Protecting your digital ecosystem requires teamwork, coordination and communications
As the pace of digital transformation and technology adoption continues to increase, most businesses have rightly decided that there is no way to manage the complex needs of a modern connected organization without 3rd party assistance. The old argument of in-source versus out –source has been replaced with right-source and the highest performing organizations are increasingly finding themselves reliant on a web of both full time employees and external parties working together to extract every ounce of productivity out of unprecedented technology based tools.
Recently in The Monitor, we’ve started exploring the differences between MSPs (Managed Service Providers) and MSSPs (Managed Security Services Providers).
Our guidance has been simple and direct: Where at one time all you needed for your IT operations and infrastructure was an MSP with a Help Desk to deal with network, connectivity, software, and user issues; today, with barbarians at the gate 24/7/365, you need to make an additional investment in MSSP services whose mission is the safety and cybersecurity of your entire digital ecosystem. In doing so you put the needs of your organization in the hands of those most qualified to protect and optimize its technology investments.
There is seldom a “one size MSP+MSSP fits all” solution. We urge you to be cautious if approached by a vendor offering both operational and cybersecurity protections under one roof.
The Most Important Actions You Can Take to Leverage Your IT Investments
There are, however, opportunities to leverage investments that you’ve made (or should be making) in both an MSP and MSSP, and in the process, secure better ways to operate, protect and manage the entire scope of your digital ecosystem.
The single most important action you can take to leverage your investment in IT services is to have active plans, processes and policies in place that ensure that your MSP and MSSP are in constant communication and on the same page when it comes to responding to cybersecurity threats.
While these two different types of organizations have different missions in terms of how they participate in your IT program, those missions intersect when a cybersecurity alert detected by your MSSP escalates to the point where a remediation action is required. That action should be built on a remediation plan with clearly identified roles and responsibilities that you, your MSP and your MSSP agreed to use as a roadmap.
This is particularly true for a zero-day event, where the possibility of needing to disinfect hardware, take critical servers offline, or even shut down your entire IT operations may be required to prevent a disaster. In this situation, the MSSP provides notification of the event, its criticality, updates, and follow-ups after patches from a vendor are published, while the MSP executes quick response tactics, including interfacing with users, to shut the doors against the possibility of further damage.
Managed Service Providers/Managed Security Service Providers Common Denominators
Leveraging the investments you make in MSP and MSSP services starts with making sure that each vendor’s scope of services share the following common denominators: (1) a commitment to protect the profitability of your company or organization resulting from cyberthreats or attacks, and (2) an obligation to protect output of your network and the digital interactions you have with internal and external stakeholders.
Given the variety of different technologies and applications you use to operate and manage your business, putting these assurances into effect is not an easy task, but in today’s environment, a fundamental one.
4 Keys to Leveraging and Aligning Your Investments in Managed Service Providers and Managed Security Service Providers Services
There are four actions, spearheaded by your IT Department or company senior management, for aligning your investment:
1) MSP and MSSP Communications – on a continuing basis, your company, and both your MSP and MSSP need to communicate and discuss the cybersecurity threats that have been identified via continuous monitoring and standards based assessments; which of those has been escalated to a remediation action, proposed solutions and patches for gaps in cybersecurity defenses, potential upcoming threats, and best practice based recommendations from each the MSP and MSSP.
2) MSP and MSSP Planning – instead of reacting to cyber threats, a plan should be in place that at a minimum, defines the roles and responsibilities of you and your providers. This is especially important when it comes to Incident Response as the worst time to plan for a crisis is when you’re in the middle of one.
3) MSP and MSSP System monitoring – a key function of your MSSP is 24/7/365 monitoring of your digital ecosystem focused on cyber threats to your environment. Monitoring and the communication of monitoring results is one of the most critical keys for early identification and response to cyber threats.
4) Adherence to planned remediation processes – a key part of the panning process is to have planned remediation processes in place, along with training about how to initiate, manage and monitor those processes.
Connect with Us to Start Better MSP and MSSP Coordination Efforts
We welcome a chance to discuss your cybersecurity posture and how your cybersecurity efforts are being coordinated with your IT managed services program. Let’s schedule a no cost, no obligation discussion to identify the strengths, weaknesses, and threats present in your digital ecosystem and opportunities for achieving better levels of protection and effective, efficient, and rapid response and remediation in the case of a cybersecurity event.
Call me at 716-847-2651 today, or submit a contact form, here. Let’s put something on your calendar.
View full article
Did you ever wonder what it’s like to work on the front lines of the cybersecurity battlefield …. what the war room looks like … how battle cries and alarms are sounded … how troops are mobilized and dispatched to take on enemies at the gates and on the walls?
