7 Reasons to Consider a Cyber Security Risk Assessment

7 Reasons to Consider a Cyber Security Risk Assessment

Should you consider a cyber security risk assessment? Many businesses think they are untouchable when it comes to cyberattacks or data breaches. History has proven that even the most secure organizations can be targeted. It’s common for business owners to think they don’t have anything cybercriminals want to access.

Cybersecurity needs to be a top priority for everyone. Ever thought “that won’t happen to me” in the face of bad news?

security risk assessment

Don’t rely on false confidence. Read the following 7 reasons to consider why you should consider an annual cyber security risk assessment.   

What is a Cyber Security Risk Assessment?

First, let’s be clear what we mean by cybersecurity assessment. Like an annual wellness check-up for your health, this assessment aims to diagnose potential risks before something serious happens.

What is a Cyber Security Risk Assessment?

This proactive assessment aims to detect or identify any system, network, software, device, physical, and other threats or vulnerabilities. The assessment findings help your business plan what it will do to respond to and manage the risk. 

The depth and breadth of a cybersecurity assessment can depend on your business size, industry, risk threshold, timeline, and budget. Still, there are several signs suggesting your business needs to schedule a cybersecurity assessment soon.

#1 You’ve got a bad feeling that something isn’t right

Your Spidey senses are tingling. Or you’ve seen something suspicious that makes you question your cybersecurity. This might be:  

  • Finding strange files on your network 
  • Your computers behaving oddly 
  • Competitors knowing information about your company that isn’t yet public knowledge 

#2 Regulatory compliance requirements

Your business may need to meet regulatory requirements. For instance, there are many rules about testing for cyber exposure in financial, healthcare, energy, and educational settings. Compliance starts with a comprehensive cyber risk assessment, we are also able to make recommendations based on the results of your assessment to help your organization maintain compliance. 

#3 Your staff isn’t tech-savvy

Insider threats remain one of the biggest cybersecurity threats. Your investment in security to lock down your “virtual house” doesn’t help if your staff opens the door to anyone who knocks. 

Most employees aren’t malicious. They just have poor habits. Some don’t see a problem in securing their accounts (all of them) with a passcode such as “1234” or “password”. Others are naive enough to actually believe a Nigerian prince wants to send them millions! 

Even those with security awareness training can fall victim to business communications scams. Busy people may not notice when they get an invoice that looks exactly like a supplier’s but with a bad actor’s banking details.  

#4 Angry Former Employees

Depending on your size and the volume of work, you may not yet have a clear process in place for handling terminated employees’ technology access. Are unhappy people quitting? Have you fired staff? Not everyone leaves on good terms, so revoke all former employees’ access and change passwords.

Providing former staff with continued access to your cloud-based platform is as foolish as exposing yourself to germs by waiting on the sick-patient side at the doctor’s office.  

#5 Old Technology

We’ve all been there. We try to get more done with the tools we have rather than having to invest in and learn something new. Yet the “if it ain’t broke, don’t fix it” approach is not applicable to technology. 

Old software or operating systems are more likely to expose you to cyber risk. Once software reaches a certain age, the provider stops supporting that solution. Microsoft, for example, is phasing out security patches and updates for Windows 7. 

Don’t plod along with decades-old technology, thinking you’re safe because there hasn’t yet been a failure or crash. The bigger danger is the small, unnoticed openings you don’t know about, but cybercriminals do.

#6 No data control policies in place

The number of technology entry points to control is always growing. There may be USB drives floating around your business environment holding essential data. Company laptops can be misplaced or stolen. Remote employees may sign on to unprotected WiFi networks and portable devices aren’t properly encrypted.  

Without policies in place to control data throughout your business environment, it’s difficult to determine your vulnerabilities. 

#7 Your employees use their own devices. 

A Bring Your Own Device (BYOD) environment makes employees happy. The cyber criminals are pleased too. Sure, this approach can save money. Your business no longer has to ensure every employee has the latest available technology. But, there are drawbacks: 

  • Employee devices may not be the latest, which could make them more susceptible to cyber-attack. 
  • Staff could download malicious software or apps onto their personal devices that give cybercriminals access to your systems. 
  • Users may be entirely unaware their devices carry malware and could infect your systems when connected.
  • The employee may not be the only user of the phone which has access to business information.
  • Disgruntled employees can use their own devices to damage your network. 

Download our Remote Workers Guide. 

Don’t Ignore the Signs!  

We compared the cybersecurity assessment to a personal wellness visit. Maybe you tend to put those off, too! Well, if any of these signs sound familiar, it’s time to schedule an assessment. 

