Month: October 2021
Combatting Stealthy Cyber Enemies in Today’s Digitally-Accelerated Economy
In early 2021, a cyber-attack was made on a water treatment facility in Oldsmar, Florida. The hacker infiltrated its computer systems and changed settings, increasing the volume of sodium hydroxide, slated to enter the water supply, to an excessive amount. A single, vigilant employee managed to catch the issue before it could do damage.
With all the knowledge and information available today to thwart cyber threats, why does this keep happening to fundamental human lifelines like utilities, healthcare, finance and business?
Is the adoption of new technologies not keeping pace with advanced threats? Are poor access controls, legacy systems, remote access, ransomware and insider threats to blame? Or are businesses just understaffed, under-resourced, and plain overwhelmed by what digital acceleration means for them right now and in the future? The answer for most is likely, D: All of the above.
The Age of Acceleration
The events shaping the past couple of years could easily define the time period as, “The Age of Disruption”, with the Covid-19 pandemic flipping everything about how businesses and communities engage on its head. But one theme that is consistent throughout is acceleration. We are all reimagining, transforming, adopting, adapting and repositioning in some way to engage and connect with others in new and different ways. And, if you—a corporation, small business owner, hardworking citizen, or contributing member of society—are doing that, unfortunately, so are cyber criminals.
You probably don’t typically spend a great deal of time thinking like a hacker. But, under the circumstances, it might be a helpful exercise to do so. What circumstances, you ask? For one, what does disruption or accelerated change mean to a hacker? Again, unfortunately, not much. Stealthy cyber criminals operate flexibly to be in position to exploit windows of opportunity. You probably see where this is going. Not only are we not on an even playing field, but we also don’t have the advantage. Cyber criminals are capitalizing on the transition to remote work, the scramble for businesses to adopt new operating models, and the vulnerability of unsecured or under-secured legacy systems, and there’s more to come.
Digital Accelerants
There’s more pressure than ever before to protect networks as the channel for conducting business in today’s global marketplace. Protecting the network from threats and vulnerabilities can be daunting under normal circumstances but, there are currently several technology disrupters driving digital acceleration that will impact the future of networks. These include AI, machine learning, Big Data and analytics, and 5G. Some are new, some are not, but all are interdependent and add complexity to existing IT systems.
“While digital technologies have been developing for many years, in the last decade their cumulative impacts have become so deep, wide-ranging and fast-changing as to herald the dawn of a new age. The cost of massive computing power has fallen. Billions of people and devices have come online. Digital content now crosses borders in vast volumes, with constant shifts in what is produced and how and where it is used.”—Digital Cooperation Report for the Web
The Evolution of Ransomware
Unassuming ransomware. It targets files in a slow-moving progression, zapping users’ access by restricting files and/or access at the system level. In 2020, research showed a 7-fold increase in ransomware attacks, as compared to 2019. That might not be as concerning if ransomware hadn’t also evolved. The ransomware families that appeared popular in 2019 are no longer as popular now. New ransomware families dominate the scene, and they no longer target individuals, but companies.
The many ways ransomware can spread infection today is quite varied and comprehensive. It might surprise you, the breadth of damage that can be done via an attack on mobile devices, Wifi networks, cloud storage, external hard drives, unpatched operating systems, and backups (yes, even your backups can be hacked). Ransomware can reside in a variety of applications, ranging from Skype to the Google Play Store, and gain systems entry through suspicious emails and fake desktop updates. Once downloaded, malware can hide in modified Windows registry keys, temporary folders, Microsoft Word files and elsewhere. It can even encrypt encrypted files at the device and file levels and hold them hostage for ransom, hence the name.
Ransomware begins simply enough, but like slow-growing cancer, your infected network then metastasizes and progresses to impacting your customers, service providers, utilities, all the way down to employees. So, how do you protect critical information assets traveling across your network?
