Favicon-32x32.png Security Archives | Dataprise 32 32 What is a Managed Security Services Provider? An MSSP 101 Guide https://www.dataprise.com/resources/blog/what-is-a-managed-security-services-provider-an-mssp-101-guide/ Tue, 25 Apr 2023 19:41:35 +0000 https://www.dataprise.com/?p=6628 Each year MSSP Alert lists the Top 250 MSSPs and we can only imagine the number of submissions they receive is far greater than that. Managed Security Services Providers (MSSPs) have become increasingly popular as the threats posed by cybercriminals grow in scale and sophistication. So, what is an MSSP, and what do they do?…

The post What is a Managed Security Services Provider? An MSSP 101 Guide appeared first on Dataprise.

]]>
Each year MSSP Alert lists the Top 250 MSSPs and we can only imagine the number of submissions they receive is far greater than that. Managed Security Services Providers (MSSPs) have become increasingly popular as the threats posed by cybercriminals grow in scale and sophistication.

So, what is an MSSP, and what do they do? In simple terms, an MSSP is an organization that takes care of businesses’ security-related needs, such as threat detection, risk assessment, and incident response. An MSSP works by remotely monitoring a company’s IT security systems and providing ongoing management to detect and mitigate cybersecurity threats.

The primary goal of an MSSP is to provide a proactive approach to cybersecurity to prevent potential vulnerabilities from being exploited. This is done through extensive risk assessments, continuous monitoring of networks, and the implementation of advanced security solutions include MDR and SIEM.

An MSSP can also help businesses stay compliant with various security standards such as HIPAA or PCI DSS. Compliance can be a time-consuming and challenging task for businesses, but an MSSP can help to make sure that companies meet all necessary requirements.

Types of Services Offered by an MSSP

Risk Assessment

A risk assessment is an essential component of any cybersecurity strategy and serves to identify the risks that an organization faces and evaluate the likelihood of those risks materializing. Once the risk assessment is complete, a roadmap to mitigate the risks and prevent potential attacks should be created.

Corresponding content:

Threat Detection and Response

One of the most critical services that an MSSP provides is managed threat detection and response. While an organization may have a firewall and other security measures in place, a layered approach to security is critical for protection. In the realm of MSSP services, it is common to hear the acronyms EDR, XDR and MDR. Understanding the differences between Endpoint Detection & Response, Extended Detection and Response and Managed Detection and Response is key to ensuring your organization’s security posture aligns with stakeholder expectations.

Corresponding content:

Incident Response

Incident response is the process of managing and controlling the impact of an event that affects an organization. An incident may be a breach, malware, ransomware, or any other occurrence that poses a risk to an organization’s data, systems, and network availability. Resolving and remediating after a cybersecurity incident can be a large undertaking. By working with an MSSP, you can reduce the burden and focus on what your organization does best.

Corresponding content:

Vulnerability Management

Vulnerability management is a proactive process that aims to identify, classify, and mitigate vulnerabilities across an organization’s systems, applications, and networks. Vulnerability management services can include vulnerability scanning, penetration testing, and remediation advice. These services are designed to help an organization identify and fix vulnerabilities before they can be exploited by attackers.

Corresponding content:

Compliance Management

The continuously evolving regulatory landscape at the government and industry level are another regions many organizations consider relying on a managed cybersecurity partner. From HIPAA, PCI DSS, and GDPR, to CMMC and SEC regulations the list is long.  Compliance management is one of the essential services MSSPs offer to help organizations stay compliant with industry regulations.

Identity and Access Management

Identity and access management service provides robust and secure access control across an organization’s IT infrastructure. Identity and access management solutions include multi-factor authentication (MFA), password management, and user privilege management. These solutions are often designed to work in conjunction with an organization’s existing security measures like firewalls and antivirus software.

Corresponding content:

Benefits of Using an MSSP for Security Management

Enhanced Security Posture

MSSPs offer a holistic approach to security management that covers all aspects of cyber-security. They provide 24/7 monitoring, threat detection, and incident response to help businesses respond quickly to any security incidents.

Access to Security Expertise

MSSPs employ a team of security professionals who are trained in the latest threat detection and response techniques. These experts have the knowledge and experience needed to identify potential security breaches and take corrective action to prevent them from occurring. By partnering with an MSSP, businesses can access this expertise without having to invest in expensive in-house security teams.

Cost-Effective Solution

Partnering with an MSSP is a cost-effective solution for businesses that want to enhance their security posture. MSSPs offer flexible pricing models that can be tailored to suit businesses of all sizes. This allows businesses to benefit from the expertise of security professionals without having to invest in expensive hardware and software solutions.

Enhanced Business Continuity & Resilience

Disaster recovery and business continuity must be tightly integrated to enable organizations to be resilient. No longer can they be siloed. Five key reasons to ensure your DR and cybersecurity teams are tightly integrated and routinely collaborating are:

  • Streamlined planning and strategy
  • Improved communication and collaboration
  • Enhanced incident response
  • Cost savings and resource optimization
  • Improved risk assessment and management

Corresponding content:

Tips on Choosing the Right MSSP for Your Organization’s Needs

We’ll leave you with some tips on choosing the right MSSP for your organization’s needs.

Determine Your Security Needs

Infographic on How to Choose the Right MSSP
Infographic How to Choose the Right MSSP

By conducting a thorough risk assessment to identify the areas of your organization that are most vulnerable to security breaches. This will help you to identify the type of security services that you require. For instance, if your organization handles sensitive data, you may require advanced security solutions such as intrusion detection and prevention, data loss prevention, and advanced threat analytics. By understanding your security needs, you’ll be better placed to select an MSSP that can provide customized solutions that meet your specific requirements.

Check the MSSP’s Security Expertise

An MSSP’s security expertise is a critical factor to consider when choosing an MSSP. Ensure that the MSSP has experience in securing the type of data and applications that your organization uses. Inquire about the MSSP’s expertise in specific security areas such as network security, application security, cloud security, and compliance regulations. Check if the MSSP is certified in relevant security standards such as ISO 27001, PCI-DSS, or SOC 2, among others.

Evaluate the MSSP’s Technology and Infrastructure

A reliable MSSP should have robust technology and infrastructure to deliver security services to your organization. Evaluate the MSSP’s security operations center (SOC) to determine if it has adequate security monitoring tools and methodologies. Check if the MSSP has invested in the latest security technologies to ensure robust protection against cyber threats and if they regularly publish security alert digests.

Consider the MSSP’s Response and Reporting Capabilities

When a security breach happens, time is of the essence. Hence, it’s crucial to choose an MSSP with fast response times and clear reporting capabilities. Check the MSSP’s response time in their service level agreement (SLA) and compare it with other MSSPs. Inquire about their incident management and reporting processes to ensure that you’ll receive prompt notifications and detailed reports during a security breach. Furthermore, check their communication channels to ensure that they’re responsive and easy to access.

Verify the MSSP’s Compliance with Regulations

Regulations such as GDPR, HIPAA, and CCPA have strict guidelines on how organizations should protect their data. Ensure that the MSSP is conversant with the regulations that govern your organization’s industry. Inquire if the MSSP has a compliance team that’s proficient in the relevant regulations. Additionally, check if the MSSP conducts regular compliance audits to ensure that they remain compliant with the latest regulations.

Consider the MSSP’s Cultural Fit

Beyond technical considerations, it’s important to find an MSSP that shares your organization’s values and culture. Consider factors such as the MSSP’s communication style, their willingness to collaborate with your IT security team, and their commitment to transparency and accountability.

The Future of MSSPs & What to Expect

According to Gartner’s Emerging Trends: Future of Security Services report, by 2026, more than 50% of service providers will have realigned portfolios to deliver use-case-based outcomes.

Here are some trends to watch in the realm of cybersecurity services.

