When a ransomware attack strikes, you can always turn to your backups, right? Maybe not.
Bad actors have caught on to this common strategy of avoiding having to pay a ransom to get their data back. They’re now aiming to eliminate the possibility of data recovery by attacking the data backups to maximize the impact of their attack, according to recent IDC Research, which also found shows 51% of ransomware attacks in 2023 attempted to destroy or damage backups, and 60% of those attacks were successful.
There are several ways hackers go after your data backups, but there are also things you can do to protect them so that they are still a viable way of restoring your mission critical data and applications after a ransomware attack.
Threat vectors
Hackers have a number of techniques they employ to compromise your backups while targeting you with a ransomware attack.
Social engineering remains one of the most popular methods of hackers; to trick employees into deleting the backed up data, they employ a phishing scam.
Hackers may also delete or encrypt the backups themselves, if they are able to compromise the backup tools by exploiting backup tool or script vulnerabilities, including weak authentication controls or vulnerabilities in the operating systems or storage software that host the backups.
If hackers can steal login credentials for administrators of both production and backup systems, then they can hold all the organization’s data hostage.
Backup safeguards
Even with this shift in strategy, there are ways you can prevent hackers from compromising your data backups using ransomware.
Just as you are already performing regular risk assessments to protect your mission critical data and applications, you need to understand how threat actors might target your backups. You must also consider the reality that it’s not possible to eliminate any risk completely.
Ideally, you want your backups to be offsite and have multiple copies that are stored at different locations, although this increases your data backup costs. Similarly, you should consider spreading your backups across multiple cloud platforms and accounts to increase availability and reliability.
No matter where you store your backups, they should be encrypted, and if possible, you should air-gap at least one of your backups – you can better protect them by disconnecting them from the network, so that even if your primary systems are compromised, there’s no route to them.
Backing up your data isn’t enough protection against ransomware. You need to safeguard your backups just as you do with your mission critical data and applications, and a managed services provider can help.
- November 14, 2024
- Catagory Security
Improve Your Cybersecurity Through Better Collaboration
Cybersecurity cannot be siloed off, whether it’s from the rest of information technology or from the executive suite – it’s a risk management exercise that spans the organization and requires collaboration.
In smaller organizations, cybersecurity may be the responsibility of your IT team, or you may have dedicated personnel or a virtual chief information security officer (vCISO). Regardless, giving cybersecurity its due can be challenging for small and mid-size businesses (SMBs), as members of your IT team may wear many hats.
If you do have dedicated cybersecurity roles, it’s critical that they are integrated into your IT team – collaboration is critical for both efficiency and effectiveness. Collaboration requires both best practices and technology.
Because the members of small IT teams tend to be multi-functional, it’s essential that everyone is clear on their responsibilities. You need to have a shared vision for your cybersecurity strategy that clearly defines goals and roles related to assessment, protection, and response.
It’s extremely easy to fall into the trap of thinking that adding more technology tools will make your organization more secure, but when you are resource constrained, it you must reduce complexity by streamlining security tools and employing a network management platform that centralizes visibility and control.
Centralizing data and automating alerts give you the agility to quickly and more effective identify threats, respond to any incidents, and mitigate risk, even if you have few in-house IT staff dedicated to security.
Cybersecurity collaboration should extend to the C-suite by keeping executive management in the loop as well as to every employee through regular security awareness training so they can play their role in preventing incidents caused by social engineering attacks such as phishing scams.
You should also conduct regular security drills that simulate cyber attacks or other disruptions to business operations to keep everyone on their toes and ensure that everyone can respond to a security incident smoothly and collaboratively.
Collaboration on cybersecurity is especially critical for SMBs but can be challenging given the inherent resource constraints. Working with a managed service provider with a focus on security that can provide a vCISO can help your inhouse IT and security staff collaborate more effectively.
- October 31, 2024
- Catagory
Canada outlines cybersecurity guidelines for critical infrastructure providers
As part of the federal government’s efforts to improve Canada’s cyber security resilience, The Canadian Centre for Cyber Security just published a suite of voluntary guidelines for critical infrastructure providers, which could also provide inspiration for security strategy in other sectors and for small- and medium-sized businesses (SMBs).