Don’t Open the Door
Similar to how employee security awareness training helps close the door on social engineering and phishing attacks, application execution control closes the door on unknown threats, like ransomware and malware, while permissions settings “allow” trusted software to run within the IT infrastructure. Application allow-listing (formerly known as whitelisting) technology solutions, such as those offered by cybersecurity leader, ThreatLocker, simplify deployment with semi-automated options that ease the burden of manually building an allow-list.
Read more: 5 Tips for Protecting Data.
The Era of Managing Everything In-House Is Over (at least, for now)
Ransomware is on the rise because it’s underestimated and easy to deploy to vulnerable targets. During a time of unprecedented technological acceleration and economic and societal change, companies don’t have to be unwitting victims.
Right now, while cyber enemies are on the increase, cybersecurity roles are the hardest to fill. There’s something really wrong with that order that will, hopefully, resolve itself over the course of time. But you don’t have to wait till then to get the technical help you need. Whether you have an IT resource, an internal team, or no cybersecurity support at all, MSP, Path Forward IT can be the security partner who helps you confidently establish and implement your allow-listing strategy.
A few other ways Path Forward IT can support you and keep your network safe include:
- Administer security awareness training to your employees, including mock phishing attacks
- Conduct an audit to review your protection, hardware, and security configurations
- Collaborate on policies development, ensuring compliance with HIPAA, NIST, and other industry regulations
- Assure your network security through managed cloud services, including proactive 24/7/365 monitoring, updates, and patching, as well as immediate response in the event of a security breach
To learn more, request a consultation with Path Forward IT.
Resources
IT auditing and controls: A look at application controls, Infosec Institute
Visibility and Control at the Application Layer, ThreatLocker
NIST Guide to Application Whitelisting
The Ransomware Landscape of 2021, Brilliance Security Magazine
What you need to know about ransomware, CyberTalk.org
WannaCry Ransomware Attack, Wikipedia
MalwareTech, WannaCry and Kronos – Understanding the Connections, Tripwire
Your Employees Are the Latest Phishing Targets
With burgeoning hybrid work environments, companies and their employees are more susceptible than ever to phishing attacks and social engineering. Cybercriminals are becoming increasingly more adept at changing tactics to exploit new vulnerabilities. As phishing attempts get more creative and difficult to discern, “new-school” employee training and access controls are a must.
Jumping Phish Ponds
Most of us have heard of phishing or even taken a cybersecurity compliance training that touched upon the threat. We know emails that seem “off” somehow are suspect—an invitation to click on a link from a stranger or a weird request from a usually trustworthy source. Social engineering like this is a cybercriminal’s attempt to manipulate, influence or deceive a target into taking some action that isn’t in their own best interest or in the best interest of the organization.
Phishing scams these days have changed in nature due to a variety of recent developments. During 2020, COVID-19, shelter-in-place and social distancing orders forced many companies to quickly adapt to changing environments and technology. Under these conditions, it wasn’t always possible for network access and privilege escalation to be fully monitored. Misconfigured databases and services were the leading cause behind all-time-high numbers of exposed records in enterprise security breaches. As more automation tools are being implemented on company networks to streamline new operational models, the ability to keep track of who has access to different points on the network, and what type of access they have, is becoming more complex to manage.
New Phish
These recent changes are driving bad actors away from “net” phishing and toward spear phishing (targeting specific groups and individuals.) The FBI’s Internet Crime Complaint Center (IC3) received a record number of complaints from American citizens in 2020. Phishing—including vishing (voice phishing over the phone), SMiShing (text message phishing), whaling (targeting high-profile employees and C-level executives) and pharming (emails with links that redirect to fake websites)—was the most prevalent threat in the US in 2020, with 241,342 victims. This resulted in non-payment/non-delivery (108,869 victims), extortion (76,741 victims), personal data loss (45,330 victims) and identity theft (43,330 victims).