  1. Increased Automation and Artificial Intelligence
  2. Shift to a Holistic Security Approach
  3. Human-Centric Security Design (source: Gartner)
  4. Emphasis on Incident Response and Threat Hunting
  5. Collaboration between MSSPs and Internal Security Teams
  6. Cybersecurity Validation (source: Gartner): Through 2026, more than 40% of organizations, including two-thirds of midsize enterprises, will rely on consolidated platforms to run cybersecurity validation assessments.
  7. Boards Expand Their Competency in Cybersecurity Oversight (source: Gartner)

Read Gartner’s full Top Cybersecurity Trends for 2023 report here.

Ready to find an MSSP?

Look no further than Dataprise.

  • Managed Detection & Response (MDR): Get 24/7 fully managed protection to detect, investigate, and respond to threats rapidly.
  • How Dataprise MDR Works: Detect threats and quickly respond to security incidents with 24/7 monitoring, detailed analysis, and access to global security alerts
  • Security Assessments: Achieve your business security goals with in-depth cybersecurity assessments that informs your strategic plan of action for reaching critical milestones.

The post What is a Managed Security Services Provider? An MSSP 101 Guide appeared first on Dataprise.

]]>
Verizon DBIR 2022: Which Attack Vectors Lead to Most Incidents? https://www.dataprise.com/resources/blog/dbir-2022-attack-vectors/ Wed, 13 Jul 2022 00:00:00 +0000 https://www.dataprise.com/resources/blog/dbir-2022-attack-vectors/ Verizon has conducted its annual Data Breach Investigation Report (DBIR) every year since 2008. Read more to learn about the top attack vectors for incidents.

The post Verizon DBIR 2022: Which Attack Vectors Lead to Most Incidents? appeared first on Dataprise.

]]>
Verizon has conducted its annual Data Breach Investigations Report (DBIR) every year since 2008. What they found this year was that nearly every breach could be traced back to human error or supply-chain compromises. These breaches cost companies an average of $4.24 million, which means it’s worth knowing the most common attack vectors. Below we look at which ones are the go-to’s for hackers and how to mitigate the risks.Cybersecurity Attack Vectors

What Is an Attack Vector?

In the cybersecurity world, vector refers to the method of attack. These attacks allow criminals to exploit vulnerabilities to extract valuable information after a breach.

The Countdown: Least to Most Dangerous

We’ll look at the different vector examples from the Verizon DBIR, building from bad to catastrophic.

Trojan-Downloader Malware
Trojan-downloader malware is a type of trojan that can wait until the right connection opens up (e.g., remote server, website, etc.). Only then will it download malware onto the infected computer. One of the most famous kinds of malware is known as NotPetya, which made headlines in 2016 and 2017. Petya and NotPetya both encrypt the hard drives of infected computers, though NotPetya is more versatile in its spread and likely to be government-sponsored in Russia.

Direct Action
Direct action viruses (sometimes known as direct install) hide in otherwise legitimate programs. As soon as that program is launched, the virus is installed. The code of the virus can actually be positioned between the hard disk and diskettes, making it possible to affect multiple devices. There is some evidence that this is a common methodology for government-sponsored Chinese hackers. They largely target VPNs and public-facing apps.

Remote Injection
Remote Desktop Protocol (RDP) hacks are an attempt for criminals to access the passwords and system information on workplace networks. The US Office of Personnel Management was hacked in 2015 and went through an ordeal when a hacker was able to gain permission to the agency’s servers. Now that more people are working from home, this kind of attack is becoming more popular by the day and why organizations need to implement methodologies like zero trust to better protect their data and systems.

Carelessness
Link clicks, downloads, forgotten updates, misconfigurations: plenty of hackers use plain old human error to their advantage. Twitter employees famously fell victim to a spear-phishing hacking where criminals collected information about employees working from home and then posed as Twitter execs to gain access to their credentials. They were then able to reset accounts for some of the most famous Twitter users on the platform.

Backdoor
A backdoor refers to any method that allows someone to bypass the standard security metrics of a system. Back doors aren’t solely used by hackers, though the term is often used in this context. Hackers will distribute backdoor apps through something like fake crypto wallets, such as one famous breach story that originated from China. Once they’d distributed the backdoor app, they then used the technology to access funds.

Software Update
If a hacker gets hold of a distributor’s key, they can use it to sign a malicious update and then send it to a target. This is a stealthy one as other users will see just the regular update channel. Android made headlines in 2021 when a hacker group designed malware that successfully posed as an update.

Partner Breach
In 2021, 61% of breaches were a supply-chain partner issue, meaning criminals are targeting companies upstream. Doing so gives them access to more organizations at once. When the government IT firm SolarWinds was hacked, 80% of those affected were non-government agencies.

Email Hack
Email is still a great way for hackers to exploit businesses and individuals by gaining access. Commonly known as spoofing, this attack vector typically involves a hacker pretending to be someone else. The chairman of Hillary Clinton’s campaign famously found himself a victim of Russian hackers who pretended to be Google. It meant that they could release all of his emails before the election.

Web Application
Cybercriminals are always looking for opportunities with software and servers. If they can exploit a vulnerability and keep it hidden until they launch the attack, this is known as a zero-day attack. Sony Picture Entertainment was famously breached last year thanks to an undisclosed vulnerability — one that gave hackers the ability to attack multiple parts of the studio’s network.

The takeaway here is that no one is immune from these attack vectors, regardless of how many resources they have at their disposal. (If Sony’s having trouble with security, small businesses aren’t going to have it any easier.)

It’s critical for IT employees to be aware of these threats, and to diversify their protections and security visibility whenever and wherever possible. The DBIR suggests that even a few policy changes, such as more frequent password updates or training employees to spot fake emails, could make a big difference in whether they’re targeted for or vulnerable to an attack.

Download the CIO's Ransomware Checklist.

DBIR Over the Years

Now that we covered 2022, we thought it would also be interesting to take a walk down memory lane and include our review of the top 5 cyber security takeaways from the 2017 DBIR as many of the items are still relevant today.

The 2017 Verizon Data Breach Investigations Report (DBIR) contained almost 2,000 confirmed data breaches and more than 42,000 security incidents, which jumped up to 5,199 confirmed breaches in the 2023 report. Here are the top trends:

  • Your employees are your biggest risk, but can also be your best defense. Accidental or purposeful internal actions can put your organization at risk. The most popular cause of cyberattacks is still employees clicking on links or downloading malicious content. Businesses would benefit from focusing on investing in employee education to build up the strength of their human firewall and bring down their risk factors.
  • Password management is critical. Hacking attempts through weak passwords have increased from 63% to 80% in the past year. Your IT team would benefit from requiring all users to change their passwords every 30, 60, or 90 days, and implementing two-factor authentication for access to critical data. Ensure your IT department or MSP is following best practices when it comes to security with a security gap assessment, which looks at password policies and enforcement as well as 122 other areas of your business and provides recommendations.  
  • Phishing attempts are becoming more sophisticated. The GoogleDocs cybercrime was one of the first attacks to hit so many users at so many different times in a coordinated strike. However, phishing attacks will only get smarter over time, as they rarely make the same attempt twice. A security team would benefit from being able to react in real-time to prevent users from opening malicious downloads.
  • Ransomware incidents increase by 50%. Jumping from the 22nd most popular choice of malware to the 5th, this change implies that hackers are shifting more towards organized attacks on vulnerable organizations rather than random individual users. The targets of these attacks are typically not prepared for a ransomware hit and choose instead to pay the price of releasing their data rather than implementing a protective system, such as remote managed backups, to render the hacker powerless. WannaCry and the ransomware attacks that follow are not listed in this report– evidence that these attempts will continue to become more sophisticated. 
  • The healthcare industry is currently one of the most targeted industry. This year’s security breach report marked the first year where attacks were sorted by industry. The data reflects that healthcare businesses, from major hospitals to six-person dental offices, accounted for 15% of the reported data breaches. No matter your industry, it is imperative that your client information cannot be breached; the amount of trust that will be lost in your business might cost more than paying a ransom to get it back, but there are steps you can take now to prevent anything from happening.

