Cyber Security: An Issue Not Yet Fully Addressed

According to Breach Level Index 4,996,388 records are stolen every year, 208,183 every hour, and 3,470 every minute. This is a huge number – and that means we are not addressing cyber security issues as we should.

As businesses, it is our obligation to protect all the data we receive. And yes, we use data for everything: for statistics, growth analysis, customer databases, customer financial information, customer trends, etc. Having access to this data is fantastic as it allows us to process payments, direct offers to customers, keep financial and contact information for our client base, and even touch base on social media. Truth is that the effective use of data allows a business to achieve its fullest potential and quickly. But with this use of data comes responsibility.

It’s Safe. It Is All In The Cloud

Unfortunately, cyber security is an afterthought for most organizations. After all, there is no reason to worry, the most confidential data is kept in the cloud. And cloud providers encrypt the data anyway, right?

Yes, very few organizations house their data in-house, and most business IT equipment is not equipped to handle large amounts of data. So your business is probably storing the most important information in the cloud. But just because you store it offsite does not remove your responsibility for protecting this information as best you can. Remember the statistic we listed at the beginning of the article? Something is still wrong for these numbers to be so high. The fact of the matter is that cloud encryption is no longer enough. You have both a regulatory and commercial obligation to keep customer information, sales, and analytical data safe.

The Cloud Provider Does Encrypt But…

The problem with the cloud lies in the key.

Commercial cloud storage systems encode data with a special key, known as an encryption key. Hold on. Did you say ‘key’? Exactly! This is a key, and without it, the files look like gibberish. But keys can be stolen. When it comes to cloud storage, the key takes on the form of a password, which allows data to be locked or unlocked. And that key, along with other important information, is held by the user (usually on the enterprise system). Are you getting my point here? Keys are stolen all the time, and if someone else gets ahold of the key it can result in a huge data compromise.

Take Extra Steps to Protect Your Data

You must ensure that all of your business data is kept safe. And relying wholly on cloud storage encryption may not be the answer. To maximize cloud storage and enterprise cyber security, it’s best to combine various encryption approaches. For instance, before uploading data to the cloud, you should first encrypt it using specialized encryption software you either find as an open source tool or purchase for added cybersecurity. A few types of encryption software options include Cypherix Cryptainer PE, or InterCrypto CryptoExpert 8. These types of cyber security programs offer additional security for files or data that remains on the enterprise system – or even for data to be loaded into the cloud environment.

Use Real-Time Cyber Security Analysis

And of course, an additional way to protect all of your data, both the information you store on your computer systems, as well as that which you store in the cloud, is to implement a big data solution that addresses cybersecurity processes. Software solutions like ArcSight offer insight into security threats in real time. This type of software allows you to track, organize and view and act on cyber attacks occurring on your personal business computer systems as well as your cloud operations in real time.

In The End…

All data – whether stored in the cloud or on an enterprise server – faces significant cyber security issues. And it is important that all businesses, large or small, address the need for better encryption processes.

As the person responsible for your enterprise data security, it is vital that you implement state-of-the-art cyber security strategies to improve data security and protect all of your business data.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on cyber security for your business or organization.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

Managed Security Service Provider: The Constant Sentinel

Hacking organizations are on the job 24 hours a day.

Your network security should be as well.

Whether you are talking about Anonymous, or any of the various known state actors in cyberwarfare – China, North Korea, Russia and Iran are prominent – there is no time zone off limits for a hacking, phishing or other malware attack to impact servers, networks, and even devices in the Internet of Things (IoT).

Risk Management

There is so much risk out there that many companies just can’t afford to have only in-house cybersecurity, and there becomes a need to outsource the process of protecting our own networks. This is where a managed security service provider, or MSSP, can be an important ally in the battle for security.

One of the priorities of IT professionals is to provide that security by becoming a risk-management expert in the digital space, which means not only protecting networks from hacks and malware attacks, but also to secure private personal information about employees, vendors, suppliers and most importantly, clients and customers.

And while we may think of IT professionals as superhuman, the fact is they are human. They can’t be on watch 24 hours a day, seven days a week. You would need IT professionals covering 168 hours every week, and that can be awfully expensive.

