• December 12, 2024
  • Catagory Security

Beware ransomware targeting your backups

By : Justin Folkerts

When a ransomware attack strikes, you can always turn to your backups, right? Maybe not.

Bad actors have caught on to this common strategy of avoiding having to pay a ransom to get their data back. They’re now aiming to eliminate the possibility of data recovery by attacking the data backups to maximize the impact of their attack, according to recent IDC Research, which also found shows 51% of ransomware attacks in 2023 attempted to destroy or damage backups, and 60% of those attacks were successful.

There are several ways hackers go after your data backups, but there are also things you can do to protect them so that they are still a viable way of restoring your mission critical data and applications after a ransomware attack.

Threat vectors

Hackers have a number of techniques they employ to compromise your backups while targeting you with a ransomware attack.

Social engineering remains one of the most popular methods of hackers; to trick employees into deleting the backed up data, they employ a phishing scam.

Hackers may also delete or encrypt the backups themselves, if they are able to compromise the backup tools by exploiting backup tool or script vulnerabilities, including weak authentication controls or vulnerabilities in the operating systems or storage software that host the backups.

If hackers can steal login credentials for administrators of both production and backup systems, then they can hold all the organization’s data hostage.

Backup safeguards

Even with this shift in strategy, there are ways you can prevent hackers from compromising your data backups using ransomware.

Just as you are already performing regular risk assessments to protect your mission critical data and applications, you need to understand how threat actors might target your backups. You must also consider the reality that it’s not possible to eliminate any risk completely.

Ideally, you want your backups to be offsite and have multiple copies that are stored at different locations, although this increases your data backup costs. Similarly, you should consider spreading your backups across multiple cloud platforms and accounts to increase availability and reliability.

No matter where you store your backups, they should be encrypted, and if possible, you should air-gap at least one of your backups – you can better protect them by disconnecting them from the network, so that even if your primary systems are compromised, there’s no route to them.

Backing up your data isn’t enough protection against ransomware. You need to safeguard your backups just as you do with your mission critical data and applications, and a managed services provider can help.

  • November 14, 2024
  • Catagory Security

Improve Your Cybersecurity Through Better Collaboration

By : Justin Folkerts

Cybersecurity cannot be siloed off, whether it’s from the rest of information technology or from the executive suite – it’s a risk management exercise that spans the organization and requires collaboration.

In smaller organizations, cybersecurity may be the responsibility of your IT team, or you may have dedicated personnel or a virtual chief information security officer (vCISO). Regardless, giving cybersecurity its due can be challenging for small and mid-size businesses (SMBs), as members of your IT team may wear many hats.

If you do have dedicated cybersecurity roles, it’s critical that they are integrated into your IT team – collaboration is critical for both efficiency and effectiveness. Collaboration requires both best practices and technology.

Because the members of small IT teams tend to be multi-functional, it’s essential that everyone is clear on their responsibilities. You need to have a shared vision for your cybersecurity strategy that clearly defines goals and roles related to assessment, protection, and response.

It’s extremely easy to fall into the trap of thinking that adding more technology tools will make your organization more secure, but when you are resource constrained, it you must reduce complexity by streamlining security tools and employing a network management platform that centralizes visibility and control.

Centralizing data and automating alerts give you the agility to quickly and more effective identify threats, respond to any incidents, and mitigate risk, even if you have few in-house IT staff dedicated to security.

Cybersecurity collaboration should extend to the C-suite by keeping executive management in the loop as well as to every employee through regular security awareness training so they can play their role in preventing incidents caused by social engineering attacks such as phishing scams.

You should also conduct regular security drills that simulate cyber attacks or other disruptions to business operations to keep everyone on their toes and ensure that everyone can respond to a security incident smoothly and collaboratively.

Collaboration on cybersecurity is especially critical for SMBs but can be challenging given the inherent resource constraints. Working with a managed service provider with a focus on security that can provide a vCISO can help your inhouse IT and security staff collaborate more effectively.

  • October 17, 2024
  • Catagory Security

Be Wary of MFA Shortfalls

By : Sanjeev Spolia

Multi-factor authentication (MFA) has become table stakes for both enterprise and consumer security, but it’s not the perfect solution.

MFA adds a layer of security by requiring a user to verify their identify through a second log-in mechanism. A typical example would be using your mobile banking app to confirm your identity when attempting to sign in with your browser, and or a webmail provider like Gmail sending you a code via SMS to your smartphone to verify that it’s you who’s trying to login or make changes to your account.