Cyberattacks and data breaches are seriously damaging for business. If something does happen, your business could lose access to its network or systems for hours or even days. Every moment of downtime proves costly in terms of:

  • Productivity decline 
  • Lost revenues and possible fines 
  • Customer churn 
  • Damage to brand reputation.

 

Why Get Your Assessment Done by Pros 

A business can do its own cybersecurity assessments, but it’s a little like going to the Internet to diagnose your persistent cough. Is it a common cold or proof you’re dying? Cybriant offers several cyber security risk assessments that give you an objective, expert opinion. 

MSSPs understand potential threats and know where to look to identify internal and external vulnerabilities. They can also help gauge the likelihood of something negative happening, as well as the possible harm to your business. 

An MSSP doing a cybersecurity assessment should survey and inventory all your assets to determine what might happen and how devastating it could be to your business bottom line. Reviewing the network, hardware, systems, and business tools, the MSSP can map remote access points and confirm the right protection is in place. 

In addition to running vulnerability scans, the MSSP can also offer a prioritized plan for addressing any risks identified. When you work with Cybriant for your cyber security risk assessments, we will also stick around to help your business implement the fixes and even recheck to be sure your cyber security is now up to snuff.

Cyber Security Risk Assessment Options

Cybriant offers the following assessments: 

Risk AssessmentOur Cyber Risk Assessment is a required step when determining the needs or success of your security program. Following NIST guidelines our risk experts perform interviews, documentation analysis, and walkthrough of physical areas to determine the state of the security program of the client.

Gap AnalysisOur Gap Analysis is critical when you are in need of identifying any deficiencies between your security program and a specific regulation or framework. Our experts will identify the minimum necessary adjustments your company must make in order to comply with said regulation. 

Penetration TestingOur Pen Tests are necessary for organizations that have a compliance need, or that have a concern of a specified system, or are within the monitoring phase of an overarching security program. With Cybriant’s Pen Test, a professional hacker attempts to exploit a technical vulnerability to gain unauthorized access to specified systems.

Mobile Risk Assessments – Mobile devices present a uniquely challenging landscape for security professionals and businesses alike. Cybriant’s Mobile Security Assessment considers every avenue and aspect in which risk may present itself and provides recommendations to address these challenges.

Key Takeaway  

A cyber security assessment gives you a clear picture of your business’s risk exposure. If you recognized any of these symptoms, don’t put off a cyber security assessment any longer. 

Working with Cybriant, we’ll help you identify potential security gaps and benefit from their expert input to improve your cyber security health long-term. 

Learn More About Cybriant’s Cyber Security Risk Assessments

How to Protect Customer Data: 7 Tips

How to Protect Customer Data: 7 Tips

As cyberattacks continue to make headlines, hackers are exposing or selling customer data files in record numbers. But just like with any threat, there are actions you can take to minimize risk and ensure your business retains a positive reputation among customers. 

Your customers’ data should potentially be the most protected item in your organization. As we saw in the Equifax breach, just a small oversight or error can cause millions of dollars worth of damage to your company, as well as damage to your reputation. So, protecting your customers’ data should be on the top of your list of priorities.

Here are 7 tips to use throughout your organization to protect client data:

1. Stop using the same password on repeat

Set a mandate for all staff that passwords must be unique for each user and for your workplace. That means it can’t be remotely like the one on their home PC, tablet, or online banking. Passwords are hacked more than ever, so when you’re prompted for a password change, dig deep and really think about what goes into a hacker-proof password. If remembering them is a problem, consider one of the latest password management tools.

2. Go on a shredding spree

How much sensitive data is being dumped into the recycling bin? Valuable customer data is often taken from the bins of small businesses and quickly sold or published. It’s not just good practice to shred sensitive documents, it’s the law.  Take 5 seconds to run documents through the shredder or book in the services of a secure shredding company.

3. Ditch the accounting spreadsheets

Still using an Excel doc for all your number-crunching? Besides making your accountant’s job harder (and more expensive), you’re opening your business to a massive range of vulnerabilities. Even with password-protection, spreadsheets aren’t designed to safeguard your financials or those of your clients. Upgrade to a proper accounting solution with built-in customer data protections and security guarantees.

4. Train staff explicitly

You can’t rely on common sense because what you think is a given might be news to someone else. It can be extremely beneficial to hold special data-safety training sessions once or twice a year as a reminder, as well as take the time to induct new staff into the way things are done.

5. Limit access to data

Just like the bank manager who guards the keys to the vault, you can limit who accesses your data. Revoke employee access as soon as they leave your business for good, and set rules around who can access what – and when. Do they need access to sensitive information while working from home? Should they be able to change the files, or only view them?

6. Keep your software updated

Possibly the most preventable hack, having outdated software can be an open invitation for cyber-criminals. They look for known weaknesses in business software and waltz right in. While the nagging pop-ups and reminders to update can feel like a selling ploy, they’re actually helping your business to stay in the safe zone. Updated software gives you protection against new viruses and hacking techniques, plus closes off those nasty weaknesses.

