header
header
header

The Monitor

Keeping you ahead of the curve with timely news & updates.


Dark Web Protection for Businesses: 3 Reasons Why Your Company’s Credentials are Being Sold, Bought and Used on the Dark Web

Dark web crop

The Dark Web makes buying and selling of company data and credentials almost risk free

It’s very likely that today, right now as you read this, your company’s credentials are being marketed and sold on the dark web. This could be your fault caused by untrained employees duped into releasing information, or your credentials might be part of a much larger data capture form a third party – like a bank or credit card company – that got hacked to the tunes of millions and millions of data entries including yours.

Exactly how are criminals using your information, what types of gains do they hope to realize and what can you do to prevent or defend against abuse of your credentials?         

Layers of the Web

Within the world of the internet there are three different areas or layers of the web:

  • Surface WebSurface Web

The Surface web is the area of the internet that most people use on a day to day basis. This area of the web can be indexed by search engines. That means the pages on the surface web can be found by Google, Yahoo, Bing etc.  As of Sunday, February 24, 2019 the surface web consists of at least 5.15 billion pages

  • Deep Web

The deep web is like the surface web but has one main difference, it cannot be indexed. You spend a lot of time in the deep web, most likely without even knowing it. Examples of deep web sites/pages are internal company networks, databases, certain government websites, email and cloud service accounts, banking sites, and most sites you can only get onto using a username and password.

  • Dark Web

The deepest and most obscure of the three areas is the dark web which is a layer of information and pages accessed through “overlay networks.” Special software is required to access this content because most of it is encrypted.

What Criminals on the Dark Web Hope to Get from Your Business

In the encrypted pages of the Dark Web, you can find almost anything, from legitimate and illegitimate social networks and chat sites, to solicitations for hitman, to black-market organizations selling guns, drugs and pornography − all while maintaining anonymity.

The dark web is one of the few spots on the internet that “true anonymity” is achievable. I put true anonymity in quotations because it is hard to say whether people on the dark web are truly anonymous or just hidden extremely well.

Using tools such as TOR on top of a VPN anyone can get very close to being truly anonymous, making the buying and selling of data and credentials almost risk free. That’s why the dark web is thought to be a safe home for criminals/organizations who are marketing and selling your company’s information for one of the following purposes:

  1. Financial Gain

Financial gain is a driving factor for many hackers and organizations. Hackers will gather very large amounts of credentials from multiple organizations and sell them for 2-3 dollars on the dark web. This doesn’t sound very rewarding but is some cases these cyber criminals are selling 50 million or more credentials. The amount of total sales going on within the dark web is unknown although some sources estimate it to be more than $500,000 in sales a day.

  1. Fun

There is a community of people who consistently access the dark web who belong to underground forums, social networks, and chat rooms that can be particularly dangerous for your company’s brand or reputation. They’re not motivated by buying or selling your company’s data – they’re motivated by creating chaos and the challenge of doing it for fun, just to prove they can.

When breaches are originated by these “fun seekers”, they usually give the credentials/information away or sell millions for a very small amount of money, like  a Russian hacker that goes by the alias “The Collector” who last year, sold  272 million credentials for less than one dollar.

  1. For a Social Purpose or Cause

Some cyber criminals are idealists trying to expose injustice, some are hacktivists trying to take down corrupt governments and religious groups, and some have political motives.

An example of a social purpose driven data breach is the Ashley Madison data breach from 2015. Ashely Madison was a commercial website billed as enabling extramarital affairs. A group called “The Impact Team” stole more than 60 gigabytes of company data, including user details like real names, home addresses, search history and credit card transaction records. The group then released the information on the dark web to expose and publicly shame those who participated.

How to Mount a Cybersecurity Defense and Dark Web Protection Action Plan for Your Business

Read our blog post: Cyberattack Strategies: Going on the Offense Against Cyberattacks

I don’t want to leave you with the impression that everything going on within the dark web is illegal, because it’s not.

New call-to-actionHowever, that doesn’t mean you shouldn’t be prepared to develop and mount a strong Cybersecurity Defense and Action Plan to monitor, prevent, respond and remediate data breeches.