Phishing Victim Impacts
Link manipulation, fake trial offers, advance-fee loans, and job scams continue to be lucrative phishing methods for threat actors. The consequences, however, are high for victims. Here are some numbers shared by Business Continuity and Disaster Recovery MSP, PathForward IT:
- ~85% of security breaches start with phishing
- 86% of organizations had at least one user try to connect to a phishing site
- 53% of successful cyber-attacks infiltrate organizations without being detected
- 91% of all cyber-attack incidents didn’t generate an alert
- 70+ days: Length of time intruders typically go undetected
- 6–12 months: Estimated time to investigate and remediate a security breach
- 3–15 days: Average downtime, interruption to business continuity
- $1M–$3M: Financial impact of a successful attack
- Regulatory, civil, and criminal impacts: Fines, restitution, penalties to contracted partners, and brand reputation damage
Defending Against Phishers
Recognizing and stopping phishing attacks in advance of a data breach or ransomware is your best defense. The following are recommended mitigations that can help prepare and protect your organization:
POLICIES AWARENESS: The greatest threat to your organization’s cybersecurity strength is, unfortunately, also its greatest asset. Even if unintentional, employee carelessness, mistakes, unreported data exposures and other risky behaviors can provide easy entry points for bad actors. Raising awareness about policies that defend against security threats arm your employees with knowledge that can protect them in the workplace and also in their home offices. Here is just a short list of examples your policies should address:
- Verify financial-related request with a live phone conversation before responding
- Avoid clicking links from unknown senders, suspicious-looking or unverified emails asking for payment or banking information
- Never put financial account information in an email, text or other digital communication unless it’s encrypted
- Never use public WiFi to access your company email, financial institutions or any sensitive data
TRAINING: Providing training to your employees improves their ability to recognize threats and reduces the chance of successful phishing attempts. As cyberattack trends change, ongoing, updated training lessens your organization’s exposure and ensures new attack methods don’t catch your employees unaware. Path Forward IT training and documentation programs leverage best-in-class training tools from preferred vendor, KnowBe4, to help your team correctly utilize your technology’s full features and capabilities while meeting regulatory training requirements. Security Awareness Training, Anti-Phishing Training, and simulated phishing attacks can all help your employees gain real-world experience on how to address threats.
ACCESS CONTROLS: When new employees are hired, network access should be granted on a least-privilege scale. Periodic review of network access for all employees can significantly reduce the risk of compromise of vulnerable and/or weak spots within the network. Actively scanning and monitoring for unauthorized access or modifications can help detect a possible compromise in order to prevent or minimize the loss of data.
To learn more, request a consultation with Path Forward IT.
Resources
Internet Crime Complaint Center
50 Phishing Stats You Should Know In 2021
Cyber Criminals Exploit Network Access and Privilege Escalation
The Pandemic Struck, and Cybercriminals Went to Work
Report: 2021 Phishing By Industry Benchmarking
2021 Cybersecurity Threat Trends
Mandiant Security Effectiveness Report: DEEP DIVE INTO CYBER REALITY
Back Up Your Data to Get It Back From A Cyber Attack
Today’s accelerated technology trends are powering unprecedented business transformation. But they’re also introducing an overwhelming amount of security risk. Hackers use a wide range of tools and methods to gain access to your data—from social engineering and phishing scams to ransomware attacks and exploiting systems vulnerabilities. With virtually all personal and business data stored on internet-connected platforms, targeting businesses has become a gold mine for bad actors. To ensure the best chance of business continuity following any compromising cyber event, strategically backing up your data is one of the most foundational best practices you should include in your layered security checklist.
Business-Critical Backup and Recovery, Without A Plan
Cybersecurity professionals agree pretty much universally that, it’s not a matter of whether businesses will encounter an attack, but when. Trying to execute every-day business functions, without access to data, is like trying to drive a car without the tires—basically, inoperable. The very purpose of an holistic security strategy is to minimize as many gateways available to threat vectors as possible; local (on-prem locations), geographical distribution (networked systems) and cloud backups (primary or redundant data storage) are fundamental first steps in a layered approach to protecting your data.