Aimed at banks, utilities, municipalities, and hospitals, among others, the centre’s Cyber Security Readiness Goals (CRGs) toolkit outlines 36 cross-sector cyber security practices that are in line with other jurisdictions, including the U.S. Cross-Sector Cybersecurity Performance Goals and the U.K.’s Cyber Assessment Framework. The toolkit includes goals related to cloud computing and artificial intelligence (AI).
The CRGs are voluntary, according to the Cyber Centre, and their intent is to establish a foundational standard for cybersecurity practices, a baseline that connects with other existing frameworks and guidance, both in Canada and from the country’s international partners. The centre emphasizes that the CRGs are not to be viewed as a comprehensive cybersecurity framework or a one-size-fits-all approach to cyber security.
For the most part, the CRGs align with existing frameworks already employed by CIOs and IT leaders, including the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, through a “govern” pillar, which includes a cyber-related privacy goal, while providing Canadian context for existing centre cybersecurity guidelines. Notably absent from this version of the CRGs is “vulnerability disclosure,” which the centre says is a valuable practice that will be considered for future updates.
The release of the CRGs toolkit comes advance of Bill C-26, pending legislation that would alter Canada’s Telecommunications Act for telcos and implement the Critical Cyber Systems Protection Act (CCSPA) that would require federally regulated telecommunications, transportation, energy pipeline, and financial services companies to establish and implement cyber security programs, report cyber security incidents, comply with cyber security directions from the government, and mitigate supply-chain and third-party risks.
Bill C-26 has already been passed by the House of Commons and is before the senate. If it becomes law, it won’t likely come into effect for another year as regulations and reporting deadlines have yet to be determined.
While the CRGs are aimed at critical infrastructure providers, the centre said they can be adopted by any public or private organization, and if you’re an organization that’s looking to bolster your cybersecurity practices, a managed services provider can help.
Multi-factor authentication (MFA) has become table stakes for both enterprise and consumer security, but it’s not the perfect solution.
MFA adds a layer of security by requiring a user to verify their identify through a second log-in mechanism. A typical example would be using your mobile banking app to confirm your identity when attempting to sign in with your browser, and or a webmail provider like Gmail sending you a code via SMS to your smartphone to verify that it’s you who’s trying to login or make changes to your account.
But adding this extra layer doesn’t make for foolproof security.
MFA can lead to complacency
Because some many business applications and digital services for consumers come with MFA built in, organizations may begin to believer that they don’t need additional security, and it’s easier for users to forget other security best practices.
Not all MFA solutions are created equal, either; some are still vulnerable to social engineering such as phishing attacks. Businesses need to look at MFA as more than a box they tick off to satisfy compliance and cyber insurance obligations and have a clear understanding what MFA can protect and where it can fail.
Common MFA pitfalls
Hackers can get around MFA by exploiting centralization and session cookies. While passkeys can make MFA phishing-resistant, their centralized nature can become a vector for hackers as they are used to synchronize all user devices they log into. Hackers can circumvent this centralization through a vulnerable second factor authenticator and the passkey’s dependence on a platform’s security despite using public key cryptography.
Session cookies that are stored on a user’s device after authentication are also vulnerable because they allow a user to access resources without re-authenticating themselves each time – hackers capture those session cookies to attain access to the user’s account without needing to go through MFA through what is called an adversary-in-the-middle (AiTM) attack.
The problem with MFA is that although it is phish-resistant, it is not phish-proof because due to AiTM attacks and because they rely on other phishable vectors such as SMS codes, a one-time password (OTP) or other secondary authentication methods. Lost devices can compound the problem. The life cycle of authentication opens opportunities for hackers if the second layers of authentication are vulnerable.
Going forward, MFA and passwords need to be bolstered by embracing a Zero Trust approach to security, reducing the opportunities for human error and phishing. Most of all, organizations must remember that MFA isn’t flawless, and it doesn’t negate the need for other security tools and best practices around access management.
- September 26, 2024
- Catagory Security
5 Things SMBs Need to Know About Cyber Insurance
Compared to large enterprises, small- to medium-sized businesses (SMBs) have constraints when it comes to IT security resources, but cyber insurance should be a high priority as SMBs are more likely to face a cyber attack that leads to disruptions and lost revenue.
The consequences of a cyber attack on a small business tend be more severe than for larger organizations, and according to Veeam’s 2023 Data Protection Trends Report, 85% of ransomware attacks targeted small businesses.