The first and most critical step of that dark web protection plan is to perform a scan of the dark web to see if, where and how your company’s credentials are being compromised. We’re pleased to offer a free scan of the dark web to this end, which can be initiated by clicking on the button.

If you have more immediate concerns, contact us via form, here, or call me at 716.600.3724 today.

View full article

Assessing Your Company’s Cybersecurity Strengths and Weaknesses: A Guide for CEOs

CEO Cyber

6 questions You Need to Ask Your IT Team About Your Company’s Cybersecurity Defense

Many executives make the mistake of thinking that if their cybersystems are working right, their business must be maintaining adequate information security programs. If airlines used the same logic for their planes, they would only perform repairs when something failed. In most cases, that would be too late to save the plane or the passengers.

Like an airplane, your information security systems need to be checked before, during and after every use in order to identify the minor glitches that can lead to catastrophic failure under stress. They also need to be pulled out of service from time to time so they can be checked and overhauled more thoroughly.

Six Cybersecurity Questions CEOs Should be Asking

New call-to-actionMost executives don’t have the technological experience to analyze systems on their own, but there are questions you can ask your team in order to gauge the effectiveness of your current information security strategies. They include:

  • Do we have an information security program?

This may sound crazy, but some businesses do manage to get by with just a collection of different security practices that don’t link together to form a solid wall around your data. If you ask this question, the answer should describe a network of interconnected hardware, software, and employee training and awareness protocols that form a cohesive defense, not a list of standalone items like passwords and anti-virus software.

  • What is the organization’s information security framework?

Most programs are based on an information security framework, which is basically a checklist of best practices readily available from places like the National Institutes of Standards and Technology (NIST). Is your IT Department and cybersecurity team using a checklist and reporting results to you?

  • Have we done an information security assessment? If so when, and what were the results?

An assessment is basically a review of your current information security program using the framework checklist. On an ongoing basis, your systems should get a thorough review, and you should get a thorough briefing, to make sure that your company’s cybersecurity defenses are adequate to address the latest threats.

  • What is our information security commitment? Does our information security budget commitment match our threat level?

Cybersecurity budget numbers will drive what your business can do within the budget period. If your assessment shows that information security is lacking, what resources are available to improve it?

In an upcoming blog post, I’ll be discussing cybersecurity budgeting in greater detail, but to give you a bird’s eye view of what spending looks like on a worldwide basis, look at the following data from Gartner, Inc.

The takeaway? Spending has increased by about 23% over the past 3 years.

CHART

  • What is our information security training?

Information security training needs to work at two levels. You need your information security staff to learn constantly about the new threats that businesses face. But a business’ information protection efforts are only as strong as its least wary employee. Everyone who touches a keyboard linked to your servers, even people who use private devices on your Wi-Fi network, can expose your digital assets to breaches, viruses and ransomware.

All those users need to stay on the lookout to prevent an attack, and you need to know how your IT team is bringing employees to the battlefield when it comes to protecting your company and its customers from hackers.

  • What is our plan for an information security failure?

These days, no information security plan is complete until it acknowledges the possibility that it can be breached and includes instructions for people to follow if that happens. Customers are much more willing to forgive a breach when a business shares accurate information about it quickly and helps to minimize the damage done.

Review your company’s plan with your IT and cybersecurity team, and if necessary, engage the services of a cybersecurity consultant to help you prepare for a response to a breach to your customer’s data and your reputation.

Put a Cybersecurity Assessment, Remediation and Action Plan in Place

With the information gained from a self-assessment, many executives wonder what their next step should be.

Above all, do SOMETHING.

Many organizations paralyze themselves trying to choose between good options when the most important thing they need to do is move forward. For example, say a business performs a security assessment and determines that their password protocols are weak. To strengthen protocols, it could either require longer passwords with a wide variety of characters that remain stable over time or it could allow less rigorous passwords but require that they be changed frequently. Either option is a positive step. But every day that the business delays implementation with discussions about which is best is a step backward.

When you’re ready to do something, here’s a suggested order for addressing your information security concerns:

  • First, protect against the major vulnerabilities.
  • Next, implement changes that address multiple weaknesses. Some improvements can address several red flags on your checklist at once.
  • Fix the easy stuff. Some changes can be as quick as instructing all employees to change their passwords this week. If vulnerabilities have been identified in connections to the network from offsite, a temporary ban on telecommuting could prevent a situation from getting worse while you work on a more permanent fix.