In my last post, I discussed the differences between Managed Service Providers (MSP) and a Managed Security Service Provider (MSSP). I hope that I’ve made a compelling case for why your company or organization may need both. In this post, I do a deeper dive to take you behind the scenes of a typical day in the life of a MSSP Cybersecurity Analyst to bring those differences to life in a vivid way.
Inside the Managed Security Service Provider Control Center … an Alarm Goes Off
Imagine, if you will, a team of contracted Tier 1 SOC Analysts sitting at their workstation, surrounded by monitors tracking internal and external movements within your IT network, when an alarm goes off that’s an indication of mischief.
Immediately, the Analyst will log the alarm, use their training to do an assessment of the criticality of the alarm using a 15-step checklist to determine if a quick and aggressive response and remediation is warranted. To provide some perspective, DataSure24 sees about 150 alerts per day per Analyst over the entire scope of clients we are monitoring.
Within 10 minutes, the alarm will be deemed either harmless or harmful, and if the latter, escalated immediately to our Tier 2 SOC Analyst. If it’s relatively harmless, the incident is still tracked but not treated with same urgency.
Later that Morning at the Desk of the Tier 2 SOC Analyst
On an average month, we see about 18,000 alarms and of those, about one out of every 100 of alarms gets escalated to a Tier 2 SOC Analyst.
Within minutes, that Analyst will initiate a significantly deeper investigation, using our proprietary predictive algorithms, research, team discussions, and instinct to identify the exact nature of the intrusion and best possible responses.
Companies that use an MSSP will generally have a previously developed Cybersecurity Response and Remediation Planning which is then put into play. That plan is executed coolly, professionally and swiftly by the SOC 2 Analysists in conjunction with the client’s IT team. On average, once an alarm has been escalated to a Tier 2 Analyst, the time from assessment to response and remediation is less than an hour.
A Managed Security Service Provider’s Response to a Zero Day Attack
Three to five times a year, every company may experience a Zero Day Attack launched by hackers and cybercriminals.
According to Norton, the term “zero-day” refers to a newly discovered software vulnerability. Because the developer has just learned of the flaw, it also means an official patch or update to fix the issue hasn’t been released.
So, “zero-day” refers to the fact that the developers have “zero days” to fix the problem that has just been exposed — and perhaps already exploited by hackers.
Once the vulnerability becomes publicly known, the vendor has to work quickly to fix the issue to protect its users.
But the software vendor may fail to release a patch before hackers manage to exploit the security hole. That’s known as a zero-day attack.
If a zero-day attack is detected via monitoring by a Tier 1 Analyst, escalation takes on a sense of greater urgency and requires greater speed before what may be a small breech turns into a major headache, resource drain, financial loss, and reputation damage. While neither a Tier 1 or Tier 2 Analyst can patch the weakness, they can put a pre-determined Incident Response Plan into effect, and work with the client’s IT team to isolate, protect or even shut down critical servers and other hardware.
As you might imagine, it’s a bit more hectic and stressful both in our Mission Control room and at the client’s site when zero-day attacks occur, but teamwork and professionalism generally go a long way to short circuit an attack of this type before a software patch is applied. The human element in place, always monitoring, can be the difference between a catastrophe and a ‘dodged a bullet’ scenario.
Later That Day, It’s Time to Catch Up on a Few Reports and Do a Vulnerability Scan or Two
A day in the life of a DataSure24 Tier 1 or 2 SOC analyst is a lot more than just sitting around, drinking coffee and waiting for an alarm to ping!
They’re also preparing and delivering monthly reports to clients showcasing alarms caught and resolved, actions taken regarding elevated alarms and responses, zero-day attack incidents, and news or updates from the world of cybersecurity that merit a watchful eye.
There are also specialists hard at work doing contracted vulnerability scanning work, trying to identify and exploit security weaknesses, including phishing employees to determine their levels of awareness and compliance with company IT security policies. Generally, these network vulnerability scans reveal hundreds of vulnerabilities, most of which are easily resolved, but it some cases a significant vulnerability will be discovered or a trend indicating a security lapse identified. At that point, Network Vulnerability Analysts and other members of the MSSP team will develop a plan and identify resources that should be directed to executing remediation strategies, policies or actions.
Our team is always looking for ways to improve ourselves, from upgrading our technologies to continued and consistent training in our specialized environment. Staying globally aware of Cybersecurity current events is a linchpin of our daily routine.
Meanwhile, On Your Calendar of Daily Activities
I hope that this brief overview into the life of a Cybersecurity Analysts provides the additional insight and guidance you need to make an investment in MSSP services happen. At a minimum, 24/7/365 cybersecurity monitoring has become a “must” and a necessary part of doing business.
I am available for a no cost or obligation discussion of the pros, cons and costs of MSSP services, including a deeper dive on how these services work can with your current IT department or MSP.
