[metaslider id=2951] … Read More
Survey Says Most Small Businesses Unprepared for Cyberattacks
Reprint from Security Magazine
Most small-business owners (78 percent) still don’t have a cyberattack response plan, even though more than half (54 percent) were victim to at least one type of cyberattack.
About 60 percent of those who did experience a cyberattack said it took longer than a month to recover. By contrast, of those who have not encountered a cyberattack, more than half (57 percent) think their company could recover within a month.
The findings stem from Nationwide’s second annual Small Business Indicator, a national survey conducted online by Harris Poll on behalf of Nationwide from June 10-23 among 502 U.S. small-business owners with fewer than 300 employees.
“Cyber criminals are getting more sophisticated and realizing that small businesses are easy targets,” said Mark Berven, president of Nationwide Property & Casualty, the No. 1 total small-business insurer. “That’s why we wanted to raise awareness of this trend for both agents and their small-business clients during National Cyber Security Awareness Month.”
According to the survey, 45 percent of small-business owners who do not have a cyberattack response plan in place said they don’t feel their company will be affected by a cyberattack (compared to 40 percent last year).
At the same time, the majority (68 percent) are at least somewhat concerned about a potential cyberattack affecting their business — especially since 54 percent were victim to at least one type of the following attacks:
- Computer virus (37 percent)
- Phishing (20 percent)
- Trojan horse (15 percent)
- Hacking (11 percent)
- Unauthorized access to customer information (7 percent)
- Unauthorized access to company information (7 percent)
- Issues due to unpatched software (6 percent)
- Data breach (6 percent)
- Ransomware (4 percent)
If you have any questions or need assistance in determining the best plan of attack for your organization – contact us.
Data protection: proactive prevention is better than cure
From SC Magazine – David Angin
With employees and endpoints the weak links in the cyber-security chain, David Angwin says organisations must break away from traditional protection and switch focus to preventing sophisticated attacks before it’s too late.
Businesses and organisations looking to protect themselves against the dire consequences of data breaches in 2016 now face perhaps one of the most complex and rapidly evolving threat landscapes in recent years. Attackers are smarter and more targeted in their approach, and so too are the various forms of malware at their disposal. The threat of compromised security is compounded by the stagnating ‘reactive’ approach that many security solutions continue to employ in their attempts to prevent data loss, an approach which simply is not fit for purpose. As the saying goes: ‘an ounce of prevention is worth a pound of cure’, and in relation to data security, the logical step in keeping up with threats is to focus efforts on preventing an attack before damage has been done.
The weak links in the chain
The factors behind the increased risk to organizations are twofold. First, attackers are aware that employees are often the weak link in a security chain. Users can fall victim to expertly targeted ‘spear-phishing’ campaigns and allow malware in through a web browser, all it can take is one click of a link and the attack can proliferate from that one single point. Not only are spear-phishing attacks tailored to that particular organisation, but careful monitoring from the attackers can allow them to tailor their approach to individual employees.
Second, the network edge and endpoints within an organization are exploited by attackers as the path of least resistance to gain access to sensitive data. A Verizon report has found that 95 percent of threats originated at the endpoint.
There is increasing evidence of endpoint-related security breaches. Earlier this year, Swiss technology firm RUAG recognised a breach which had gone unnoticed since 2014, during which time attackers had obtained 23GB of potentially valuable/sensitive data. In this case, the 2016 report noted that infected endpoints were used as bots to relay information as communication and worker drones, making the attack more difficult to spot and allowing for complex instructions to be relayed without being detected.
Whether the cause is a sophisticated attack or a careless employee, the approach taken by traditional antivirus software is firmly rooted in the idea of ‘detecting and remediating’ the attack, one that crucially relies on the software obtaining a positive ID of the threat before it is able to take action. This is often not fast enough to effectively limit the damage caused by zero-day attacks, and the ability to remediate the attack is particularly limited in small businesses with limited or no IT staff.
Why wait to act?
This is the question that underpins the far more effective preventative approach to data protection. Advanced threat protection predicts potential attacks by utilising machine learning – which is a branch of artificial intelligence – to analyse all files prior to execution, determining which processes are safe before they can run. The software is able to make informed decisions about behavioural characteristics from millions of identifiers within the code, while using only a fraction of valuable system resources.
This approach is perfect for protecting traditional endpoints, and can also be utilised for alternative methods of application delivery, including in virtualised environments using energy-efficient thin clients. For many companies, virtualisation can enhance IT security management and protection, as it enables proactive security patches to be delivered remotely and simultaneously to all endpoints, and ensures company data is secured in the data centre.