The only difference between an inconvenience and a disaster is how quickly an organization can detect and respond to an incident. Give your business the advantage to respond in real-time with IT Support Services that include 24×7 data protection.

The post Verizon DBIR 2022: Which Attack Vectors Lead to Most Incidents? appeared first on Dataprise.

]]>
IoT Security Weaknesses https://www.dataprise.com/resources/blog/iot-security-weaknesses/ Fri, 08 Apr 2022 00:00:00 +0000 https://www.dataprise.com/resources/blog/iot-security-weaknesses/ In many ways, the risks of IoT are innumerable. It pays to mitigate threats to an IoT network by paying more attention to your processes and systems.

The post IoT Security Weaknesses appeared first on Dataprise.

]]>
The Internet of Things (IoT) is essentially a network of devices that are interconnected to function as a larger unit. At home, you might have your alarm clock trigger your toaster to prepare a piece of toast or or your coffee maker a cup of java by the time you get downstairs. At the office, though, the stakes are a little higher. We’ll look at how IoT works, its security weaknesses, and how to be proactive about protecting your systems.

IoT Proliferation

IoT relies on sensors to both gather data and act on it. Because it offers new, more efficient ways to conduct business, it’s quickly grown in popularity. In fact, many employees might be surprised at the complexity of the web in even smaller offices. The IoT can create new revenue streams and optimize the customer experience without risking a company’s budget. However, because there’s so much information being collected and so many interconnected devices, the odds that one of the devices will be compromised rises exponentially.

IoT Security Weaknesses

In many ways, the risks of IoT are innumerable. Every new feature or device introduces multiple pathways for a scrupulous hacker to exploit. Criminals love to see businesses use IoT devices because it makes it that much easier for them to find their way into a company’s system.

Now that more people are working from home than ever before (and using many of their own devices to do so), it’s no wonder attacks are on the rise. Right now, the Dark Web (AKA the haven for cybercriminals to discuss tactics) is rife with discussions on network vulnerabilities and the best ways to take advantage of them.

Why are IoT devices so targeted? The answer is simple human error. When developers are designing hardware and software for these devices, it’s relatively easy for them to make an error. The problem is that the risk multiplies when these products are then connected to so many additional devices.

Successful ones will run periodic updates to correct these issues, but no buyer should count on the developer finding the problem before they do. The most common threats in IoT include:

  • Poor defaults: We may not think very much about the default settings on devices, but criminals certainly do. If they’re inadequate, it’s an easy ‘in’ for hackers.
  • Faulty upgrade paths: If you can’t run an update on firmware, it’s probably because the pathway is inaccessible. This will introduce risk not just to the firmware, but to the entire network.
  • Excess computing power: Many organizations will invest in powerful technology, and only utilize about a 10th of its capabilities. This is wasteful for a company, but not for a hacker. They can turn all that unused power against a company pretty quickly.

IoT hacks take place all over the world and to organizations of all sizes, and the consequences can be vicious. In 2018, a variety of countries were unable to access the internet when a bot flooded the network with excess traffic. In 2010, hackers disabled devices used to make nuclear material in Iran. In 2017, cybercriminals attacked implanted pacemakers. They could not only steal information from it, they could actually change the settings of a device that kept people alive.

What You Can Do to Protect Your IoT Devices

When you use IoT, being proactive is your only option. Keeping attackers at bay starts with the following:

  • Implementing centralized protection: Companies are often used to cybersecurity being done piecemeal, based on anything from the brand to the age of the device. However, leaders are quickly learning that this is an unsustainable approach. The reality is that there needs to be a top-down solution that can cover everything connected.
  • Investment in cybersecurity innovation: Much like IoT, entire organizations are willing to collaborate with each other and share data with one another, but all that connectivity is often met with a lack of corresponding spending on the security side of it. If data governance breaks down at any stage of the way, the results can be disastrous.
  • Don’t wait for standards: Someday, we’ll have active standards that address these problems on a worldwide scale, but experts warn us all not to hold our breath. Even without formal guidance, though, the reality is that organizations are still responsible for keeping information safe and systems up and running.

Convenience Versus Security

Were you one of the millions of Americans who hit the stores or the Internet on Black Friday and Cyber Monday to do your holiday shopping? Did you stock up on all the great deals on home automation products like the Amazon Echo, Google Home, or one of the hundreds of smart devices with which they can communicate? Congratulations, even The Jetsons would envy your home and your ability to turn on your lights, start the coffee, and hear the morning news using only the power of your voice. However, did you know, convenience comes at the expense of security?

Smart home products is a multi-billion-dollar industry, which is expected to see continual growth in the coming years as they become more accessible and increasingly communicative. However, since it is a relatively new industry, there have been some growing pains, specifically around security vulnerabilities. In just the last few years, there have been some serious smart home and Internet of Things (IoT) hacks.

In November 2014, thousands of unsecured, Internet-connected cameras in 256 countries were hacked using the devices’ default usernames and passwords and broadcast on the internet. Although the website claimed its motive was to draw attention to the risks of leaving security cameras unsecured, it was still an invasion of privacy in its truest sense.

In a much different scenario, hackers recently gained entry into an American casino’s entire network and sent company data back to a device in Finland. Casinos are typically very secure, so how did hackers manage this feat? Through an Internet-connected fish tank.

Obviously, not every home has (or needs) an Internet-connected fish tank, but more than likely, you have a device that’s Bluetooth-enabled. This technological wonder is found everywhere today. It’s in your car, phone, laptop, portable speakers, and table-top voice-activated personal assistants, just to name a few. Even some light switches have the functionality. Recently, the IoT cyber security firm Armis announced that many of these devices (over 5 billion and counting) are susceptible to malicious attacks through the BlueBorne vulnerability, a set of known vulnerabilities in Bluetooth technology. Although several of these vulnerabilities have been patched, several remain open. Leveraging this vulnerability, an attacker can spread malware quickly and efficiently; they just need to infect one Bluetooth-enabled device to spread the malware unknowingly to any nearby Bluetooth-enabled devices, and it could spread like the flu. So, ask yourself, “Do I need my Bluetooth on all the time, everywhere I go? Is it worth the risk?”

We cannot make the decision for you on what’s more important in your life – convenience or security. Smart home devices are incredibly convenient. Having the power to manipulate your home using only your voice or smartphone is extremely practical, but it’s also a novelty. Our goal is to arm you with an understanding of the benefits and risks that come with IoT devices to help you make an informed decision regarding these devices.

The strengths and weaknesses for security and privacy in IoT depend on the system you have. While there’s no such thing as preventing all attacks, it pays to mitigate threats to an IoT network by paying more attention to your processes and systems. The more vigilant you are, the fewer problems you’ll have.

Download the CIO's Ransomware Checklist.

The post IoT Security Weaknesses appeared first on Dataprise.

]]>
Combat a Ransomware Gang Like REvil https://www.dataprise.com/resources/blog/ransomware-gangs/ Wed, 08 Dec 2021 00:00:00 +0000 https://www.dataprise.com/resources/blog/ransomware-gangs/ Governments are beginning to make headway against ransomware gangs. Click here to learn about how they’re fighting back.

The post Combat a Ransomware Gang Like REvil appeared first on Dataprise.

]]>
Ransomware is big business for organized criminals, one that’s largely able to operate untouched. Despite our knowledge of these crimes, it’s been difficult to root out who’s doing what due to everything from virtual protections to international borders.

REvil is just one of the hundreds of ransomware gangs that have plagued the United States though they’ve ultimately caused untold damage all over the world.

Thankfully, governments are making headway when fighting back. According to multiple private-sector cyber experts, there are multiple countries working together to take back stolen funds and prosecute ransomware gangs. While the details are still being uncovered, we look at how officials aren’t taking anything lying down.

Recent reports claim $6 million has been seized in cryptocurrency, a major coup for the government and a serious future crime deterrent.

