fbpx
State of the (Cybersecurity) Union

State of the (Cybersecurity) Union

by | Feb 1, 2018

The state of the cybersecurity union today is that all businesses – large or small – should assume the worst and prepare for cybersecurity attacks. It may be impossible to prepare for every potential attack, but you can create a foundation of security throughout your entire organization. Workforces are expanding and using more connected devices, which makes it even more difficult to maintain a human defense firewall.

According to a recent EY survey, many companies may not be prepared as they would like to be. In fact:

  • 87% of respondents say they need up to 50% more cybersecurity budget
  • 48% do not have a Security Operation Center, even though they are becoming increasingly common.
  • 17% of boards have sufficient cybersecurity knowledge for effective oversight of cyber risks.
  • 12% feel it is very likely they would detect a sophisticated cyber attack.
  • 57% do not have, or only have an informal threat intelligence program.
  • 89% say their cybersecurity function does not fully meet their organization’s needs.

Let’s talk about your threat surface

Phishing: You know that nation-states and terrorist groups are constantly out to get us. But, have you considered a poor decision made by an employee that thought a phishing email was an actual email?  We discussed recently that insider threats are the top threat to organizations. 1 in 131 emails contains malware and over 4,000 ransomware attacks occur daily.

Poor Patch Management: You might have heard about the infamous Equifax breach of 2017. That could have been prevented with a simple patch. 45% of companies are not using a dedicated patch management solution to distribute and manage software updates.

Vulnerabilities: 85% of successful hacks use the top 10 known exploits (meaning the companies did nothing about known vulnerabilities in their system). 8,000 vulnerabilities a year were disclosed over the past decade. It’s tough for an IT department to keep up with all of those. Gartner argues that the biggest threats are not the ones that risk causing the most damage to you, but simply the vulnerabilities in your organization’s environment that are being actively exploited “in the wild.

Mobile Cyber Attacks: In Q1 of 2017 alone, mobile ransomware attacks increased by  253%. And 66% of security professionals doubt their organization can prevent a breach of employees’ devices. For hackers, phishing is easy. And profitable. The average phishing attack costs a mid-sized company $1.6 million.

No Security Monitoring: Do you know the threats that are coming into your network? 81% of data breach victims do not have a system in place to self-detect data breaches. Another issue may be that you have a tool in place to detect security incidents, but do you have the expertise on staff to know how to detect and remediate those incidents?

The Financial Industry’s Biggest Threat

What is Firewall Logging and Why is it Important?

PREtect

Learn More
The Weakest Link in Network Security?

The Weakest Link in Network Security?

by | Oct 6, 2017

The weakest link in your network security? Your employees!

Cybriant works with KnowBe4 to provide new school security awareness training. Your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school training – o meetings or posters in the break room just don’t cut it anymore.

Security Benefits of Identity and Access Management (IAM)

See the video below to learn more:

Ready to secure your human firewall?

Click here

What is Firewall Logging and Why is it Important?

What is a Firewall Logging and Why is it important?

Keep Reading
Cybersecurity Emerging Trends: Law Firms Targeted

Cybersecurity Emerging Trends: Law Firms Targeted

by | Sep 14, 2017

Law firms and their clients’ sensitive information are a treasure trove for hackers. They not only hold valuable client information but also are regularly emailing attachments to clients, providing a possible means to get into client systems.

Law firms are seen as high-value targets for the rapidly growing use of ransomware and extortion schemes because they have historically weak defenses and are seen as able to pay large sums.

Here are some recent high-profile cyberattacks in the legal industry:

DLA Piper ransomware attack

Panama Papers

Cravath and Weil Gotshal

According to the BitSight’s Fourth Annual Industry Index Report, Legal service providers are arguably one of the most widely used third parties across the world, supporting some of the world’s largest banks and other well-known organizations. To steal intellectual property, trade secrets, and other sensitive information from companies with strong security measures, cyber criminals may target their outside counsel rather than the company itself.

Hackers attack legal providers because they may have weaker security measures in place. Compared to other industries examined, BitSight finds that companies in the Legal sector actually have high-security ratings and low rates of vulnerabilities that could lead to man-in-the-middle attacks. Despite these findings, the industry remains a key target for cyber criminals.

The Legal sector had the second highest percentage of companies with a security rating of 700 or higher, only trailing Finance and in-line with Retail.(BitSight Security Ratings measure the security performance of organizations. These ratings range from 250-900, with a higher rating indicating better security performance.)

More than 60% of organizations examined from the Legal sector are exposed to DROWN, a major SSL/TLS vulnerability.(DROWN is a vulnerability, discovered earlier this year, that could allow a criminal to decrypt secure communications and potentially expose information sent over HTTPS, such as passwords, usernames, and credit card details.)

