Ransomware attacks are here to stay, so it is vital to be prepared and don’t become a statistic. Here are 5 tips to help protect your organization.
Commerce Secretary Gina Raimondo said recently that ransomware attacks “are here to stay,” and that businesses should plan accordingly.
“The first thing we have to recognize,” she said, “is this is the reality, and we should assume and businesses should assume, that these attacks are here to stay and, if anything, will intensify. And so just last week the White House sent out a letter broadly to the business community urging the business community to do more.”
At their Geneva summit meeting this summer, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continues to launch cyberattacks against the U.S., it will face retaliation.
“I pointed out to him that we have significant cyber capability. He knows that. … If, in fact, they violate these basic norms, we will respond in a cyber way,” Biden said at a post-summit press conference.
Putin dismissed allegations that Russia or Russian-based malicious actors were responsible for cyberattacks in the U.S., including the recent ransomware attack on Colonial Pipeline Co. He said most cyberattacks originate from the U.S. and South America.
The Russian leader, however, noted there are areas of mutual interest on the cyber front that both nations can explore.
“We believe that cyberspace is extraordinarily important – in general, and in particular for the U.S., and to the same extent for Russia,” Putin said during his separate post-summit press conference.
Putin said that Russia, like the U.S., is a major target of cybercriminals.
“We encounter this every year. For example, one of the health systems in a very important part of Russia was attacked. So, it means that this work is being coordinated,” Putin said. “In the U.S., I don’t think that the U.S. administration is particularly interested in organizing that or looking into it. All they do is to make insinuations. What we need is expert consultations between us. We agreed to that, in principle. Russia is prepared for that.”
“The best we can hope for is that Russian criminals will be told to lay off critical U.S. infrastructure and stick to other commercial targets,” Lewis says.
Ransomware: An Undeniable Threat to Businesses
Ransomware has become an undeniable threat to business growth, profitability and security. It’s a ruthless type of malware that locks your keyboard or computer to prevent you from accessing your data until you pay the ransom, which is usually demanded in untraceable Bitcoin. Cybercriminals are turning this type of attack into big business, raking in billions each year as many businesses have no choice but to pay up.
How does ransomware get into the network?
Surprisingly, it’s NOT those random USB drives floating around from unknown sources. That’s old school, and cybercriminals operate much more effectively now. The most common vehicle for ransomware attacks today are email, such as phishing or spearing emails, and compromised websites.
One email is all it takes.
Infected websites aren’t always obvious.
Let’s face it, cybercriminals will infect any web page they can get their hands on, which is why of the less reputable sites should be avoided. But it’s not just about making sure you and your employees stick to suitable sites, mainstream websites can also carry ransomware infections ready to spread to all visitors. It’s happened before – in 2016 the New York Times, BBC & MSN homepages accidentally exposed thousands of web visitors when their infected site showed malicious ads.
What happens during an attack?
As soon as ransomware is in the door, it immediately scans local and connected drives (including connected backups) and encrypts thousands of files. Within minutes, everything from Office files to multimedia is locked up tight, inaccessible to all users – even admin.
Then a notification appears demanding a ransom to unlock the files and gives helpful instructions on how to pay it. At this point, many businesses are on hold until the situation can be resolved. Typical options include: restoring from safe, external backups; wiping the entire system and starting again; or paying the ransom and learning a hard lesson in data security.
How To Protect Your Organization
The number one way to mitigate the damage from any attack to your system is to prevent it from happening in the first place. It’s vital to protect your organization from all points of entry, and ensure that organizations are aware of all the points of entry that are being utilized by employees.
Cybriant helps organizations with 24/7 monitoring of their networks through Managed SIEM, MDR, Vulnerability Management, Patch Management. We help organizations understand their compliance stance through risk assessments, pen tests, and more.
We have recently introduced CybriantXDR, comprehensive threat detection and remediation service.
