Posts

3 Must-Have Protections for Microsoft 365 and Google Workspace

Data protection iconMicrosoft 365 and Google Workspace protect your data using a shared responsibility model.  They provide redundancy and backup to ensure your service is performing, available, reliable, and secure.  You are responsible for controlling access, managing permission, and protecting your data from loss.

Here  are 3 Must-Have Protections for your Microsoft or Google Cloud Services

 

1Backup Protection for your Data

Data in the cloud is just like data stored on local servers and workstations. Information in in Microsoft 365 or Google Workspace can be lost due to accidents or malicious acts.

  • User action — overwrites and deletes — can destroy content and files, whether accidental or deliberate.
  • Malware and ransomware corrupt files that sync to OneDrive, SharePoint, and Google Drive, can damage or delete your files.
  • Integrated third party apps can damage or delete information.

You need, and want, the ability to restore files, emails, contacts, and other information. A secure backup/recovery solution protects your data, and your business.

2Advanced Threat Protection

Cyber attacks come in many forms. The most common and most effective attacks still use email. Cyber criminals use behavior science and advanced phishing techniques to access your systems, collect personal information, steal data, and ransom your business.

Advanced Threat Protection (“ATP”) is more than “spam and virus protection.” ATP uses machine learning, advanced analytics and heuristics, and behavior analysis to identify and prevent cyber attacks from reaching your inbox. Methods like sandboxing safely test links and attachments before delivery.

Even an educated and aware team can and will fall prey to attacks. Prevention is key.

3  Multi-Factor Authentication

Your team members are human. While they may understand and respect the need for robust and unique passwords, human nature always tries to balance convenience.  Studies show that 70% of us will use the same, or substantially similar, passwords across systems. A hack or breach in a third-party tool poses a significant risk to your employees’ work identities.

A compromised identity does not enable access when you have additional authentication steps. Authenticator apps, dynamic security codes, and security tags/fobs each add physical verification to your digital access.

With cyber attacks on the rise, better protection is worth the minor inconvenience of multi factor authentication. Multi factor authentication delivers one of the best protections against breaches and unauthorized access.

Failing to protect your data in Google Workspace or Microsoft 365 is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

Cyber Protection: Time for New Best Practices to Safeguard Your Business in the Digital Age

Cyber ProtectionAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  And lastly, the average cost of ransomware downtime jumped from $46,800 to $141,000, an increase of more than 200%. This underscored the importance of having cyber protection protocols in place in an increasingly digital age.

To add to your cyber security concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

The Need for a New Approach to Cyber Protection

Traditional cyber security solutions are no match for many cyber attackers. We need a new modernized approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our CPR model to help ensure appropriate data protection and security.

Implementing The Following CPR Model Can Help Combat Cyber Threats

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.


 

Cyber Insurance vs. Breach Response: Why Not Both?

Cyber AttackIf you’re debating between cyber insurance and breach response, you should consider getting both to be fully protected. For example, cyber liability insurance covers monetary losses as well as legal protection in the event of a breach. A data breach response plan, on the other hand, will provide you with immediate resources to combat the cyber attack and protect your financial interests.

There is a large discussion, and no small amount of pressure, for businesses to obtain cyber insurance policies.  Articles appear in a range business and technology publications, from the Memphis Business Journal to the Wall Street Journal, and from Inc. Magazine  to Forbes. But getting the right cyber insurance policy is not easy, and can be costly. And while cyber insurance helps cover damages, many policies do not provide immediate assistance with managing your response to an attack or data breach.

Cyber Insurance

For SMBs, three key cyber insurance considerations are the barriers to entry, coverage exclusions, and coverage delays.

