fbpx
FBI Warning: Hackers don’t stop for the Holidays

FBI Warning: Hackers don’t stop for the Holidays

by | Dec 22, 2017

The FBI has released a warning about a fraudulent email scam, just in time for the holidays. According to the release, “The emails claim to be from one of three shipping businesses and claim that a package intended for the email recipient cannot be delivered. The messages include a link that recipients are encouraged to open in order to get an invoice to pick up the package, however, the link connects to a site containing malware that can infect computers and steal the user’s account credentials, log into the accounts to obtain credit card information, additional personal information, and learn about a user’s shipping history for future cyber attacks.

The messages may consist of subject lines such as: “Your Order is Ready for Shipment,” “We Could Not Deliver Your Package” or “Please Confirm Delivery.” The shipping companies say they do not send unsolicited emails to customers requesting information regarding packages, invoices, account numbers, passwords or personal information and if you receive such a notice — don’t respond. You should delete the email immediately or forward it to the companies listed contact email address. If your interaction with the website resulted in a financial loss you should contact your bank immediately.”

I clicked! Now what?

We get it! Hackers are so good at creating emails that look very real, plus the timeliness of their messages – around the holidays –  could not be better. Many of us are waiting for packages to ship, wondering where the packages are, and hoping that they don’t get lost. If you click, you’ll probably know immediately that you messed up. The easiest way to check before you click is to hover over the link and see if the URL is one that you would trust. And then, just go to that URL and search for what you need – avoid clicking altogether.

If you click, close the browser, use task manager to end the browser process. Shut down your system and reboot.  By disconnecting, you reduce the risk of the browser reloading that malicious page once you have restarted. Immediately report to your IT team and they may recommend that you clear your cache and do a scan of your hard drive to check for malware.

Consider reporting the malicious email you received to the FBI through their Internet Crime Complaint Center (IC3). Start here: https://www.ic3.gov/default.aspx. The US is constantly being targeted by nation-state hackers and the FBI needs our help as consumers to help them learn more about these hackers and how they can protect us.

Our partner KnowBe4 has a free tool that allows your IT department (or Cybriant if you want us to manage it) to send you fake emails like the ones the FBI mentions just to see how many users at your company would click on those emails. It’s not a malicious email, so the only outcome will be that users that click on the fake emails may have to go through a little bit more security awareness training. After all, employees are the last line of defense if an email has gotten through all your organization’s firewalls, etc. Check out their free phishing security test here: https://info.knowbe4.com/phishing-security-test-partner?utm_medium=partnerurl&utm_source=Cybriant

Avoid it all together

At Cybriant, we discuss the idea of having a layered approach to security when it comes to the overall cyber risk defense of our clients. Hackers will try to get into your organization from every angle possible, so you have to be prepared, and think like a hacker. Many of the breaches you read about are the result of a small thing, like a forgotten patch, that the hackers realized before the organization’s security team. That ‘small thing’ has resulted in millions of dollars of loss for many organizations. Here’s what we recommend:

  • Real-time Vulnerability Management
  • Responsive Patch Management
  • Endpoint Detection and Response
  • 24×7 SIEM with Security Monitoring

 

Partner for Sending Data Breach Notifications

Notifying customers of a data breach is an essential step to protecting their safety and security. It gives customers the opportunity to take the necessary steps to protect their accounts.

This includes changing passwords, monitoring account activity, or even utilizing password manager accounts for extra protection. In addition to improving customer security, data breach notifications provide an important reminder to companies about the risks associated with storing sensitive information online.

Letting customers know that you are paying attention and taking action can help maintain trust and prevent any potential losses due to malicious activity. Contact Cybriant if you need a trusted partner for data breach monitoring.

Cybriant PREtect

Tell me more!
Two-thirds IT managers struggle with SIEM

Two-thirds IT managers struggle with SIEM

by | Dec 15, 2017

As you know, security information and event management (SIEM) systems collect data from enterprise networks, applications, and logs from operating systems, databases, and other sources. Read more about why you need SIEM.

Dealing with critical incidents should be a top IT priority. Your organization should have a plan in place to resolve those issues once they’ve been detected. If you and your IT team are overwhelmed with the volume of events – you are not alone!  How many incidents are normal? According to a recent report:

The average organization logs about 1,200 IT incidents per month, of which 5 will be critical. It is a challenge to wade through all the data generated by the events that lead to these incidents and prioritize dealing with them. 70% say a past critical incident has caused reputational damage to their organization, underlining the importance of timely detection and minimizing impact.