Contact the Cybersecurity Experts at Datasure24

We can help you assess your cybersecurity program’s current strengths and weaknesses, and develop managed security, disaster recovery, and security awareness training.

For more information about maintaining and improving the day-to-day information security functionality of your business’ systems, contact DataSure24 at 716.600.3724 or connect with us here.

View full article

How Much Should We Be Budgeting for Cybersecurity in 2019?

cyber blog post 2

Cybersecurity budget benchmarks and guidance

As you might imagine, we get asked this question a lot.

And our response often surprises people because the answer isn’t some formula that says “x percent of your budget should go to cybersecurity.”

We respond by pointing out that the question isn’t just “How much should you budget for cybersecurity,” but instead, “How should you budget for cybersecurity?” and “What should you budget for?” The important factor isn’t so much the amount you spend so much as it is the need to spend it wisely.

How Should a Company Budget for Cybersecurity in 2019?

When you’re trying to figure out how much to budget for cybersecurity, here are three factors to keep in mind:

Assessment is key. You can’t solve a problem if you don’t understand what it is. Every business today is legitimately concerned about its cybersecurity, but very few understand the strengths and weaknesses of their current structure, policies and processes, and by extension, how to spend wisely to shore up weaknesses. We see companies that make their situations worse by buying a security “solution” that doesn’t solve any of their existing problems or redress weaknesses, and in some cases, create new problems.

“Magic Bullets” are neither. This is the natural follow-up to the assessment item above. There is no software or hardware or combination of the two that will solve every cybersecurity problem. If it did exist, it would be outdated tomorrow. There is no substitute for finding a combination of hardware, software, training and support that focuses on the day-to-day operational security of your business in an environment where new threats arise every day.

You can’t set it and forget it. The days when cybersecurity amounted to a firewall or an encryption program that could be installed and forgotten about are over. Protecting the sensitive data of your business and your customers is a constant battle. To give you some idea of how much this aspect of cybersecurity has grown in recent years, one of the standards that we use to measure the effectiveness of cybersecurity is a checklist of 600 items. Just a few years ago, only 50 of those items had to be continuously modified to earn certification under the standard. Today, 450 items, a full 75 percent of the items necessary to pass the test, must be continuously monitored in order to be considered effective.

Cybersecurity Budget Benchmarks

A recent study from IT marketplace connector Spiceworks shows how a variety of businesses are divvying up their cybersecurity budgets to maximize the value of each dollar spent.

Over half of the IT professionals surveyed stated that employee security training tools are the most effective solution to prevent security incidents, followed by breach detection and anti-ransomware solutions. Each employee needs to understand how vulnerable your business is to an accidental click in a phishing e-mail, and each of your IT people needs to understand his or her role in constantly maintaining and updating whatever security solutions you choose.

Chart 1

Figure 1: From Spiceworks "2019 Annual Report on IT Budgets and Tech Trends: Future Workplace Tech"

Employee awareness and training is usually at the top of our list when looking at cybersecurity budgets. The easiest way for a hacker to penetrate your business is though employees being duped into giving cyber thieves access to company files.

It’s also interesting to note where companies will be increasing their overall IT budgets in 2019.

The Spiceworks study reveals that relative to overall IT spending, about two-thirds a plan to increase their IT spending to upgrade outdated IT infrastructure. It’s interesting to note, however, that 56% intend to increase the IT budget for “increased security concerns”.  

 chart2

Figure 2: From Spiceworks “2019 Annual Report on IT Budgets and Tech Trends: Budgets"

These two factors are far from mutually exclusive—in fact, they’re almost symbiotic. If your business is among those considering hardware upgrades, it’s important to remember that the new infrastructure will have to integrate effectively with your overall information security strategy and framework .

Contact the Cybersecurity Experts at Datasure24

In short, effective spending effectively for cybersecurity is about how you use your money, not just how much money you use. Your budget needs to:

  • Include an assessment of your needs,
  • Understand the interaction between software, hardware and the people who use them, and
  • Fund the monitoring and maintenance of whatever solution you choose.