Complete and submit a contact form, here. Let’s put something on your calendar.View full article
Don’t make a mistake and put the security and future of your company at risk
It’s not an exaggeration to say that you may be putting the future of your company at risk if you don’t know the differences between a Managed Service Provider (MSP) and Managed Security Service Provider (MSSP). While there may be some crossover of functions between these two types of outsourced services, the fact remains that it’s highly likely that you will need to invest time, resources and budget for each.
MSP vs MSSP: Comparison of Missions and Functions
Perhaps the simplest way to understand the variation between these two different types of providers is as follows. MSPs operate in the world of IT network management – keeping your infrastructure up to date, troubleshooting problems users are experiencing, and maintaining IT operations. MSSPs operate in the world of cybersecurity and the detection, prevention and remediation of cyberthreats that have the potential to ruin a company’s reputation and pocketbook – kind of like an ever vigilant and on guard police force.
Key differences include:
Managed Service Provider (MSP)
Managed Security Service Provider (MSSP)
· Ensures IT systems are operational, reliable, available and useful for employees and customers
· Key focus is on administrative functions of an IT system and network, and typically serves as a company’s outsourced IT department
· Costs based on a fixed fee model - per device, per user or some combination
· Characterized by tools and technologies like remote monitoring and management and troubleshooting / ticketing systems or a help desk
· Generally, will not provide clients with a complete cyber security posture, but will offer a minimum level of security services, like firewalls and anti-virus software.
· Mission critical: ensure that IT systems are up and running and that data remains available for employees and customers.
· May include offerings from other providers like application service providers (ASPs), Web hosting companies and network service providers (NSPs).
· 24/7/365 cybersecurity monitoring primarily focused on IT security with key objectives of preventing, detecting and responding to threats across IT infrastructure, network and applications
· Serves in a consulting and advisory role, providing cybersecurity insights to help make proactive changes to policies and procedures in order to prevent security incidents that might result in breach, data loss, or any other incident that could negatively impact a business.
· Requires expertise for aligning security with IT compliance frameworks and ensures that people and systems are safe, secure and compliant.
· Includes deployment of a Security Operations Center – a physical facility staffed by analysts responsible for real time investigation of network and logs, hunting for threats, creating alerts for incidents, and executing plans for remediation.
· Requires a deep understanding of client’s current policies and regulatory compliance issues that affect the company and its data.
· MSSP requirement: implementing complex security procedures to ensure that the system and each employee is protected through the latest advances in security and compliance methods.
· In other words, the primary focus of an MSSP is to provide the ultimate cybersecurity protection through around-the-clock monitoring to determine any potential security breaches
Should You Hire BOTH a Managed Service Provider (MSP) and a Managed Security Service Provider (MSSP)?
The answer in a nutshell, is YES.
While some MSPs claim they can bring security functionality to their clients, the truth is that many offer only the most rudimentary and easily defeatable security services. Their measurement of success is not upon how many threats they have detected and foiled, but upon other metrics like downtime and user satisfaction.
MSSPs measure their success with a vastly different set of standards, using different tools, methods and technologies in executing their mission. They’re responsible for keeping up to speed on the nature and risk exposure you may have from new (and existing) cyberthreats, and for managing, maintain and responding to threats using state of the art tools and technologies that typical MSPs cannot bring to the table.
Structuring a Managed Security Service Provider Contract
If you are interested in learning more about what a MSSP can do for your company or organization, contact our managed security services team here or call (name) at (number) today. We’ll have a no cost or obligation discussion on the scope of MSSP services you might require for your industry or situation, as well as the fee structures that are typical of an MSSP engagement.View full article
What Your Company Should Do IMMEDIATELY After Discovering Your Credentials are on the Dark Web
Maintaining vigilance on the dark web is not a luxury because if you discover that your company’s credentials can be found on the dark web, it may only be a matter of time before a costly, reputation damaging catastrophe occurs. If you’re facing this unpleasant scenario, it’s time for executing an “all hands-on deck” action plan
In its simplest form, an Action Plan consists of three critical elements: discovery, remediation, monitoring.
How to Discover if Your Company Credentials are Being Offered on the Dark Web
An effective action plan begins with a dark web scan that will find if your company’s credentials have been compromised.
For a no-cost or obligation scan from DataSure24, click here or on the image at right.
Why a breach occurred is dependent upon numerous factors that may fall outside the scope of your company’s security plan. Did the breach occur recently, or is it a dump of old data from a decade ago? Do employees reuse passwords for both personal and work-related websites, and if so, does this password match the one from the breach?
Dark web scans work by monitoring the common forums that are used for buying and selling personal information on the dark web. The best way to prevent cybercriminals from using company’s credentials is to leverage dark web scanning tools that monitor forums and other sites that trade company information so your management and network security team can know what cyberthieves know before it is used.