70% of those surveyed say a critical incident has caused reputational damage to their organization. 

The mean cost to IT of a critical incident is $36,326, and the mean downstream cost to business is an additional $105,302. These two costs rise together, suggesting high cost to IT is a proxy for poor event and incident management, which has a knock-on effect on business operations.

80% say they could improve their mean time to detect incidents, which would lead to faster resolution times and decrease the impact on businesses.

The mean time to repair critical incidents is 5.81 hours, this reduces if there are fewer incidents to manage in the first place. On average, a further 7.23 hours are spent on root cause analysis, which is successful 65% of the time.

Dealing with the volume of events generated by IT monitoring tools is a challenge.

52% say they just about manage, 13% struggle, and 1% are overwhelmed. Those with event management processes that enable them to easily manage the volume of events have a faster mean time to detect incidents and fewer duplicate and repeat incidents.

Two-thirds of those surveyed admit that dealing with the volume of events generated is a problem. Dealing with incidents distracts IT, staff, from other activities; beyond the IT department incidents impact business productivity and the customer experience.

Our Recommendation? 

Outsource. By outsourcing the management of your SIEM, you are allowing dedicated security professionals to monitor the events and incidents that your IT staff may not have the time or expertise to decipher. This will not only reduce your mean time to detect, resolve, and perform root cause analysis, but it will save your organization money, reputation, and moreEarly detection will reduce the impact and cost of incidents on your IT department and your organization.

Related: What is Firewall Logging and Why Is It Important?

 

We're all about Security Monitoring!

Take a Peek
In The News: Cybriant’s PREtect Combines People, Processes And Technologies To Deliver An Effective Cyber-Security Program

In The News: Cybriant’s PREtect Combines People, Processes And Technologies To Deliver An Effective Cyber-Security Program

by | Dec 1, 2017

Cybriant CTO, Andrew Hamilton, was recently interviewed about PREtect. Read the full article here.

UPDATE: PREtect has been rebranded to CybriantXDR. Read more here: https://cybriant.com/cybriant-xdr/

Cybriant’s PREtect Combines People, Processes, And Technologies To Deliver An Effective Cyber-Security Program

Cybriant provides cyber risk management and cybersecurity services to companies of any size. They have recently released a new PREtect product suite, an integrated stack of managed security services designed to reduce exposure to the most common and voluminous cyber threats. The PREtect service provides a comprehensive solution incorporating people, processes, and technologies to deliver a solid foundation for an effective cyber risk management program in an affordable manner.

Below is our interview with Andrew Hamilton, CTO at Cybriant:

Andrew_Hamilton

Q: What was your inspiration for creating PREtect?

A: Over and over, even in the most resourced enterprises, we see security failures arising from what we dub poor environmental hygiene; unpatched systems, poorly informed personnel, slow response to known vulnerabilities. The Equifax breach and the Wannacry attack are two classic examples of the consequences of these failures, and the type of incidents PREtect is designed to thwart.

PREtect accomplishes this by addressing five key fundamental elements. Continuous training of employees to strengthen awareness and skills in identifying malicious behavior. Continuous vulnerability management to minimize the time to discovery of technical vulnerabilities within the environment. Consistent patch management to responsively eliminate technical vulnerabilities once they are identified. Continuous monitoring and management of endpoint security to stop attacks from spreading to the enterprise. Vigilant security monitoring of critical assets to detect persistent threat actors before they can do harm. Combined and effectively performed, these services can greatly shrink the threat landscape any and every business faces.

Cybriant PretectRecommended: Premier Legal Marketing: On The Cutting-Edge Of Any New Technologies To Help Law Firms Grow

Q: Who is your ideal client and why?

A: Any company that is connected to the internet and needs to properly implement a cyber risk management program, or at minimum reduce its risk of becoming the victim of an attack.

Cybriant_ProcessRecommended: QuanticMind Raises $20M Series B Funding To Fuel Its Product Development In The Future

Q: What size business could benefit from PREtect?