With CybriantXDR, you will have increased visibility along with the right technology, and security analysts watching that technology around the clock. With machine learning and artificial intelligence, our team is able to stop any bad actors before they execute.
Alpharetta, GA: MSSP Alert, published by After Nines Inc., has named Cybriant, a leader in cybersecurity services, to the Top 250 MSSPs list for 2021 (http://www.msspalert.com/top250).
The list and research identify and honor the top MSSPs, managed detection and response (MDR), and Security Operations Center as a Service (SOCaaS) providers worldwide.
The rankings are based on MSSP Alert’s 2021 readership survey combined with the digital media site’s global editorial coverage of managed security services providers. The fifth annual list and research report tracks the managed security service market’s ongoing growth and evolution.
“Everyone at Cybriant is pleased to be selected as a top MSSP for the 4th consecutive year,” said Jeff Uhlich, CEO, Cybriant. “Our team works diligently to provide the most comprehensive cybersecurity services for our clients, and it is an honor to be consistently recognized in such a competitive industry.”
“After Nines Inc. and MSSP Alert congratulate Cybriant on this year’s honor,” said Amy Katz, CEO of After Nines Inc. “Amid continued ransomware, malware and supply chain cyber attacks, the MSSP Alert readership and community continues to mitigate risks for businesses and government organizations worldwide.”
Highlights from the associated MSSP Alert research include:
MSSP Revenue Growth & Financial Performance: MSSP honorees, on average, expect to generate $22.3 million in revenue for 2021, up 16% from $19.2 million in 2020. The growth rate remains consistent with last year’s report.
Geography: Honorees are headquartered in 26 different countries.
Profits: 85% of MSSPs surveyed expect to be profitable for fiscal year 2021, which is roughly even with 2020.
Security Operations Centers: 71% have in-house SOCs, 19% are hybrid, 8% completely outsource their SOCs, and 2% are reevaluating their SOC strategies.
Cyberattack Trends: The most frequent attacks targeting MSSP customers in 2021 include vulnerability exploits (87%), phishing (96%), and ransomware (89%) incidents.
Cybersecurity Solutions: In a continued sign of market fragmentation, MSSP survey participants mentioned 130 different hardware, software, cloud, and services vendors that assist their cybersecurity efforts — roughly even with our 2020 report.
New Managed Security Services Offered: In addition to traditional managed security services, capabilities such as MDR (91%) have now gone mainstream. Plus, fast-growth services offered include SOC as a service (76%), XDR (67%), cyber talent as a service (43%) and cloud security posture management (41%).
The Top 250 MSSPs list and research were overseen by Content Czar Joe Panettieri (@JoePanettieri). Find the online list and associated report here: http://www.msspalert.com/top250.
Cybriant recently announced CybriantXDR, a comprehensive cybersecurity solution that provides expansive visibility across an organization’s endpoints, network, and cloud workloads.
This service was created exclusively for midsize organizations that need assistance with daily cyber threats, compliance, and the cybersecurity skills shortage. Learn more at Cybriant.com/Cybriant-xdr.
Recently named one of Atlanta’s top workplaces, Cybriant continues to grow by serving the cybersecurity needs of their clients.
Cybriant assists companies in making informed business decisions and sustaining effectiveness in the design, operation, and monitoring of their cyber risk management programs. We deliver a comprehensive and customizable set of strategic and managed cybersecurity services. These services include Risk Assessments, vCISO, 24/7 Managed SIEM with LIVE Monitoring and Analysis, 24/7 MDR, 24/7 Real-Time Vulnerability Scanning with Patch Management. We make enterprise-grade cyber security strategy and tactics accessible to businesses of all sizes. Find out more at https://www.cybriant.com. See our reviews here: https://www.g2.com/products/cybriant/reviews.
About After Nines Inc.