When a hacker posts information online, they’ll post employees’ username and an encrypted copy of their password (called a hash) proving to prospective buyers that they have “the goods” for sale. Cybersecurity consultants can conduct a daily dark web scan, and report via a notice to a company’s management or network administrators if, when and where company employees’ usernames and passwords are found.
Change Passwords: Immediate Steps Your Company Should Take After a Dark Web Discovery
Simply stated, companies must create policies, processes and requirements that employees frequently changing their password.
A recent poll by Keeper Security found that 87% of respondents ages 18-30 reuse passwords and 81% of respondents 31 and older reuse the same password. This pattern occurs at work too, where the same password that is being used for shopping online is the same password that is used for a corporate login.
Current best practices have users change passwords every 90 days, and passphrases every 180, but best practices alone cannot stop another breach. Cycling passwords creates a smaller window of opportunity for hackers to sell a company’s credentials. Coupled with a dark web scanning service, a company can create a strong cyber defense … if employees are educated and monitored to make necessary changes on a frequent basis.
Additional steps may be taken such as using a password manager or utilizing two factor authentications. Even with a password compromise, if the attacker does not have a secondary authentication device, they cannot gain access to your company’s confidential information. Password managers may also help by providing information such as which websites are sharing the same password. They can also generate random passwords to ensure no two passwords are similar.
Prevent Future Dark Web Scams via Monitoring
The third element of an Action Plan for defending against Dark Web scammers is continuous monitoring. This can be done on an outsourced basis, or through periodic searches using either free or paid tools.
Monitoring can include looking into the following types of sites that can be found on the dark web:
- Hidden chat rooms
- Private websites
- Peer-to-peer networks
- Social media platforms
- Black market sites
- 640,000+ botnets
Free solutions exist, such as www.haveibeenpwned.com, which will tell you if an employee’s email has been detected in a leak, but not the password that was used. Using a website like this will at least let a company know that a problem exists so remediations can be executed.
Taking the first step and understanding your visibility on the dark web should not be a one-shot effort. A cybersecurity consultant can review monitoring options with you, including features, benefits, costs and resource requirements. Unfortunately, in today’s business world, monitoring for security is a new cost that must be included in company operating budgets, but over the long run, it’s a small price to pay considering the costs of remediating a breech.
Connect with a DataSure24 Cybersecurity Expert
Discovering that employees’ credentials are on the dark web may not always spell disaster but implementing effective policies and maintaining vigilance on the dark web by utilizing dark web scans may prevent you from becoming the source of another hack. We can help.
If you have questions or concerns, or want to discuss your situation, please contact us for a no cost or obligation discussion. Contact us via form, here, or call me at 716.600.3724 today.View full article
Fraudsters haul in more info by casting nets into payroll departments instead of a single line to one taxpayer
Tax season always puts a spotlight on the latest scams designed to trick taxpayers into giving up their cash or sensitive identity information to cyber thieves. Unfortunately, scammers have been going after employers to get confidential employee information, and like other significant e-mail phishing scams, this one can be hard to detect and can result in significant damage to your business and employees. Here’s what you need to know to protect yourself and the colleagues who trust your business with their tax information.
Phishing for W-2s in 2019
The most common (and effective) scheme seeks to get a batch of sensitive tax data about employees via what appears to be a routine request from an executive for an electronic file with all employee W-2 info in it. Because it seems routine and seemingly comes from management, unsuspecting payroll or human resources employees often provide the information without a second thought. The data can be in the hands of the fraudsters in a matter of hours and the business might not realize that the hack has occurred for weeks.
How to Guard Against W-2 Phishing Scams
There are several steps you can take to make your business less susceptible to this type of attack, including:
- Raise awareness. Anyone in your company who has access to sensitive tax information of any sort should be educated on day 1 and reminded often that someone attempting to steal these records could target them at any time. Employees who handle this kind of information on a daily basis can never lose sight of the damage it could do if accidentally shared outside the company.
- Create review processes. If you don’t have them already, institute strong review controls over W-2s and any other tax information. These could include:
- Verbal or written confirmation of any request for W-2s or other forms. Most importantly, train your people to confirm the request via a medium other than the one through which it was originally made. If the request came in an e-mail, call or speak face-to-face with the person making the request. If it’s a high-level executive and the employee feels uncomfortable challenging the person, have the confirmation request route through a supervisor or department head.
- Supervisor review for any sharing of W-2 or tax information with anyone. Train your people to understand that any communication of tax information must be authorized in advance, even if it is only an internal request.
What to Do If You Are Phished for W-2s
These scams have become so prevalent that authorities have created a special process for reporting them. If your business learns that employee W-2 information has been compromised, you should:
- Email firstname.lastname@example.org to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. The business should not attach any employee personally identifiable information data.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
- File a complaint with the FBI’s Internet Crime Complaint Center. Businesses and payroll service providers may be asked to file a report with their local law enforcement agency.
