What Proxies Miss

Proxies are a popular default mode for many security products. However, proxies provide a
false sense of security for customers. While the idea of routing every user’s traffic through a
central proxy seems like a good idea, in practice it breaks down. Consider the following:

1) End user experience: it’s no secret that end users are not big fans of proxies due to delays
delays and the negative impact on user experience. Also, proxies give users a feeling of big
brother watching. Some savvy users go out of their way to avoid using proxies.

2) Another point of failure: proxies introduce an additional point of failure between the end user
and SaaS services. Cloud-based proxies may be running in a different infrastructure than your
own adopted standard. It is not uncommon to see some of the “cloud” proxies are being run in
outdated co-lo data centers as the original technology was built pre-cloud days.

3) Concept of perimeter is disappearing – Employees are mobile and they don’t always use
corporate approved computing devices. It is possible for an employee to create a Google doc
and share it with a business partner, completely outside the corporate perimeter.

4) Not all apps support it – for reverse proxies, often there is a dependency on standards based
single sign on (SAML often) support from SaaS. Not all SaaS providers support standards
based SSO, which means, the product switches to a forward proxy mode. Forward proxy relies
on end users installing a client agent/app on their device. See #3 on why this breaks down.

5) SSL inspection considered risky – In forward proxy mode, to enforce DLP policies, some of
the CASB vendors do SSL inspection, which increase risks for users. Please see this excellent
write up on the risks of SSL inspection:
https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html

In summary, using a proxy based approach to secure your organization use of SaaS may be
error prone and could cause you more headaches than benefits. A right approach for securing
sanctioned SaaS is to rely on the APIs provided by the SaaS provider and enforce policies by
leveraging the native APIs provided by the SaaS application. While this approach only works for
sanctioned SaaS apps, combining this with discovering shadow IT and employee education on
risks of using unapproved SaaS apps would go a long way to secure your organization.
Employees would thank you for not getting between them and the SaaS application they need
to use for their business purposes.

Written By Sateesh Narahari – VP of Products, ManagedMethods

July 24, 2017 Uncategorized No comments yet

Biggest risks of online banking and how to avoid them

This week, an important UK bank suspended its online payments after 40,000 customers reported a spate of fraudulent transactions.

The bank’s chief executive told the BBC it was hit by “a systematic, sophisticated attack”, yet has provided little details regarding how this happened. He said the bank knew “exactly” what the attack was, but could not disclose more information because it was part of a criminal investigation.

“Tesco Bank can confirm that, over the weekend, some of its customers’ current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently,” an official statement read.

Banks are under constant attacks, but few of them publicly admit being breached. Tesco also avoided using the word “hacking” in its public statements and has been careful in its choice of language.

Amid speculations, here are the most common cyber-threats aimed at banking clients and the banks themselves.

Vulnerable mobile banking apps

In 2015, as many as 70 percent of the top 100 mobile banking apps on Android were vulnerable to security attacks and data leaks. Vulnerabilities ranged from exploits such as intent spoofing, unintended data leakage, SQL injection, JavaScript injection and XML injection among others.

Fortunately, most banks implemented extra security measures such as two-factor authentication using e-tokens, one-time passwords and unique codes sent to Android phones. Yet cybercriminals were quick to come up with solutions, developing tools and malware that can bypass these measures.

And it may be even easier than before, now that payments with selfies have become a reality. Mastercard recently introduced this technology in its new biometric app for online shopping. The app allows the cardholder to authenticate using the fingerprint scanner on their smartphone or via facial recognition by taking a “selfie” photo. Yet, security researchers have shown how hackers can steal fingerprint data from mobile devices before it gets encrypted in the device.

Facial recognition also has its technological limits as  its accuracy still depends on lighting conditions and facial features. Overall, six in 10 US users prefer using passwords to log on to online services from their devices.

Aggressive banking malware

Dridex, Dyre, TrickBot and Lurk are some of the most common Trojans used to steal login credentials for online accounts.

Dyre, one of the most aggressive Trojans to target the financial market, manipulated websites to interfere with the communication between more than 400 financial institutions and their customers, causing hundreds of millions of dollars in damage. The Royal Bank of Scotland, Bank of America and JP Morgan Chase were among its victims.

The malware works by installing itself on the user’s computer and becomes active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service. Through a man-in-the-browser attack, hackers can steal credentials and further manipulate accounts – all completely covertly.