7. Use an Endpoint Protection Platform or MDR Service

MDR is Managed Detection and Remediation. In 2020, antivirus is not enough to protect your endpoints. The fact is that cyberattacks on endpoints are increasing rapidly in complexity and numbers. With digitization continuing to transform industries, devices in huge numbers are likely to be compromised.

To mitigate the risk of compromised systems, you need an immediate response, enhanced security tools, and a team of experts on your side that can guide you through the entire remediation process. You get this and more with Cybriant’s 24/7 MDR Service. Find out more here: https://cybriant.com/mdr/

Your business environment is dynamic; that’s part of what keeps you interested. Yet you have to keep a constant, watchful eye on the horizon. You must try to anticipate obstacles and be proactive to avoid disaster down the road.

One of the biggest problems facing businesses today is securing mobile, collaborative resources.

Business is done on the move and remotely more and more. To remain productive and also recruit and retain top talent, you need to enable mobility. Your people might collaborate across country borders or even between the office and a nearby coffee shop. They want reliable access to the same business tools they might use when on-premises.

How does MDR help?

When you outsource the management of your Managed Detection and Remediation (MDR) to Cybriant, our security analysts are able to:

  • Perform root cause analysis for any blocked threat or any other artifact deemed important found on an endpoint
  • Proactively search endpoints for signs of threats commonly referred to as threat hunting
  • Take decisive action when a security incident, or potential incident, is identified

Cybriant uses AI-based threat prevention, running locally on your endpoint, that has a field-proven record of preventing well over 99% of threats, both known and unknown, from executing on your endpoint, without signatures, cloud lookups, or significant impact on your endpoint.

Using AI, we can stop bad executables before they can hurt your business. Time is of the essence when it comes to a security incident. Our analysts can decisive action when a security incident is identified or a threat needs to be mitigated.

Our analysts can immediately investigate any endpoint in your environment to determine if the activity is in fact malicious. Real attack data is an invaluable source of intelligence for your security team. Without deploying sandbox technology, our analysts can get a glimpse into the mind of the attacker and how they try to compromise your endpoint.

In Conclusion

If you are serious about protecting your customers’ data, consider MDR from Cybriant to prevent cybercriminals from accessing their information. Using AI, our analysts will stamp out a potential compromise before it has the chance to do harm. Along with a curated set of forensically relevant data on your endpoints, You also get script control, memory protection, application control, and device usage management to block additional threat vectors.

We offer a 30-day free trial of our MDR Service. Find out more here: https://cybriant.com/mdr-free-trial/

 

Managed Detection and Remediation (MDR)

Plan Today for Cybersecurity Trends in 2021

Plan Today for Cybersecurity Trends in 2021

The global economy is in a slump. But believe it or not, now could be a good time to invest in technology priorities. Here are the cybersecurity trends in 2021 that you should prepare for today. 

cybersecurity trends 2021

You may already have streamlined processes. You had certain technology tools and systems in place to get things done. It all was working fine. Yet 2020 brought many challenges to the way business functions. The technology you relied on in the past may not be the best answer to your current business needs, especially when it comes to protecting your business data.

You might have been putting off cloud migration, as most of your employees worked onsite, or you resisted remote working out of concern that employee productivity would suffer. Perhaps your business didn’t want to secure a “Bring Your Own Device” workplace. Well, 2020 and the COVID-19 pandemic changed that for most of us.

Now, you need to rethink how your employees report for work. You could be facing any of 2020’s familiar challenges such as:

  • a server that could support your teams overburdened by remote workers;
  • a reliance on email document exchange causing difficulties with version control and accountability;
  • not having enough software licenses to accommodate employees working from home;
  • employees lacking the technology to get work done offsite;
  • securing those ‘BYOD’ devices – and being aware of those devices.

Businesses need to act now to address their new technology needs in 2021. Keep reading to learn more about the potential cyber threats we are facing today and will continue to face in years to come.

Stepping Up Your Cyber Game

Some businesses are struggling to keep their doors open. Others are waiting out the current situation to see how things shake out. Then there are those that are rolling the dice and betting on a rebound. Improving cybersecurity can be a foundation for future business success.

Plans may have already been in place to invest in a SIEM or endpoint protection platform. Continuing the digital transformation journey, when everyone is adapting already, could make sense. Reduce negative impacts by making the change while employees are working remotely.

firewall as a service Your business may also invest in data backups and disaster recovery solutions. Didn’t have business continuity plans in place? You’ve likely realized their importance now. These plans prepare your business for data breaches, ransomware attacks, power outages, or natural disasters. Contracting for cloud data backup pays off when you can recover quickly and cut damage done.