A Network of Criminals

REvil is one of the most famous crime groups in cybersecurity. It directly infiltrated meatpacker JBS, but perhaps its most famous attack was indirectly pulled off by the group’s former partners. Past associates of REvil managed to cause massive gas shortages by attacking the Colonial Pipeline. Using the encryption software DarkSide, the ransomware gang managed to extract millions of dollars in ransom payments.

The head of cybersecurity strategy at VMWare, Tom Kellerman, has worked with law enforcement and security personnel to stop further victims from being targeted and to identify criminals regardless of their location. The FBI, Secret Service, and other countries are taking serious action to disrupt the groups. REvil was at the top of the list.

Accelerated Action

The US had long been taking steps to combat these groups, but efforts accelerated in July of 2021 when REvil managed to hack into software management company Kaseya. This hack made hundreds of customers vulnerable and triggered a serious response from the government.

While the FBI did have a decryption key that could have been used to get the files back, agents decided to use the hack to their advantage. By strategically waiting to reveal the decryption key, they were able to hack at least part of REvil’s servers.

The efforts had one of the key leaders of the gang on the run. Known only as 0_neday, the criminal confirmed to a crime forum that the ransomware gang’s servers were compromised and that government officials knew who they were after. The main spokesman for the group, a figure who calls themselves Unknown, has also vanished from view.

Turning the Tables

REvil had gotten away with a lot of crime without any detection, which likely left them believing they were invulnerable to authorities. 0_neday may have thought they were restoring the group’s websites, but instead, he was actually restarting internal systems controlled by law enforcement.

It’s clear the gang had assumed they weren’t compromised — otherwise they never would have tried restoring their infrastructure. Just as the criminals had relied on backups as a way into the network, so too did government officials and security professionals.

This was the crux of the hacks in the first place. People need to back up their work if they’re going to defend against a ransomware hacker. However, if those backups are completed through the organization’s main network, it opens everyone under the umbrella to a successful breach.

People need to back up their work if they’re going to defend against a ransomware hacker.

Look Who’s (Not) Talking

Comments from the Security Council and the FBI are few and far between. They are willing to confirm that ransomware is at the top of their radar though and that the government is working with the private sector to modernize their tactics. They’ve also confirmed that this is an international project to ensure that bad actors are held accountable.

There are reports though that a foreign partner of the US has a still-active operation to penetrate more of REvil’s architecture. Under the condition of anonymity, those familiar with the events are confident that the matters are being treated with the gravity they deserve. Lisa Monaco, Deputy Attorney General, said that what’s happening right now is akin to terrorism and thus requires the same degree of scrutiny.

Additional Takedowns and Coalitions

The Ransomware-as-a-Service (RaaS) portal BlackMatters, also known as a one-stop-shop where criminals can access cyber ransom software, recently shut down due to local authorities. This information came from a message on a RaaS portal. The poster confirmed that the ransomware gang would be shut down within 48 hours.

While the message doesn’t confirm exactly what happened, the event was tied to a discovery that linked the assumed creators of the software to the cybercrime group known as FIN7. From there, they connected the actors to a cybersecurity firm called Bastion Secure. FIN7 is also associated with DarkSide, meaning the REvil takedown was likely a contributing factor as well. These hackers may not all be working together, but it’s clear that there are associations between the major groups.

Conti, another malware group, also recently shifted its business objectives, which might be in preparation of being found out soon. While the group doesn’t seem to be backing down just yet, they are updating their blog to go after companies attacked by ransomware.

Finally, the UK recently formed its own cyber council to hunt down ransomware gangs. Director of intelligence agency GCHQ said that Britain has seen a rise in attacks and the government is ready to go on the offensive. This would mean targeting and disabling operations under the UK’s National Cyber Force, a brand new command developed specifically to find criminals and stop them before they do any more damage. To that end, Britain was a part of the team that helped take down REvil.

 Slow Progress

When technology changes so quickly, the government’s ability to keep up can look comparatively sluggish. However, these events do confirm that progress is being made. The ransomware gangs may be able to operate from anywhere in the world but that doesn’t mean they can hide forever. Governments from every corner of the globe are prepared to throw resources into the game to ensure that everyone can stay safe online.

In the meantime, it’s imperative for your organization to stay vigilant in order to prevent a ransomware attack.

Stay Ahead with Dataprise Managed Detection

With data threats everywhere, there’s a lot at risk for your company. Cybercrime gangs have been shifting tactics lately to embrace new technology and make it harder, and more expensive, for businesses to keep their data safe. With Dataprise managed detection and response services, you will gain access to real-time monitoring and reporting of security system events and logs.

To learn more about how Dataprise can help you with your overall cybersecurity strategy, contact us to set up a discovery call.

Interested in gauging your cyber posture? Take our short Cyber Hygiene Assessment today and receive personalized recommendations from our experts.

The post Combat a Ransomware Gang Like REvil appeared first on Dataprise.

]]>
Key Webinar Takeaways: 4 Hidden IT Risks https://www.dataprise.com/resources/blog/four-hidden-it-risks/ Tue, 27 Apr 2021 00:00:00 +0000 https://www.dataprise.com/resources/blog/four-hidden-it-risks/ In this blog we break down risks your organization may face due to aging IT infrastructures and provide actionable measures you can take to overcome them.

The post Key Webinar Takeaways: 4 Hidden IT Risks appeared first on Dataprise.

]]>
Last week, Ryan Miller, our Director of Infrastructure Management, presented our latest webinar, “4 Hidden IT Risks: Learn How to Find & Mitigate Them.”

This webinar covered how the combination of cyber risks, the explosion of data, and remote workforces have exposed significant risks in aging infrastructures, putting many IT organizations in defense mode.

Here we will break down risks your organization may face and provide actionable measures you can take to overcome them. After this glimpse, check out our full webinar below.

1. IT and Business Have Misaligned Priorities

Often overlooked, misaligned priorities between IT and business is a hidden risk are that can lead to ineffective IT investments, overengineering, lack of standardization, or migrating on the wrong timeline. 

Some practices to help align IT and the greater business include:

  • Determine and balance the priorities
  • Embrace standardization to avoid over-engineering
  • Keeping pace with the business and communicating the right timeline for migration

2. Miseducation on Modern Data Protection

Today, firms must plan for cyber-attacks, political unrest, pandemics, equipment failures, and many other scenarios. The risk of not modernizing your data protection can lead to a longer time to recover, lack of alignment with infrastructure, and missing redundancy.

Some practices to help modernize data protection include:

  • Understand how your data is protected now compared to what the ideal state is.
  • Structure data strategically with disaster recovery in mind.
  • Design for disaster recovery by avoiding single point of failures in the cloud.

3. User Support Strategy

There is a critical need for IT leaders to build strong ties withinn their business to ensure alignment and to also remember that users are people with unique perspectives, not just tickets. The lack of attention to support strategies leads to poor user support experiences, lack of alignment with the organizational norms, and lost productivity.

Some practices to improve your user experience include:

  • Understand the current state of how support works.
  • Investigate cultural norms and how users consume technology and support in the business.
  • Build out a migration strategy to move to the most efficient model for your business.

4. Smart Outsourcing

Across the board, almost all organizations are outsourcing something, but without planning, you may end up outsourcing the wrong items, holding on to non-strategic functions or outsourcing at the wrong time.

Some practices to strategically outsource your IT:

  • Review your business growth strategy and align accordingly.
  • Know the costs associated with the different elements of IT, both direct and indirect.
  • Determine what makes sense to outsource and what does not.

Not every outsourcing solution looks the same. It’s important to assess what makes sense for your business at this time because that answer is always changing.

As the workplace constantly evolves, businesses that mitigate risk successfully are constantly evaluating all the points above. At Dataprise, we can help you get a jump start in mitigating risk with a ‘no cost’ IT environment assessment. Find out more below!

Get a No-Cost IT Environment Assessment

The post Key Webinar Takeaways: 4 Hidden IT Risks appeared first on Dataprise.