A few months ago, Lurk targeted several Russian banks using phishing emails and stole $25 million from clients’ accounts.

TrickBot, the newest strain of malware hitting Australian banks, looks a lot like Dyre, however, it has the “most advanced browser manipulation techniques observed in banking malware in the past few years,” according to IBM.

Unstoppable DDoS attacks

DDoS attacks flood online systems, such as internet banking sites or online trading platforms, with huge amounts of data as to overload them and knock down their services.

Studies show that DDoS attacks are one of the most severe security risks acknowledged by  the banking industry. They account for 32% of all attacks on banks, according to a 2015 Verizon report. And it’s no surprise, since these tools are broadly available online.

We’ve seen Mirai took advantage of unprotected IoT devices all over the world to target domain name provider Dyn. This attack goes to show any business can become a target, regardless of its size, reputation or clients and regardless of the attackers’ reasons.

Tips for customers

Online banking needs to be done with security in mind and customers should:

  • avoid checking accounts when navigating on public Wi-Fi and use only HTTPS secured sites,
  • sign out of an online banking session,
  • pay attention to phishing emails or webpages,
  • avoid disclosing credit card numbers, or passwords, to a third party or website other than the bank,
  • use a mobile security solution for banking on the go.

Tips for banks

To remain safe, banks should strengthen security by:

  • safeguarding their network with an advanced firewall and intrusion detection system,
  • testing their infrastructures for security issues and vulnerabilities,
  • encrypting all sensitive data,
  • performing regular backups of both physical and virtual drives,
  • keeping their antimalware solution updated to detect and block the newest type of threats.

Also, educating employees on the risks of phishing emails and other cyber-threats targeting them is, as we’ve seen countless of times, equally, if not, more important than anything.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

November 11, 2016 Security Guides, Security Reports No comments yet

More than half of SMBs were breached in 2015

50 per cent of small businesses admit to have suffered data breaches involving customer and employee data in the past year, according to a new study by Ponemon Institute.

Negligent employees who fell victims to phishing schemes, contractors and third parties were the sources of most data breaches. However, almost one-third of companies in this research could not determine the root cause. Worrisome, right?

Companies also lack confidence when it comes to defending their assets, the research shows. Only 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective. Not surprisingly, the study reveals that insufficient personnel, budget and technologies are seen as the primary reasons for low confidence in cybersecurity posture.

35% of respondents also blame their unpreparedness on the fact that IT security is not centralized to one specific function in a company. The result: reduced accountability and less informed decision making. And they are right – IT security needs to take a front seat in the boardroom. C-suites should treat cyber threats as an enterprise risk that ought to be addressed from a strategic, company-wide, and economic perspective.

Security solutions, defeated?

When it comes to cyber-threats, three out of four survey respondents reported that exploits have evaded their anti-virus solutions. Exploits are attacks that take advantage of a vulnerability or weakness in the operating system or outdated applications (such as Internet Explorer, Java, Adobe Flash) to infect systems.

There are two basic types of exploits: known and unknown (zero-day exploits). Known exploits are the ones we have a record of and which software developers can fix through a software update. On the other hand, a zero-day attack happens when a flaw, or software/hardware vulnerability, is exploited before the developer gets a chance to patch it – hence the name “zero-day.”

Unfortunately, this type of attacks happen quite often as exploits kits are easily accessible online. Exploit kits include a set of commands that can make a system behave abnormally. They can be used to disrupt the activity in software, hardware and anything else that is electronic. One of the most notorious exploit kits used to facilitate drive-by downloads is the Angler exploit kit. Since 2013, it has been used to spread ransomware, malvertising and even in hacktivism campaigns.

Exploits evade security solutions

The problem resides in the fact that exploit kits can detect installed security software. This means that if certain security products are protecting the device, the exploit kit will stop itself from running. Also, through various obfuscation techniques, the malicious payload takes a different appearance, which makes detection very hard.

Cybersecure Ltd. offers multiple endpoint protection solutions under its unique product portfolio. Get more information or price quotes.

Another constant security risk is the insider threat. 59% of respondents say they have no visibility into employees’ password practices and hygiene, while 65% do not strictly enforce their documented password policies. A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. These best practices also determine how long users can keep a password before they have to change it, how frequently old passwords can be reused or the minimum number of characters for a password.