Starting a partnership with a managed security service provider (MSSP) is also helpful. An MSSP (like Cybriant) gets to know your business and its systems and needs. We can help identify opportunities for greater efficiencies in your overall security plan.

Cybersecurity Trends 2021

2020 has proven to us so far that we can predict what will come next year, but based on what we’ve experienced this year so far, here are our best predictions on the cybersecurity trends in 2021.

#1. Coronavirus May Still Be Around

Security teams already have enough to worry about with COVID-19 sending everyone home to work. Too bad cybercriminals are such opportunistic creeps: they’re even taking advantage of the global health pandemic to scam the unsuspecting.

Cybercriminals are nimble crooks who capitalize on current events. As soon as there is a fresh news story or angle for their attacks, they adapt quickly. Right now, they’re taking advantage of the coronavirus. As businesses change the way they work, bad actors see an opportunity to find new entry points. They’ll try any means to phish for sensitive data, breach systems, or deliver malware.

Read more about How to Stop Hackers that are Exploiting the Coronavirus. 

#2. Cybersecurity Skills Shortage

Remember all the reports that stated that the cybersecurity skills gap will widen to 3.5 million positions by the year 2021? Well, they were right!

A recent study from (ISC)2 claimed the global security workforce needs to increase by a staggering 145% to cope with a surge in hiring demand. In Europe, this has come particularly in smaller companies with one-99 employees, as well as those with over 500 employees.

Unsurprisingly, over half (51%) of cybersecurity professionals said their organization is at moderate or extreme risk due to staff shortages.

This is the #1 reason to consider outsourcing some or all of your security needs. Here are 9 Unique Reasons to Outsource Cyber Security Monitoring. 

#3. Cyberattacks using Artificial Intelligence (AI)

rogue networksHackers are outpacing many organizations when it comes to the technology and hacking techniques used to attack them. Hackers can mimic human behavior with AI. At Cybriant, we fight back by using AI and computer learning tools to stop any attacks prior to their execution. We use static and dynamic AI protection to detect, mitigate, remediate, and roll back based on any potential attacks.

Our MDR service is an integrated state of continuous detection and remediation. Learn more here: https://cybriant.com/mdr/

#4. Supply Chain Compliance

If you are a Department of Defense contractor, you have definitely heard about CMMC – Cybersecurity Maturity Model Certification. While the initial implementation will be within the Department of Defense, it’s possible that they could be used as an example for the rest of the government suppliers.

There are still many questions about CMMC. If you work with any third-party suppliers and you hold the DoD contract, it may be worthwhile to have a conversation about your CMMC plan. Learn more here: https://cybriant.com/cmmc/

#5. Phishing Emails

Email remains the number-one means of a cyberattack. Cybercriminals are increasingly sophisticated and always motivated. Today, companies from any industry of any size can face a targeted threat.

Whether it’s a phishing attack or a malicious attachment, these bad actors prey on human nature. They’ll target your staff’s heightened fear and desire to help or tap into the near-Pavlovian response to urgency or a “steal of a deal.” Right now, they’re looking to benefit from worldwide anxiety about the coronavirus pandemic. While businesses grapple with remote work processes, cybercriminals find new weaknesses.

The fact remains that your employees will click on phishing emails, no matter how much training you force on them. We highly recommend MDR plus security training. It’s like the net for tightrope walkers – there to save you just in case you slip up.

#6. The Nigerian Price is Back

Scams aren’t new; it’s a matter of how they’re packaged. In the past, a Nigerian prince wanted to send you millions. Now, many governments are giving out money in the form of economic stimulus payments. The scammers leaped right in. Scam emails ask for bank information to pay relief funds directly, or the emails request other personal data you don’t want to reveal to a criminal.

Fake bank, telephone, or insurance company phishing emails are another problem. These ask for personal and financial information, lure the user into opening malicious links or attachments, or seek remote access to the user’s device. Emails impersonating healthcare organizations are also common. The CDC, WHO, and other healthcare organizations aren’t reaching out directly.

Downloading a “Safety Measures” pdf or the like could introduce malware or take an employee to a malicious site. A fake virus tracking app is set up to deliver malware. The ”COVID19 Tracker” app infects a device and demands $250 in Bitcoin. Emails offering fake news about someone infected in the area are another tactic. Sometimes, cybercrooks target businesses with a communication saying there’s a shipping problem caused by COVID. Saying a package is held up, the email encourages clicking on a malicious file or link to remedy the problem.

Hackers are even gaining access to corporate email addresses or relying on a close approximation to fool the busy reader. Then, they send links or attachments promising to outline company coronavirus policies. Often, these will ask the user to log in to view the necessary documentation. If the user doesn’t question the communication, bad actors capture employee’s access information.