 

Recommendations

Update web server configurations
IT security teams should update their security protocols and ensure that the most recent patches have been implemented across the network.

Invest in training for employees
Employees should be aware of the cyber risks they encounter when surfing the web. Clicking on suspicious online ads, for example, can introduce vulnerabilities into the network. More on cybersecurity awareness training. 

Continuous security monitoring
Teams should strive to continuously monitor the cybersecurity posture of their law firms and other legal service providers (alongside other critical vendors) to ensure that no new threats emerge through these third parties. More on continuous monitoring. 

Establish cybersecurity benchmarks
Organizations should establish security benchmarks to help them take appropriate action depending on changes in the security posture of their own organization or their critical third parties.

Discuss cybersecurity with Board of Directors
Successfully protecting an organization from cyber attacks requires a team. Organizations should add cybersecurity to Board-level discussions.

 

Examples of Ransomware: 7 Cyber Security Trends To Fight Back

 

→ Read Next: Lessons learned from Equifax Cybersecurity Hack 

Free Cybersecurity Training Tools

Check it out
Cybriant Launches Managed Cybersecurity Awareness Training Service; focuses on Real Estate Industry

Cybriant Launches Managed Cybersecurity Awareness Training Service; focuses on Real Estate Industry

by | Aug 9, 2017

August 9, 2017 – Alpharetta, GA – Cybriant announced today that it has launched a new service that offers Managed Cybersecurity Awareness Training. Cybriant plans on initially focusing on the real estate industry for this managed service.

The real estate industry is under attack from cybercriminals. Wire Fraud, Email Phishing, Texting Scams and Social Media scams that target independent real estate agents are causing real estate firms as well as potential home owners to lose money.

Cybercriminals have targeted the real estate industry because of the amount of personal and sensitive information that is created, stored, used, and shared between real estate agents, brokers, property managers, closing attorneys, mortgage banks, title companies, and more.

Cybriant’s Managed Cybersecurity Awareness Service helps organizations implement a fully mature security awareness training program. The program will provide baseline testing, user training, simulated phishing attacks, and management reporting.

“Employees are either a weak link in the security chain or a trip wire for your defense,” said Jeff Uhlich, CEO of Cybriant. “Our cybersecurity awareness training service helps meet three requirements for a well-rounded program – awareness, education, and ongoing training. We help strengthen your human firewall.”

For more information, go to https://www.cybriant.com/cybersecurity-awareness-training/.

About Cybriant

Cybriant assists companies in making informed business decisions and sustaining operational effectiveness in the design, implementation, and management of their cybersecurity programs. We deliver a comprehensive and customizable set of strategic and adaptive cybersecurity services which address the entire security landscape. These services include assessment and planning, testing and hunting, SIEM management and security monitoring, perimeter and endpoint protection, and secure cloud networking. Cybriant also delivers support services for the secure maintenance, relocation, and disposition of physical and data assets. We make enterprise grade cyber security services accessible to the Mid-Market and beyond. For more information, go to www.cybriant.com

Managed Cybersecurity Awareness Training Service

Find Out More
It’s War!

It’s War!

by | Jul 12, 2017

cyberwar

After monitoring the Petya ransomware outbreak, Stu Sjouwerman, Founder and CEO of KnowBe4, declared in a recent blog post that we are in the midst of cyber warfare.

This has been brewing under the surface for a few years, but now we are dealing with open cyber warfare here. Like it or not, as an IT Pro, you have just found yourself on the frontline of 21-st century war.

Read more here: https://blog.knowbe4.com/we-are-dealing-with-cyber-warfare-here

How are you defending your enterprise? Cybriant can help prepare you for the front lines of battle. We strongly suggest these three defenses:

Backups

Protect your critical data with cloud backup. With automated backups and quick recovery, you can protect virtually any type of file on both physical and virtual servers, NAS, SAN, and external hard drives.

Cybriant’s recovery solution offers advanced technology to reduce the size of backups, shorten backup windows, minimize bandwidth interference and reduce the storage footprint.

Find out more

Training

Your users are your last line of defense. They need to be trained and remain on their toes with security top of mind. Cybriant offers an integrated platform for awareness training combined with simulated phishing attacks.

Take a look at the free IT security tools we offer through our partner, KnowBe4.

Find out more

Managed Security

Are you aware of what is happening in your security infrastructure around the clock? Cybriant’s dedicated security experts review security logs and alerts in real time to identify and thwart malicious activity.

Cybriant provides the most vigilant oversight of your security infrastructure and your critical assets through our 24/7 security information and event management (SIEM) service.

Schedule a Demo