Keep these three items in mind and you’re more likely to get the full benefit of the money you spend on cybersecurity.

We can help you assess your cybersecurity program’s current strengths and weaknesses, and provide budgeting guidance that will enable you to spend smarter and create a better security program.

For more information about budgeting and planning for cybersecurity upgrades, please contact DataSure24 at 716.600.3724 or connect with us here.

View full article

Cyberattack Strategies: Going on the Offense Against Cyberattacks

Offense Playbook

7 plays that should be in your cybersecurity playbook to better protect your company from hackers and cyberthieves

Cybersecurity graphic-1I talk to a lot of small and medium size business owners who seem resigned to the fact that sometime, somewhere and somehow their computer systems and network is inevitably going to be attacked.

They’re waiting for the shoe to drop in the form of ransomware, stolen customer personal account information, asset appropriation, or even brazen grabs for intellectual property made available through missteps made by gullible employees. 

It’s extremely likely, for example, that right at this very moment without your knowledge, information from or about your company in the form of stolen passwords, credit card numbers, and personal information is being traded on the Dark Web.

Installing and managing a robust cybersecurity defense strategy after the fact is not a solution. There’s not a lack cybersecurity facts, figures and statistics available that should drive small and medium size business owners to sleepless nights and fears of writing big checks to cyber consultants and software companies.

Do you really need to raise your hand and surrender, or can you go on the offensive with a cyber attack strategy and pitch a shutout?  

Going on the Offensive Against Cyberattacks

Truth be told, there will never be a way to secure a 100% guarantee that your company won’t be exposed to cyber risk or attack, but rather than ignore the situation or wait for the inevitable, it is time to consider going on the offensive.

Going on the offensive means installing layers of cybersecurity products, services and technologies that deliver 24x7x365 monitoring and robust barriers that stop or even defeat attacks in real-time. It means keeping abreast of threats and the technologies available to deal with those threats. It means a well-educated and responsible workforce. It also means developing, installing and monitoring plans, processes and technologies acting in concert with one another, rather than as unrelated standalone capabilities.

Today, integrated cybersecurity defense is the new cybersecurity offense.

A Playbook for a Cybersecurity Defense Strategy

Your Cybersecurity Playbook must be able to deal in the time continuum - the present (24x7 security monitoring), future (vulnerability scanning) and past (Dark Web scanning & reporting). Here are seven ways that can serve as a foundation for your organization’s offense strategies against cybercriminals:

  • Cybersecurity Strategy Play 1: Have a security assessment conducted and a penetration test completed on a regular basis to expose internal and external risks
  • Cybersecurity Strategy Play 2: Create and execute a remediation plan to address issues found in the assessments and penetration tests
  • Cybersecurity Strategy Play 3: Ensure that your business has a robust backups solution in place in addition to a disaster recovery plan to mitigate data loss and ransomware impacts
  • Cybersecurity Strategy Play 4: Identify a tool set for 24x7x365 managed continuous security monitoring to identify attacks happening in real-time
  • Cybersecurity Strategy Play 5: Purchase an annual security awareness training program subscription for all of your employees to participate in
  • Cybersecurity Strategy Play 6: Do regular scans of the Dark Web to identify your exposure. You can do this fee of charge, with the compliments of DataSure24 here.
  • Cybersecurity Strategy Play 7: Create, install and do regular, periodic updates of a disaster recovery and response plan for your company.

Let Us Help You Develop, Install and Manage a Cybersecurity Playbook for Your Company

The cybersecurity experts at DataSure24 stand prepared to render assistance, consultations, services and products to help you protect your computers and network.

We provide Managed Security services, including vulnerability scanning and intrusion detection, as well as Disaster Avoidance/Recovery solutions for protecting data, maintaining availability and minimizing cyber-attacks. We also provide a variety of Security Training Awareness programs and services for making your employees a critical part of your company’s cybersecurity defense systems.

If you are concerned about your company’s ability to fend off a cyberattack, complete and submit the form, call me at 716.600.3724 ex 225 and schedule a no cost/ no obligation review of your situation, today.