Training is important, but hackers have gotten really, really good at these types of emails. MDR is your best bet. 

#7. 5G Cybersecurity Concerns

5G is the fifth generation of mobile networks and technologies, providing remarkably fast speeds that are set to help consumers, businesses, and government.

CISA Director Christopher Krebs wrote in a recent report that he saw 5G development as the “single biggest critical infrastructure build the world has seen in 25 years,” highlighting the need to build security into a system that will support essential services.

“Given 5G’s scope, the stakes for safeguarding our networks could not be higher,” Krebs wrote. “The vulnerabilities that will come with 5G deployment are broad and range from insider threats to cyber espionage and attacks from sophisticated nation-states.”

“Now more than ever, trust in our services and the underpinning equipment is paramount,” he added

Source

#8. Quantum Computing

In October 2019, researchers at Google announced to great fanfare that their embryonic quantum computer had solved a problem that would overwhelm the best supercomputers. Some said the milestone, known as quantum supremacy, marked the dawn of the age of quantum computing. Read more. 

Whether this was actually “the dawn of the age of quantum computing” or just a benchmark in quantum computing’s rich history, the fact remains that quantum computing is constantly being developed and researched and could be a real possibility in the near future.

According to American Scientist, Cybersecurity researchers and analysts are rightly worried that a new type of computer, based on quantum physics rather than more standard electronics, could break most modern cryptography. The effect would be to render communications as insecure as if they weren’t encoded at all.

Fortunately, the threat so far is hypothetical. The quantum computers that exist today are not capable of breaking any commonly used encryption methods. Significant technical advances are required before they will be able to break the strong codes in widespread use around the internet, according to a 2018 report from the National Academies of Sciences, Engineering, and Medicine.

Still, there is cause for concern. The cryptography underpinning modern internet communications and e-commerce could someday succumb to a quantum attack. To understand the risk and what can be done about it, it’s important to look more closely at digital cryptography and how it’s used—and broken.

#9. Ongoing Election Concerns

To say the 2020 Presidential Election is making news globally would be putting it lightly. Nation-state attackers are gearing up and preparing their tools.

According to a Gallup poll in February 2020, 59% of Americans say they are not confident in the honesty of U.S. elections. Read the full report here.  Perhaps it is just media hype causing this posture. However, plans have been in place since 2017 to improve the voting scenarios for 2020.

The Department of Homeland Security’s top election security official, Chris Krebs, ticked off a slew of accomplishments during an address at an online version of the annual Black Hat cybersecurity conference. They include an extensive cybersecurity testing program for state and local election offices and digital sensors that can alert DHS about hacking attempts at thousands of county election offices.

“It’s night and day compared to what existed in 2016,” Krebs said. He said he’s confident that “2020 will be the most protected and most secure election in modern history.”

Source

We can only wait and see….and prepare. Recorded Future posted five reasons we should be concerned about ransomware during the 2020 Election.

#10. Cloud Security & Cloud Jacking

Cloud security has been a concern since “the cloud” was created. It’s an incredible platform especially since it can grow at the pace of today’s digital business, but it also creates some of cybersecurity’s greatest challenges.

What is Cloud Jacking? Cloud Jacking or Cloud Hijacking is a way that even a novice user uses a simple automated exploit script and takes complete control of your cloud infrastructure.

firewall An example of this in action is found within the world of botnets in which an existing series of compromised computing resources are used to create an exploit map of the cloud. Source

According to the 2020 Sophos Threat Report, they state that misconfigurations will drive the majority of incidents. And of course, if the right (or wrong) administrator’s computer is even briefly infected with credential-stealing malware, it’s possible that administrator’s API key or cloud computing management credentials will be stolen and leveraged to perform further attacks, using the cloud instance managed by the admin.

Take a look at what recently happened with AWS. KnowBe4 announced a lesser-known variety of Amazon-themed phishing emails that are focused on business accounts rather than personal accounts. This sub-genre (for lack of a better term) of Amazon-themed phishing targets the Amazon AWS accounts of organizations (as opposed to the personal Amazon accounts of individual users).

AWS accounts are potentially attractive targets for bad actors as they could contain a wealth of exploitable data. Compromised AWS accounts could also be exploited by criminals who would have their own need for a robust, reliable cloud computing services platform. That such a platform might come free of charge only sweetens the pot.

Read about even more AWS attacks.

#11. More Ransomware Strains

Not too long ago, we reported on the top ransomware threats in 2020. Cybercriminals use the current ransomware threats and build on them to make them even more powerful.