]]>
Top Cyber Security Trends 2021 (So Far) | Dataprise https://www.dataprise.com/resources/blog/top-cybersecurity-trends-2021/ Tue, 16 Mar 2021 00:00:00 +0000 https://www.dataprise.com/resources/blog/top-cybersecurity-trends-2021/ Companies must learn from years past when it comes to cybersecurity threats and protection. Click here for the top cyber security trends 2021 has in store.

The post Top Cyber Security Trends 2021 (So Far) | Dataprise appeared first on Dataprise.

]]>
If IBM is right, we’re in the process of entering a very different phase in the world of cybersecurity. According to their latest Cost of Data Breach Report, the average total cost of a data breach declined slightly, from a stomach-wrenching $3.92 million in 2019 to a still staggering $3.86 million in 2020.

But don’t let this decline fool you; while there was a slight decrease in the costs of a data breach for large companies and mature enterprises, there was a sharp increase in costs for midmarket organizations.


While 2020 brought about expected advancements in technology and in cyber threats, it combined that with a global pandemic that turned the world on its head. This swift change led to a growing divide between organizations with more advanced security processes like automation and formal incident response teams, and those with less advanced security postures in those areas.

It may be tempting to completely shut the door on all things 2020, midmarket companies must learn from years past when it comes to cybersecurity threat predictions and protecting themselves against them. Familiarize yourself with the threats below so you can move through the rest of 2021 with a little more confidence.

Remote Workforce Exploitation

One year ago the quick spread COVID-19 resulted in an abrupt transition to a remote workforce for companies of all sizes. This seismic shift for workers meant that many cybersecurity measures became obsolete, lax, or completely unenforceable. Therefore it should come as no surprise that cybercriminals used this as a new attack vector, feasting on the many improperly secured connections and technologies used by this newly remote workforce.

While two-thirds of businesses had to shift at least 61% of their workforce to work from home, many organizations failed to address the areas that would’ve strengthened their security, and this trend has continued into 2021. Among other things, many midmarket companies:

  • Fail to provide cybersecurity training to address the threats associated with working from home,
  • Don’t analyze the security of the tools they use for remote work, and
  • fail to deploy new or updated antivirus software for work-issued devices.

Furthermore, many cloud collaboration tools dont provide adequate cybersecurity, and employees may not have adequate cybersecurity protections for their personal networks and devices.

“Many organizations failed to understand the gaps in their cybersecurity plans when transitioning to a remote workforce, experiencing a breach as a result,” Malwarebytes CEO and co-founder Marcin Kleczynski said in an August. “The use of more, often unauthorized, devices has exposed the critical need for not just a complete, layered security stack, but new policies to address work from home environments. Businesses have never been more at risk and hackers are taking notice.”

Exploitation of Bad Cyber Hygiene

Maintaining proper personal hygiene practices reduces the spread of illness and risk of medical conditions caused by not taking care of yourself. For companies looking to prevent cyber attacks, the same logic applies. Cyber hygiene practices like patching and updating user systems regularly, encouraging the use of multi-factor authentication, and limiting admin privileges needs to become ingrained within organizations. This importance is amplified by the rise in remote workforces.

Hackers have been encouraged because remote workers are sometimes using personal devices that are less secure, saving passwords in their browsers, and loaning corporate devices for personal use, all of which provide new opportunities for hackers to infiltrate unsuspecting businesses.

Ransomware on the Rise

According to Microsoft’s annual “Digital Defense Report,” published on Sep. 29, 2020, attackers have moved further away from malware-based attacks and toward phishing, credential stuffing, and business email compromise with more refined attacks. According to some, there’s been a 715% year-on-year increase in detected and blocked ransomware attacks in 2020. 

In 2021, these attacks show no signs of stopping because they are so lucrative. Ransomware has proven to be a good revenue stream for all threat actors, including nation-states. Ransomware is an equal opportunity offender; like phishing, anyone, from the CEO to the Receptionist, can be susceptible to ransomware attempts. 

Buying Security Tools Without Necessary Planning or Staffing

With many of the innovative cybersecurity software solutions on the market, many midmarket companies fall into the trap of deploying expensive software solutions, expecting them to increase their productivity and safety, yet the opposite happens. This happens because software is inadequate if staff is not properly trained on the new technology, and old business practices aren’t revised.

With a rush to quickly revise or enhance their existing cybersecurity solutions due to the pandemic, these business forgot about the most critical part of implementing any kind of change: the human element. It’s important for organizations to stop and think about whether they have the right people or infrastructure to effectively use their new technologies.

Furthermore, there is still a shortage a shortage of properly trained, experienced IT Security professionals, meaning there will likely come a time where your organization cannot maintain the tool you purchased and there won’t be anyone you can hire to fill in the gaps.

Cloud Data Exposure

In the last few years, more organizations are electing to adopt multi-cloud, hybrid environments to solve their problems and to evolve to meet today’s business needs. However, these varying environments have led to a host of issues, including:

  • security misconfigurations,
  • lack of adequate visibility into access settings and activities, and
  • identity and access management permission errors.

Multiple unknown threats can cause chaos in these combined environments and leave data exposed.


If you’re interested in learning about what you can do to proactively discourage cyber threats, fill the gaps in your network, and how to better increase your cybersecurity posture and maturity, join Dataprise for our free Cybersecurity Challenges in the Midmarket and How to Overcome Them webinar on March 24th, 2021.

In this webinar, Stephen Jones, a 20 year cybersecurity veteran and Dataprise’s Senior Director of Cyber Security Services, covers the following midmarket challenges and ways to overcome them:

Procuring and managing necessary cybersecurity tools and resources to adequately detect, validate, report, and respond to incidents

  • Identifying and filling gaps in your network
  • Maintaining transparency and visibility in your cybersecurity environment
  • Partnering with a cybersecurity provider without losing ownership of your data and history
  • Integrating your cybersecurity management with other aspects of your IT infrastructure such as business continuity and user management

Tune in to expand your knowledge of the role of cybersecurity and how to protect your business.

The post Top Cyber Security Trends 2021 (So Far) | Dataprise appeared first on Dataprise.

]]>
Improving Security with Multifactor Authentication https://www.dataprise.com/resources/blog/improving-security-multifactor-authentication/ Thu, 17 Sep 2020 00:00:00 +0000 https://www.dataprise.com/resources/blog/improving-security-multifactor-authentication/ Sometimes it feels like a hassle to have to do two-step authentication for email and application security. This blog explains the importance of this extra step to maintain a secure environment.

The post Improving Security with Multifactor Authentication appeared first on Dataprise.

]]>
Multi Factor Authentication Solutions

Who has access to your company’s network? At first glance, the answer may seem simple: your employees. However, if your business is one of many which does not utilize multifactor authentication (MFA) solutions, you may be unintentionally exposing your employees’ accounts to hacking attempts. In this article, we take a closer look at what MFA security is and why it is such an important tool in the digital age.

For readers who are unfamiliar with the concept, MFA is a method of authentication which requires users to provide one or more additional proof of identity besides their password. The goal of multi factor authentication solutions is to validate that the person logging is who they claim to be, and to prevent malicious hackers from authenticating into your network. It may seem irrational at first, but MFA is one of the most vital security improvements an organization can make, particularly those leveraging cloud services like Microsoft Office 365.

Google recently found that only 37% of Americans currently use MFA security, while according to Microsoft, 99.9% of Microsoft Enterprise accounts that get hacked do not use MFA. The correlation is clear: by challenging users to utilize more than one-factor of authentication, it’s unlikely that hackers will be able to obtain entry. These multiple factors can be separated into three specific categories; something you know, something you have, and something you are.

MFA Security: Something You Know

Most often, this is a password (or preferably, a passphrase), and your computer is challenging you to remember a string of characters to prove you are who you say you are. In concept, this should be the most secure method to prove your identity, since only you should know the correct characters and order to use. However, this method relies heavily on human memory, and it is technically possible for malicious software to correctly guess your password. It’s also easy for your password to be lost or stolen, including through a breach.