If employees fail to respect and adhere to the company password policy, they can endanger the integrity of the whole corporate network. And starting recently, US citizens who share passwords with co-workers can even be prosecuted under the Computer Fraud and Abuse Act (CFAA). The decision comes after an employee at a headhunting firm accessed the company’s candidate database using the login credentials of a former assistant, who was still with the firm.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

October 24, 2016 Security News No comments yet

Are we becoming too complacent over cloud cyber security?

Despite an ever-present fear of cloud technology, businesses fail to take security seriously. The cloud security pendulum, once firmly lodged in the segment marked “be very afraid”, may have swung too far the other away, with some organisations not taking the basic steps to protect data.

92 per cent of UK businesses encrypt only 75 per cent or less of their sensitive and confidential data while traveling to the cloud, according to the 2016 Global Cloud Data Security Study.

Furthermore, almost 40 per cent do not encrypt sensitive and confidential data at rest in the cloud.

Why is this a huge problem? Because encryption may be the only thing standing between the attacker and all of your highly valued data.

While rendering your data unreadable to outsiders, encryption is also the first security barrier against potential threats. By encrypting data that travels in and out of your company, hackers won’t be able to pick up the information as if it were in plain text. Encryption also stops the spread of malware by restricting access to other points across your network.

Worryingly for consumers, customer data is the information most commonly stored in the cloud by UK businesses (59 per cent), meaning it is potentially at risk due to the lack of encryption efforts on the part of businesses. Financial business information and email are the next most likely to be stored in the cloud (47 per cent and 45 per cent).

Although cloud computing is seeing increasing adoption and many organisations aren’t taking the basic security steps. A vast amount still cite security fears as the main reason for sticking with on premise solutions.

In the latest research into cloud and infrastructure among medium to large UK-based organisations, 43 per cent of respondents cited security as the main barrier to cloud adoption. Fears stem from a loss of control of data and applications, as services move from internal data centres to those operated by third parties, which could be located anywhere in the world.

And liability concerns are justified. Cloud services are often hosted in one country and used in others, thus, the issues of legal jurisdiction in the event of a dispute and uncertainty about the applicable law. In this context, a security breach becomes more than a technical problem, but one of liability and accountability as well. Not surprisingly, 70% of businesses want to work with a cloud implementation provider that offers a single point of accountability – this means making a single person accountable for the whole process. Read more.

The second impediment is price, with 32 per cent of respondents suggesting that concerns over increased costs was their main reason for keeping their data out of the cloud.

The shadow IT issue

Shadow data continues to be a major threat with 23 per cent of it being broadly shared among employees and external parties. Unapproved software usually appears on machines when employees discover a new application or device that enhances their productivity.  The pressure to be productive outweighs any concerns over data security and corporate compliance, so, when employees need to access or share data quickly, they disregard the security requirements imposed by the IT department.

Enterprises are using 20 times more cloud apps than IT estimates, with most using an average of 841 across their extended network, the study shows. Half of these apps (47 per cent) is not managed or controlled by the IT department.

The study also shows that there is still significant difficulty in controlling or restricting end-user access. The number has increased from 48 per cent of respondents in the previous study to 53 per cent of respondents.

58 per cent of respondents say their organizations have third-party users accessing their data and information in the cloud. A worrisome number, since it is known that third-party are often the cause of data security incidents in small and medium-sized businesses.

Not surprisingly, when it comes to selecting a cloud provider, efficiency and cost are the most important factors, while security comes fifth on the list.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

October 12, 2016 Cloud Security, Uncategorized No comments yet

The Internet of Things – corporate security issues to consider

The Internet of Things and quantified-self movements have led to an explosion of interesting gadgets for consumers and households. But Internet-enabled devices have also started to create more meaningful and easier work experiences, and we expect to see more and more connected devices being used in the workplace.

But what is the security impact of the IoT inside company ‘walls’?

More gateways of intrusion

Many of the challenges inherent to IoT are similar to those found in BYOD environment. This is because the IoT is really the evolution of several technologies that have been here for some time now: mobile devices, cloud, sensors, and big data.

Unfortunately, embedded operating systems are often not designed with security as a primary consideration, thus, some IoT devices are vulnerable and the attack surface widens. Most devices are pushed to the market with vulnerabilities related to weak authentication, insecure password recovery mechanisms or faulty encryption for data in transit. These can be exploited to hack the device itself, but more importantly to get access to other network-connected devices and the trove of data they carry.