- Notify employees. The employee may then take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps employees should take.
- Forward the scam email to email@example.com.
Get Assistance from the Cybersecurity Experts at DataSure24
To learn more about protecting your business from W-2 phishing scams and other cyber-threats in 2019, we’re available for a no cost or obligation cybersecurity consultation. So, if you have any questions or concerns, please don’t hesitate to contact us at 716.600.3724. We’ll discuss your situation and concerns, and help you identify best practices for protecting your confidential employee information.View full article
The Dark Web makes buying and selling of company data and credentials almost risk free
It’s very likely that today, right now as you read this, your company’s credentials are being marketed and sold on the dark web. This could be your fault caused by untrained employees duped into releasing information, or your credentials might be part of a much larger data capture form a third party – like a bank or credit card company – that got hacked to the tunes of millions and millions of data entries including yours.
Exactly how are criminals using your information, what types of gains do they hope to realize and what can you do to prevent or defend against abuse of your credentials?
Layers of the Web
Within the world of the internet there are three different areas or layers of the web:
- Surface Web
The Surface web is the area of the internet that most people use on a day to day basis. This area of the web can be indexed by search engines. That means the pages on the surface web can be found by Google, Yahoo, Bing etc. As of Sunday, February 24, 2019 the surface web consists of at least 5.15 billion pages
- Deep Web
The deep web is like the surface web but has one main difference, it cannot be indexed. You spend a lot of time in the deep web, most likely without even knowing it. Examples of deep web sites/pages are internal company networks, databases, certain government websites, email and cloud service accounts, banking sites, and most sites you can only get onto using a username and password.
- Dark Web
The deepest and most obscure of the three areas is the dark web which is a layer of information and pages accessed through “overlay networks.” Special software is required to access this content because most of it is encrypted.
What Criminals on the Dark Web Hope to Get from Your Business
In the encrypted pages of the Dark Web, you can find almost anything, from legitimate and illegitimate social networks and chat sites, to solicitations for hitman, to black-market organizations selling guns, drugs and pornography − all while maintaining anonymity.
The dark web is one of the few spots on the internet that “true anonymity” is achievable. I put true anonymity in quotations because it is hard to say whether people on the dark web are truly anonymous or just hidden extremely well.
Using tools such as TOR on top of a VPN anyone can get very close to being truly anonymous, making the buying and selling of data and credentials almost risk free. That’s why the dark web is thought to be a safe home for criminals/organizations who are marketing and selling your company’s information for one of the following purposes:
- Financial Gain
Financial gain is a driving factor for many hackers and organizations. Hackers will gather very large amounts of credentials from multiple organizations and sell them for 2-3 dollars on the dark web. This doesn’t sound very rewarding but is some cases these cyber criminals are selling 50 million or more credentials. The amount of total sales going on within the dark web is unknown although some sources estimate it to be more than $500,000 in sales a day.
There is a community of people who consistently access the dark web who belong to underground forums, social networks, and chat rooms that can be particularly dangerous for your company’s brand or reputation. They’re not motivated by buying or selling your company’s data – they’re motivated by creating chaos and the challenge of doing it for fun, just to prove they can.
When breaches are originated by these “fun seekers”, they usually give the credentials/information away or sell millions for a very small amount of money, like a Russian hacker that goes by the alias “The Collector” who last year, sold 272 million credentials for less than one dollar.
- For a Social Purpose or Cause
Some cyber criminals are idealists trying to expose injustice, some are hacktivists trying to take down corrupt governments and religious groups, and some have political motives.
An example of a social purpose driven data breach is the Ashley Madison data breach from 2015. Ashely Madison was a commercial website billed as enabling extramarital affairs. A group called “The Impact Team” stole more than 60 gigabytes of company data, including user details like real names, home addresses, search history and credit card transaction records. The group then released the information on the dark web to expose and publicly shame those who participated.
How to Mount a Cybersecurity Defense and Dark Web Protection Action Plan for Your Business
Read our blog post: Cyberattack Strategies: Going on the Offense Against Cyberattacks
I don’t want to leave you with the impression that everything going on within the dark web is illegal, because it’s not.
The first and most critical step of that dark web protection plan is to perform a scan of the dark web to see if, where and how your company’s credentials are being compromised. We’re pleased to offer a free scan of the dark web to this end, which can be initiated by clicking on the button.
If you have more immediate concerns, contact us via form, here, or call me at 716.600.3724 today.View full article
6 questions You Need to Ask Your IT Team About Your Company’s Cybersecurity Defense
Many executives make the mistake of thinking that if their cybersystems are working right, their business must be maintaining adequate information security programs. If airlines used the same logic for their planes, they would only perform repairs when something failed. In most cases, that would be too late to save the plane or the passengers.