Aside from implementing cybersecurity tools, processes and employee training, SMBs must add cyber insurance to protect themselves from the financial and operational impacts of cybercrime – traditional insurance isn’t enough. Cyber insurance will cover some of the costs related to a security incident, including access to experts, as well as provides confidence to all your stakeholders that you’ve taken all the necessary steps to mitigate risk.
No matter your industry, you should have enough cyber insurance coverage in place and keep five things in mind.
Every industry is at risk: All businesses are data driven businesses, which means any type of business can be victim of a cyber attack and needs insurance coverage. Certain industries are more targeted than others, such as healthcare and financial services, but don’t think you’re immune from threats if you’re in a different sector.
Have enough coverage: It’s important to understand how much a cyber attack might cost you so your insurance policy will cover any potential data breach or attack. A study by IBM found that a small business can expect to pay to pay as much as US$3 million in the event of a data breach, but costs could be even higher if you consider any legal fees, mitigation and other IT costs, as well as loss of revenue due to reputation damage that leads to lost customers.
Your other insurance products don’t cover cyber attacks: Standard business liability policy or business owners’ policy is usually not enough to cover all cyber-related liabilities, including ransomware attacks. While standard insurance might cover some breach liabilities and employee-related incidents, you need a separate cyber insurance policy to reduce how much an incident could cost you.
Your customer and partners may require it: Many businesses require the companies that do business with them to have certain types of insurance – including cyber liability insurance.
It protects you against third-party security incidents: Even if you don’t fall prey to an attack directly, you can be affected by third-party breaches in your industry’s supply chain. If you’re a SMB that serves larger ones, you need to have risk mitigation strategies in case a partner, supplier or customer suffers a cybersecurity incident that can ripple across the supply chain and disrupt your business.
Having cyber insurance is a critical element of your overall risk management strategy, and the upfront cost of paying for it will help you to reduce likelihood of unexpected financial outlays related to a data breach.
A managed service provider with expertise in security can help you evaluate your security posture so you can not only protect your sensitive business data and avoid disruption to your business operations, but also increase your insurability.
GenerativeAI (GenAI) is a threat to your security.
While artificial intelligence (AI) has shown it can bolster your security posture by supporting automation and allowing organizations to be more effective at assessing risk, protecting data and responding to threats, there is the potential for threat actors to harness GenAI models as part of their toolbox to improve their success when attacking you.
The 2024 GenAI Security Readiness Report released by GenAI security firm Lakera has found that as GenAI adoption surges it is also creating a security blind spot for businesses due to the threat of “prompt attacks.” These attack methods specific to GenAI can be easily used to gain unauthorized access, steal sensitive data including customer information, manipulate applications, and take unauthorized actions.
All it takes are a few well-crafted words to lead to unintended actions and data breaches, the Lakera report found, while only 5% of the 1,000 cybersecurity experts surveyed have confidence in the security measures protecting their GenAI applications even though 90% are actively using or exploring GenAI.
Lakera’s CEO said a key lesson from the survey is that businesses that are relying on GenAI to accelerate innovation are unknowingly exposing themselves to new vulnerabilities that traditional security tools and measures don’t address, which has led to a combination of high adoption and low preparedness. They survey found that 34% of responded are concerned with data privacy and security as it relates to Large Language Models (LLMs).
GenAI has ultimately democratized AI for a wide array of users, while also empowering more people to become hackers, the report finds.
The primary challenge of maintaining security in the GenAI era is that these emerging tools are uniquely vulnerable and more complex when compared with traditional software. Developers have had decades to improve the debugging and validation of traditional software code and refine application security.
The immediate concern of GenAI has been not the been security implications of machine learning models until the recent emergence of consumer-facing AI models. Even the modern security tools such as extended detection and response (XDR) still must adapt to keep up with the threats posted by GenAI, and businesses will need to incorporate additional best practices and improve employee awareness to mitigate against security issues raised by GenAI.
Assessment is key as most businesses have little visibility into the use of GenAI within their organization, but they should assume it’s getting adopted, which means prioritizing data security and privacy is more important than ever.
A managed security services provider can help you assess your risk as it relates to GenAI and help you implement the necessary tools that can help you protect your organization against the threats that arise from GenAI adoption as well as the hackers that use it.
- August 15, 2024
- Catagory Security
Password Management Is an Essential Security Tool
Your employees are overloaded with passwords for different websites and applications at work and at home, and the human element makes password management all the more essential for bolstering your security.