Every IoT-connected device, be it an employee’s wearable, industrial controls or a smart vending machine can act as a backdoor for attackers into the enterprise.

Lack of standardization

The IoT landscape is fractured by the diversity of the market itself. Some IoT vendors have focused on standardizing APIs – the market for home-automation tools, for example- but there are still as many standards as there are devices. Due to the nascent nature of the IoT ecosystem and the different levels of maturity and complexity of different industries, it’s very difficult to envision how or when it will be properly regulated.

IoT players need to continue joining forces to develop formal and informal standards for apps, to enhance interoperability across industrial environments and make data easily shareable.

Big data and privacy issues

Highly regulated and tightly controlled buildings are collecting gigabytes of data on how its employees interact – from energy use to emails, location, time spent outside and who they talk to. This creates a continuous picture of office life. But isn’t this an invasion of workers’ privacy?

The cloud also brings its share of privacy concerns as it plays a key role the IoT ecosystem. In a device-to-cloud communication model, the IoT device connects directly to an Internet cloud service (an application service provider) to exchange data and control message traffic.

The fact is that corporate executives are still hesitant about storing confidential business information with third-party cloud services. Especially since SMBs are starting to recognize the value of their data. Despite their size, they can handle valuable information, such as intellectual property, personal information about customers, bank account numbers and credit card data.

The key issue that still makes executives ponder the use of cloud technologies concerns liability.

Cloud services are often hosted in one country and used in others. Service providers may use data centers scattered around the globe, so companies may feel uncertain of the location of their data. In addition, there may be issues of legal jurisdiction in the event of a dispute and uncertainty about the applicable law. Thus, a security breach becomes more than a technical problem, but one of liability and accountability as well. Not surprisingly, 70% of businesses want to work with a cloud implementation provider that offers a single point of accountability – this means making a single person accountable for the whole process.

Shift of paradigm

The IoT forces companies to think outside the box. Many organizations secure the back-end of the IoT infrastructure that is running in the data center, but not the IoT device itself, or the application that remotely manages the device.

Needless to say, security must be addressed at all levels of the network, taking into account even the smallest connected devices. Given the diversity of devices, every business should build its approach to IoT security on these five pillars:

  1. Manage cybersecurity software and physical security solutions together.
  2. Enforce security policies tailored to the IoT environment.
  3. Conduct customized risk assessments to identify risks and how best to contain them.
  4. Implement a specialized, multi-layered IT security solution to protect all nodes on the corporate network, including against Internet threats and data encryption on endpoints.
  5. Train employees in IT security and office system operation rules to reduce the chances of attackers gaining access to your data through social-engineering techniques.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

October 6, 2016 Network security No comments yet

Is Security-as-a-Service the solution to the UK skill shortage?

Few small-sized businesses have an in-house or a third-party cyber security expert on call, a recent survey shows.

It appears that only one in three organizations this type of expert working in their IT department, while 23 percent contract outside experts to handle security situations. But what’s truly alarming is that 55% of businesses have no access to IT security experts whatsoever.

This can have serious consequences for the security of UK businesses, both financially and in terms of reputation, by limiting their ability to answer and counteract cyber-security incidents as quickly as possible. And, as we know, responding to data breaches as soon as possible reduces costs and as well as prejudice in reputation and credibility.

Breaches identified in fewer than 100 days cost companies an average of $3.23 million, whereas those found after the 100-day mark cost $4.38 million.

Solving the UK skills shortage

IT skills shortage still tops the technology agenda. E-Skills UK, the IT sector skills council, says the industry needs about 140,000 entrants each year. Last year, there were 16,440 computer science graduates, according to the Higher Education Statistics Agency, leaving a shortfall of 120,000 per year.

And the gap widens as businesses continue to increase investments in their security operations through cloud computing adoption, driving up wages and demand for skilled security professionals. More than one third of business workloads now reside in private clouds, with a further 28 per cent being in public clouds.

To solve the skills shortage, companies have turned to in-house training programs for employees.  PricewaterhouseCoopers announced that it will hire 1,000 people for its cybersecurity consulting practice. The company also increased recruiting of new college graduates.

Another solution companies are considering is to partner with colleges offering cybersecurity programs and create internship positions inside their headquarters.