But adding this extra layer doesn’t make for foolproof security.

MFA can lead to complacency

Because some many business applications and digital services for consumers come with MFA built in, organizations may begin to believer that they don’t need additional security, and it’s easier for users to forget other security best practices.

Not all MFA solutions are created equal, either; some are still vulnerable to social engineering such as phishing attacks. Businesses need to look at MFA as more than a box they tick off to satisfy compliance and cyber insurance obligations and have a clear understanding what MFA can protect and where it can fail.

Common MFA pitfalls

Hackers can get around MFA by exploiting centralization and session cookies. While passkeys can make MFA phishing-resistant, their centralized nature can become a vector for hackers as they are used to synchronize all user devices they log into. Hackers can circumvent this centralization through a vulnerable second factor authenticator and the passkey’s dependence on a platform’s security despite using public key cryptography.

Session cookies that are stored on a user’s device after authentication are also vulnerable because they allow a user to access resources without re-authenticating themselves each time – hackers capture those session cookies to attain access to the user’s account without needing to go through MFA through what is called an adversary-in-the-middle (AiTM) attack.

The problem with MFA is that although it is phish-resistant, it is not phish-proof because due to AiTM attacks and because they rely on other phishable vectors such as SMS codes, a one-time password (OTP) or other secondary authentication methods. Lost devices can compound the problem. The life cycle of authentication opens opportunities for hackers if the second layers of authentication are vulnerable.  

Going forward, MFA and passwords need to be bolstered by embracing a Zero Trust approach to security, reducing the opportunities for human error and phishing. Most of all, organizations must remember that MFA isn’t flawless, and it doesn’t negate the need for other security tools and best practices around access management.

  • September 26, 2024
  • Catagory Security

5 Things SMBs Need to Know About Cyber Insurance

By : Sanjeev Spolia

Compared to large enterprises, small- to medium-sized businesses (SMBs) have constraints when it comes to IT security resources, but cyber insurance should be a high priority as SMBs are more likely to face a cyber attack that leads to disruptions and lost revenue.

The consequences of a cyber attack on a small business tend be more severe than for larger organizations, and according to Veeam’s 2023 Data Protection Trends Report, 85% of ransomware attacks targeted small businesses.

Aside from implementing cybersecurity tools, processes and employee training, SMBs must add cyber insurance to protect themselves from the financial and operational impacts of cybercrime – traditional insurance isn’t enough. Cyber insurance will cover some of the costs related to a security incident, including access to experts, as well as provides confidence to all your stakeholders that you’ve taken all the necessary steps to mitigate risk.

No matter your industry, you should have enough cyber insurance coverage in place and keep five things in mind.

Every industry is at risk: All businesses are data driven businesses, which means any type of business can be victim of a cyber attack and needs insurance coverage. Certain industries are more targeted than others, such as healthcare and financial services, but don’t think you’re immune from threats if you’re in a different sector.

Have enough coverage: It’s important to understand how much a cyber attack might cost you so your insurance policy will cover any potential data breach or attack. A study by IBM found that a small business can expect to pay to pay as much as US$3 million in the event of a data breach, but costs could be even higher if you consider any legal fees, mitigation and other IT costs, as well as loss of revenue due to reputation damage that leads to lost customers.

Your other insurance products don’t cover cyber attacks: Standard business liability policy or business owners’ policy is usually not enough to cover all cyber-related liabilities, including ransomware attacks. While standard insurance might cover some breach liabilities and employee-related incidents, you need a separate cyber insurance policy to reduce how much an incident could cost you.

Your customer and partners may require it: Many businesses require the companies that do business with them to have certain types of insurance – including cyber liability insurance.

It protects you against third-party security incidents: Even if you don’t fall prey to an attack directly, you can be affected by third-party breaches in your industry’s supply chain. If you’re a SMB that serves larger ones, you need to have risk mitigation strategies in case a partner, supplier or customer suffers a cybersecurity incident that can ripple across the supply chain and disrupt your business.

Having cyber insurance is a critical element of your overall risk management strategy, and the upfront cost of paying for it will help you to reduce likelihood of unexpected financial outlays related to a data breach.

A managed service provider with expertise in security can help you evaluate your security posture so you can not only protect your sensitive business data and avoid disruption to your business operations, but also increase your insurability.

  • September 12, 2024
  • Catagory Security

Why SMBs Must Watch Out for Phishing

By : Sanjeev Spolia

Phishing attacks are not just a threat to large organizations. Like all cybersecurity threats, it’s just as much as concern for small and medium-sized businesses (SMBs), who can pay a high price if they fall victim.