Additionally, utilizing a data protection service in conjunction with advanced threat protection software and virtual desktops could create an environment that provides high levels of protection for organizations and mitigates the threats from increasingly sophisticated attacks.
With employees working in a virtualised environment, the enterprise is able to control all endpoints from a centralised management console, with the ability to assess, detect and react more quickly in the event of security issues. Next generation security solutions which adopt a preventative approach can be easily deployed and managed, the result being a comprehensive and future-proof protection strategy for the organisation.
Have questions on endpoint security – contact us.
Ransomware Raises the Bar Again
From Dark Reading – Kelly Jackson Higgins
The infamous form of attack now ranks as the top threat to financial services, but preparedness can pay off for victims.
Ransomware just got even more real: it’s now the number one attack vector in the financial services sector, which traditionally has been considered a model industry for best security practices.
Some 55% of financial services firms recently surveyed by SANS report ransomware as the top attack threat, followed by phishing (50%), which previously held the top spot. More than 32% of financial firms say they’ve lost anywhere from $100,000 to a half-million dollars due to ransomware attacks.
Ransomware’s infiltration of the security-forward financial services industry underscores the dramatic rise in ransomware over the past year and growing pressure on preparedness. The malware that infects machines and holds them for ransom payment by the victim is the fastest-growing form of malware today, with more than 4,000 ransomware attacks per day since January 1 of this year. That’s an increase of 300% since 2015, and security experts at Trend Micro say ransomware cost enterprises some $209 million in the first half of 2016.
Attackers are also tucking ransomware alongside and inside other attacks. Some ransomware attacks hold the machine for ransom and then also use it to wage distributed denial-of-service (DDoS) attacks on other victims. More than half of DDoS attacks worldwide ultimately lead to ransomware and other malware attacks, according to a new study by Neustar.
Meanwhile, organizations of all sizes and industries are getting infected with ransomware. The difference between those who get stung and those who survive relatively unscathed is preparedness – and sometimes a little luck.
Take the Hyannis, Mass.-based Barnstable Police Department, which was hit with its first-ever ransomware infection last month. Craig Hurwitz, director of IT at the department, says he noticed something was amiss when the department’s dispatch software and records management system stopped working. He took a closer look and spotted files being encrypted and file extensions getting altered.
“I tried to get a file and it wasn’t there,” he recalls. “And there was a text file in the directory saying ‘pay me now.'”
The police department reverted to radio dispatch to patrol cars, and Hurwitz contacted the backup and array vendor from which the Barnstable Police Department had recently purchased a system for data backup and storage capacity, as well as its data timestamp feature. At the time the department purchased the storage array system from Reduxio Systems, it was more about protecting against hard drive corruptions and server crashes. “At the time we weren’t thinking about ransomware specifically,” he says.
The recovery process with the backup system took 35 minutes with no loss of data or any ransom payment to the attackers. The malware never spread beyond the application server where Hurwitz found it. “They [Reduxio] cloned the drives … and set the timestamp two minutes before the infection had started … and remounted the drives,” Hurwitz says.
One of the key recommendations for surviving a ransomware attack is backing up data regularly and maintaining a clean backup. Often, this can be accomplished by engaging companies that provide managed IT services in Lincoln NE, or elsewhere. Even endpoints running the most up-to-date software, email filters, and other security layers can get hit with ransomware: all it takes is for a user to fall for a phishing email and to open a malicious attachment or link.
But how a backup is managed can be the difference between losing data to the attackers unless you pay, or retrieving data and eradicating the ransomware.
Travis Smith, the senior security research engineer at Tripwire, says the old 3-2-1 strategy applies: “Always have three copies of data, one that is offsite [or] offline,” he says. “What’s also very important for companies to adopt in today’s ransomware world: we’ve seen ransomware that targets backup systems, so when you try to bring backups back online you don’t have the ability to restore from the backups.”
Backups of critical data should be tested at least every six months, he says, to ensure the data is uncorrupted and accessible.
Smith says clean backups work for about three-fourths of ransomware victims. “Seventy-five percent are successful [in ransomware recovery] if they have backups,” he says, meaning they can get to their data and not pay any ransom to the bad guys.
Users shouldn’t be storing critical data on their endpoints, either, he notes. Stick with a shared server for that information. “So then you only need to back up one critical server,” he says. “If a laptop gets infected with ransomware and the data isn’t backed up on a centralized server, you’ve lost that data.”
If backups aren’t done properly, it may be cheaper for an organization to pay the ransom, which is not recommended. Regular backup tests can drive down the cost of data restoration and make it more cost-effective than having to resort to actually paying a ransom if the data isn’t properly backed up, he says.