MSSP: A Helping Hand

In the world of IoT, there are often many devices that are connected to our networks that we may not even think about – such as copiers, refrigerators, clocks, smartphones or fleet cars. It is one thing to keep track of the laptops and desktops in our network, but it’s another thing to recognize all the other IoT devices as they often do not have the same security protocols in place as the “traditional” computers.

An managed security service provider might be an important supplement to your IT staff. An MSSP can provide full-network coverage and monitor all devices. An MSSP is similar to an ISP, where it is a third-party vendor company that monitors and protects all your network and IoT devices at all times – while your office is open or when it is closed for holidays or weekends.

You Have to Be Right …

During the “War on Terror,” the very common saying was, “The terrorists have to be right only once. We have to be right 100 percent of the time.”

Obviously, the same can be said about cyberwarfare.

Hackers will keep trying to get into your systems, and all they need is to gain access one time, through one device, in order to wreak all kinds of havoc. For those of us on defense, we have to have our guard up and be vigilant always, never missing a moment or falling asleep at the wheel for a split second. With a MSSP working in conjunction with your IT network security you have the best options available to ensure you are right 100 percent of the time, like you need to be.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on MSSP for your business or organization.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

What To Do After a Data Breach

In today’s economy, more thieves are finding creative ways to make money from stolen personal data. Data breaches often involve culprits stealing others’ information and using it to their advantage. It seems an easy task for tech-savvy criminals. Unfortunately, for government agencies and ordinary individuals, finding and prosecuting these criminals is very difficult.

That’s because expert cyber criminals don’t leave traces of their work. That leaves victims of personal identity theft with two problems: no sign of who the criminal is and a personal data that has been compromised. A financial setback due to a data breach is the most common consequence, especially when culprits successfully make their way through vital personal records, including credit card details and social security information.

Anyone can be affected by this type of information loss, which is why it is wise for people to be proactive in preventing a identity theft. You can still protect your resources, like credit cards, and personal information against data breach if you are well-informed about the steps to undertake.

Credit monitoring for data breach protection

In response to the rise in identity theft, credit card issuers now offer credit monitoring education and assistance to their clients. Credit monitoring helps people defend themselves against fraudsters who have misused stolen accounts. Credit fraud happens when criminals use your personal information to purchase goods and services, as well as open new accounts. Some data breaches also involve using your insurance and/or social security information to claim false benefits under your name.

It usually takes a while before you realize that a new fraudulent account has been opened in your name. You may also be surprised if one day, you receive a call from the card issuer about your past-due bills that are not yours. In a worst-case scenario, you might end up getting rejected when applying credit accounts, because a criminal has already opened one, turning your good credit into a nightmare.

Therefore, you need to monitor your credit for any suspicious activities, especially during a data breach outbreak. That is because criminals who successfully open an account using your name, will usually send billing statements to another address instead of yours. By monitoring your credit, you’ll know when unnecessary purchases or claims are made in your account.

Now that I’m informed, what’s next?

Say, for example, a data breach has been reported by an organization and your account has been affected, what should you do next?

-Check for e-mail notifications or letters – Affected organizations will send out letters informing their clients about a data breach. You need to read the contents carefully and look for their toll-free customer support phone number. Call them as soon as possible and ask about any credit monitoring assistance they provide and the extent to which your personal information has been affected.

-Conduct a close monitoring of your account – Fraud can occur to anyone during a data breach. Stay alert for suspicious credit activities, like changes on your billing statements and bank accounts, or other notifications for purchases and services you do not recognize.

We all enjoy convenience and speed of the Internet, but we need be aware of its shortcomings. When your computer is connected to the Internet, you need to take security into consideration. Your information and data are valuable for hacker and can be used for identity fraud, immigration fraud, committing cyber crimes, or even blackmailing people.