View full article

Corporate Email Security: The Emotet Trojan Resurfaces but Its Intent and Goals are Hidden

Emotet Blog

Protecting Your Network from Emotet Starts with Trained and Diligent Users

Like many other malwares, Emotet has begun to resurface after its initial reporting in 2014 as a type of banking malware. Emotet was created by threat actor Mealybug to target banking customers throughout Europe through infected messages to obtain customer information and gain access to customer accounts.

How Emotet Works

This trojan finds its way into machines through infected email attachments or email document links that appear to contain an invoice or other professional document normally received from the sender by the user.

  • Unlike many other infected emails these do not contain large amounts of misspellings or even incorrect names, emails, or contact information.
  • The links or attachments are usually a document or pdf that requests the user to enable macros.
  • Macros are normally disabled by default within most of today’s document handling programs but when an infected file is opened by a user, a banner appears asking the user to enable content or editing which then enables macros.
  • Once macros are enabled the malicious code is run and creates obfuscated code that allows for the execution of cmd.exe.
  • Once it has control it runs PowerShell and downloads and executes a binary and creates a service which launches at every startup.
  • Once the service is created the malware now establishes communication with a command and control server to inform the threat actors of the new victim machine.

Emotet is a Delivery System for Other Forms of Malware

These steps were part of the initial Emotet outbreak in 201, used by hackers to infect a com[any’s email. The new addition to this is once the command and control communication has been established the malware is being used as a delivery system for other forms of malware for other organizations.

The Goal of Emotet Remains Unknown

The main goal or motive behind the resurgence of the Emotet trojan has yet to be determined so we are left to speculate on its intent or endgame.

The information we do have tells us that the trojan is collecting a huge amount of email contacts which leads to bad press for those infected but no immediate monetary gain for the threat actors. Another important piece of the puzzle is the geographic locations of the most recent attacks, the majority of which have occurred with the United States. This could be a sign that the attackers could be working with a foreign government to either gain access to government systems by using the large amount of emails collected or use the botnet it has created in future attacks.

All together it seems in the end the Emotet trojan, if left on a network long enough, leads to the delivery of ransomware.

Corporate Email Security: Protecting Your Network from Emotet and Similar Threats

This attack, like many others, tries to take advantage of the weakest part of any network - the users.

The first step used to mitigate the threat must be training users who interact with the network. Because this infection requires user interaction to gain access to the device, simple security training can make a big difference, for example, teaching users to log themselves into a customer or provider billing system rather than opening attached documents or following links to documents from within an email.

Another step that can be taken to prevent an Emotet infection is the use of system policies to restrict all devices from executing any macros or executables not previously white listed by system administrators. This solution may not be best for all applications because some user groups may require the use of macros or executables daily.

To prevent the spread of Emotet malware on a network, monitoring traffic that moves both within and outside the network must be continuous. In many cases the Emotet trojans require command and control communications with outside or internal servers to either receive directions or ex-fill data from within the network to and outside storage location. Many times, these outside and internal communications can be caught by a properly monitored IDS (Intrusion Detection System). This identification allows for an accurate response to an infection using the information gathered in the communications.

Connect with a DataSure24 Cybersecurity Risk Expert

We offer a suite of Managed Security services, including vulnerability scanning and intrusion detection, as well as Disaster Avoidance/Recovery solutions for protecting data, maintaining availability and stakeholders connected. Further, we provide a variety of Security Training Awareness programs and services for making your employees a critical part of your company’s cybersecurity defense systems.

If you are concerned about Emotet or other corporate email security issues, contact us or at 716. 600.3724 and schedule a no cost/ no obligation review of your situation, today.

View full article

Introducing DataSure24

In the Fall of 2018, Freed Maxick announced their partnership with a local technology company to form DataSure24. This new organization brings exciting capabilities to existing clients and other businesses throughout the region and beyond.

This partnership allows DataSure24 to be the premier cyber-security company in Western New York, providing full security services to organizations. DataSure24 will help companies with everything from developing a security program, to delivering security implementations, and providing continuous monitoring and incident response.

24/7 isn’t just a term. It’s a culture, a philosophy and a proficiency. Through these security services DataSure25 is able to provide continuous monitoring that a wide variety of companies need in order to meet compliance, and support the entire security life-cycle of an organization.