After Nines Inc. provides timeless IT guidance for strategic partners and IT security professionals across ChannelE2E (www.ChannelE2E.com) and MSSP Alert (www.MSSPAlert.com). ChannelE2E tracks every stage of the IT service provider journey — from entrepreneur to exit. MSSP Alert is the global voice for Managed Security Services Providers (MSSPs).
For sponsorship information contact After Nines Inc. CEO Amy Katz, Amy@AfterNines.com
For content and editorial questions contact After Nines Inc. Content Czar Joe Panettieri, Joe@AfterNines.com
In an article posted on the organization’s website, the Center for Strategic and International Studies (CISI.org) reported that, as of January 2019, the United States had 314,000 more available cybersecurity positions than it had trained professionals available to fill them. That was an increase of over 50% since 2015. Globally, this shortfall is expected to grow to 1.8 million by 2022, and that number only applies to cybersecurity positions. The shortage of available trained cyber professionals is impacting all areas of information technology specialization.
Because it is already difficult to find and hire technology pros now and will become even more difficult over time, organizations and managers must focus on retaining the talent they currently have on staff. There are some common reasons given by IT personnel when asked why they are seeking new employment. There are also some common-sense measures managers and their employers can take to address them.
Too much overtime
Personnel shortages, combined with off-hours work associated with tasks like system updates, patching, dealing with threats or incidents, and testing can make for long days for your IT staff. Add to that the unplanned projects that often force IT to move its own projects to the back burner, and the frustration is compounded.
Currently, one of the most popular ways to deal with this issue is to contract with third-party service providers to offload some of the work. If you choose the right provider, you can save a significant amount of time and allow your employees to have the downtime they need to recharge. We have found that this is one of the biggest benefits of our managed security services.
There may also be some non-technical tasks currently being handled by the IT department that could be either shared with, or assigned to, other departments within the organization. Cross-training others to handle these could lighten the load significantly. An example might be physical access security. Because applications used to manage these controls reside on servers, IT often ends up being responsible for access management tasks that could be offloaded to facilities, security, or engineering personnel.
Cross-training within your technology team is also a good idea. Not only does it broaden the skillsets of your staffers, but it also helps ensure that tasks are completed and projects don’t fall behind because only one overworked employee possesses the knowledge and skills needed to handle them.
Limited or no advancement opportunities
No one wants to be stuck in a dead-end job, but, with personnel shortages, promoting someone and back-filling their position could prove to be difficult. Consider, however, that you will need to fill the position anyway when a current employee, frustrated by a lack of advancement opportunities, finds a new job elsewhere. One way of addressing this is to improve communication with your staff. Until you know what their goals are, you can’t help your employees achieve them. Just knowing that you’re interested may give your staffers some hope that they aren’t stuck in a rut, but you’ll need to follow through with action.
Talk with your people one-on-one and come up with ways for each individual to further develop their skillsets. Perhaps they have ideas that would streamline and improve operations. Find ways to allow them to implement those ideas. This may increase their chances for promotion when opportunities arise.
Let upper management and human resources personnel know what you’re doing and why. Find out what new opportunities may be on the horizon and how you can help your people to position themselves for advancement.
Google initially implemented what is known as the 80/20 policy. Employees devote 80% of their time to completing the tasks required to meet their responsibilities. They then spend the remaining 20% working or projects that further develop their skills and make them more valuable to the organization. The more valuable the employee, the less likely upper management will be to let them get away.
Increase opportunities for training
Another way to help your employees prepare for promotions, sharpen their skills, and learn of new industry developments is to ensure that they have access to training. Keep in mind that many training providers offer online coursework that can be completed anytime and from any device with an Internet connection. Some, like the SANS Institute (SANS.org), offer free courses and exercises so that, even if training isn’t in the budget, it’s still accessible. Additionally, when new hardware and software is procured, training is often part of the deal and can be beneficial to both the organization and its employees.
