Ransomware - SMEs Faces Greatest Risk - Attacks Grown 235%

Enterprises, beware. Threat actors are continuing to eye businesses for high returns on investment in Q1 2019, breaching infrastructure, exfiltrating or holding data hostage, and abusing weak credentials for continued, targeted monitoring. From a steadfast increase of pervasive Trojans, such as Emotet, to a resurgence of ransomware lodged against corporate targets, cybercriminals are going after organizations with a vengeance.

Ransomware attacks on business targets have seen a substantial increase in the first quarter of 2019, up by 195 percent since the fourth quarter of 2018, according to a recent Malwarebytes report.

Malwarebytes researchers analyzed the combined statistics and intel collected from its intelligence, research, and data science teams between January 1 and March 31, 2019. They also leveraged telemetry from both consumer and business products on PC, Mac, and mobile devices.

Overall, they found that business detection of ransomware attacks increased by more than 500 percent from the same time frame in 2018 with 336,634 detections.

SMEs face the greatest risk from attacks as overall business detections have grown 235%

“Zero day attacks are on the rise and estimated to be a daily occurrence by 2021. This is largely down to digitisation within organisations and there’s more pressure on developers to deliver software faster – leaving systems vulnerable. This problem is exacerbated by hackers becoming more sophisticated, enabling them to bypass defences more easily.

“IT teams often prioritise stopping a breach occurring at all, but in today’s cyber climate a successful breach is inevitable. The most important aspect of cyber security is that businesses prepare for the worst and have effective data recovery and backup systems in place. Zero day recovery makes sure critical systems are down for as little time as possible. It’s often true that real damage from these breaches doesn’t come from the attack itself, but the resultant downtime after a breach – the time taken to become fully operational dictates the financial and operational fallout on a business.”


Key takeaways

cryptomining seems to have gone the way of the dodo. Detections of consumer-focused Bitcoin miners have dropped significantly over the last year and even from last quarter, while business-focused miners have increased from the previous quarter, especially in the APAC region.

Adware in Macs and mobile devices was problematic.

While all Mac malware saw a more than 60 percent increase from Q4 2018 to Q1 2019, adware was particularly pervasive, clocking in at over 200 percent from the previous quarter. Mobile adware detections also trended upward, as supply chain attacks delivered malware pre-installed on mobile devices. However, overall adware detections were fewer in Q1 2019 than they were during the same time period last year.

Exploit authors developed some  attention-grabbing techniques. A new Flash Player zero-day was discovered in Q1 and quickly implemented into popular exploit kits, including Underminer and Fallout EK, as well as a new exploit kit called Spelevor. In addition, a Chrome zeroday required users to take action, fully shutting down and restarting their browser in order to patch the vulnerability. Finally, the popular software WinRAR was being used to deliver payloads to users.

As attacks against businesses ramped up, user trust in businesses to protect their data reached a new low.

In a survey conducted by Malwarebytes in Q1 2019 of nearly 4,000 respondents, users expressed deep concerns about abuse, misuse, and theft of PII, especially from social media and search engine companies. In a new section of our Cybercrime Tactics and Techniques report, we examine how cybercriminals found success by exploiting infrastructure weaknesses, gaps in policy and regulation, and even corporate negligence to not only walk away with valuable data, but establish persistence within the network.

Businesses are still the prime target. Overall detections of threats to businesses have steadily risen, while consumer threats have dropped off. Business detections increased by about 7 percent from the previous quarter, while consumer detections declined by nearly 40 percent, resulting in an overall dip in malware volume of 35 percent quarter over quarter. Compared to Q1 2018, business detections have skyrocketed 235 percent, with consumer detections dropping 24 percent year over year. This reinforces the observed trend of cybercriminals focusing more on business targets today.

Emotet shows no signs of stopping. Emotet, the most fearsome and dangerous threat to businesses today, has made a total shift away from consumers, reinforcing the intent of its creators to focus on enterprise targets, except for a few outlier spikes. Detections of Trojans (Emotet’s parent category) on business endpoints increased more than 200 percent from the previous quarter, and almost 650 percent from the same time last year.

Ransomware is back to business.

Ransomware has made a tremendous comeback against business targets in Q1 2019, with an increase of 195 percent in detections from Q4 2018 to Q1 2019. In comparison to the same time last year, business detections of ransomware have seen an uptick of over 500 percent, thanks in large part to a massive attack by the Troldesh ransomware against US organizations in early Q1.

Consumer detections of ransomware died down. Meanwhile, ransomware consumer detections have continued to drop, despite activity by families such as GandCrab, which primarily targeted consumers over the last quarter as it switched to a ransomware-asa-service and began brute-forcing RDP to infiltrate systems. Consumer detections of ransomware decreased by 10 percent quarter over quarter, and by 33 percent year over year.