Passwords are commonly included as the first authentication factor in MFA, and as the only authentication factor for those who do not use MFA. It’s important to practice basic password hygiene:

  • Never disclose your password to anyone else. If you are in a situation where you must disclose your password to another individual, there is likely a technical or administrative failure within your organization.
  • Never fall for unexpected emails from “tech support” or the “president of the company” requesting your password or personal information. This will almost always turn out to be a social engineering scam designed to trick you into revealing sensitive information over email. Social engineers will typically assume the identity of a person of authority and create a sense of urgency to get you to hand over your information quickly; if it seems fishy, it probably is.
  • Use complex passwords that go above and beyond your company’s requirements. Password complexity helps protect a lost or stolen password and is commonly achieved through increased length and use of different types of characters (i.e., numbers, capitals, and ‘special’ characters).
  • Use a passphrase. Passphrases are passwords which consist of a string of words and other characters (see above), which provide more security than shorter passwords. Length is the best form of password complexity, and shorter passwords are generally easier to hack.
  • Change your passwords periodically, and never reuse them, even between different accounts. This helps ensure that compromised passwords can only be used by a hacker for a short period. For those worried about the challenges of needing to remember too many passwords, a Password Manager software can help reduce the burden.

Encourage your employees to practice these basic rules to ensure that accounts, especially those without a ‘second factor’ of authentication remain secure.

MFA Security: Something You Have

If you’ve ever received a code via Text Message (SMS) to log into an account or system, you’re authenticating using ‘something you have’. Other multi factor authentication solutions in this category include physical tokens (e.g., RSA tokens, Yubikey) and ID badges/fobs (commonly used for building access and especially prevalent in medical environments). These tokens are effective when used alongside ‘something you know’, as it’s unlikely that a hacker who has determined your password also has access to your smartphone or ID badge. However, many users are prone to lose, forget, or damage their phone or ID badge, and it can be time-consuming to provide a replacement. Your organization can take steps to help minimize the potential downsides to using ‘something you have’ for the second factor of authentication by considering the following:

  • If you already have an existing building access system, explore how this can integrate into the system login. This generally works best when remote logins are uncommon.
  • Authenticator applications available on your smartphone are generally more secure than SMS codes, which can be intercepted by savvy hackers. If you plan to rely on these types of ‘soft tokens’ use either a dedicated application or support for a universal authenticator (like Google Authenticator)
  • If you plan to implement a physical token solution (such as RSA or Yubikey), make sure you are prepared in case these tokens are lost. Both of these systems have controls to allow for you to replace a lost key, however, your organization will need to determine who is responsible for managing this system and formalize a policy that is understood by the entire organization.

MFA Security: Something You Are

Biometrics, such as fingerprint readers or facial recognition, have become commonplace as primary authentication methods for smartphones. It isn’t uncommon for enterprise-class laptops to also contain fingerprint readers and facial recognition systems that integrate into Windows. These systems often allow for more secure and efficient access when compared to a password but are most often applied as a single factor solution. As the title of this article suggests, we always recommend relying on multi factor authentication solutions, and a password is a good option as one of two or more factors used.

  • Consider using Biometrics as an alternative ‘primary factor’ when using systems that support it (such as laptops) as opposed to a second factor. This may be as limited as requiring all smartphones with access to the corporate mail server to use Biometric authentication.
  • Carefully consider and address employee privacy concerns and ensure that your facial recognition software is reliable. Some facial recognition systems have difficulties with glasses or facial hair and result in poor reception, and many employees may have concerns about the use of such software within the organization.
  • Ensure that you have clearly defined roles in place defining who is responsible for managing the enrollment of users into biometric systems, and that the process is formalized in a policy.
  • Ensure that each user has at least one finger on each hand enrolled in a fingerprint-based authentication system. Frequent handwashing or lotion use can make fingerprint systems unreliable.

Implementing Multi Factor Authentication Solutions for Your Business

If you are already leveraging Microsoft 365 / Office 365, you likely have the appropriate licenses to use Microsoft’s built-in MFA security system. This system provides you with either SMS or an authenticator application using an interface that your users may already be familiar with, making it an ideal way to implement MFA. However, this built-in system only applies to your cloud services, not your desktop login. It provides essential security improvements in most instances, but it is not comprehensive, nor is it ‘one size fits all’.

Your organization will need to carefully consider where you would like to use mult ifactor authentication solutions and determine what solutions are supported right for your unique needs. There are many potential options, each with its own pros and cons, but any MFA system will greatly improve the security of the accounts within your organization.

Secure Your Business and End-Users Today

Need help figuring out which MFA or managed cybersecurity solution is right for you? Contact Dataprise CYBER to get an expert opinion.

The post Improving Security with Multifactor Authentication appeared first on Dataprise.

]]>
The Digital Frontier: How to Protect Your Ranch https://www.dataprise.com/resources/blog/digital-frontier-protect-your-ranch/ Tue, 25 Aug 2020 00:00:00 +0000 https://www.dataprise.com/resources/blog/digital-frontier-protect-your-ranch/ With an increase in ransomware attacks on businesses, defending your network is crucial. Learn how to protect your security environment in this article.

The post The Digital Frontier: How to Protect Your Ranch appeared first on Dataprise.

]]>
How to Protect Sensitive Information in the Digital Frontier

Businesses must protect sensitive information in the digital frontier now more than ever before. For as long as individuals have owned items of value, others have tried to steal them. Nowhere is this truer than in the American Old West, where savvy and unscrupulous criminals known as “cattle rustlers” stole the livestock and livelihoods of honest ranchers living on the frontier. In today’s world, it’s not too hard to draw parallels between that frontier and the digital frontier of information age cybersecurity. Both are rife with persistent, ever-evolving threats, but offer lucrative rewards to businesses and individuals who can successfully protect themselves and their assets.

Instead of wily and elusive cattle rustlers, modern businesses face the ever-present threat of ransomware attacks; rather than stealing physical assets such as cattle, these attackers are after the sensitive information and data that keeps your business running and gives you a competitive edge. Now more than ever, as your herd of computers roams free in your employee’s home environments, it’s crucial to start preparing to defend your network.

The Digital Frontier

But Why Now?

In case you are unfamiliar with the term or missed our previous article covering security exploits, ransomware is a type of malicious software designed to infiltrate a network, prevent access to files or computer systems, and hold this access for ransom. The list of ransomware victims is long and getting longer every day. Most recently, global technology giant Garmin was infiltrated by a ransomware attack at the end of July 2020. The attack disrupted Garmin’s services worldwide, prevented their commercial smartwatches from syncing, and impaired performance of their aviation equipment, not to mention the millions that Garmin may have had to pay in ransom to recover.

Though high-profile attacks get the most news coverage, you don’t need to be a major technology company to be hurt by a ransomware infection; according to Tech Times, as much as 71% of ransomware attacks target small businesses. These information age cattle rustlers often target smaller companies simply because they are less likely to be able to make a recovery and are more likely to pay the ransom. With the average ransomware ransom currently close to $100,000, and a 41% increase in ransomware attacks from last year, the threat has never been more serious. Has your business taken the right steps to protect sensitive information?

What’s in it For The Bad Guys?

Oddly enough, the motivation for hackers to perform ransomware attacks is similar to that of the cattle rustlers of the Wild West: money (ransom payments), valuable assets (data), and fame (covert advertising). Let’s examine each reason in greater detail.

  • Money – Ransom payments are the most obvious and common motivation for ransomware attacks, as these are ultimately criminal enterprises made up of employees who need to make a living. Whether it’s a few thousand dollars for some personal files or a few million dollars from an enterprise like Garmin, they are ultimately in it for the payday.
  • Data – Your data is also valuable to many hackers, even if it does not seem as obvious. It’s entertaining to think of a criminal organization stealing blueprints to secret technology but more mundane information like your list of clients, gives them new targets. They may even get lucky and get some credit card or social security information. All data is a commodity in the information age which is why protecting sensitive information has become so important.
  • Fame – It needs to be understood that hackers are highly sophisticated criminal enterprises, not lone individuals sitting in a basement with bloodshot eyes and a black hoodie. They have clients and competition, and the higher profile the hack, the better advertising it is for their business.