Like an airplane, your information security systems need to be checked before, during and after every use in order to identify the minor glitches that can lead to catastrophic failure under stress. They also need to be pulled out of service from time to time so they can be checked and overhauled more thoroughly.
Six Cybersecurity Questions CEOs Should be Asking
Most executives don’t have the technological experience to analyze systems on their own, but there are questions you can ask your team in order to gauge the effectiveness of your current information security strategies. They include:
- Do we have an information security program?
This may sound crazy, but some businesses do manage to get by with just a collection of different security practices that don’t link together to form a solid wall around your data. If you ask this question, the answer should describe a network of interconnected hardware, software, and employee training and awareness protocols that form a cohesive defense, not a list of standalone items like passwords and anti-virus software.
- What is the organization’s information security framework?
Most programs are based on an information security framework, which is basically a checklist of best practices readily available from places like the National Institutes of Standards and Technology (NIST). Is your IT Department and cybersecurity team using a checklist and reporting results to you?
- Have we done an information security assessment? If so when, and what were the results?
An assessment is basically a review of your current information security program using the framework checklist. On an ongoing basis, your systems should get a thorough review, and you should get a thorough briefing, to make sure that your company’s cybersecurity defenses are adequate to address the latest threats.
- What is our information security commitment? Does our information security budget commitment match our threat level?
Cybersecurity budget numbers will drive what your business can do within the budget period. If your assessment shows that information security is lacking, what resources are available to improve it?
In an upcoming blog post, I’ll be discussing cybersecurity budgeting in greater detail, but to give you a bird’s eye view of what spending looks like on a worldwide basis, look at the following data from Gartner, Inc.
The takeaway? Spending has increased by about 23% over the past 3 years.
- What is our information security training?
Information security training needs to work at two levels. You need your information security staff to learn constantly about the new threats that businesses face. But a business’ information protection efforts are only as strong as its least wary employee. Everyone who touches a keyboard linked to your servers, even people who use private devices on your Wi-Fi network, can expose your digital assets to breaches, viruses and ransomware.
All those users need to stay on the lookout to prevent an attack, and you need to know how your IT team is bringing employees to the battlefield when it comes to protecting your company and its customers from hackers.
- What is our plan for an information security failure?
These days, no information security plan is complete until it acknowledges the possibility that it can be breached and includes instructions for people to follow if that happens. Customers are much more willing to forgive a breach when a business shares accurate information about it quickly and helps to minimize the damage done.
Review your company’s plan with your IT and cybersecurity team, and if necessary, engage the services of a cybersecurity consultant to help you prepare for a response to a breach to your customer’s data and your reputation.
Put a Cybersecurity Assessment, Remediation and Action Plan in Place
With the information gained from a self-assessment, many executives wonder what their next step should be.
Above all, do SOMETHING.
Many organizations paralyze themselves trying to choose between good options when the most important thing they need to do is move forward. For example, say a business performs a security assessment and determines that their password protocols are weak. To strengthen protocols, it could either require longer passwords with a wide variety of characters that remain stable over time or it could allow less rigorous passwords but require that they be changed frequently. Either option is a positive step. But every day that the business delays implementation with discussions about which is best is a step backward.
When you’re ready to do something, here’s a suggested order for addressing your information security concerns:
- First, protect against the major vulnerabilities.
- Next, implement changes that address multiple weaknesses. Some improvements can address several red flags on your checklist at once.
- Fix the easy stuff. Some changes can be as quick as instructing all employees to change their passwords this week. If vulnerabilities have been identified in connections to the network from offsite, a temporary ban on telecommuting could prevent a situation from getting worse while you work on a more permanent fix.
Contact the Cybersecurity Experts at Datasure24
For more information about maintaining and improving the day-to-day information security functionality of your business’ systems, contact DataSure24 at 716.600.3724 or connect with us here.View full article
Cybersecurity budget benchmarks and guidance
As you might imagine, we get asked this question a lot.
And our response often surprises people because the answer isn’t some formula that says “x percent of your budget should go to cybersecurity.”
We respond by pointing out that the question isn’t just “How much should you budget for cybersecurity,” but instead, “How should you budget for cybersecurity?” and “What should you budget for?” The important factor isn’t so much the amount you spend so much as it is the need to spend it wisely.
How Should a Company Budget for Cybersecurity in 2019?
When you’re trying to figure out how much to budget for cybersecurity, here are three factors to keep in mind:
Assessment is key. You can’t solve a problem if you don’t understand what it is. Every business today is legitimately concerned about its cybersecurity, but very few understand the strengths and weaknesses of their current structure, policies and processes, and by extension, how to spend wisely to shore up weaknesses. We see companies that make their situations worse by buying a security “solution” that doesn’t solve any of their existing problems or redress weaknesses, and in some cases, create new problems.