Decrease Potential Data Breach, with Simple Security Control

Some senior management folks might find this strange, but you can significantly make your organization harder to breach. In fact, just a handful of defenses can do more to lower your cybersecurity risk than anything else. These include fighting social engineering and phishing better, patching the most likely to be attacked software far better, and requiring multi-factor authentication (MFA) for all logons.

Zero-day and information system protection

Because zero-day flaws usually refer to software that is widely in use, it’s generally considered good form if one experiences such an attack to share any available details with the rest of the world about how the attack appears to work — in much the same way you might hope a sick patient suffering from some unknown, highly infectious disease might nonetheless choose to help doctors diagnose how the infection could have been caught and spread. patch management is critical in protecting information technology systems.

Ransomware Breach and Criminals

The typical use case for ransomware is a shotgun approach type distribution campaign of dropping ransomware on people's machines, and then you charge them for getting their data or services back,” says Jeffery Walker, CISO at CyberSecOp. “Another use case is for covering tracks. These tools have the façade of ransomware: They would encrypt data, they would post a ransom note, and they would ask for money. They will even give you details on how to pay, but they're used to remove things from the endpoint while throwing off defenders into believing that the reason why that data was lost was because of a random hit by ransomware, but in some cases this is a cover up of a more bigger breach”

Vulnerabilities and Exploits

These are all vulnerabilities that could be exploited by cybercriminals bent on stealing personally identifiable information and protected health information – activity that could also play havoc disrupting healthcare delivery processes.

The study, based on network traffic data monitored by CyberSecOp over a six-month period, found the most prevalent method attackers use to hide command-and-control communications in healthcare networks was hidden HTTPS tunnels.

CyberSecOp compliance solutions deliver cost-effective data protection, data discovery, data classification and data loss prevention for data privacy and compliance.

How to Improve Data Security & Data Privacy

What are the biggest challenges currently facing data security and privacy? 

As organizations embark on digital transformation, there is a clear need for enterprise data privacy and protection. New data privacy laws and the growing enforcement of existing regulations challenge organizations. And most organizations face rapid data growth and proliferation across the enterprise. Organizations have more data, more use cases, and more locations than ever before

First what is data privacy?

Data privacy and data protection are very closely interconnected, so much so that users often think of them as synonymous. But the distinctions between data privacy vs. data protection are fundamental to understanding how one complements the other. Privacy concerns arise wherever personally identifiable information is collected, stored, or used.

Second what is data security?

Data security is about securing data against unauthorized access. Data privacy is about authorized access — who has it and who defines it. Another way to look at it is this: data protection is essentially a technical issue, whereas data privacy is a legal one.

Data encryption ensure only privilege users has access

Data encryption isn't just for the technical advanced; modern tools make it possible for anyone to encrypt emails and other information. "Encryption used to be the sole province of geeks and mathematicians, but a lot has changed in recent years. In particular, various publicly available tools have taken the rocket science out of encrypting (and decrypting) email and files. based on what your need are our firm can help you implement the right technologies to ensure data security.

Stronger Password and Multi-factor Authentication

Password and Multi-Factor are essential when protecting data and data privacy from unauthorized users, or attackers. unfortunately many user don’t understand the importance of passwords. So much so that the 20 most commonly used passwords not only contain highly insecure passwords like the word “password”, they also account for a whopping 10.3% of all passwords that are being used. CyberSecOp recommend creating passwords that contain a minimum of 8 characters. If your password protects something sensitive, like access to your bank account, then use a minimum of 12 characters. all password should contain at lease one upper and lower case, and a symbol. don’t use the same passwords for every site, you can use difference variations of the password making it easier to recall. Example: Chase Bank : Iwanttolive1o8chase% Facebook:Iw@nttoliv3fb.

Enable two-factor authentication.

On top of having good passwords, consider enabling two-factor authentication when you sign into your email, bank website or any other sensitive account. When using two-factor authentication, a code will be sent to your phone when you sign in. You then input the code to access your account. Hackers likely don’t have access to your phone, so this can be a great way to add a layer of password security and data security. It may feel like additional work, but the extra protection can go a long way.

All organization needs an Ethical Hacker team like CyberSecOp

An ethical hacker is one who mimics the actions of a malicious hacker so as to detect security risks in advance and thus prevent breaches and attacks.

Any organization or business can hire the services of an ethical hacker to test/monitor the organization’s defenses, perform IT health checks and penetration tests, to assess the security of the systems and to evaluate the overall security of the organization’s network. An ethical hacker can provide valuable help to an organization by detecting vulnerabilities in a system/network on time and thus prevent the exploitation of data (customer data, financial data and other sensitive data), which could happen as a result of cybercriminals exploiting the vulnerabilities.