Watch the video below to learn more:

 

View full article

Educating Your Workforce to Handle Cyber Threats

How to strengthen one of the weakest links in your cyber defense

In my role as the VP of Strategic Development and Security Officer at DataSure24, it’s my responsibility to protect my company, our employees, and the thousands of customers we have from the unprecedented wave of cyber attacks that are an agonizing part of doing business.

Today, dealing with the threat of cyberattack is an issue that keeps every C-suiter up at night.

I’ve installed, maintained and updated the latest technologies and constantly share information and data with my peers on best cybersecurity practices. However, without “human technology” playing a critical role in today’s cyber defense systems, I’m very concerned that we’ll continue to hear horror stories that perhaps could have been prevented.

I’d like to share some of my thoughts and experiences about integrating the human factor in a cyber defense environment.

In the comment section following this post, I welcome any insights, observations and experiences you would like to share with our blog readers.

Employees are a Critical Part of any Cyber Threat Defense

Businesses today understand the importance of securing data, software and hardware against the threat of a breach. The realization that customer account information, internal communications or other critical data could be stolen and sold or locked away and held for ransom has motivated executives to invest in elaborate in-house security systems and state-of-the-art cloud security solutions to protect their organizations from cyber-attack.

These investments are a cost of doing business in a connected economy, but even the best cyber defense system can be short-circuited by the critical weakness that technology can’t eliminate—the click of an employee on a well-disguised hostile link.

Technology solutions are still an important part of cyber security, but a growing percentage of successful breaches now start with a phishing e-mail instead of a direct attack on a firewall. In short, businesses have been successful enough in training their computers to protect against threats that hackers have adapted by focusing on the element in the system that hasn’t been trained as well—employees.

Creating a Security Culture in a Service Economy

Before you can train your people to protect against cyber threats, you need to understand where that training fits into your broader cybersecurity strategy. Leadership needs to be clear about the level of risk the organization will tolerate, and the training needs to reinforce that concept. For instance, many businesses have focused on responsiveness to clients without adequate statements about risk tolerance.

In some cases, this lopsided focus can create a culture where employees work to resolve client e-mail issues so quickly that they don’ evaluate those e-mails for potential phishing links. If your cybersecurity training is going to stress evaluating e-mails for threats, employees need to understand that leadership is lowering its tolerance for cyber risk and leadership needs to understand there will be some tradeoff in response-time efficiency.

Elements of an Effective Cybersecurity Education

The kind of education process that will work best for your business depends first and foremost on what kind of business you run. And “what kind” refers both to what industry or economic sector you operate in as well as the personality of your employees and the atmosphere in your workspaces. That said, there are still certain elements that you should look for to create a program that turns your people into a “human firewall.” These four characteristics should be present in any cybersecurity education program:

  • Customized or customizable: No off-the-shelf training module will speak directly enough to your employees. Think of the message you send to employees when you gather everyone together for a mandatory meeting at which some outside consultant or designated employee lectures them from a script with generic statements about the importance of security. If you poll them on the way out, you would probably get a perfunctory response along the lines of, “Yeah, I get it. Security’s a big deal.”
    Training should speak directly to YOUR employees about YOUR business and the potential damage that a security failure will cause. To support a healthy culture of cybersecurity, your training needs to go beyond the nuts and bolts of learning how to avoid phishing scams and risky websites to create a sense of shared responsibility among your team for the protection of customer data and co-worker jobs.
  • Comprehensive: Your cyber defense is only as strong as your weakest link. Malware and ransomware attacks have become so pervasive that you can’t afford to overlook any of your technology users when it comes to raising awareness about cybersecurity. Even someone who doesn’t have an assigned work computer could still use a personal computer or account to open a malicious e-mail that generates a message to all contacts, including customers and co-workers. Even if an employee’s unsecure practice only affects personal computers and accounts, your business will still suffer lost productivity while that person works to resolve the problems that arise as a result.
  • Focus on Creating a Cybersecurity Culture: A lecture with PowerPoint slides is rarely going to be enough to engage employees at the level necessary for success. This type of training benefits from breakout sessions with small groups where participants get a better sense of how much the group’s success depends on the efforts of everyone. The goal is to create habits and routines that employees use to analyze the potential cyber risks in every activity they undertake, then practice using those habits and routines frequently enough that they become part of the fabric of the job. In a way, it’s almost as if you’re trying to train your people to “think without thinking about it.” Education on this topic always needs to focus on taking the time to be safe.
  • Monitor to Measure Improvement: Effective cybersecurity education requires much more than an occasional day of training. A business must commit to ongoing monitoring and testing. Information generated from those activities needs to feed into regular updates to staff as well as improvements to the next training. Employees should be encouraged to communicate frequently about cybersecurity and to quickly notify managers of potential threats that they identify. Visible indicators of success should be included around the office, such as whiteboard postings noting “[X number] of threats turned away this week/month/year.” 

