Posts

What to learn from the most interesting data breaches of 2017

Several high-profile organizations experienced data breaches in 2017. For instance, you probably saw media reports about data breaches involving Equifax or the InterContinental Hotel Group.

It isn’t enough to know that these breaches occurred. Companies and organizations need to pay attention to the mistakes that made the security breaches possible. That way, you can inspect your own company’s policies to make sure you protect yourself and your customers.

Equifax proved that how you behave after a data breach matters

A 2017 data breach at Equifax, one of the world’s largest credit reporting companies, exposed the personal information of approximately 143 million Americans. The problem was deemed so important that Congress held several hearings to understand what had happened.

According to Equifax, the breach happened because of a flaw in one of the company’s web applications.

Obviously, Equifax didn’t get the help it needed closing common cybersecurity holes. The worst part, though, was how Equifax chose to handle the situation. Some of the company’s most egregious actions included:

  • Waiting about two months to tell consumers about the breach.
  • Letting executives sell their Equifax personal holdings before announcing the breach.
  • Creating an unsecured WordPress site to help consumers determine whether they were affected by the breach.
  • Requiring consumers to provide even more sensitive information to determine whether the breach affected them.

The most important thing to learn from Equifax is how to behave after a breach happens. Basically, do the opposite of what Equifax did. The organization’s tarnished reputation may never recover.

InterContinental Hotel Group (IHG) exposes thousands of consumers to identity fraud

InterContinental Hotel Group (IHG) revealed in early 2017 that a data breach had affected 12 of its properties. Malware on the company’s servers had stolen credit card information from guests who used their cards at the hotels’ on-site restaurants and bars. Understandably, the announcement concerned thousands of people.

Unfortunately, that wasn’t the end of IHG’s security problems. A couple of months later, the company admitted that the malware hadn’t attacked 12 of its locations. Instead, it had targeted 1,200 locations. The malware also did more than gather credit card information from restaurants and bars. It had stolen personal information from payments processed at hotels, too.

A better cybersecurity process would have likely uncovered the malware before it had a chance to affect so many people. Unfortunately, IHG didn’t have the IT security to identify the threat before it had an opportunity to spread from a handful of locations to thousands.

Ransomware Targeted Organizations in Nearly 100 Countries

In 2017, ransomware became such a huge problem that it affected organizations in nearly 100 countries. Hospitals in Great Britain had to turn away patients because they couldn’t access their medical records. The malware also affected hospitals, police stations and businesses in the United States, Russia, Spain and Portugal. Overall, the ransomware affected about 57,000 networks around the world.

Educating employees to recognize phishing attempts is one of the most effective ways to prevent ransomware attacks. Organizations also need to update their systems and applications to patch security vulnerabilities.

Given the excessively wide reach of the 2017 attack, it’s obvious that most people don’t know how to protect themselves from ransomware.

If you’re worried that you don’t have the right technology or policies to protect your company from data breaches, contact your managed services provider to learn more about the most effective defenses. Without the right tools, you could fall victim to attacks just as easily as the organizations mentioned above.

The most common SMB cybersecurity threats and how to protect your business

The headlines may spend more time focusing on data breaches suffered by enterprises and other large companies, but that doesn’t mean hackers have forgotten about small businesses.

The typical data breach costs small businesses $117,000, which can take a big chunk out of your operating budget. Plus, you have to account for the cost of disaster recovery, informing consumers about the breach, paying for security audits, and dealing with the reputation loss.

Approximately 60% of small businesses never recover from a cyberattack, instead going out of business. Understanding and proactively addressing SMB cybersecurity threats puts you in a position to protect your business.

Alert Icon

Ransomware

You most likely already familiar with the term “malware.” Malware is a malicious application that can help hackers get into your network, hijack your computers or cause system problems. Ransomware is a specific type of malware. It makes it possible for a cybercriminal to take complete control of your data and hold it for ransom.

Ransomware relies on encryption, so you can’t just turn off one computer and move to another. Instead, you have to restore from a  backup or pay the attackers to get your data back.

You see ransomware frequently mentioned because it’s a profitable way for hackers to bring in revenue. You can reduce the potential damage of a ransomware attack with a robust backup, which allows you to restore your systems without paying anything.

