It’s officially Cybersecurity Awareness Month, and that means it’s time to remind you to assess your cyber strategy. Read about some real-life scenarios we’ve encountered and how we would protect against them today.
The key to winning at chess is not only to keep your King protected while your other pieces move forward. You must also out-think your competitor’s strategy to avoid or quickly recover from an attack. In chess, it’s not a matter of if you’ll need to go on the defensive, but when. Similarly, for your business, it’s not a matter of if you’ll fall prey to a cyber attack, but a question of when. How will you defend yourself?
When CIOs consider the importance of their IT infrastructure , it’s often in regards to how it drives increased profitability. But there’s nothing that can destroy success as fast a cyber breach.
Every day organizations of all sizes are threatened by cyber attacks. In 2018, enterprises saw a 12% rise in ransomware attacks1 with the number of attacks accelerating this year. Compound that with the increase in cloud security challenges2 and a 78% uptick in attacks exploiting third-party services3. Cyber security protection becomes just as important as keeping the lights on.
In recognition of Cybersecurity Awareness month, we interviewed James Moon, CEO and owner of Techmedics, to learn about some real-life cybersecurity threats facing businesses and what you can do to protect your business from being another breach statistic. As part of the Techmedics Virtual CTO offering, He acts as vCTO and Director of IT to several organizations across the nation.
From Nuisance to Disruption
First it was adware, then viruses — no more than nuisances instead of actual threats. Now cyberattacks are completely disruptive and can be detrimental to an organization.
When a system goes down, it’s standard procedure to respond quickly and bring the system back online as fast as possible. The problem is solved, and everything goes back to normal.
However, there’s an extra layer of pressure when it comes to a cybersecurity breach. For every attempt to solve the problem, there may be somebody on the other end countering your moves. You don’t know what they know, how prepared they are, their overall skill set or their objective. It’s a high-stakes chess game of responding quickly and countering each move they make with your own strategy.
The more prepared you are, the better opportunity you have to come out unscathed. Because when a breach happens, if you don’t have a protection strategy in place, it could be checkmate for your business.
James shares four examples of real-life cyber-attacks he has run up against, and his suggestions to help you avoid these kinds of attacks.
#1 – Leaving the door open
Being targeted from an outside attack is scary. Having someone on the inside cutting corners that could leave you wide open to attack can be just as bad. During onboarding a newly contracted client we discovered that their remote desktop services (RDS) were open to the public, leaving their server compromised and vulnerable to even a basic hack.
The compromise wasn’t done maliciously, but out of laziness. The previous administrator wanted a convenient way to remote into the network in order to do his admin duties. Instead of using VPN and logging into RDS each time, he left the system open. The problem was easily fixed by our team who updated the core configuration capabilities on the RDS server, therefore closing the door.
It’s an all-too-common occurrence when a vulnerability is exposed due to in-house IT staff. Whether you have a team of technicians or one administrator, it’s in your best interest to investigate and close the gaps in your network. This can be done by performing routine assessments.
#2 – You get what you pay for
Free deals, especially when it comes to security software, are incredibly limited in their protection capabilities. The unfortunate situation of a client who invested their security posture in free software, and got exactly what they paid for.
The client was hit with a virus that acted as an DHCP server, propagating on the network by directing computers needing an IP address to grab it from the nearest infected system. Once it got an address from the infected system, it would be redirected to a website outside the network that contained malicious content. There, it would initiate a download of even more viruses and malware payloads, therefore accelerating the spread on the network.
It took our team three days to figure out and contain all the viruses which had spread throughout the network. Fortunately, ransomware didn’t exist at the time, but it still cost the client to undergo this thorough clean-up job.
This is a reminder that, not only do you get a more robust security package with the paid version, it also comes with support from the security partner. It was that support that enabled our team to isolate and quarantine all the viruses on the network. We also recommend using multiple layers of protection, in addition to different technologies, to counter any cybersecurity breach.
#3 – Gone Spear Phishing
Hackers often use a company’s vulnerabilities to set up sophisticated phishing scams, known as spear phishing. Unsuspectingly, they convince employees to give up valuable information and even large sums of money before they realize something isn’t right.
This is the story of a client who was targeted for this kind of attack and how extensive the damage can be. One of the users in the accounting department received a phishing email, which was obviously fake to security experts, but to the average person seemed legitimate. The person clicked on a link which downloaded a file onto their computer, enabling the attackers to watch the employee’s inbox and develop a profile for the company. Once they developed their profile and had a good understanding of who signed the checks, they went to work, requesting money to be wired to a foreign bank.
Fortunately, while the money was being prepared to be wired, we were able to discern what was going on and stop the transfer from happening. However, the hackers were able to breach several of the company’s clients who also were compromised. Attacks like this don’t stop at one victim, they catalog as many victims as they can, working down the client chain.
#4 – The weakest link
One layer of protection, and sometimes the easiest to penetrate, is employee behavior and understanding. In another email incident a small business was left exposed and it cost them.
Acting as the owner, hackers were able to send an email displaying the owner’s name, but from a generic mailbox, asking for a six-figure amount to be wired to a bank in China. It wasn’t uncommon for the owner to make such a request, so the employee set up the transfer without verifying with the owner.
They found out within 48 hours that the request was fraudulent, but it was too late and the money was gone. In incidents like this, no amount of technical solutions can remedy the situation. This is about a breakdown in business processes. We recommend training your team on how to deal with these kinds of requests. From there, we can do penetration testing to ensure that employees are adhering to these processes.
Convinced that you need to take a closer look at your security solution and protocols? Here are some recommendations to strengthen your security posture.
Strengthen Your Security Posture
Being proactive in your defenses is key to ensuring you don’t end up a victim — losing time, money, and possibly your business. Because whether you can see it or not, you’re “under attack”.
Here are four products that James recommends to enable you to strengthen your company’s security posture:
- Next Generation Firewall – Putting a secured gateway to the internet in front of your business helps keep intruders out, and next generation firewalls take that one step further with advanced features and capabilities.
- Endpoint Protection – Detect, protect and stop malicious payloads from propagating on your network using malware and antivirus protection.
- Expanded Antispam Protection – Supplement your Microsoft Office 365 anti-spam protection with a third-party email solution that can eliminate phishing, ransomware and impersonation attacks.
- Stopping Attacks Before They Start – This is where a comprehensive solution, like Cisco Umbrella, comes in, providing a secured internet gateway which acts at the DNS level to protect you from any cybersecurity threats that might try to get on your network.
“These are all absolutely necessary and that is why we include it in our Cybersecurity Essentials platform,” said James. “We also have a team that’s knowledgeable on how to use those tools and how to implement them. If there are any type of security vulnerabilities that we notice, we alert you and increase our security stance to mitigate the breach.”
The cybersecurity solutions you choose depend on your business needs and what you’re trying to protect. Security can get much more granular and it’s recommended to have a partner, like Techmedics, help you determine what solutions are relevant for your environment.
“Most of our clients signed up with us after a breach,” explains James. “This is like putting in security cameras and alarms after your business has been burglarized.”
Instead, protecting yourself proactively, can keep you from wishing you did. It’s as simple as signing up for a free trial of Cisco Umbrella and learning about Techmedics Cybersecurity Essentials plan.
Don’t try doing it on your own. Let the professionals at Techmedics help you protect your business — assets, reputation and peace of mind.
1 Symantec Internet Security Threat Report (ISTR) Volume 24, February 2019, pg16
2 Symantec Internet Security Threat Report (ISTR) Volume 24, February 2019, pg19
3 Symantec Internet Security Threat Report (ISTR) Volume 24, February 2019, pg17