Unfortunately, employing a data backup strategy isn’t as universally agreed upon. If that sounds contradictory, well, it is. In fact, even many IT professionals generally view backups as an insurance against the potential for an attack verses a priority to combat attacks. But consider this common scenario: a company has recognized the importance of backing up data and engages IT to deploy it. A random device is selected and turned on in a single location, but never tested, runs on subpar hardware, and has no particular defined parameters. This approach has a very different outcome during recovery from a cyber attack than a strategic data backup solution.
Business Continuity Predicated on Data Recovery
If you’re employing a set-it-and-forget-it backup strategy, you’re in for a rude awakening when an incident occurs. Waiting until you need your backups is, arguably, the worst time to wonder how many copies of your data are available and where and how they’re stored. During an incident, time is critical; downtime adds up quickly and can be extremely costly to your customers, your reputation, and your bottom line. Some businesses simply can’t recover; they go out of business. For a significant outage, you need to be able to act fast and be responsive. If you, or your solution provider don’t know what you don’t have, you’re looking at a substantial amount of downtime, and mounting associated recovery costs, as you work it out.
Making Cybersecurity A Priority with Data Backup
Companies are best positioned to assure business continuity if each of these steps have preceded an incident:
- Security-minded culture: user behaviors and policies awareness; ongoing compliance reinforcement
- Preventative measures: annual third-party security assessment to document vulnerabilities in the security controls, along with correction recommendations; firewalls and backup strategy functioning as intended; allow listings and access controls implemented; timely patching; audits, testing, monitoring, and spot checks; and fire drills to ensure everything is documented and security settings haven’t changed
- On-call service in place: 24/7/365 fully-staffed, live helpdesk of experienced, certified engineers with a 15-minute disaster response time
Off-loading some of the routine tasks associated with cyber hygiene like software updates, patching, testing, and backups to an MSP like Path Forward IT is an investment in your overall security plan. This simple step enables a service provider, with end-to-end data protection solutions, to get to know your systems environment intimately, enabling expert counsel for when you need to make operational changes that impact IT, are thinking about a purchase decision, or encounter an attack or natural disaster.
Backup Options Matter
Of course, you never want to get to recovery mode, but when you do, the quality of your backups will be very important. The best mitigation for destructive cyber-attacks is having rock-solid backups. However, with the advent of affiliate ransomware, attackers will now go after any accessible backups too. This makes a secure cloud-based backup solution a good choice—one that uses authentication that requires a unique set of complex credentials for access (does not overlap with workstation, server, or domain credentials) and does not require physical servers in the event of a disaster. What makes Cohesity enterprise-class backup solutions the preferred choice of so many enterprises worldwide are the expanse of options available to prepare your organization for a variety of data compromises. Cohesity provides a secondary repository with immutability, for offsite storage, ransomware early detection, and other advanced security features, along with a team behind it, monitoring and testing everything daily to ensure its efficacy.
The benefits of backup options become crystallized during a recovery operation. Customized data protection and recovery solutions provider, Path Forward IT, points to less production impact and downtime in general, rapid speed to restore, massive data storage of up to 35 PiB (pebibytes), granularity, and the flexibility to scale and customize the solution to fit customer needs.
Backup As Last Line of Defense
A layered security strategy improves your chances of stopping threats from penetrating your environment. But as new technologies develop and threat actors mature in finding ways to exploit them, strategically backing up your data can mean the difference between business devastation and a quickly-contained service interruption.
“If you put a key under the mat for the cops, a burglar can find it, too. Criminals are using every technology tool at their disposal to hack into people’s accounts. If they know there’s a key hidden somewhere, they won’t stop until they find it.”—Tim Cook, CEO, Apple Inc.
To learn more, request a consultation with Path Forward IT.
—