  • Barriers to Entry
    • Most cyber insurance policies go through underwriting to determine coverage limits and premiums. This means the insurer will want to review and audit your security related policies, procedures, and technologies. Insurance carriers may also demand that you invest in new or additional measures in order to qualify for a policy or to ensure the premiums will be affordable.  For many small and midsize businesses (SMBs), this process requires specialized skills, time, and money. Many SMBs will need to spend over $5,000, with some spending up to $20,000, in order to pass the underwriting process.
  • Coverage Exclusions
    • Cyber insurance claims are routinely reduced or declined due to non-compliance with policy requirements.  Even after the underwriting process, most cyber insurance policies include dozens of security requirements that must be in place and properly maintained.  Any gap or misstep can be costly.
  • Coverage Delays
    • If your business is the victim of a cyber attack, your response has legal requirements and requires specific technical expertise. Claims processing can delay your ability to secure the resources you need for hours or days.

Clearly, cyber insurance one piece of the solution, along with appropriate security measures.

Breach Response

Having a Breach Response plan and resources in place will save you time and money.

In any cyber attack, start by assuming the attackers have stolen information.  If an attack can encrypt your files, it can steal under-protected files and data from your systems.  With a data breach, federal and state laws dictate a range of reporting and communication requirements that, if missed, can trigger fines and legal action. With a data breach, you need a range of expert resources and you need them quickly.

  • Legal Expertise fluent in cyber security laws and regulations helps ensure you comply with reporting and communication requirements to minimize your legal and financial exposure.
  • Forensics Expertise can identify the cause, timing, and scope of the attack and any breach, and can help validate that the issues allowing the breach have been resolved.
  • Public Relations Services will help you communicate with employees, vendors, customers, and as is often the case — the press. Providing accurate and appropriate information can protect your business relationships and your public reputation.
  • Contact Center Services provide a place for customers, vendors, and associates to call for timely and accurate information.  You are further protecting your business relationships and reputation.
  • Credit Monitoring for individuals whose personal or business information may have been compromised can reduce litigation risk and may be required by law.

Final Thoughts on Cyber Insurance vs. Breach Response

While cyber insurance policies generally cover these services, most do so as part of the claims approval process. As such, you may be out of pocket for thousands of dollars and fighting for reimbursement once your claim is processed.

By subscribing to a Breach Response service, the resources and expertise you need are available instantly,  7×24, without any additional cost over the monthly or annual fee.  These services often include basic cyber insurance policies that do not require any underwriting.  For many SMBs, the annual cost of this type of Breach Response service, with basic cyber insurance coverage, is significantly less than the cost of the underwriting process for a traditional cyber insurance policy.  Additionally, you can use this policy for coverage until they completing a policy with underwriting, or to cover initial loss coverage under a higher deductible (lower premium) traditional cyber insurance policy.


For more information about Breach Response Services and affordable Cyber Insurance, please contact us for a no obligation Cloud Advisor call.


 

Manufacturers Beware: Attacks on Industrial Equipment are on the Rise

Automation Cyber SecurityWe have seen the issue ourselves: A malware attack crosses the bridge from your network PCs to the controllers in your industrial machines. Your shop floor comes to a halt until you can recover. The effort is painful as you deal with embedded and stand-aside controllers running out-dated versions of Windows, limited network options, and compatibility issues.

The risk is so great, that ZDNet is reporting that the world’s largest and most well-known hacking contest, Pwn2Own, will focus on software for industrial equipment.  Reflecting the reality of current threats, the sponsoring organizations and the “white hat” hackers themselves see an urgent need to bring the issue of protecting your industrial equipment to the forefront.

Fortunately, best practices can help protect your operations.

While it is not always possible to protect your industrial equipment with “next gen” endpoint protection, you can take steps to protect yourselves from potentially devastating attacks and accidents.

  • Segregate
    • The network on which your production systems run should be physically or logically separate from other networks — office, voice, etc. — running in your business.
  • Isolate
    • Unless the equipment needs to communicate with the manufacturer, cloud-based systems, or other locations, the production systems network should not have paths to the outside world.
    • If the equipment needs to communicate externally, setup secure VPNs for all traffic.
  • Maintain
    • Whenever possible, update and maintain your industrial systems to run current versions of the manufacturer’s software and the underlying operating system.  Too many production machines are running obsolete versions of Windows that cannot be secured from attack.
  • Scan
    • Before moving any software or programming to a system, explicitly scan the files for malware.
  • Educate
    • Communicate with your employees about the risks and steps they can take to prevent a cyber attack to your industrial equipment as well as their computers and other devices.