“Magic Bullets” are neither. This is the natural follow-up to the assessment item above. There is no software or hardware or combination of the two that will solve every cybersecurity problem. If it did exist, it would be outdated tomorrow. There is no substitute for finding a combination of hardware, software, training and support that focuses on the day-to-day operational security of your business in an environment where new threats arise every day.
You can’t set it and forget it. The days when cybersecurity amounted to a firewall or an encryption program that could be installed and forgotten about are over. Protecting the sensitive data of your business and your customers is a constant battle. To give you some idea of how much this aspect of cybersecurity has grown in recent years, one of the standards that we use to measure the effectiveness of cybersecurity is a checklist of 600 items. Just a few years ago, only 50 of those items had to be continuously modified to earn certification under the standard. Today, 450 items, a full 75 percent of the items necessary to pass the test, must be continuously monitored in order to be considered effective.
Cybersecurity Budget Benchmarks
Over half of the IT professionals surveyed stated that employee security training tools are the most effective solution to prevent security incidents, followed by breach detection and anti-ransomware solutions. Each employee needs to understand how vulnerable your business is to an accidental click in a phishing e-mail, and each of your IT people needs to understand his or her role in constantly maintaining and updating whatever security solutions you choose.
Figure 1: From Spiceworks "2019 Annual Report on IT Budgets and Tech Trends: Future Workplace Tech"
Employee awareness and training is usually at the top of our list when looking at cybersecurity budgets. The easiest way for a hacker to penetrate your business is though employees being duped into giving cyber thieves access to company files.
It’s also interesting to note where companies will be increasing their overall IT budgets in 2019.
The Spiceworks study reveals that relative to overall IT spending, about two-thirds a plan to increase their IT spending to upgrade outdated IT infrastructure. It’s interesting to note, however, that 56% intend to increase the IT budget for “increased security concerns”.
Figure 2: From Spiceworks “2019 Annual Report on IT Budgets and Tech Trends: Budgets"
These two factors are far from mutually exclusive—in fact, they’re almost symbiotic. If your business is among those considering hardware upgrades, it’s important to remember that the new infrastructure will have to integrate effectively with your overall information security strategy and framework .
Contact the Cybersecurity Experts at Datasure24
- Include an assessment of your needs,
- Understand the interaction between software, hardware and the people who use them, and
- Fund the monitoring and maintenance of whatever solution you choose.
Keep these three items in mind and you’re more likely to get the full benefit of the money you spend on cybersecurity.
We can help you assess your cybersecurity program’s current strengths and weaknesses, and provide budgeting guidance that will enable you to spend smarter and create a better security program.
For more information about budgeting and planning for cybersecurity upgrades, please contact DataSure24 at 716.600.3724 or connect with us here.View full article
7 plays that should be in your cybersecurity playbook to better protect your company from hackers and cyberthieves
They’re waiting for the shoe to drop in the form of ransomware, stolen customer personal account information, asset appropriation, or even brazen grabs for intellectual property made available through missteps made by gullible employees.
It’s extremely likely, for example, that right at this very moment without your knowledge, information from or about your company in the form of stolen passwords, credit card numbers, and personal information is being traded on the Dark Web.
Installing and managing a robust cybersecurity defense strategy after the fact is not a solution. There’s not a lack cybersecurity facts, figures and statistics available that should drive small and medium size business owners to sleepless nights and fears of writing big checks to cyber consultants and software companies.
Do you really need to raise your hand and surrender, or can you go on the offensive with a cyber attack strategy and pitch a shutout?
Going on the Offensive Against Cyberattacks
Truth be told, there will never be a way to secure a 100% guarantee that your company won’t be exposed to cyber risk or attack, but rather than ignore the situation or wait for the inevitable, it is time to consider going on the offensive.
Going on the offensive means installing layers of cybersecurity products, services and technologies that deliver 24x7x365 monitoring and robust barriers that stop or even defeat attacks in real-time. It means keeping abreast of threats and the technologies available to deal with those threats. It means a well-educated and responsible workforce. It also means developing, installing and monitoring plans, processes and technologies acting in concert with one another, rather than as unrelated standalone capabilities.
Today, integrated cybersecurity defense is the new cybersecurity offense.