But probably one of the best long-term solutions is Security-as-a-Service. In this scenario, security is delivered as a service from the cloud, without requiring on-premises hardware.

Advantages of the SaaS model include:

  • Cost savings as the pay-as-you-go nature of SaaS means that businesses pay only for what they need without having to over-provision services or hardware needed occasionally, at times of peak demand.
  • Flexibility – as the business grows, it doesn’t need to invest in extra hardware, it can simply adjust the monthly subscription fee.
  • Easy upgrades as the cloud service provider deals with hardware and software updates, removing a significant workload from the company’s in-house IT department.
  • Resilience against disasters such as cyber-security attacks. Since the infrastructure and data are located in the cloud service provider’s datacenter, it’s easy to backup data in case something goes terribly wrong.

The global security as a service market is expected to grow with 12.63% in the following 4 years, according to Gartner.

A growing number of companies are turning to Managed Security Service Providers as an alternative to managing cybersecurity in-house. In fact, 80 percent of companies say that MSSPs are important to their overall IT security strategy.

To defend their networks from attacks amidst staff shortfalls, budget pressures and higher-risk cyber environments, security leaders are adopting managed security service providers with capabilities such as hunting, incident response and integration services. This frees in-house staff to focus on higher level risk management activities.

Although the cost for a SaaS application is often much less than for a managed service application, users pay for for special attention, maintenance and support, seamless upgrades, and the customization that MSPs can offer.

CYBER SECURE LTD IS AN INDEPENDENT PROVIDER OF IT SECURITY SERVICES, SUPPLYING THE SME AND ENTERPRISE MARKETS.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

October 6, 2016 24x7 monitoring, Managed security No comments yet

UK firms prepare for ransomware, the wrong way

One in three UK businesses are stocking up on Bitcoins to prepare for a ransomware data security attack, new Citrix research shows.

It looks like 35% of businesses are willing to sacrifice £50,000 in order to unlock critical data assets if they get struck by ransomware, the study reveals. This troublesome fact indicates that companies are ready to give in to cyber-extortion demands instead on focusing on cyber-prevention strategies.

“Today’s threat landscape is more advanced, more determined and better equipped than ever before to exploit the weaknesses of organizations – many of which house a potential data goldmine,” said Chris Mayers, chief security architect at Citrix, at the InfoSecurity event in London.

50% of the surveyed companies said they don’t backup data daily, a big mistake considering it’s the easiest way to regain files if an attack occurs. What’s more, 13% don’t serialize copies, which means they can’t be reconstructed and recovered in a different environment.

These numbers are more alarming as ransomware is proliferating – over 120 families of ransomware can be found in the wild today, according to Intel’s security experts.

What’s more, phishing volumes in the first quarter of the year are up by 800%, according to PhishMe statistics, and 93% of phishing emails now are pushing ransomware.

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises,” explains RohytBelani, CEO and co-founder of PhishMe.

Malicious emails are typically accompanied with Microsoft Office documents laden with malware or downloaders that installmalware.

Statistics from the Anti-Phishing Working Group show phishing attacks have reached a record level in the first quarter of 2016. Between 2015 and 2016, there was a 250% increase in phishing sites

The spread of ransomware is also aided by the whole malware-as-a-service phenomenon. The distribution of ransomware kits on online black markets enables even non-tech-savvy individuals to purchase, deploy and monetize the malware for as little as $3,000. Considering the return on investment is usually stellar – provided a large enough network of victims – the price is a bargain for someone willing to break the law.

Not long ago, the CryptoLocker/Cryptowall ransomware kit was spotted on sale for such an amount. Its developer even offered business models ranging from affiliation – where both the customer and the developer split the earning 50/50 – to partnerships that could span to other cybercriminal activities. Besides purchasing the full source code of the malware and the ability to endlessly generate new samples, the developer also offered free 24/7 support.

Key protective measures

These findings emphasize the importance of building a robust IT network that safeguards users from cyber-attacks.As spammers get more aggressive, it’s important for users and companies to strengthen defenses.