Cybersecurity Ventures has predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. That figure is based on historical cybercrime figures. It is estimated that the cost of ransomware to businesses will top $20 billion in 2021 and that global damages related to cybercrime will reach $6 trillion. Yes, that is with a “T.” Source. 

With the enemies that are creating bigger and better tools, it makes sense to prepare for the future.

Prepare Now for 2021

We typically recommend taking it back to the basics – People, Process, and Technolgy when creating your security strategy. Our team uses the NIST Cybersecurity Foundation for any and all technology decisions – and we recommend this foundation to our clients as well.

pretect We have found that most threats fall under 4 main categories – advanced persistent threats, compromised endpoints, poor patch management, and technical vulnerabilities. Our PREtect service covers all these threats in one simple service. PREtect includes 24/7 managed SIEM, Managed Detection and Remediation (MDR), and Comprehensive vulnerability management. These three services cover the first four levels of NIST CSF – including Identify, Protect, Detect, and Respond.

Learn more about PRetect here: https://cybriant.com/pretect/

Now is also the perfect time of the year to schedule your security risk assessments, mobile security risk assessments, penetration tests, etc. Learn more about our assessment services here.

Security Training for All (Plus MDR)

People are the core of your business success. At the same time, they can also represent a real security threat. According to Experian, only 45% of companies have mandatory cybersecurity training.

Yet your staff needs to understand the many ways in which they can put your business at risk. IT can’t be the only team making cybersecurity a priority.

In educating employees about potential cybersecurity issues:

  • Impress the importance of caution and questioning the source of any communication with links or attachments. Hovering over URLs can show where the link leads. Grammatical and spelling errors are often a red flag, too.
  • Require the use of MDR and consider 24/7 monitoring
  • Explain why you have an acceptable-use policy. Talk about what could happen if they decide to download that one app from the Web to their work device.
  • Warn them about installing random USB drives hoping to connect the stray device to its owner. Dropping thumb drive devices is a common way cybercriminals gain illicit access.
  • Emphasize the importance of physical security, too. A stolen unencrypted laptop or someone accessing an on-site computer can lead to a breach.
  • Provide them with a way to report suspicious emails, communications, and potential compromise.

Even after you’ve taken the above advice to educate employees, there are still risks. Some of these emails are very convincing. People are busy, working fast, tired, and overly trusting. Additionally, these particular scams are targeting our preoccupation and fears around the coronavirus. It only takes one bad click to breach your system, which is why we highly recommend an MDR service. 

 

PREtect is 3 Levels of Cyber Protection

Learn More About This Affordable Service.
Click Here

Sticky-Widget: Encryption for CMMC using FIPS Validation

Sticky-Widget: Encryption for CMMC using FIPS Validation

History

From time immemorial, it seems like that anyway, the National Institute of Standards and Technology (NIST) issued the Federal Information Processing Standards (FIPS) 140 which outlines the various standards for encryption that are to be used for processing federal information.

There are four levels to this standard.

Level 1: The lowest level of security requiring only the most basic cryptographic modules. It doesn’t require physical security mechanisms either.

Level 2: Takes level one and adds a physical security mechanism such as tamper-evident seals and pick resistant locks.

Level 3: Takes level two and adds more of the same. Harder to get into and compromise without obvious and immediate evidence to indicate the fact.  Also can incorporate auto-destruct mechanisms.

Level 4: This is where the book is thrown at cryptography. The highest level requiring physical and logical protections as well as the strongest algorithms.

Fortunately, the job of deciphering whether your systems are FIPS compliant doesn’t involve a mathematics degree but it does require a bit of work.

Where do we start?

Cryptographic Module Validation Program

NIST has provided a resource for all things FIPS 140. Provided below is a great link to bone up on the requirements and standards that are dictated by FIPS. If you were to peruse the website you’ll learn very quickly that theory and practice are not the same animals. An algorithm itself may be validated as sound, but that does not mean the way a device or piece of software utilizes that algorithm is certified. You could, and when an algorithm is first certified you do, have a certified algorithm that you can’t use because no product or software using the algorithm has been certified.

Every device, module, or software your company employs to handle Controlled Unclassified Information (CUI) must be FIPS certified. There are three methods to handling this:

  • Assume: This is the most popular method of dealing with FIPS compliance. It involves assuming all your devices are compliant or simply remaining ignorant of the very need for them to be compliant. Sufficed to say, this is not our recommended course of action.
  • Vendor Validation: What are support and salespeople for other than answering mundane questions you can’t be bothered to find out? There is one caveat to this. How much do you trust your vendor? This is an important question because regardless of what your vendor tells you, you are ultimately responsible for utilizing a non-compliant device.
  • Self Validation: Go to the NIST website provided below and check for yourself. Does this mean you have to go find every piece of software, hardware, COTS, etcetera that you use for encryption that’s within scope? In theory yes, in practice, not always as we will see below.