Phishing is a social engineering tactic – threat actors use deception to trick employees into sharing sensitive information or access credentials to critical systems through emails or messages that look as though they are coming from a reliable source and requesting the user to act.

Because SMBs face resource constraints when it comes to cybersecurity, including training that helps employees spot phishing scams, they are more likely to fall prey to these tactics, and the price tag for the business can be high.

Among the immediate, direct consequences of a successful phishing attack for SMBs are monetary loss, reputation damage, and the recovery costs.

Bad actors use phishing to get users to share sensitive financial information that can lead to unauthorized and fraudulent transactions to steal company funds, which puts the stability of the business of risk – perhaps to the point of being insolvent. In addition to money, a phishing attack can steal valuable intellectual property, which is also a financial loss, and can lead to a loss of competitive advantage.

Depending on the nature of the breach caused by the successful phishing attempt, the business could be subject to legal and regulatory fines.

Phishing attacks are also used to demand ransomware payments by holding business systems or critical data hostage through encryption – payment terms can be high if the business wants to get the data back.

Investigating and mitigating the costs of a phishing-related breach also cost time and money, as do the indirect costs such as disruption to business operations – if you can’t serve your customers, you can’t make money.

Another indirect cost of a phishing attack is higher insurance premiums if it results in a data breach or financial loss because the business is now viewed by their insurer as a higher-risk client.

Depending on the length of the interruption, a disabling phishing attack can harm your reputation and damage your relationship with your customers and even prevent new customers from trusting you with their business. Suppliers and partners may also reconsider whether they can continue to do business with you.

A successful phishing attack can have both immediate and long-term consequences for SMBs. A managed services provider with security expertise can help you make the right upfront cybersecurity investments to prevent phishing from costing you a lot more money as well as your reputation.

  • August 29, 2024
  • Catagory Blog

Is Your Security Keeping Pace with GenAI?

By : Sanjeev Spolia

GenerativeAI (GenAI) is a threat to your security.

While artificial intelligence (AI) has shown it can bolster your security posture by supporting automation and allowing organizations to be more effective at assessing risk, protecting data and responding to threats, there is the potential for threat actors to harness GenAI models as part of their toolbox to improve their success when attacking you.

The 2024 GenAI Security Readiness Report released by GenAI security firm Lakera has found that as GenAI adoption surges it is also creating a security blind spot for businesses due to the threat of “prompt attacks.” These attack methods specific to GenAI can be easily used to gain unauthorized access, steal sensitive data including customer information, manipulate applications, and take unauthorized actions.

All it takes are a few well-crafted words to lead to unintended actions and data breaches, the Lakera report found, while only 5% of the 1,000 cybersecurity experts surveyed have confidence in the security measures protecting their GenAI applications even though 90% are actively using or exploring GenAI.

Lakera’s CEO said a key lesson from the survey is that businesses that are relying on GenAI to accelerate innovation are unknowingly exposing themselves to new vulnerabilities that traditional security tools and measures don’t address, which has led to a combination of high adoption and low preparedness. They survey found that 34% of responded are concerned with data privacy and security as it relates to Large Language Models (LLMs).

GenAI has ultimately democratized AI for a wide array of users, while also empowering more people to become hackers, the report finds.

The primary challenge of maintaining security in the GenAI era is that these emerging tools are uniquely vulnerable and more complex when compared with traditional software. Developers have had decades to improve the debugging and validation of traditional software code and refine application security.

The immediate concern of GenAI has been not the been security implications of machine learning models until the recent emergence of consumer-facing AI models. Even the modern security tools such as extended detection and response (XDR) still must adapt to keep up with the threats posted by GenAI, and businesses will need to incorporate additional best practices and improve employee awareness to mitigate against security issues raised by GenAI.

Assessment is key as most businesses have little visibility into the use of GenAI within their organization, but they should assume it’s getting adopted, which means prioritizing data security and privacy is more important than ever.

A managed security services provider can help you assess your risk as it relates to GenAI and help you implement the necessary tools that can help you protect your organization against the threats that arise from GenAI adoption as well as the hackers that use it.

  • August 15, 2024
  • Catagory Security

Password Management Is an Essential Security Tool

By : Justin Folkerts

Your employees are overloaded with passwords for different websites and applications at work and at home, and the human element makes password management all the more essential for bolstering your security.