Alert Icon

Social engineering and phishing

A common portrayal of a hacker is someone furiously typing, trying to find the right username and password combination to get into your network. In reality, they may end up getting unintentional help from the people in your organization.

Phishing takes place through email. The would-be hacker sends malware through emails that look legitimate. The victim ends up opening the file and downloading the malicious file on their workstation.

Social engineering is a broad term that describes situations where the hacker manipulates people to get the result that they want. For example, they can pretend to be a person in a different department and use that fake identity to access resources they should not have access to.

One way to protect against the people skills of certain charismatic hackers is to give the entire company training that explains the situations they may encounter. You don’t need everyone to have an IT specialist’s level understanding of cybersecurity, but you do want them to know what they’re looking for.

Hacker Quote

Alert Icon

POS viruses

If you have a physical retail location, your point of sale systems may be at risk of getting hacked.

POS viruses are loaded directly onto this equipment, typically by leveraging some sort of security loophole or breach. They can access credit card information, customer addresses and other personal data. (It’s also worth mentioning that POS terminals should be separated from any connections to office workstations and other devices to avoid malicious data injection/hijacking.)

Limit the chances of this cybersecurity breach from happening by staying up to date on operating system and firmware updates for your POS. Talk to your vendor to see whether they have other security recommendations in place.

Alert Icon

DDOS

A distributed denial of service (DDOS) attack overwhelms your network’s capacity and causes your resources to crash and become inaccessible. DDOS attacks often leverage botnets of compromised devices, making so many server requests that your server simply can’t handle them.

Or, in plain English, the hacker overwhelms your server, which keeps it from working.

Sometimes bringing your systems down is the entire point of a DDOS. In other cases, the hackers use a DDOS to try to identify other vulnerabilities that they can use to gain access to your systems.

A proactive cybersecurity system can help you stay ahead of a DDOS attack. The affected IP addresses can be blocked. Or you can spread the traffic over multiple servers to stop the spike in requests from bringing everything down. You might even resort to backup servers that are distributed elsewhere, such as a cloud-based resource.

Alert Icon

SQL injection

Many web applications depend on SQL databases to store data. They can’t function without having access to this valuable digital asset.

An SQL injection introduces malicious tables into your databases that could lead to data breaches, unauthorized access and other problems. SQL injections can happen due to unpatched software or forms that fail to sanitize user-submitted fields. If you don’t realize that your database has been breached, then you may end up getting attacked multiple times without finding the culprit.

Keep your SQL databases updated and audit them frequently. Look over all of your forms and confirm that any code gets removed from the text fields before it reaches the database. Preventative maintenance can stop a lot of SQL injections in their tracks.

Alert Icon

Internal bad actor

The most significant threat could come from within your organization. Employees sometimes work in concert with “bad actors” or an employee could even be a “bad actor.”

What’s a bad actor? Someone who wants to breach your security and compromise your data. Sometimes this happens when an employee is working for the competition. Other times they may be disgruntled and upset at the company.

While it’s difficult to protect against malicious individuals who have leadership positions in your organization, you can easily limit what lower level employees can do. Use a robust user account management strategy to control permissions and stay on top of deactivating user accounts when necessary.

Your company’s HR department, if you have one, also needs a streamlined process for firing employees that limits how much damage they could do on your network before leaving.

Preventative protection can stop most SMB cybersecurity attacks before they start.

Stay a step ahead

Cyber attacks are a threat to companies of all sizes. Keep your SMB protected by exploring these methods for staying safe and reducing the risk of a data breach.

No cybersecurity strategy is 100% effective, but you can put yourself in a position where you minimize your risk profile.

Internal threats 101: What they are and how to avoid them

We’ve warned you before that half of all small to midsize businesses have endured at least one cyberattack. But did you know that “the biggest cybersecurity threats are inside your company?”

That’s an eye-opening claim from a 2016 report by the Harvard Business Review. It’s also backed by data from IBM’s 2016 Cyber Security Intelligence Index. According to that report, some “60% of all attacks were carried out by insiders,” with 75 percent of those coming from malicious actors. (The rest were inadvertent—which is better but still bad.)