Whether they are weak or stolen outright, passwords are the gateway to your sensitive data and applications, and using a robust password management system can reduce the risk of threat actors gaining access to key systems.
Combined with multifactor authentication (MFA), password management enables you to securely store credentials, and auto-fill passwords across applications and websites while using strong encryption to make sure to limit access to approved users. Employing a Zero Trust approach can also further enhance security as employees only have credentials for information and applications that are necessary for them to do their jobs.
Password management is especially essential for small- and medium-sized businesses (SMBs) who have limited IT resources for security – bolstering password management is an example of where an ounce of prevention is worth a pound of cure in an era where password-related attacks are a growing security threat.
Common threats to passwords today include brute force attacks, where attackers repeatedly try to guess a password through trial and errors; dictionary attacks that guess real words and phrases commonly used for passwords; and keylogger attacks, which use software to record each keystroke to identify a user’s login credentials.
Given the many ways hackers attempt to exploit passwords to gain access to applications and data, there’s a huge onus on users to manage their many passwords. They can’t do it alone, which is why you must implement a robust password management solution to help them create strong, complex passwords that can’t easily fall prey to common techniques employed by threat actors.
- July 25, 2024
- Catagory Risk Management
Robust Cybersecurity Needs More Than Tools and Technology
If money is no object, you can implement as many cybersecurity tools as there are available to secure your organization. But having the latest and greatest security technology doesn’t guarantee your data and applications are safe – you need to manage risk, not rely on cybersecurity tools alone.
More tools bring more complexity, which can be challenging to manage. You’ll have the illusion of being secure, but if you can’t make the most of your cybersecurity tools, you can still fall prey to the latest and greatest vulnerabilities and threats, which are constantly evolving. The best cybersecurity tools can still be misconfigured, underused or not even switched on.
Human error and inside threats can thwart even the best security technology, and the complexity that comes with excessive cybersecurity tool deployment can make for a bad user experience that hinders employee productivity or even spurs them to find workarounds that can put your organization at risk.
Overcompensating by spending a lot on cybersecurity tools that aren’t properly configured or fully used are especially risky for small- and medium-sized businesses (SMBs) because it creates the illusion of robust security – if they aren’t fully optimized, applications and data aren’t protected.
Your risk management strategy should inform you cybersecurity tool investments.
Assess Your Risks First
It’s not a matter of if your organization will fall prey to a cybersecurity threat or data breach, it’s a matter of when. By understanding your risk factors, you can select the right tools and deploy them more effectivity without bogging down the organization with unnecessary complexity that does more harm than good.
The key to establishing and maintaining robust security is to adopt an “assess, protect and respond” mindset. Your cybersecurity tools should be chosen based on an assessment of your organization’s risk, understanding what your critical assets are, and identifying vulnerabilities.
Rather than trying to protect everything, you should do a thorough assessment of your critical assets – mission critical applications, sensitive information and intellectual property, and essential data.
Buying an elaborate cybersecurity platform and telling it to protect everything doesn’t guarantee it will protect your most critical assets. Once you identify them, you can assess how they might be threatened, how you can best protect them, and how you can mitigate any cybersecurity incident through a well-thought out response plan.
The reality is most SMBs can’t afford to deploy elaborate cybersecurity solutions, which means they must prioritize protecting their most critical assets from threats and vulnerabilities.
Risk-Based Cybersecurity Is A Continuum
No matter what cybersecurity tools you opt to deploy, managing security risk an ongoing affair – you can’t set and forget your security platform. Protecting your organization must also include ongoing security training for employees, keeping all applications and systems updated and patched, and continuous assessment and monitoring.
Taking a balanced approach also includes planning for the worst – you must have a response plan in place when a disruption occurs. Having great cybersecurity tools can help bolster your security posture, but they won’t safeguard your organization on their own.
By evaluating and managing risk first, you can deploy the right cybersecurity tools that can help you to assess, protect and respond to any threats.
As a small or medium-sized business, you’re competing on a dynamic digital landscape with larger organizations, as well as being prey to the same nefarious threat actors that are looking to breach your security.
Many SMBs don’t think they’re on the radar of bad actors and hackers, which makes them prone to these common security mistakes.
