- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
Now that we’re fully in the “September Back to Swing of Things”, maintaining your network security may be a bigger challenge than normal. Why?
With many people returning to the physical workplace, whether full-time or with varying hours under a hybrid model, building owners, employers and others are routinely sending out procedural memos. The bad guys know this and are taking advantage.
Even though we know that phishing is now a perennial problem and take precautionary steps, there has been a spike in spear-phishing over the past two months as people geared up to go back.
When you consider that over 86% of organisations experienced some form of phishing in 2020, this increased activity means that we must all be hyper-vigilant.
Some experts believe that social engineering and poor patching are responsible for over 90% of cyber-security problems.
Others place crypto-jacking is the number one threat. Crypto-jacking is a form of malicious crypto-mining in which cybercriminals hack into mobile devices, computers, laptops and other endpoints with two goals in mind:
- Generating passive income through leveraging accounts receivables or e-commerce platforms, and/or
- Mining for crypto-currencies or stealing crypto-currency wallets. According to Cisco, 69% of organisations “experienced some level of unsolicited crypto-mining” last year. More detail can be found in the full report, 2021 Cyber Security Threat Trends.
Even if crypto-jacking is today’s big problem, you need to consider how the hacker got into the network in the first place, which brings us back to social engineering and poor patching. Take care of these two items alone and you dramatically reduce your risk exposure.
According to Roger Grimes, who joined KnowBe4 in May 2019, as Data-Driven Defense Evangelist, social engineering is a major concern. He says: “With social engineering being a factor in 93 percent of all successful data breaches, I believe that working on any other problem in the security industry would be an inefficient use of my time.”
Indeed, Grimes who is a 30-year computer security veteran, as well as a cybersecurity instructor, holder of dozens of computer certifications and an award-winning author of 10 books and over 1,000 magazine articles on computer security, has researched cyber breaches and hackers extensively.
In one of his studies, Grimes downloaded the world’s largest public data breach database, which has been tracking breaches since 2005, and has recorded over 11.6 billion individual events. Grimes excluded any breaches that could not be considered truly malicious because they were the result of files being forwarded inadvertently, people disposing of sensitive documents improperly, or being given access to the wrong company data files because of improperly set protocols. The latter is a concern in and of itself, of course, and needs to be addressed as part of your quarterly review.
His final conclusion: “Social engineering and phishing account for 70% to 90% of MALICIOUS breaches”.
Phishing is problematic because it only takes one moment of inattention to wreak corporate havoc. A simple click on an image or link while multitasking, or thinking about something else, and a back door is opened to cyber criminals.
As people became better educated, and somewhat less likely to click on the mass, random phishing emails, cybercrooks stepped up their game and started using techniques designed to get a single person to respond. All they need is one to worm their way in and capture credentials. These bad actors find ways to make emails look as though they are coming from the company. Combine this technique with packet sniffers and protocol analysers, and hackers can be very effective in their attempts to gain system access. And their messaging is very realistic-looking and so, very compelling.
Social engineering takes it even one step further. With social engineering, the bad actors will even use snail mail, the phone or some form of other direct contact to gain illegal access into your network. When the stakes are high, these criminals may even find ways to enter a business to sniff out areas of vulnerability – including posing as employees in an attempt to obtain credentials.
In other words, the cyber criminals do whatever they can to access a company’s physical and digital assets, so that vulnerabilities can be discovered. So, with new people having been hired during the pandemic, and many others now not coming into work every day, organisations will need to be on high alert to ensure that systems aren’t breached.
Obviously, this will also mean ongoing training with your staff. We have partners who are specialized in providing this type of training, and would be happy to make recommendations.
The Other Problem: Poor Patching
Misconfiguration is responsible for approximately 80% of network downtime – though some of that is a result of poor patching. Depending on whose research you review, inadequate or incomplete patching can also create vulnerabilities that cyber criminals can exploit.
With so many firms having employee that have been working remotely up until today, or are continuing to do so, not all of patches have been pushed out – and not all have been properly configured on the many multiples of endpoints that have come to characterize a distributed network.
Experts suggest that at least 20% of necessary patches have not been deployed. Sometimes, missing just one can cripple your network.
To catch up, a lot of IT departments are needing to hire outside services. We were recently asked, “Is this really necessary?”
The question wasn’t about whether or not it was necessary to check that all patches had been properly deployed and configured, but whether or not it should be done as quickly as possible.
The answer: Correctly – and as quickly as possible, but… don’t sacrifice speed for accuracy and thoroughness.
In short, establishing a good security posture, by implementing strong protocols, training your people to avoid responding to phishing and other potentially malware-laden emails, licensing excellent cyber security software solutions, gaining better visibility into your cloud environments , network(s) and endpoints, and ensuring all your patches are properly installed and deployed, can greatly reduce the likelihood of your network – and by extension your business – being shut down.
The challenge can be in knowing what combination will be right for you. If you would like a free, outside consultation – no strings attached – please contact us at [email protected] or (416) 429-0796 or 1.877.238.9944 (Toll Free).