Please contact us for more information or to assess your risk and discuss solutions.


 

Drive-by Downloads

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Brute Force Attacks: What are They and How to Protect Against Them

What is a brute-force attack?

A brute-force attack is a method used by cybercriminals to crack passwords or encryption by trying all possible combinations of characters until the correct one is found. It involves using automated software that systematically tries different combinations of characters until the password or encryption key is discovered. Brute-force attacks can be successful if the password is weak or if the encryption key is short. They can also be time-consuming and resource-intensive for the attacker if the password or encryption key is long and complex. To prevent brute-force attacks, it’s important to use strong passwords, enable multi-factor authentication, and use encryption methods that are difficult to crack.

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

How to prevent brute force attacks

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Revisit the four pillars of cloud security, and make sure you fully understand the most important strategies for protecting from brute force attacks.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

FAQs

How common are brute force attacks?

Brute force attacks are one of the most common types of cyberattacks and are used by attackers to gain unauthorized access to user accounts, servers, or other systems. The frequency of brute force attacks depends on various factors, including the target system’s popularity, the type of authentication mechanism used, and the complexity of the password or encryption key. For example, systems that use weak passwords or no multi-factor authentication are more vulnerable to brute force attacks. According to a recent report by Akamai, brute force attacks accounted for more than 30% of all login attempts on web applications in 2020. As such, it is essential to implement robust data protection and security measures to prevent brute force attacks and protect sensitive data from unauthorized access.

What are the two types of brute force attacks

The two types of brute force attacks are:

  1. Online brute force attack: In this type of attack, the attacker tries to guess the password or encryption key by repeatedly attempting to log in or decrypt data using different combinations of characters. Online brute force attacks are typically carried out against web applications or online services and are often automated.
  2. Offline brute force attack: In this type of attack, the attacker obtains a copy of the encrypted data or password hashes and attempts to crack them offline by running automated software that tries different combinations of characters until the correct password or encryption key is found. Offline brute force attacks are more time-consuming than online attacks, but they can be more successful as the attacker has more time to try different combinations of characters.

What are the signs of a brute force attack?

Here are some signs that your system may be experiencing a brute force attack:

  1. Multiple failed login attempts: If you notice multiple failed login attempts from the same IP address, it could be a sign of a brute force attack. The attacker may be trying different combinations of usernames and passwords to gain access to your system.
  2. Unusual account activity: If you notice unusual activity on a user account, such as logins from different locations or at odd hours, it could be a sign of a successful brute force attack.
  3. Slow system performance: A brute force attack can cause a system to slow down or crash due to the high volume of login attempts.
  4. Unusual network traffic: A brute force attack can generate a large amount of network traffic, which can be detected by monitoring network activity.
  5. Brute force attack tools: If you find tools used for brute force attacks on your system, such as password cracking software or script files, it could be a sign that your system has already been compromised.

If you suspect that your system is being targeted by a brute force attack, it’s important to take action immediately to prevent further damage and protect your sensitive data.


Contact us to discuss cyber threat protection best practices, and ensure you are set up properly to avoid a brute force attack in the future. The Cloud Advisory session is complimentary and without obligation.


 

Distributed Denial of Service Attacks and How to Prevent Them

What is a Distributed Denial of Service Attack?

A distributed denial of service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted website, server, or network by overwhelming it with a flood of internet traffic from multiple sources.

An example of a distributed denial of service attack

One well-known example of a distributed denial of service (DDoS) attack happened in October 2016, when a botnet comprised of Internet of Things (IoT) devices such as cameras and routers was used to execute an attack on Dyn, a domain name service provider. The attack resulted in widespread internet outages, affecting popular websites such as Twitter, Netflix, and Reddit, among others.

The Mirai botnet overwhelmed Dyn’s servers with massive amounts of traffic, overwhelming them and causing the domain name resolution service to fail. As a result, users could not access the websites affiliated with Dyn’s service, effectively shutting them down for several hours.