Whether they are weak or stolen outright, passwords are the gateway to your sensitive data and applications, and using a robust password management system can reduce the risk of threat actors gaining access to key systems.

Combined with multifactor authentication (MFA), password management enables you to securely store credentials, and auto-fill passwords across applications and websites while using strong encryption to make sure to limit access to approved users. Employing a Zero Trust approach can also further enhance security as employees only have credentials for information and applications that are necessary for them to do their jobs.

Password management is especially essential for small- and medium-sized businesses (SMBs) who have limited IT resources for security – bolstering password management is an example of where an ounce of prevention is worth a pound of cure in an era where password-related attacks are a growing security threat.

Common threats to passwords today include brute force attacks, where attackers repeatedly try to guess a password through trial and errors; dictionary attacks that guess real words and phrases commonly used for passwords; and keylogger attacks, which use software to record each keystroke to identify a user’s login credentials.

Given the many ways hackers attempt to exploit passwords to gain access to applications and data, there’s a huge onus on users to manage their many passwords. They can’t do it alone, which is why you must implement a robust password management solution to help them create strong, complex passwords that can’t easily fall prey to common techniques employed by threat actors.

  • July 25, 2024
  • Catagory Risk Management

Robust Cybersecurity Needs More Than Tools and Technology

By : Sanjeev Spolia

If money is no object, you can implement as many cybersecurity tools as there are available to secure your organization. But having the latest and greatest security technology doesn’t guarantee your data and applications are safe – you need to manage risk, not rely on cybersecurity tools alone.

More tools bring more complexity, which can be challenging to manage. You’ll have the illusion of being secure, but if you can’t make the most of your cybersecurity tools, you can still fall prey to the latest and greatest vulnerabilities and threats, which are constantly evolving. The best cybersecurity tools can still be misconfigured, underused or not even switched on.

Human error and inside threats can thwart even the best security technology, and the complexity that comes with excessive cybersecurity tool deployment can make for a bad user experience that hinders employee productivity or even spurs them to find workarounds that can put your organization at risk.

Overcompensating by spending a lot on cybersecurity tools that aren’t properly configured or fully used are especially risky for small- and medium-sized businesses (SMBs) because it creates the illusion of robust security – if they aren’t fully optimized, applications and data aren’t protected.

Your risk management strategy should inform you cybersecurity tool investments.

Assess Your Risks First

It’s not a matter of if your organization will fall prey to a cybersecurity threat or data breach, it’s a matter of when. By understanding your risk factors, you can select the right tools and deploy them more effectivity without bogging down the organization with unnecessary complexity that does more harm than good.

The key to establishing and maintaining robust security is to adopt an “assess, protect and respond” mindset. Your cybersecurity tools should be chosen based on an assessment of your organization’s risk, understanding what your critical assets are, and identifying vulnerabilities.

Rather than trying to protect everything, you should do a thorough assessment of your critical assets – mission critical applications, sensitive information and intellectual property, and essential data.

Buying an elaborate cybersecurity platform and telling it to protect everything doesn’t guarantee it will protect your most critical assets. Once you identify them, you can assess how they might be threatened, how you can best protect them, and how you can mitigate any cybersecurity incident through a well-thought out response plan.

The reality is most SMBs can’t afford to deploy elaborate cybersecurity solutions, which means they must prioritize protecting their most critical assets from threats and vulnerabilities.

Risk-Based Cybersecurity Is A Continuum

No matter what cybersecurity tools you opt to deploy, managing security risk an ongoing affair – you can’t set and forget your security platform. Protecting your organization must also include ongoing security training for employees, keeping all applications and systems updated and patched, and continuous assessment and monitoring.

Taking a balanced approach also includes planning for the worst – you must have a response plan in place when a disruption occurs. Having great cybersecurity tools can help bolster your security posture, but they won’t safeguard your organization on their own.  

By evaluating and managing risk first, you can deploy the right cybersecurity tools that can help you to assess, protect and respond to any threats.

  • July 11, 2024
  • Catagory Security

Avoid These Top 5 SMB Security Mistakes

By : Sanjeev Spolia

As a small or medium-sized business, you’re competing on a dynamic digital landscape with larger organizations, as well as being prey to the same nefarious threat actors that are looking to breach your security.

Many SMBs don’t think they’re on the radar of bad actors and hackers, which makes them prone to these common security mistakes.