What’s more, these internal threats can be particularly harmful. A 2017 article from Tripwire stated that “53 percent of companies estimate remediation costs of $100,000 and more, with 12 percent estimating a cost of more than $1 million.”

Ouch.

On top of that, insider threats can go undetected for years on end. And guilt in such cases is really difficult to establish. It’s little wonder why an estimated “74 percent of companies feel that they are vulnerable to insider threats,” and a whopping 7 percent classify their vulnerability as “extreme.”

The conclusion?

While it’s critical to defend against external cybersecurity threats (and they are, generally speaking, more widely sensationalized), internal threats are just as important to catch. Today, we’ll be giving you a leg up by delving into what constitutes an internal threat and how you can mitigate the risks.

Just what is an internal threat?

For a straightforward definition, we turn to SecureList:

“Internal threats include any harmful actions with data that violate at least one of the fundamental principles of information security (integrity, availability, and confidentiality) and originate from within a company’s information system.”

Easy enough to comprehend, but classifying internal threats goes even deeper. According to CSO, internal vulnerabilities come in three main flavors: accidental, negligent and malicious. Those first two have a degree of overlap, as there’s no ill will on the part of the employees who are responsible.

Accidental threats arise when employees aren’t well-educated on proper protocol (and, by extension, open your company to maladies like ransomware and phishing schemes). Negligent threats occur when employees understand the protocols but willfully ignore them in favor of completing a task the “easy way.”

Malicious threats, on the other hand, are a whole different ballgame.

The offending employee might be holding a grudge. They might have been paid off. Whatever the case, malicious instances are categorized by employees within your company who wish to intentionally cause damage. Those employees use their knowledge of your systems to further their less-than-well-intended goals.

How to guard against internal threats

The strategies you employ for mitigating internal threat risk will vary based on the types of danger we listed above.

For accidental and negligent threats, education and enforcement are key. As EY so succinctly put it, “education is prevention.” Getting employees up to speed is a great way to cut down on the mistakes that can put your organization in a cybersecurity predicament.

solid IT support team can help with educational efforts. Combine that with a no-nonsense policy that reminds employees that cybersecurity rules are not to be taken lightly. That’s how to deal with a sizable portion of the internal risks your company faces.

Malicious threats require a different approach.

Preventing these are where background checks, employee monitoring and restricted access to various systems will benefit your overall preparedness. Again, leveraging IT pros to formulate a strategy will grant you significant benefit.

With the right methodologies in place, your vulnerability will diminish drastically.

Ransomware 101

Any kind of virus is scary. The idea of the technology you use turning on you is unsettling at best. As we come to rely more on computers, smartphones, tablets and the cloud, a single cyber attack can be devastating.

And yet, there is one form of cyber attack that stands out. Ransomware is singularly chilling. When this malware finds its way onto your device, it demands payment . . . or you lose your files. Forever.

While ransomware may seem like a new form of cyber attack, it’s actually been around for a while. In fact, the first known ransomware attack happened in the 1980s.

Attack Number One

It was 1989, well before email or Instagram. The average PC user wasn’t logging into the internet, so the delivery method of that first ransomware attack may seem low-tech by today’s standards. It came on floppy disks.

20,000 of them.

The disks were distributed to users in 90 different countries, each labeled as a product of the PC Cyborg Corporation. No such company exists, but no one was counting on name recognition to get recipients to use the disks. They were counting on the content.

The disks included software designed to detail a person’s risk of contracting AIDS. In those days, AIDS was both terrifying and mysterious. New information was welcome, especially if it promised some measure of protection. The attack played on a common fear.

The software included a legitimate risk assessment tool, as well as a virus. After the user rebooted their computer a set number of times, they would be prompted to turn on their printer. At that point, a literal ransom note would print, along with instructions for paying the ransom (or “licensing fee”) in exchange for decryption software.

It was a deviously creative plan, and it set the stage for modern ransomware.

The Modern Threat

Alert aware iconToday’s ransomware is fundamentally the same as that first attack, though there are some notable differences. The delivery method, for example, has changed. We’ll cover that in more detail in a bit.

Keeping your organization safe may seem like a tall order. There are so many clever ways a cyber criminal can infiltrate your network. Not only that, but ransomware attacks are alarmingly common.