In addition to an overabundance of overtime, a lack of advancement, and the unavailability of training, tech workers often cite issues with their direct managers as their reason for seeking new employment. How you, as a manager, interact with your staffers may have more to do with whether they seek employment elsewhere than any other factor. If they know you’re interested in them and want to help them achieve their goals and be successful, they are more apt to stick around even if advancement opportunities are currently limited or unavailable.
Get buy-in from upper management and HR. Maintain an open-door policy. Frequently speak with them one-on-one. If you say you’ll do something, do it. Be their advocate and be creative. Find ways to give them access to the resources they need and the time required to take advantage of them.
If you are an IT manager looking for information to present to your bosses to emphasize the need for an effective cybersecurity training program, new data from a 2021 research study might be just what you need.
Security services provider Thycotic published the survey results in a report entitled “Balancing Risk, Productivity, and Security.” The firm partnered with SAPIO Research to conduct the survey of 8,041 workers in 15 countries. The results are surprising, if not shocking, and offer a number of reasons for concern.
What researchers learned
The survey revealed that, although more than 85% of those polled said they felt some responsibility for ensuring that they don’t do things that could expose their organizations to increased risk, 51% of respondents believed their IT departments should be completely responsible for preventing their employers from falling victim to cyber attacks. Many in the IT business have encountered and been a bit irritated by this mindset before, but most probably hadn’t imagined that this number would be so high.
Nearly half of respondents (45%) believed cyber attacks posed little or no risk to their organizations. Perhaps that’s why, according to the Thycotic report, 79% of survey participants admitted to having engaged in at least one risky activity within the previous year. The activities included sharing their login credentials with coworkers, using personal devices at work without authorization, using the same password for multiple accounts, and even permitting their company devices to be used by family members.
Why is this happening, and what’s the reason for the lack of concern regarding cybersecurity? Per the survey, a shockingly high 56% of respondents said they had received no cybersecurity training within the previous year. Evidently, they simply don’t know they should be concerned. They’re not be told that their behaviors can create significant risks for their employers or that the IT department can’t stop every attack. Considering the fact that phishing is, and has been for some time, the most utilized attack vector (see Verizon’s Data Breach Investigations Report at verizon.com/business/resources/reports/dbir/) and that the best defense against this and other social engineering attacks is user education, this lack of training is truly alarming.
Recent events increase the threat
With so many working remotely since the pandemic began in 2020, it is critical that employees be given additional training regarding risks associated with remote connectivity, using personal devices to connect to company resources, allowing family members to use company-owned devices, and maintaining the security of their home networks. Effectively, allowing employees to work remotely has transformed what had been local area networks into wide area networks, with home networks becoming part of organizational infrastructure. This significantly expands the attack surface.
Build an effective training program
Effective cybersecurity training programs are ongoing, are continuously updated, and are periodically evaluated to measure their effectiveness and identify areas in need of improvement. They require the active participation of trainees. Merely sending out a newsletter and assuming employees are reading it, understanding the material, and retaining the information isn’t sufficient. They need to be engaged. Requiring them to participate in tabletop exercises and perhaps some classroom or online courses allows them to ask questions. Quizzes ensure that they are paying attention.
Introducing stress into the mix improves retention. An example would be simulated phishing campaigns wherein employees receive suspicious emails and don’t know whether they are real threats or fakes. Offering training employees can benefit from in their personal lives as well as at work gives them more incentive to learn and retain the information.
Monitor Employees’ Endpoints
With a service like Cybriant MDR, you can monitor and protect all endpoints on a 24/7 basis. The service includes a lightweight software installed on all the endpoints you want to protect, and our team watches your endpoints for unusual activity. By using AI technology, we have the ability to detect and prevent attacks before they can fully execute. When a threat is detected, we are able to contain and mitigate threats from all diverse modes of attack.
Endpoint security technologies are vitally important in today’s world of remote work. Hackers are finding new vulnerabilities to attack constantly. Here are 5 endpoint security technologies to defend against cyber threats.