The Mirai botnet carried out the attack by exploiting weak passwords and other security flaws in IoT devices, allowing the attacker to gain control of them and use them to conduct the DDoS attack. This attack highlighted the potential threat posed by unsecure IoT devices, as well as the necessity for enhanced security measures to protect against DDoS attacks.

The Challenge With Distributed Denial of Service Attack Prevention:

Cyber criminals can cripple your business without every breaching your security. By using systems and botnets, they blast garbage Internet traffic at your public IP address(es).  The Denial of Service Attack is distributed (hence the name) across many sources, making it more difficult to block.

DDOS attacks stop your Internet traffic. They block communications and access to applications and services. In some cases, DDOS attackers demand ransom payments to halt the attack.

DDoS attacks are often carried out with the goal of causing financial or reputational damage to a business or organization, or to extort money from them. They can also be used as a distraction to divert attention from other cyberattacks or to disrupt critical infrastructure.

To protect against DDoS attacks, organizations can use various techniques such as load balancers, firewalls, and intrusion prevention systems. Additionally, cloud-based DDoS protection services are available from many providers to help mitigate the effects of such attacks.

5 Ways to Stop a Distributed Denial of Service Attack:

If you’re looking for the best defense against a distributed denial of service attack, the top five techniques below can help organizations protect themselves.

  1. Move your computing to cloud services. Google, Microsoft, Amazon, and other public cloud providers build their networks to prevent DOS attacks.  They have multiple entry points and routes to their services and manage multiple layers of DDOS protections.
  2. Upgrade to “Next Gen” routers with improved DDOS protections. These routers can identify attacks and help reroute your Internet traffic around the attack.
  3. Add an alternate Internet connection.  Having a second connection can allow your network traffic to circumvent the attack or can provide a failover connection when needed.
  4. Maintain strong endpoint protection to prevent botnet malware from being installed on internal systems.
  5. Subscribe to hosted DDOS services that can route traffic around, and prevent, DDOS attacks.

Overall, it is important for organizations to implement a multi-layered approach to DDoS protection, using a combination of strategic services and techniques to ensure maximum protection against DDoS attacks.


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


This post is part of our Cyber Threat Series.

What are Hostile Network Probes and Scans

This post is part of our Cyber Threat Series.

The Challenge of Hostile Network Probes and Scans:

Hostile network probes and scans check your network devices and systems for security holes. Hackers and bots scan specific IP address for open and unsecured ports. While most scans come from the outside, hackers use malware to infect systems and probe networks from the inside. Once they find a security hole, hackers access information, install malware, or gain control systems.  Some probes look for specific vulnerabilities, others use brute force.

What is a Network Probe in Cyber Security?

A network probe is essentially a messenger. Its job is to take a question and quickly respond with information. While the function of a probe is simple, the ability it provides IT and network administrators to monitor performance in real time is critical.

What to Do About Hostile Network Probes and Scans:

Close as many Internet-facing ports as possible across firewalls, routers, and other Internet-facing devices. Close ports on network devices that are not needed for internal communications. If a port isn’t open, it cannot be hacked.  

Avoid consumer-grade and low-end firewalls to protect your physical network.  Low-end devices lack features needed to protect your business. With advanced protection features and tools, “Next Gen” firewalls offer better protection from modern threats. With models designed for SMBs, you fill find these new solutions affordable.

Scan your network for vulnerabilities on a regular schedule. Finding problems before an attack is worth the effort and relatively low cost.

Configure alerts, when able, to notify you of potential risks.  While you and most SMBs cannot afford and do not need a network and security management system, you can configure many devices to send basic alerts by email. These alerts give you an early warning you can evaluate and manage.

Move to cloud infrastructure solutions and hosting service providers and increase your cyber security profile.  Google, Microsoft, and Amazon depend on the security of their environment to earn and maintain the trust of customers like you. They staff security teams with thousands of experts, follow best practices, and deploy the most advanced threat protection technologies.  Your risk of a network scan or probe attack when using Google Cloud Platform, Microsoft Azure, or Amazon AWS is orders of magnitude less than running systems in-house.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

library

Nothing Found

Sorry, no posts matched your criteria

Webcasts

Nothing Found

Sorry, no posts matched your criteria