A: Business size is somewhat inconsequential. The question is how can a business most effectively and affordably address this business need? For most businesses utilizing a service delivered by experienced professionals will be more functionally effective, and will cost less in time and money then trying to build, manage, and maintain these capabilities in-house.

Find out more about PREtect: https://www.cybriant.com/pretect/

 

Cybersecurity Emerging Trends: Law Firms Targeted

Cybersecurity Emerging Trends: Law Firms Targeted

by | Sep 14, 2017

Law firms and their clients’ sensitive information are a treasure trove for hackers. They not only hold valuable client information but also are regularly emailing attachments to clients, providing a possible means to get into client systems.

Law firms are seen as high-value targets for the rapidly growing use of ransomware and extortion schemes because they have historically weak defenses and are seen as able to pay large sums.

Here are some recent high-profile cyberattacks in the legal industry:

DLA Piper ransomware attack

Panama Papers

Cravath and Weil Gotshal

According to the BitSight’s Fourth Annual Industry Index Report, Legal service providers are arguably one of the most widely used third parties across the world, supporting some of the world’s largest banks and other well-known organizations. To steal intellectual property, trade secrets, and other sensitive information from companies with strong security measures, cyber criminals may target their outside counsel rather than the company itself.

Hackers attack legal providers because they may have weaker security measures in place. Compared to other industries examined, BitSight finds that companies in the Legal sector actually have high-security ratings and low rates of vulnerabilities that could lead to man-in-the-middle attacks. Despite these findings, the industry remains a key target for cyber criminals.

The Legal sector had the second highest percentage of companies with a security rating of 700 or higher, only trailing Finance and in-line with Retail.(BitSight Security Ratings measure the security performance of organizations. These ratings range from 250-900, with a higher rating indicating better security performance.)

More than 60% of organizations examined from the Legal sector are exposed to DROWN, a major SSL/TLS vulnerability.(DROWN is a vulnerability, discovered earlier this year, that could allow a criminal to decrypt secure communications and potentially expose information sent over HTTPS, such as passwords, usernames, and credit card details.)

 

Recommendations

Update web server configurations
IT security teams should update their security protocols and ensure that the most recent patches have been implemented across the network.

Invest in training for employees
Employees should be aware of the cyber risks they encounter when surfing the web. Clicking on suspicious online ads, for example, can introduce vulnerabilities into the network. More on cybersecurity awareness training. 

Continuous security monitoring
Teams should strive to continuously monitor the cybersecurity posture of their law firms and other legal service providers (alongside other critical vendors) to ensure that no new threats emerge through these third parties. More on continuous monitoring. 

Establish cybersecurity benchmarks
Organizations should establish security benchmarks to help them take appropriate action depending on changes in the security posture of their own organization or their critical third parties.

Discuss cybersecurity with Board of Directors
Successfully protecting an organization from cyber attacks requires a team. Organizations should add cybersecurity to Board-level discussions.

 

Examples of Ransomware: 7 Cyber Security Trends To Fight Back

 

→ Read Next: Lessons learned from Equifax Cybersecurity Hack 

Free Cybersecurity Training Tools

Check it out

Guide to Cyber Security Management

by | Jun 11, 2017

Guide to Cyber Security Management

Webinar | June 14 | 1 PM EDT

Register

Webinar: Guide to Cyber Security Management

If you are researching Cyber Security Management, trying to figure out how to manage your SIEM, or have any questions about how a Managed Services Model works, please join this webinar.

Our experts will be on hand to answer any questions you may have.

Event Details

Guide to Cyber Security Management
Thursday, June 14
1 PM EDT

If you can’t make it at this time, go ahead and register and we’ll send you the replay link.

During the webinar, we’ll discuss:

  • Security Event Monitoring with a SIEM
  • The benefits of Managed Services Model
  • How to make Managed SIEM work for you

It’s a full-time job just determining what is relevant and what is noise. We’ll show you how our security analysts validate alerts, sandbox threats found in order to confirm identity and inform you with a prioritized alert status and remediation path.

Cyber resilience should be on the top of your priority list. How proactive and capable are your cyber defenses? We’ll discuss why many companies are moving to real-time security management, threat detection, and incident response from Cybriant.

Register Today!

Webinar

Guide to Cyber Security Management
Thursday, June 14
1 PM EDT

Reserve Your Spot