Many countries have passed new cyber law, but jurisdiction varies from country to country – cyber laws in one country may be not applicable in another. This makes it possible for a hacker to steal information of a victim in one country steals and use it in another to avoid conviction. So it is more important than ever before that you make your data as safe and secure as possible.

businessman walking on a spiderweb

Find the Hack Before the Breach

Deception technology may be able to help your organization identify and mitigate external and internal threats computer security threats faster finding compromised computers fast enough to prevent breaches of critical information. With new approaches, commercial deception products emulate existing workstation and server operating system images, log files, activity, and accounts providing a set of realistic targets for the malicious individual to look at. When the malicious individual attempts any interaction with a deception host your Security Operations Center (SOC) gets a very high confidence level zero false positive alert–a bad actor in the network requires immediate action now. This kind of alert is hugely valuable to SOC staff members sifting through sometimes terabytes of log data daily.

In a recent survey of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations’ computers had been breached at least once by hackers over the past 12 months. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.

—ComputerWorld

flashlight in the dark

We all face compromises and for cyber resilience, reacting to these compromises is crucial to avoid operational impacts and expensive breach responses.

How can deception technology help us? For the non-technical, attackers will typically compromise a workstation and then start looking around, conducting reconnaissance in the cyber kill chain, with tools like ping, nmap, and others. In effect, they are turning on a flashlight in a dark room. With deception technology in your network, this flashlight beam of packets immediately sets off alarms–a compromised computer inside the enterprise network. Nobody should be shining a flashlight, beam of packets, into a room in your home where that room does not actually exist. Deception tools are configured to ignore known sources of these packets like network management hosts and troubleshooting workstations. A scan or login attempt to a host that does not exist can immediately identify both external compromises and internal malicious activity. It could be a malicious insider looking for sensitive information in other departments–something you need to know about but may be blind to without instrumentation. Deception technology is something most large organizations should consider to improve visibility and speed incident response. High confidence emergency alerts significantly improve SOC effectiveness preventing a highly likely workstation compromise from escalating to a breach of sensitive information on critical servers.

If you would like more information, contact LP3. We will be glad to help you make an informed decision on deception technologies in your environment.

Scott Lawler is CEO of LP3 and provides enterprise cyber security architecture advice to government and commercial clients.

Virtual Hardening

If you are concerned about how to make your website more secure, but you’re not a web developer, this overview will give you the basics of virtual hardening.

The idea behind hardening a website is pretty simple: adding multiple layers of protection to reduce the potential of an attack. Traditionally, this involves a web developer manually handwriting code. But with virtual hardening you can use security plugins to strengthen your website using a Web Application Firewall (WAF).

Hardening is part of an overall strategy to prevent your website and data from being compromised. The two ways of hardening a site are:

  • depth of defense – adding multiple layers of defense to prevent vulnerability exploitation
  • breadth of defense – accounting for all potential attack vectors and security domains

In order to effectively protect a website requires protection of four key components:

  • platform
  • web server
  • database
  • operating system

Content Management System (CMS)

Every website is unique and virtually hardening yours depends on its specific platform. One common difference between websites is the Content Management System (CMS). There are many CMS platforms: WordPress, Drupal, Joomla, Sharepoint, etc. If your website is based on WordPress, there are several simple virtual hardening tips, like:

  • restricting admin access to a few IP addresses
  • disable code from being injected into uploaded pictures
  • enabling an “I am not a robot” checkbox to authenticate forms

Most virtual hardening tips for WordPress are reasonably easy to apply. But in some cases, a website may have dynamic IP addresses or a site owner may not have the technical ability to configure plugins. In such cases it’s best to reach out to experts to assess the level of security risk at your business, organization or enterprise – LP3 offers a free Security Risk Assessment.

Web Servers

Adding security to your server is a big challenge and depends on which server you are running. Common server environments are:

  • Apache
  • NGINX
  • Windows IIS
  • Node.js
  • Lighttpd

Some common tips for server hardening are:

  • keep your CMS and all plugins updated
  • remove unnecessary/unused plugins
  • install security patches for your CMS and plugins
  • monitor your websites log activity
  • have long, unique, complex passwords
  • install a security plugin (WAF)

Web Application Firewall

Not everyone is a tech wiz with the skills and time to maintain a secure website. That’s where a Web Application Firewall comes in. Securi and Wordfence are two popular WordPress WAFs.