Mantra One: Cattle, not Pets

Ranchers, both Old Western and modern, cannot get attached to their cattle. They are there to serve a purpose, to enable the rancher to maintain their livelihood, and not for companionship like pets. Similarly, organizations must treat computers as cattle rather than pets – as tools to an end rather than objects of attachment. This perspective can help you protect sensitive information from malicious attacks. I’m sure many of us have “favorite” tools (I’m guilty of naming screwdrivers), but cybersecurity best practices dictate that we must remain objective about replacing and maintaining our  computers. Follow these best practices which foster a “cattle, not pets” culture in your business:

  • Encourage users to save files in the network or cloud Storage instead of “My Documents”
  • Actively prevent users from saving data locally on their computer
  • Use standardized system images to speed up Operating System and software installation
  • Using Group Policy Objects to deploy and configure printers, network drives, and other devices
  • Prevent your users from installing software that is not approved by the organization
  • Educate your employees about what security measures are in place, why they are important, and how they can help
  • Develop a comprehensive response plan for malicious attacks
  • Ensure that you can remotely remove a computer from the network if there are issues with the device (such as a virus or malware)

Mantra Two: Two is One, One is None

As its name implies, the Wild West was just that – wild. Ranchers living on the frontier had to user their wits to survive and find multiple ways to solve problems; if you’re trying to start a fire and you only have a matchbox, what happens when you run out of matches? Similarly, modern businesses should adopt a “two is one, one is none” mantra when protecting their data in the digital frontier. If you only have one copy of your data, it might as well not exist- it could be stolen, lost, or destroyed at any time. But even with one backup copy, organizations are still at risk; many ransomware attacks lock you out of your backups and force you to ransom them back.  Thus, an optimal recovery strategy requires multiple copies of the data to be available to you, but hopefully not the bad guys. Achieve this by adhering to the following:

  • Do not use virtual machine (VM) snapshots or RAID storage as backups
  • Back up all servers daily, including both the data on the server and the operating system
  • Do not backup workstations by default (see: Cattle, not Pets), but make spare equipment available
  • Maintain at least one “offline” copy of data (i.e., on a tape or hard drive stored in a fireproof safe or cloud service datacenter) which is sufficient to restore from an emergency
  • Define a retention policy to ensure you can recover data from various points in time (e.g., retain all the daily backups for one week, and one weekly backup for a month, one monthly backup for a quarter, and one quarterly backups for a year)
  • Test backups periodically by performing a restore of select data or servers to confirm that the backups are valid

Thinking Secure

We’ve written previously about the threats to your network, like business email compromiselarge data breaches, and core network security. Cyber threats are constantly evolving, and the next security breach is right around the corner. Fortunately, cybersecurity solutions are also evolving, and approaching your organization’s technology culture with the proper “secure mentality” is essential. If your organization successfully follows the two mantras described above and their associated best practices, you can expect the following result from a typical ransomware attack:

  • The infected computer encrypts several files on the network and spreads to a few other machines before the threat is recognized and all infected devices are removed from your network to contain the attack
  • While there is an impact on critical business operations, a reliable “offline” backup is available and allows you to recover the lost files on the same day
  • The infected users continue to work on spare equipment while the infected machines are re-imaged
  • You or your information security partner evaluate the incident to determine if improvements are needed to prevent future incidents

Small But Mighty

Many small to medium-sized businesses may be thinking at this point, “if a multi-billion-dollar international enterprise like Garmin can’t keep the bad guys out, what hope do we have?” The answer may surprise you. For one thing, smaller businesses are nimbler, with a smaller attack surface to manage; you can take meaningful steps to protect sensitive information faster and more efficiently than industry titans. Additionally, the hacker coordinating the attack will often expect smaller organizations to be unprepared, and they are more likely to look for an easier target if they encounter a strong defense rather than doubling down. The best practices covered here will not comprehensively protect you from every threat you may encounter, but they will make you much better equipped to cope with and recover from attacks than those who ignore them.

The first time I encountered a ransomware attack was over a decade ago, but I still remember it like it was yesterday. Thankfully, an offline backup was available on a tape and it was easy for that client to recover to the previous night’s data. It was a small company with less than 25 employees, which imported and resold hats. The cattle rustlers made it into the ranch, but thanks to the backups, no cattle were lost. However, they did get a request to pay a ransom using a new digital currency called “bitcoin”.

Business as Usual on the Digital Frontier

As much as things change, I’m always impressed by how much they stay the same.

At Dataprise, we help businesses protect their data from ransomware and other cattle rustlers of the information age. We are not just your fence, but your guards, alarm system, and sheriff. For more information, visit Dataprise Cyber.

The post The Digital Frontier: How to Protect Your Ranch appeared first on Dataprise.

]]>
Security Exploits Explained: Worms, Trojans, Ransomware, oh my! https://www.dataprise.com/resources/blog/security-exploits-explained/ Tue, 21 Jul 2020 00:00:00 +0000 https://www.dataprise.com/resources/blog/security-exploits-explained/ Modern businesses must overcome a wide variety of cyber threat. In this article we answer: what is a Trojan Horse? what is Malware? what is a computer worm? what is Ranswomware?

The post Security Exploits Explained: Worms, Trojans, Ransomware, oh my! appeared first on Dataprise.

]]>
What is the Difference Between Worms, Trojans and Ransomware?

In the classic movie The Wizard of Oz, a group of friends goes on a journey along the yellow brick road on a quest to realize their deepest desires. The group must overcome many obstacles along the way, including many which are not quite what they first seem. Similarly, modern businesses must overcome a wide variety of cyber security exploits and threats in order to reach the desired destination of an exceptionally secure IT environment. Preventing common security exploits keeps you and your business safe, but understanding the threats is key as well. In this article we answer:

  • What is Malware?
  • What is a Trojan Horse?
  • What is a computer worm?
  • What is Ransomware?

Exploits in Computer Security

One of the first obstacles to overcoming cyber threats and preventing exploits in computer security is understanding the lingo. For example, Microsoft recently released details on a 17-year-old vulnerability known as SigRed that is “wormable” and potentially exploitable remotely. If you’re like most people, the first thing you will ask yourself is, “what in the world does ‘wormable’ mean?” And you would not be alone; the cybersecurity lexicon is already filled with niche terms such as worms, trojans, and ransomware (oh my!), and seems to grow every day. But have courage, dear reader, because we have built this quick primer to help you easily understand and protect yourself from these common exploits in computer security. 

 ‎Virus / Malware / Trojan: What is Malware? What is a Trojan Horse?

Virus, malware, and Trojan (or Trojan horse) are all terms used to describe various forms of software that allow a malicious third party to exploit security vulnerabilities in an operating system or software for a purpose that was not intended by the end-user of the computer.

  • Malware is the broadest term of the group and is most often a simple software intended to perform some malicious action on a computer, software, or operating system. Viruses and Trojans are types of malware, but this category includes other types of dangerous software as well.
  • A virus is a type of malicious software which generally “infects” other software by modifying the software or operating system and can be notoriously difficult to remove. This security exploit is more complex and potentially harmful than many other types of malware.
  • A Trojan Horse (Trojan) is a type of software designed to allow an attacker access to a device or network, and it can sometimes be disguised as legitimate software. In modern times, these are generally “RAT” or “Remote Access Trojans” that allow the attacker to view the screen, capture data, and otherwise interact with the device as if they were sitting in front of the keyboard. 

Computer Worm / Network Worm / Wormable: What are they?

A Worm (or network worm, or “wormable exploit”) is a horse of a different color – a unique type of malware that can infect (and re-infect) other devices on the network without the need for human intervention. Once one device is infected, the worm is often able to infect other connected devices and “tunnel” deeper into the network to resist attempts at removal. Worms are generally difficult and time-consuming to fully eradicate and require that all devices be disconnected from the network, cleaned, and only reconnected after the worm is eliminated from each device.