Enforcing FIPS

Fortunately, most vendors are cognizant of the need for FIPS validation. As such many provide easy to implement configurations to ensure only FIPS certified technologies are used. For example, Microsoft has a handy dandy registry edit that enforces FIPS-certified algorithms across an entire domain or on a per-machine basis. (Links provided below). Use these options. This would be something to ask all your vendors to ensure updates do not auto-deploy the latest encryption technology which may not be FIPS certified as of yet.

Conclusion

Any time you’re going to be using encryption within scope for CMMC you must use a FIPS validated method. Fortunately, that’s not all that hard to do.  Unfortunately, it still requires some effort on your part. Here are a few things that will make your life easier:

  • Check with your vendor if there’s a “FIPS compliant switch”
  • On those without said switch go to the website below to find your product and make a note of what specific settings and configurations are FIPS compliant. Use those.

It’s another checkmark to address, but I hope it’s not mysterious anymore.

https://csrc.nist.gov/projects/cryptographic-module-validation-program

https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation#step-2–setting-fips-localgroup-security-policy-flag

CMMC Reference: SC.3.177

 

Learn More About CMMC From Cybriant

Warning: These Cyber Threats Will Make it Through Your Antivirus!

Warning: These Cyber Threats Will Make it Through Your Antivirus!

If you depend on an antivirus, please be aware that it is more than likely to let you down. More importantly, some threatening cyberthreats are well-known to get past antivirus and cause major problems. 

This is How Your Antivirus is Letting You Down

The best way to avoid a computer virus is by using common sense, but that doesn’t mean you’ll be safe from attack. Even the most careful user can find themselves infected in an instant and spreading the virus faster than a sneeze in the flu season (or the coronavirus!). The common thought is that your antivirus will help you. However, we recommend a next-generation antivirus that has the ability to prevent malware from executing.

First of all, let’s discuss how your traditional antivirus is letting you down:

Advertising: Much like a free app making its fortune with in-app purchases, the free antivirus software will push for payment. Expect popup boxes pestering you to sign up to the paid version at least daily. Some free options will also try to change your browser home page and default search engine, an inconvenience you may be stuck with. Even paid will find ways to upgrade your service or protect something new.

Effectiveness: It’s fair to expect your antivirus to detect malware, and testing showed that in a head-to-head battle free and paid are about equal at catching known infections. And therein lies the kicker: generally speaking, antivirus needs to have recorded a virus to its library before it can detect it. Next-gen antivirus uses AI and machine learning for deeper security analysis. It essentially bases the detection on suspicious behavior, source, and attributes, a far more effective method of detection.

Features: Free antivirus options are usually created from the paid version, taking out everything except the bare minimum. Some paid antivirus may form more secure protection against attacks. However, hackers have advanced beyond simple tactics and it’s not just about avoiding email attachments anymore.

Support: Free antivirus options are the most popular choice because they’re… free. Obviously. This also means there’s generally no support available. If there’s a problem or conflict with another program, you may find yourself without protection until it can be resolved. When coupled with our MDR service, next-gen antivirus offers 24/7 around the clock monitoring.

Cyber Threats That Will Make it Through Your Antivirus

You understand by now that your antivirus is letting you down. But, did you know that by relying on antivirus alone, you could potentially allow these common cyber threats onto your network, putting your corporate data at risk. 

Advanced Threats. Legacy antivirus depends on prior knowledge to detect threats. Adversaries have access to nation-grade hacking tools which means that new threats are detected daily. AI- and computer learning gives us the ability to detect and validate suspicious activity. 

Polymorphic Malware. Attackers can easily defeat signature-based antivirus tools that rely on checking a files hash against a known hash database.

Malicious Documents. Sometimes a maliciously-formatted document is used to exploit vulnerabilities in the opening application to achieve code execution, and legacy AV cannot detect such by reputation.

Fileless Malware. Attackers have realized that traditional AV solutions have a gaping blindspot: malicious processes can be executed in-memory without dropping telltale files for AV scanners to find.

Encrypted Traffic. Malicious actors can hide their activities from inspection by ensuring that traffic between the victim and attackers command-and-control (C2) server is protected by end to end encryption.