A Playbook for a Cybersecurity Defense Strategy
Your Cybersecurity Playbook must be able to deal in the time continuum - the present (24x7 security monitoring), future (vulnerability scanning) and past (Dark Web scanning & reporting). Here are seven ways that can serve as a foundation for your organization’s offense strategies against cybercriminals:
- Cybersecurity Strategy Play 1: Have a security assessment conducted and a penetration test completed on a regular basis to expose internal and external risks
- Cybersecurity Strategy Play 2: Create and execute a remediation plan to address issues found in the assessments and penetration tests
- Cybersecurity Strategy Play 3: Ensure that your business has a robust backups solution in place in addition to a disaster recovery plan to mitigate data loss and ransomware impacts
- Cybersecurity Strategy Play 4: Identify a tool set for 24x7x365 managed continuous security monitoring to identify attacks happening in real-time
- Cybersecurity Strategy Play 5: Purchase an annual security awareness training program subscription for all of your employees to participate in
- Cybersecurity Strategy Play 6: Do regular scans of the Dark Web to identify your exposure. You can do this fee of charge, with the compliments of DataSure24 here.
- Cybersecurity Strategy Play 7: Create, install and do regular, periodic updates of a disaster recovery and response plan for your company.
Let Us Help You Develop, Install and Manage a Cybersecurity Playbook for Your Company
The cybersecurity experts at DataSure24 stand prepared to render assistance, consultations, services and products to help you protect your computers and network.
We provide Managed Security services, including vulnerability scanning and intrusion detection, as well as Disaster Avoidance/Recovery solutions for protecting data, maintaining availability and minimizing cyber-attacks. We also provide a variety of Security Training Awareness programs and services for making your employees a critical part of your company’s cybersecurity defense systems.
If you are concerned about your company’s ability to fend off a cyberattack, complete and submit the form, call me at 716.600.3724 ex 225 and schedule a no cost/ no obligation review of your situation, today.View full article
Protecting Your Network from Emotet Starts with Trained and Diligent Users
Like many other malwares, Emotet has begun to resurface after its initial reporting in 2014 as a type of banking malware. Emotet was created by threat actor Mealybug to target banking customers throughout Europe through infected messages to obtain customer information and gain access to customer accounts.
How Emotet Works
This trojan finds its way into machines through infected email attachments or email document links that appear to contain an invoice or other professional document normally received from the sender by the user.
- Unlike many other infected emails these do not contain large amounts of misspellings or even incorrect names, emails, or contact information.
- The links or attachments are usually a document or pdf that requests the user to enable macros.
- Macros are normally disabled by default within most of today’s document handling programs but when an infected file is opened by a user, a banner appears asking the user to enable content or editing which then enables macros.
- Once macros are enabled the malicious code is run and creates obfuscated code that allows for the execution of cmd.exe.
- Once it has control it runs PowerShell and downloads and executes a binary and creates a service which launches at every startup.
- Once the service is created the malware now establishes communication with a command and control server to inform the threat actors of the new victim machine.
Emotet is a Delivery System for Other Forms of Malware
These steps were part of the initial Emotet outbreak in 201, used by hackers to infect a com[any’s email. The new addition to this is once the command and control communication has been established the malware is being used as a delivery system for other forms of malware for other organizations.
The Goal of Emotet Remains Unknown
The main goal or motive behind the resurgence of the Emotet trojan has yet to be determined so we are left to speculate on its intent or endgame.
The information we do have tells us that the trojan is collecting a huge amount of email contacts which leads to bad press for those infected but no immediate monetary gain for the threat actors. Another important piece of the puzzle is the geographic locations of the most recent attacks, the majority of which have occurred with the United States. This could be a sign that the attackers could be working with a foreign government to either gain access to government systems by using the large amount of emails collected or use the botnet it has created in future attacks.
All together it seems in the end the Emotet trojan, if left on a network long enough, leads to the delivery of ransomware.
Corporate Email Security: Protecting Your Network from Emotet and Similar Threats
This attack, like many others, tries to take advantage of the weakest part of any network - the users.
The first step used to mitigate the threat must be training users who interact with the network. Because this infection requires user interaction to gain access to the device, simple security training can make a big difference, for example, teaching users to log themselves into a customer or provider billing system rather than opening attached documents or following links to documents from within an email.
Another step that can be taken to prevent an Emotet infection is the use of system policies to restrict all devices from executing any macros or executables not previously white listed by system administrators. This solution may not be best for all applications because some user groups may require the use of macros or executables daily.
To prevent the spread of Emotet malware on a network, monitoring traffic that moves both within and outside the network must be continuous. In many cases the Emotet trojans require command and control communications with outside or internal servers to either receive directions or ex-fill data from within the network to and outside storage location. Many times, these outside and internal communications can be caught by a properly monitored IDS (Intrusion Detection System). This identification allows for an accurate response to an infection using the information gathered in the communications.
Connect with a DataSure24 Cybersecurity Risk Expert
We offer a suite of Managed Security services, including vulnerability scanning and intrusion detection, as well as Disaster Avoidance/Recovery solutions for protecting data, maintaining availability and stakeholders connected. Further, we provide a variety of Security Training Awareness programs and services for making your employees a critical part of your company’s cybersecurity defense systems.View full article