Inadequate identity management and authentication

We all know your password shouldn’t be “password” or “12345678,” but weak passwords continue to put organizations at risk. It’s important to remind employees to create strong and unique passwords, as well as remind them that sharing passwords or writing them down where they can be seen weakens the overall security of the business.

In addition to passwords, two-factor authentication (2FA) adds another level of security that’s essential for protecting systems from threat actors, as they only need to infiltrate one user account to gain a foothold in your network.

Not training your employees

Weak passwords tend to be a symptom of poor security hygiene that is a result of poor or non-existent security training as human error is often the cause of many data breaches. Regular employee security training can prevent incidents by making your staff more aware of the dangers of weak passwords, phishing scams and other social engineering that threat actors use to gain access to networks or disable IT infrastructure.

A missing incident response plan

It’s not a matter if a data breach occurs – either due to bad actors or natural disasters – it’s a matter when. You should be ready for the worse with an incident response plan that includes data recovery in case of any disaster. Being ready for the worse will limit financial losses, damages to your reputation, litigation, and downtime. Your incident response plan should be bolstered by a data backup plan so that any mission-critical data is quickly and easily recoverable in case of any disruption.

Not updating security software

Your security software is only as good as its latest update, so you if want to protect yourself from the latest threats, you need to regularly apply patches and updates. This habit must go beyond your security tools – it’s essential that you keep your operating systems and other business applications up to date, as well as hardware firmware, as this closes potential to doors to threat actors by applying bug fixes, closing security holes and improving their overall performance and reliability.

Acting like you’re not a target

Don’t assume bad actors are only attacking big businesses – your data and your infrastructure can be just as valuable. Hackers view SMBs as easy targets because they assume you don’t have adequate cybersecurity, and even if they don’t want your data, they can use you as launch pad to attack other organizations, including your partners, customers and suppliers.

Even as you’re at risk of the same threats as larger organizations, as an SMB you have access to the same tools to protect the organization. If you find yourself making one of the above mistakes, or simply want to bolster your security posture, a managed security services provider can help you understand where you’re at and get you to where you want to be.

  • June 27, 2024
  • Catagory edge computing

Secure the Edge with SASE

By : Justin Folkerts

Secure access service edge (SASE) has gained traction as networks have become increasingly fluid – the moat and castle approach to securing the organization is no longer feasible in the era of remote work.

SASE combines network connectivity with network security into one platform that can be centrally controlled, usually via the cloud, to improve visibility, bolster policy controls and enhance overall user experience across all applications. Essentially, SASE is a single corporate network that reduces the need for various point solutions.

By converging networking and security-as-a-service functions into a single cloud platform, you can support distribute hybrid and remote workers, who all connect to nearly cloud gateways rather than a central corporate data center. SASE eliminates the need for every user, office, and application to your data center via a private network or secondary network, a model which can no longer support today’s reality of dispersed, remote workers.

With SASE, network controls are moved out of the data center to the cloud edge, with all network and security services using a single control plane. By using identity management and Zero Trust security policies, SASE enables to you to extend network access to all your remote workers, regional offices, applications, and endpoints.

SASE Components

SASE encompasses many security elements you may already be familiar with:

  • A next-generation firewall (NGFW), which inspects data at a deep level and provides intrusion prevention, application awareness and control, and threat intelligence.
  • A secure web gateway (SWG), which protects data and thwarts cyber threats by filtering out unwanted web traffic content and blocking risky or unauthorized user behavior.
  • A Zero Trust Network Access (ZTNA), a model that assumes security threats are present inside and outside a network and ensures that users only access data and applications they need to do their job.
  • A cloud access security broker (CASB), which provides security controls and additional visibility for your cloud applications and services.
  • A Software-defined WAN (SD-WAN) or WANaaS, which helps scale connectivity and operations across large distances to branch offices and data centers.

SASE Benefits

Because SASE relies heavily on the Zero Trust model, it not only ensures that the right users have access to data and applications through robust verification processes, but it also takes into account other factors such as device status and geographic location, while continually evaluating risk.

SASE also reduces your overall security costs because it combines many point solutions into a single cloud platform, which also reduces the amount of time IT teams spend managing security tools and simplifies integration. Fewer point solutions also lead to increased agility and operational efficiency.

Aside from security, SASE also helps to improve the user experience for remote and hybrid workers by more efficiently routing traffic across the edge network, enabling it to be processed as close to the user as possible.

Organizations of all sizes must accept that there’s no longer a single route into their enterprise network. SASE enables you to combine network connectivity and security into one platform to support your distributed workers while protecting your data.