And yet, the best cybersecurity is really just strict adherence to some basic strategies. In other words, it seems complex, but it’s not.

If you’re serious about protecting your company – and you should be – there’s a two-pronged approach that will stop most ransomware dead in its tracks. You need solid employee education, and you need the right technical tools.

Employee Education

The vast majority of ransomware relies on a single potential weakness in your network – the user. This is particularly true for ransomware.

Ransomware can only find its way into your system if it’s invited. Without an open door, it can’t touch you. The trick is to make sure your people know how to avoid inadvertently inviting ransomware onto your network.

Let’s look at three key areas.

Phishing

Phishing emails are the modern-day equivalent of the same strategy the AIDS Trojan used. Even if you’re not familiar with the term “phishing,” you’re likely aware of this type of attack. The user receives an email with a link. Click that link and malware makes its way onto your system.

The thing about phishing emails is that they only work if the user clicks on the link, opting to download something. If the recipient doesn’t do that, nothing happens. Unfortunately, about one-third of all phishing emails work. Innocent users take the bait, clicking on malicious links.

The success of phishing comes down to a lack of employee education. If your people know and understand the danger of suspicious downloads, they’ll be far less likely to fall for them.

Social Media

Email isn’t the only delivery vehicle for phishing.

Here’s a common scenario. Attackers create fake social media accounts on sites like Facebook and Twitter. The newest variation is a fake account that appears to represent the customer service department of a trusted company. Attackers then watch for complaints from real customers, promptly messaging them with “fixes” . . . which are, of course, loaded with dangerous links.

Make sure your employees know of this tactic. If you or any member of your staff is having issues with a product or service, make sure you initiate conversation with the vendor. Don’t trust anyone who initiates conversation with you without first verifying the authenticity of the account.

Passwords

Remarkably, there are still a lot of folks out there using painfully ineffective passwords. In a recent survey. A surprising number of users were actually using the password “123456.” That’s not just an invitation for cyber attack. That’s a neon sign with a laser light show and door prizes.

Instruct your employees to use strong passwords, and encourage them to change them often.

Hidden predictable password

Technical Tools

In addition to employee education, there are some things you can do on the technical side of your network to protect your company from ransomware attacks. Like employee education, these aren’t particularly difficult to execute. But don’t be fooled by their relative simplicity.

These are crucial steps to keeping your network safe.

Software Updates & Upgrades

In June of 2017, the Petya ransomware virus made worldwide headlines, infecting an estimated 16,500 machines. Ready for the painful twist? Microsoft released patches to address the vulnerabilities Petya exploited in May.

Software updatesToo many companies have a casual, relaxed attitude about updates and upgrades. Yes, it’s inconvenient to reboot your machine so the OS can update. Yes, it’s expensive to upgrade from the old version of a program to the new (current) version. And yes, it’s extremely important to do both anyway.

Software developers do their best to outpace cyber criminals. When they find holes in their products, they address them. But if you don’t update and upgrade appropriately, you’ll remain vulnerable.

Backups & Business Continuity

Even thorough security measures aren’t a guarantee that you won’t fall victim to a ransomware attack. After all, it just takes one employee clicking on a malicious link. Just one out-of-date program. It can happen, even if you’re cautious.

Because the threat is very real, your protection should include a worst-case-scenario plan.

Ransomware is engineered to hold your data hostage. That can ruin a business – unless you have recent backups and a solid business continuity plan. If you’re prepared, even a successful attack won’t unravel your company’s stability.

A word of caution here, though. Business continuity isn’t something we advise doing on your own. But, that’s a perfect lead-in to our final technical tool . . .

Cybersecurity Partner

A cybersecurity partner should be a part of your ransomware defense plan. Particularly if you don’t have an internal IT department. There’s no substitution for expertise. Working with the pros makes protection much easier to manage.

A well-qualified cybersecurity partner can even handle employee education on your behalf.

CCS Technology Can Help

Ransomware is a serious threat. That’s why we recommend a serious, proactive response. The individual parts aren’t all that complex, but each piece is important.

If you’re looking for ways to shore up potential security holes in your network, the experts at CCS Technology are here to help. We have years of experience helping small businesses just like yours. We know what it takes to stop ransomware.

Plus, we’re just a phone call away. Let us know how we can help you.