Inadequate identity management and authentication
We all know your password shouldn’t be “password” or “12345678,” but weak passwords continue to put organizations at risk. It’s important to remind employees to create strong and unique passwords, as well as remind them that sharing passwords or writing them down where they can be seen weakens the overall security of the business.
In addition to passwords, two-factor authentication (2FA) adds another level of security that’s essential for protecting systems from threat actors, as they only need to infiltrate one user account to gain a foothold in your network.
Not training your employees
Weak passwords tend to be a symptom of poor security hygiene that is a result of poor or non-existent security training as human error is often the cause of many data breaches. Regular employee security training can prevent incidents by making your staff more aware of the dangers of weak passwords, phishing scams and other social engineering that threat actors use to gain access to networks or disable IT infrastructure.
A missing incident response plan
It’s not a matter if a data breach occurs – either due to bad actors or natural disasters – it’s a matter when. You should be ready for the worse with an incident response plan that includes data recovery in case of any disaster. Being ready for the worse will limit financial losses, damages to your reputation, litigation, and downtime. Your incident response plan should be bolstered by a data backup plan so that any mission-critical data is quickly and easily recoverable in case of any disruption.
Not updating security software
Your security software is only as good as its latest update, so you if want to protect yourself from the latest threats, you need to regularly apply patches and updates. This habit must go beyond your security tools – it’s essential that you keep your operating systems and other business applications up to date, as well as hardware firmware, as this closes potential to doors to threat actors by applying bug fixes, closing security holes and improving their overall performance and reliability.
Acting like you’re not a target
Don’t assume bad actors are only attacking big businesses – your data and your infrastructure can be just as valuable. Hackers view SMBs as easy targets because they assume you don’t have adequate cybersecurity, and even if they don’t want your data, they can use you as launch pad to attack other organizations, including your partners, customers and suppliers.
Even as you’re at risk of the same threats as larger organizations, as an SMB you have access to the same tools to protect the organization. If you find yourself making one of the above mistakes, or simply want to bolster your security posture, a managed security services provider can help you understand where you’re at and get you to where you want to be.
Secure access service edge (SASE) has gained traction as networks have become increasingly fluid – the moat and castle approach to securing the organization is no longer feasible in the era of remote work.
SASE combines network connectivity with network security into one platform that can be centrally controlled, usually via the cloud, to improve visibility, bolster policy controls and enhance overall user experience across all applications. Essentially, SASE is a single corporate network that reduces the need for various point solutions.
By converging networking and security-as-a-service functions into a single cloud platform, you can support distribute hybrid and remote workers, who all connect to nearly cloud gateways rather than a central corporate data center. SASE eliminates the need for every user, office, and application to your data center via a private network or secondary network, a model which can no longer support today’s reality of dispersed, remote workers.
With SASE, network controls are moved out of the data center to the cloud edge, with all network and security services using a single control plane. By using identity management and Zero Trust security policies, SASE enables to you to extend network access to all your remote workers, regional offices, applications, and endpoints.
SASE Components
SASE encompasses many security elements you may already be familiar with:
- A next-generation firewall (NGFW), which inspects data at a deep level and provides intrusion prevention, application awareness and control, and threat intelligence.
- A secure web gateway (SWG), which protects data and thwarts cyber threats by filtering out unwanted web traffic content and blocking risky or unauthorized user behavior.
- A Zero Trust Network Access (ZTNA), a model that assumes security threats are present inside and outside a network and ensures that users only access data and applications they need to do their job.
- A cloud access security broker (CASB), which provides security controls and additional visibility for your cloud applications and services.
- A Software-defined WAN (SD-WAN) or WANaaS, which helps scale connectivity and operations across large distances to branch offices and data centers.
SASE Benefits
Because SASE relies heavily on the Zero Trust model, it not only ensures that the right users have access to data and applications through robust verification processes, but it also takes into account other factors such as device status and geographic location, while continually evaluating risk.
SASE also reduces your overall security costs because it combines many point solutions into a single cloud platform, which also reduces the amount of time IT teams spend managing security tools and simplifies integration. Fewer point solutions also lead to increased agility and operational efficiency.
Aside from security, SASE also helps to improve the user experience for remote and hybrid workers by more efficiently routing traffic across the edge network, enabling it to be processed as close to the user as possible.
Organizations of all sizes must accept that there’s no longer a single route into their enterprise network. SASE enables you to combine network connectivity and security into one platform to support your distributed workers while protecting your data.