Keeping a copy of important files is probably the best way to keep your piece of mind, whether you are a business or end user. Other important protective measures include:

  • Using an endpoint security solution
  • Patching or updating all endpoint software and webservers
  • Deploying a backup solution
  • Disabling files from running in locations such as “AppData/LocalAppData” and deploy policies that restrict users from executing malware
  • Limiting users from accessing mapped network drives
  • Protecting email servers with content filtering solutions

Educating employees on identifying spear-phishing emails and other social engineering techniques.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

July 15, 2016 Security Reports No comments yet

Cyber Secure Ltd achieves ISO 9001 registration

Surrey based IT Security Company Cyber Secure Ltd has achieved the internationally recognised ISO 9001 establishing it as one of the leaders in its field.

This independent assessment was conducted by the leading Certification Body, the British Assessment Bureau and demonstrates Cyber Secure Ltd.’s commitment to customer service and quality in delivery.
Cyber Secure Ltd has now earned the right to display the coveted British Assessment Bureau ISO 9001 certification mark to demonstrate its conformance to the standard.

ISO 9001 was first introduced in 1987 and requires organisations to demonstrate that they do what they say they do and that they have a quality management system in place to ensure consistency and improvement; leading to high levels of performance and customer satisfaction. Certified organisations are committed to continuous improvement and are assessed annually to ensure progress is being maintained.

Cyber Secure Ltd has shown that it has good IT security services reliability and process controls which means lower costs for its customers!

Cyber Secure Ltd Director said, “We are particularly pleased to have achieved ISO9001 certification as it underlines our commitment to our customers and our focus on quality. Not many customers get to see their suppliers’ ‘back-office’ activities. This recognition demonstrates we can provide a quality solution from quotation to delivery.”

The benefits of registration to the ISO 9001 standard include:

  • Streamlining an organisation’s procedures
  • Bringing consistency to an organisation’s service delivery
  • Reducing cost and rework
  • Improving an organisation’s management practices
  • Enhanced status
  • Competitive advantage.

Cyber Secure, or CyberSec for short, is a specialized, independent, security provider for SME’s as well as enterprise markets. With CyberSec’s services businesses are able to rest assured knowing that their data and funds are safe, imparting a much needed sense of comfort in today’s online world. CyberSec offers an arsenal of protection from any outside threat: penetration testing, DDoS protection, cloud based security, and data lost prevention are among their primary fields. What sets Cyber Secure apart from others is its flexibility allowed by its status as independent. They are able to accommodate any IT security needs no matter the size of the company. This is effect is even more striking as they have just received their sought after ISO 9001 certification.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

June 30, 2016 Press Release No comments yet

How to reduce the cost of a data breach in your organization

The number of data breaches is on the rise, and so is the cost per breach.It has grown to $4 million in the past year, with more than 30% from 2013, according to a new Ponemon and IBM study.

“Data breaches are now a consistent cost of doing business in the cybercrime era,’” says Larry Ponemon, chairman and founder of the Ponemon Institute. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

On average,companies lose $158 per stolen record. That’s $4 more than in 2015. And in the healthcare industry things look even worse – a compromised record can actually cost a company about $355.

This is a reminder that hospitals store troves of valuable personal information. On the black market, personal medical records are the new currency. They are 10 times more expensive than credit cards, according to Experian. That’s partially because stolen data often includes Social Security numbers that can be used in identity theft.

“Malicious actors want as much intelligence as they can get, and health care is the easiest attack surface for seasoned and non-seasoned hackers,” says James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C.

When it comes to who pays the most, the US ($221) and Germany ($213) have the highest costs, while the lowest are in Brazil and India. Detection, forensic and investigative activities, assessment and audit services and crisis team management account for the bulk of those expenses.

The root causes of data breaches

Most data breaches were caused by malicious or criminal attacks, according to the survey. In the UK specifically, 51% of companies are most likely to experience a data breach caused a cyber-attack, rather than by a system glitch or business process failure.

The study also found that the average time to identify a breach was 201 days, while the average time to contain it was 70 days. Needless to say, the benefits of responding quickly translate into significant amounts of money. Companies that have managed to identify the intrusion in the first 100 days saved up to $1 million.

“While the risk is inevitable, having a coordinated and automated response plan, as well as access to the right resources and skills, will make or break how much a company is impacted by a security event,”Ponemon adds.