Even if fully eradicated, the effects of advanced worms may not be completely mitigated, as some cyber security exploits can tunnel without needing to replicate across the network. This is the case in the example of SigRed, which can move from one server to another but does not replicate. 

Notable Worms:

Ransomware: What is it?

Ransomware is yet another type of malware designed to prevent access to files or computer systems and hold this access for ransom, usually demanded in the form of bitcoin or another cryptocurrency. Ransomware relies on common security exploits, which often reaches its target through malicious attachments or phishing campaigns and can also include data exfiltration attacks which copy from your network. Once compromised, this data is sometimes sold or used in other malicious activities. 

Due to the relative ease of success and growing value of cryptocurrencies, malware has become one of the most common forms of cyber-attack over the last decade. In fact, recent news is full of high profile ransomware incidents, including attacks on Baltimore CityMultiple Towns in Florida, and an Illinois Hospital System. These attacks are often successful because the ransom requested is often trivial compared to the lost productivity and data they could cause.

Related Content:

What is an Exploit / Vulnerability?

Each form of cyber threat outlined in this article is some form of software designed to “exploit” a “vulnerability” on a computer or network. A vulnerability is simply a way of using software or services in ways that either the manufacturer (e.g., Microsoft) or the person implementing it (e.g., your organization) did not intend. This could include a design flaw or bug in the software, improper configuration, or failure to adhere to best practices. These potential exploits in computer security can often be solved by applying patches and updates promptly, but changes to the configuration or even server/network architecture may be required. 

Notable Ransomware: 

Defense in Depth / Protection from “Computer Nasties” 

Much like the flying monkeys in The Wizard of Oz, these cyber-attacks can appear unexpectedly and without warning, threatening to overwhelm organizations which are unprepared. The best defense is a multi-layered approach known as “Defense in Depth”. We’ve written about some of these concepts in previous blogs, but following the basic guidelines provided below will set your organization on the Yellow Brick Road to your ultimate destination – a reliable and secure IT environment. 

  • Only use operating systems and software which is under active vendor support – including your network devices
  • Update your operating systems and software at least once per month
  • Install anti-virus and anti-malware software and perform regular updates
  • Use a web filter and spam filter to protect your network against malicious websites and emails
  • Restrict administrator access (including local administrator access) to only IT staff
  • Maintain reliable backups that are not accessible from the network.
  • Proactively scan your network for vulnerabilities and monitor network traffic for signs of malicious activity
  • Develop an Incident Response Plan
  • Train your employees on the most relevant threats to your organization
  • Leverage a managed cybersecurity service

Protect Your Business with Cybersecurity

Do not let the lions, tigers, and bears of the IT landscape slow down your journey to security and peace of mind. Now that you know how to define worms, Trojans, ransomware, malware, and other cyber threats, you can ensure your organization remains protected. It’s time to stop security exploits in their tracks. If your business needs managed cybersecurity and data protection, reach out to Dataprise for assistance to maintain a top-notch security posture. We’re here to help you prevent potential exploits in computer security.

The post Security Exploits Explained: Worms, Trojans, Ransomware, oh my! appeared first on Dataprise.

]]>
Implementing Network Security: Part II https://www.dataprise.com/resources/blog/implement-network-security-part-ii/ Thu, 18 Jun 2020 00:00:00 +0000 https://www.dataprise.com/resources/blog/implement-network-security-part-ii/ Learn to implement network security protocols that support the backbone of your organizations. Follow along with our blog series: Implementing Network Security: Part II.

The post Implementing Network Security: Part II appeared first on Dataprise.

]]>
Many businesses struggle with network security implementation. In my previous article, How to Implement Network Security (Part 1), I spoke about the benefits of Network Segmentation as a tool to help improve the security of your organization, however as mentioned this method can require a high level of effort to properly implement. Also simply separating your networks isn’t a complete defense against the most common threats to your organization’s network; As with all security controls the best defense is a layered defense that incorporates multiple Physical, Technical, and Administrative Controls (also known as defense in depth). Tim previously wrote about how User Education (an Administrative Control) can be an effective countermeasure against Business Email Compromise (BEC) Attacks in his article, Business Email Compromise: A Growing Threat.

Layered Network Defense

Network Access Restriction

Just because someone can physically enter your building doesn’t mean that you allow them to enter every room. However, without proper network security implementation, physical (or remote) access to your network may allow a bad actor to gain access to your entire network, including your most sensitive information. This is why you already require employees to sign-in to their computers. Thankfully, with the implementation of some built-in features of Microsoft Windows Server, most Small to medium businesses can effectively provide an additional level of authorization that can greatly reduce the threat that is largely transparent to your employees.

RADIUS

RADIUS (Remote Authentication Dial-In User Service) is a protocol that can be applied to your wireless network to replace a pre-shared key (PSK) with the username and password that you are already using to log in to your computer. Most business-grade wireless access points like Meraki, Dell Rukus, or Ubiquiti support RADIUS out of the box, and have done so for years.

802.1x

802.1X is a networking standard for Network Access Control that can be configured to apply the same benefits of RADIUS as described above to your wired devices. Only devices that have authenticated against the RADIUS server will be provided access to the network, all other devices will not be allowed to communicate.

Both of these technologies require the configuration of a feature that is built into the Microsoft Windows server that you likely already have in your environment, it’s simply a matter of leveraging your existing resources.

Software Firewalls

Most Operating Systems (Including Microsoft Windows Server and Windows 10) ship with a software firewall, this application acts much in the same way that the hardware UTM Firewall you already have in place between the internet and your internal network. While this application is very powerful, it is an often overlooked component of your overall network security toolset. Many organizations opt to simply disable this feature instead of dedicating the time needed to fully configure this firewall for the needs of the devices on the network, potentially degrading the overall security of the systems and networks within the organization.
The built-in Windows Firewall can be configured to only allow access to sensitive resources (such as a database server) from “known-good” devices (for example, Your Servers and necessary Workstations) and prevent non-essential services from being accessed over the network. 

Configuring a firewall during network security implementation requires a level of effort to identify the resources that are running on each device, as well as the business units that require access to these resources. However, by only allowing the minimum amount of access required you can reduce the potential for inappropriate or malicious access to your systems.

Organizational Unit Based Segmentation

The methods described above do not explicitly require the use of Network Segmentation and can be implemented without segmentation in place while still providing an increase to security. They can also be used in concert with segmentation to improve efficacy. If you already have some level of network segmentation you may opt to additionally segment your vLANs based on department or organizational unit, this can be an effective middle ground between “role-based” and “classification based” network segmentation.

An example of this would be to provide a separate VLAN for your most critical group, for example, your finance department, and implement software firewalls to effectively isolate this group from the rest of the network. This method of network security implementation has the potential to protect these sensitive workstations from various types of threats, including ransomware – if your receptionist opens a malicious file that contains a ransomware payload proper segmentation may protect the finance department if your endpoint security were to fail.

Memorialization into Policy

As mentioned, in-depth defense requires the use of Physical, Technical, and Administrative controls used in concert to create an effective security program. As you implement new controls, such as 802.1X to effectively lock-out open network ports to unauthorized users, you should be sure to update or create corresponding corporate policies that identify the new control, detail how this should be used (for example Non-Employees are not permitted to have physical access to the LAN without clearance by the IT department), and detail the potential repercussions for a failure to comply with the policy (generally a dedicated sanction policy).
It is important to understand that policies must be developed based on your organization’s goals and needs. There is no “shortcut” or “template” that can provide meaningful administrative control for your organization. 

Network security implementation can be a complex but highly effective tool to protect yourself from not only insider threats but also as another layer of defense to compliment your endpoint security. As a bridge between your users and your sensitive data securing the Network is essential to securing your data. While this can require some effort and planning to properly implement it is not out of reach for any organization.

The post Implementing Network Security: Part II appeared first on Dataprise.

]]>