Consider Cybriant MDR

Our team of security experts will help stop advanced threats at the endpoint with Cybriant MDR. We utilize AI-based next-gen antivirus that will help you:

PREVENT: Our expert security analysts monitor and record all the events that occur on your endpoints. Our team focuses on relevant threats that attempt data exfiltration or modification.​ When files attempt to execute these suspicious processes an alert is triggered and the attack is halted in real-time.​

​DETECT: When a credible threat is detected, our system will retrieve the process history and our team will analyze the chain of events in real-time and determine the validity of the threat.​ You’ll receive the alerts when threats are detected along with advice and insight from our cybersecurity team to help you mitigate and respond to the threat.​

​REMEDIATE: Once identified, the malicious activity is immediately stopped in its tracks, and our team guides you through the remediation. This remediation process provides astonishing insight into the data of the threat.​ You’ll be able to help your organization reduce their attack surface by learning how you’ve been compromised.​

Consider Cybriant MDR to help you detect threats that antivirus will certainly miss. Learn more here: cybriant.com/mdr. 

 

Learn More about Cybriant MDR

How to Prevent Zero-Day Attacks in 5 Steps

How to Prevent Zero-Day Attacks in 5 Steps

It is possible to prevent zero-day attacks? Protecting your business against the latest IT threats should always be a top priority. Updating antivirus and patching your operating system is a great way to start. What happens, however, when a threat appears at your door before security firms have had a chance to catch it?

What is a Zero-Day Attack?

A security threat that exploits a previously undiscovered vulnerability in the computer is known as a zero-day threat. The name “zero-day” is designed to imply how long since the vulnerability was discovered. The term also indicates that system developers have had zero days to fix it.

Zero-Day attacks are vulnerabilities so new that the security firms have never seen them before and have had zero days to fix it. Luckily, it is possible to lessen the chances of it impacting you or your business.

A newly discovered attack might be packaged into a computer virus or worm. This will allow it to spread far and wide while inflicting the maximum amount of damage possible. When spread successfully, a new exploit has the potential to reach hundreds of thousands of computers before an operating system or anti-virus update can even be issued.

There are a number of ways we can protect your business or lessen the damage from a zero-day attack.

#1. Preventative security

The number one way to mitigate the damage from any attack to your system is to prevent it from happening in the first place. Maintaining a good firewall and up-to-date antivirus is the best step you can take to ensure the security of your system.

A firewall, monitoring traffic in and out of your network, reduces unauthorized entry over the network. Even without knowing the exact nature of the attack, suspicious activity traveling in and out of the system can be stopped.

The same is true of modern Antivirus. Even when it can not identify the specific zero-day threat from its virus database; it can often identify malicious intent from learned behavior in the system.

Cybriant helps clients prevent cyberattacks with our PREtect service. Check it out here: https://cybriant.com/pretect/

#2. A Locked Down Network

Should a zero-day threat make it into your network, our next goal should be to limit its effects. By restricting user access to only essential files and systems we can limit the damage done to the smallest number of systems. Good security policy dictates that each account should only have full access to the systems needed to complete the user’s job. For example, users from the accounts department shouldn’t have access to sales department databases.

In this way, the damage of a single compromised account is limited to only the network area it operates in. Such limited impact should be easy to control and can be reversed with regular backups.

Let us manage your Firewall for you with our (next-gen) Firewall-as-a-Service. Find out more here: https://cybriant.com/firewall-as-a-service/

#3. Good Data backup

Whether your entire network has been exploited or only a small area has been affected; good data backups are your protection against major lasting damage. Having a good backup means having the procedures in place to both create regular backup copies and make sure they can be restored at a later date.

Reliable and well-tested backups are worth their weight in gold. Knowing your data is safe and your system can be recovered is peace of mind against even the most highly destructive zero-day attacks.

#4. Intrusion Protection

While the precise methods of a zero-day exploit can’t be known in advance, a network intrusion protection system (NIPS) can monitor the firms’ network for unusual activity.

The advantage of NIPS over a traditional antivirus only system is it does not rely on checking software against a known database of threats. This means it does not need updates or patches to learn about the latest attacks. NIPS works by monitoring the day-to-day patterns of network activity across the network.

When traffic or events far out of the ordinary are detected action can be taken to alert system administrators and lock down the firewall. Devices such as USB drives and mobile devices can all introduce threats to the network. They can often make it past the firewall because they are physically introduced to the system.

NIPS protects against threats introduced to the network from both external and internal sources.

When antivirus isn’t enough, consider MDR – Managed Detection and Remediation. Learn more here: https://cybriant.com/mdr/

#5. Full Cover Protection

Used in combination these techniques can prevent, protect, and mitigate against the kinds of threats that even the top security firms haven’t patched yet. We think it’s important to keep your firm secure whatever it might come up against in the future. And, having security experts on hand 24/7 is a nice bonus. 

Find out about all of our managed services here: https://cybriant.com/home/services/

how to prevent zero day attacks

Prevent Zero-Day Attacks with PREtect

Get The Latest Cyber News In Your Inbox

Cyber news and threat updates from our cybersecurity experts.

You have Successfully Subscribed!

Read more cybriant reviews

You have Successfully Subscribed!