Once you select, activate and configure a WAF for your website, you won’t need to worry so much about securing your website — you can focus on your business.

SMB Cloud Migration: Three Essential Tips

For small- and mid-sized businesses (SMBs) of every kind, cloud technology has made an enormous impact. But before you upload all your assets to the cloud, it’s a good idea to step back and take a look at some of the common pitfalls which could drastically impact your operations.

First and most important, implementing cloud technology into your business operations does not eliminate the need for on-site information technology (IT) – physical equipment housed in a reliable physical environment with solid uptime. The main reason why is that the cloud changes expectations and demands. With the cloud, your employees will come to expect new features and capabilities. This strains bandwidth, reliability and scalability. And to think that simply connecting all the computers in your company to the web isn’t going to cut it. A modern infrastructure requires upgrades like highly reliable IT hardware and effective thermal management that scales up in tandem with new cloud-based demands.

It seems a bit confusing that when everything is stored on the web your company requires an upgrade to your infrastructure, but it comes down to reliability. The cloud can quickly overwhelm outdated racks, cooling and backup systems and bring your company to a standstill. The most vital upgrade is an uninterruptable power supply (UPS) and cooling system to make sure the heat generated can exit the IT environment. Reducing heat is the first line of defense for any on-site IT operation.

The next consideration is hardware flexibility. A modern network infrastructure needs to be easily upgradable as the cloud becomes more robust. A network infrastructure that’s currently 10 years old will not be compliant with a cloud-centric system in 10 years. An outdated network that does not allow employees to maximize the potential of cloud services limits a SMB and its ability to compete effectively in the marketplace.

A common misperception about the cloud is you don’t need local servers or hard drives. The truth is SMBs still need local storage. One reason is data sovereignty laws which require companies to store sensitive information – and lots of it – locally. Additionally, the “Cloud to the Edge” trend means that having hardware and storage closer to the end user actually makes cloud applications snappier. The cloud may actually increase the amount of hardware you have on site.

In order to fully maximize the power and promise of cloud technology, the physical infrastructure of your SMB IT department is even more vital to maintaining a competitive advantage. Racks, cooling, power and management software all need to be upgraded to ensure uptime and quick access to both cloud and local data and applications.

What to Do When Your Business is HACKED!

“We’ve been hacked! What did we lose? We don’t know yet. When did it start?  We don’t know that yet either.  What do we do next?  Who do we contact FIRST?”

  1. FBI
  2. Attorney
  3. IT Provider
  4. Cloud Provider
  5. Clients or Customers

Making this decision in the heat of a crisis is not ideal.  To minimize business impact and cost, do you know exactly what to do when your business gets hacked?

The right answer? B. Attorney. Getting legal help immediately is the correct answer in most situations. One big reason is attorney-client privilege; you and your attorney control information release and can shape the messaging. Secondly, breach notification requirements vary based on location. Careful compliance assessment and prompt action can avoid significant penalties.

Obviously, your IT staff will also assess the situation in parallel.  Some businesses choose to recover as quickly as possible—an approach that can leave your operations vulnerable to the same attack. Professional cyber security support may be required to determine root cause and identify mitigations to prevent future attacks.

To prepare effectively, get help. Do you have an Incident Response Plan?  If not, LP3 can help. Contact LP3 for a comprehensive vulnerability and business risk assessment.

References:
http://www.networkworld.com/article/2938013/security0/7-things-to-do-when-your-business-is-hacked.html
http://blog.rackspace.com/your-company-has-been-hacked-now-what

How Much Will Idle Staff Members Cost Your Business Per Day?

10 Tips on avoiding Ransomware

We are going to be covering each aspect of the ransomware attacks, from prevention to recovery over the next few posts. Today, we are focusing on how to AVOID the attacks in the first place. None of this is “full proof” but it is at least a heavy step in the right direction.

https://lp3.com/1/avoiding-ransomware-attacks/

If you have questions on how to protect your organization from business disrupting cyber attacks, contact sales@LP3.com.