Increasingly sophisticated threats target the endpoint devices that are connected to every organization’s network. These endpoint devices include workstations, employee laptops, and IoT devices. Modern cyber threats can easily evade signature-based technologies that rely on databases of known malware to detect cyber attacks.
This article highlights five advanced endpoint security technologies that organizations need if they want better protection in the current threat landscape.
#1. AI Endpoint Security
Artificial intelligence (AI) has a powerful role to play in advancing the protection of endpoint security. Machine learning algorithms that autonomously improve over time can be used to detect contextual anomalies on endpoint devices that indicate in-progress cyber attacks. These contextual anomalies include unexpected application behavior and logins from new locations or IP addresses.
Data science professionals can train machine learning algorithms using huge datasets of known threats. Additional security-related information can train the algorithms to understand normal patterns of usage across many different endpoint devices. Deployed in endpoint protection solutions, AI can help detect new variants of known malware for which no signature even exists in any database. Signature-based anti-malware technology detects 99 percent of known threats, while AI can help address the most dangerous 1 percent of sophisticated emerging threats.
An increasingly problematic attack vector that threatens endpoint devices is known as a fileless attack. In a fileless attack, the perpetrator uses applications and tools that are already installed on a target endpoint device. It’s harder to detect a fileless attack because it doesn’t require the installation of any new code or the execution of a new file on the endpoint.
Fileless attacks often exploit macros in office applications or scripting languages such as PowerShell. Endpoint solutions with application isolation take a zero-trust approach to application behavior. In practice, application isolation establishes a whitelist of approved applications that can run on an endpoint and sets rules for what each application can do.
For applications that aren’t trusted by default, restrictive controls enable endpoint devices to run the application with limited ability to interact with the operating system or with other trusted applications. The benefit of application isolation is that you dramatically shrink down the attack surface with more granular control over what applications can do on your endpoints.
#3. Endpoint Detection and Response
While it’s better to prevent cyber attacks before they can infiltrate your network, it’s prudent to operate under the assumption that one of your endpoints will be breached at some point. When operating under this assumption, you can put technologies and workflows in place that quickly contain a breach. Endpoint detection and response leverages threat intelligence to detect threats and remediation strategies to contain any damage.
The response aspect of this type of technology typically combines the following automated strategies:
Quarantining any endpoint device on which a threat has been detected and verified
Fully deleting files and their artifacts from any compromised endpoint.
Blacklisting sets of IP addresses or specific URLs from which the threat was detected.
#5. Patch Management
A shocking amount of many high-profile cybersecurity incidents begin with exploiting a software vulnerability for which a security patch already exists. The problem with applying patches is that many organizations use inefficient manual processes to push software updates to endpoints. Sometimes, it’s left to the user of the endpoint to install the update, which is a recipe for disaster.
Smart patch management in the modern threat landscape should automatically apply the latest security updates to different endpoints. The patch management solution should be mandated by the company so that all endpoint devices are covered, which includes personal laptops that employees use to connect to cloud-based business applications.
Deception is an interesting area of cybersecurity that is focused on setting traps for threat actors to reveal their attack techniques or to simply attack phony parts of the network on which no resources exist. A good example is to set up a fake endpoint, which appears to attackers as a host on the network. As soon as you see activity on the fake endpoint, you know an attacker is trying to breach your network, and you can view their activities to get insight into any potential attack vectors they’re trying to deploy.
Another deception tactic is to create fake files with attractive names, such as files with the word “confidential” in the title. Deceiving attackers into revealing their techniques is a good way to get visibility into the real-world threat landscape. Several proprietary security solutions allow you to deploy various types of bait throughout the endpoint devices on your network.
Modern endpoint security must take a layered approach if organizations want adequate defense in the current threat landscape. Ideally, all of these endpoint security technologies should be combined into a single solution for ease of deployment. Many of the largest security vendors have modern endpoint protection solutions with all of these features.