DataSure24 Offers Cybersecurity Services

The cyber threats that businesses face change so quickly that educating and empowering a workforce to protect against them is an ongoing operation, not just a scheduled training session. Our team of cybersecurity experts can help you build and maintain a sustainable technical and human powered defense system.

For more information on how we can help you strengthen your human cybersecurity firewalls to match your technological ones, please contact us at 716-600-3724 or below. 

View full article

The Dark Web Monsters Under the Bed

The-Dark-Web-Monsters-Under-the-Bed

Preventive measures, monitoring and remediation capabilities are at the heart of a Dark Web defense

New call-to-actionThe dark web is a term for the places on the internet where mostly illegal activities occur like botnets, black markets, fraud services, phishing, child porn, terrorism, etc. Although the Dark Web sits on the internet, it is a segregated, anonymous and protected part, and typically, you need to use special software and access methods to enter.

I often think of it as the dark alley of the Internet.

Trading and Selling Compromised Information and Methods

The one Dark Web activity that most directly affects most normal people and companies is the trade and sale of compromised information and methods. In layman’s terms, the Dark Web is the place where stolen passwords, credit card numbers, and personal information is traded. Additionally, it is a communication channel that allows bad guys to coordinate attacks into individual systems while also giving training on how to exploit new vulnerabilities. The Dark Web is where stolen information is captured and made ready for nefarious uses, and if your credit card information has been stolen, it’s the pace where crooks can find it.

These are the monsters under the bed.

How Can Your Company Protect Itself from the Dark Web?

Daily, tens of millions of dollars of Illegal transactions occur on the Dark Web, and it’s often a result of companies who are ill equipped and ill prepared to protect their digital assets. Once those assets are left unprotected, unguarded, or made vulnerable for lack of a few simple protective measures, you’ve exposed your customer and prospect information for exploitation. Further, you’ve damaged your reputation and can even face severe financial consequences.

While putting a protective shield and remediation system in place is warranted, you’ll want to make sure that at a minimum, your cyber-defense includes the following features and capabilities:

  • Monitor all traffic and data going in and out of your network to see in real-time if there is an attack going on, so it can be stopped in its tracks
  • Conduct a daily scan of the Dark Web, so you have a catalog showing data that was stolen in the past, and if any new information was compromised currently so you can act immediately and with certainty
  • Conduct vulnerability scanning and overall security assessments backed by remediation capabilities to shore up your security maturity so that any future attacks or compromises are significantly reduced.
  • Secure the technical capabilities for identifying if your company’s data was exfiltrated and being exploited and used by bad guys
  • Deploy a Dark Web Scanning service that actively scans the dark web for your corporate domain name and personal email addresses that also provides a daily report for your entire organization
  • Hire an “undercover agent” to go into the Dark Web so that you never need to step foot in that dark alley.

Get Rid of the Monsters Under Your Bed: Connect with DataSure24

At DataSure24, we can identify with 100% certainty if your company’s information was exfiltrated, used by the bad guys, or is actively available on the Dark Web. We can tell you that, yes, indeed your information was taken in the past.

We go into the Dark Web as an undercover agent so that you never need to step foot in that dark alley. We provide daily scans of the Dark Web, so that you not only know the past that shows data that was stolen many years ago, but you will also know the very next day if any new information was compromised. This gives you the ability to act on things immediately and with certainty – helping clear out the monsters under the bed.

View full article