Recommendations for companies

To decrease the cost of a data breach, companies, small, medium or large, should apply these hands-on measures:

  1. Prepare an incident response team. An incident response plan will enable your business to identify, investigate, neutralize and notify security incidents in a managed way, be it concerning a denial-of-service attack, website defacement or a full-on, large-scale data theft incident.
  2. Apply extensive use of encryption. Adequate encryption will solve problems with securing information held in databases, laptops, emails, private clouds and big data environments.
  3. Focus on employee training.I can’t stress this enough – employees are often the weakest link in any organization.Training needs to happen before there’s a problem and should include specific rules for email, Web browsing, mobile devices and social networks.
  4. Gather and share threat intelligence. Cyber-threat intelligence has become one of the hot topics of the industry as it has become a goldmine of value for organizations. Some of the benefits include better planning for future threats, enhancing communications between the security team, management and board members, as well as driving better investment strategies and more directly connecting security priorities with business risk management priorities.
  5. Notify customers in due time.Breach concealment is not an option, yet not all breaches require notification. If your data was encrypted or an unauthorized employee accidentally accessed but didn’t misuse the data, you may not be forced to notify customers. Be sure to seek legal advice before deciding to forgo notification.

Our experts have introduced technology innovation that provides unmatched visibility and control for any type of company.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]
June 30, 2016 Security Reports No comments yet

How dangerous is ransomware for your small business?

How dangerous is ransomware for your small business?

In recent years, ransomware has become the preferred method for hackers looking to extort money from both users as well as small and medium sized businesses.

The concept of ransomware, however, is not a new one. It has been creating problems for small businesses since 1989, starting with the ‘AIDS Trojan’. Distributed via a floppy disc, the ransomware mimicked a software expiry notice – requiring users to pay a ransom by post so files could be decrypted. This ransomware, however, was considered easily breakable due to an over-reliance on symmetric cryptography, along with a less than perfect distribution method. Thus, it passed without significant damage.

In today’s business landscape, we are witnessing a gold rush powered by cyber-extortion. This has been brought on by a combination of both technological progression, and a greater proliferation of ready-made ransomware packages available to scammers through the Dark web.

SMBs are not exempted from this threat. Au contraire. There are relatively easy targets because of the high rate of return of successful scams, alongside the relative ease of infiltration. Also, big businesses often place greater emphasis on investing in security compared to SMBs, making them a more difficult target.

Why SMBs are least prepared for a cyber-attack

Ransomware is a high-margin scam – especially when it aims at smaller, less secure businesses. Contrary to popular belief, this type of scam is neither difficult to orchestrate, nor does it require significant cyber-intelligence from the attacker. Another problem is that due to the low cost of producing this type of attack, a ransomware campaign only needs a low conversion rate to be considered a success. In comparison, focusing resources on attacking a single large company can often yield no results.

In a recent survey of UK businesses, however, over one third of those had suffered a ransomware attack, with 31 per cent admitting they would rather pay the ransom instead of losing vital data. The problem with this approach is that there is no guarantee that a business will ever receive the decryption key, due to the command and control server potentially being under investigation from a security vendor or law enforcement. Consequently, an organization could pay a large sum of money to retrieve its data, and receive nothing in return.

But paying the ransom itself does not have the biggest business impact. According to a recent study, it falls far behind the cost of data recovery, reduced statistics, lost sales, missed deadlines, and troubled employees.

Educating SMBs on the ransomware threat

SMBs are a lucrative target for ransomware attacks as they usually possess more significant financial resources than end users, while rarely undertaking the comprehensive security policies of larger companies. Some companies make hackers’ jobs easier by posting company email addresses online. While this is a minimal risk with modern security solutions and continuous data protection policies, a large number of SMBs minimize the risks and do not take advantage of the security available to them.

Business users and IT administrators should to set up regular offline, off-site backups to critical data to prevent malware from finding the network connected storage, and encrypt this data. Unfortunately, nearly one-third of SMBs rarely or never back upcompany files.

attacks or spear-phishing attempts.

IT administrators are also encouraged to set up access control lists and restrict user permissions on endpoints to ensure employees don’t accidentally install suspicious or rogue software.

Malware developers have started exploiting new platforms, such as Linux. As they broaden their perspectives by targeting operating systems that have a large market share, the chances of infection increase exponentially. A security solution that can stay ahead of the constantly shifting threat landscape is indispensable.

Our experts have introduced technology innovation that provides unmatched visibility and control for any type of company.

[grwebform url=”https://app.getresponse.com/view_webform_v2.js?u=BAnxa&webforms_id=7513504″]

June 15, 2016 Security Reports No comments yet
Recent Comments
Archives
Categories
Meta