Backup is an essential part of data security

Backups are most often overlooked, data protection and backing up your data is essential when you have a major security event such has ransomware. Basically, this creates a duplicate copy of your data so that if a device is lost, stolen, or compromised, you don't also lose your important information. It's best to create a backup on a different device, such as an external hard drive, so that you can easily recover your information when the original device becomes compromised. It is critical that once the backup has complete to physically disconnect the backup device for the system, if the backup drive stay connected and your system becomes affect by ransomware, your backup data could also be affected.

Data Security, Data Privacy & Compliance

CyberSecOp can provide guidance and assistance with addressing privacy and data security practices, as well as to ensure that the practices and program implemented are compliant with relevant laws and regulations. The EU and some US Federal agencies, including the Federal Trade Commission (FTC) and the National Institute of Standards and Technology (NIST), have been promulgating updated guidelines and recommendations for privacy and data security best practices in a variety of industries, including some of the newer Internet of Things and peer platform (sharing economy) marketplaces. Additionally, several industry groups have adopted self-regulatory programs and rules, including certification programs, to which a company can voluntarily abide.

In view of these guidelines and others, companies are further encouraged to establish internal policies and procedures to ensure compliance. Business policies may include a top-level information security and privacy policy, which expresses a commitment to data security and privacy from the top-level officers of a company, a risk management program, an acceptable use policy, access compartmentalization, communications monitoring, breach reporting, a document retention policy and outsourcing policies. Technical policies may include a variety of commitments to technical controls to ensure the protection of data, including encryption, passwords, authentication protocols, disaster recover, intrusion detection, physical security, patching and the like.

Ransomware Breach and Ransomware Prevention

Cyber-criminals have turned to ransomware as the latest go-to tool for attacking and extorting businesses using a wide range of variants such as Dharma, Wallet, WannaCry, Cryptowall, Samas, Locky, TeslaCrypt., RyUK and others. The outbreak of WannaCry was one of the largest and worst ransomware campaigns ever. Traditional signature-based antivirus and threat detection methods have proven to be woefully ineffective against such attacks. CyberSecOp use AI to help organization protect their data, and provide ransomware Incident response and remediation services.

HOW DO I RESPOND TO RANSOMWARE?

Implement your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove the ransomware threat to your systems and restore data and normal operations. In the meantime, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures.

Contact law enforcement immediately. We encourage you to contact a local FBI or USSS field office immediately to report a ransomware event and request assistance. Contact CyberSecOp Security Consulting Firm for ransomware incident response & digital forensic services.

There are serious risks to consider before paying the ransom. We do not encourage paying a ransom. We understand that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers. As you contemplate this choice, consider the following risks:

•       Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom

•       Some victims who paid the demand have reported being targeted again by cyber actors.

•       After paying the originally demanded ransom, some victims have been asked to pay more to get the promised decryption key.

•       Paying could inadvertently encourage this criminal business model.

Ransomware Incident Response from CyberSecOp, the firm that provide ransomware protection, and ransomware ransom payment.

WHAT IS RANSOMWARE?

Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid. After the initial infection, the ransomware attempts to spread to shared storage drives and other accessible systems. If the demands are not met, the system or encrypted data remains unavailable, or data may be deleted.  

HOW DO I PROTECT MY NETWORKS?

A commitment to cyber hygiene and best practices is critical to protecting your networks. Here are some questions you may want to ask of your organization to help prevent ransomware attacks: 

1.    Backups: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?

2.    Risk Analysis: Have we conducted a cybersecurity risk analysis of the organization? 

3.    Staff Training: Have we trained staff on cybersecurity best practices?

4.    Vulnerability Patching: Have we implemented appropriate patching of known system vulnerabilities?

5.    Application Whitelisting: Do we allow only approved programs to run on our networks?

6.    Incident Response: Do we have an incident response plan and have we exercised it? 

7.    Business Continuity: Are we able to sustain business operations without access to certain systems? For how long? Have we tested this?

8.    Penetration Testing: Have we attempted to hack into our own systems to test the security of our systems and our ability to defend against attacks?

Protecting Your Networks from Ransomware

Ransomware is the fastest growing malware threat, targeting users of all types—from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization.

Ransomware targets home users, businesses, and government networks and can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation. 

 Ransomware may direct a user to click on a link to pay a ransom; however, the link may be malicious and could lead to additional malware infections. Some ransomware variants display intimidating messages, such as: 

“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”

 “You only have 96 hours to submit the payment. If you do not send money within provided time, all your files will be permanently encrypted and no one will be able to recover them.”

Ransomware?

Ransomware is a form of malware that targets your critical data and systems for the purpose of extortion. Ransomware is frequently

delivered through spearphishing emails. After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving payment, the cyber actor will purportedly provide an avenue to the victim to regain access to the system or data. Recent iterations target enterprise end users, making awareness and training a critical preventive measure.

Protecting Your Networks

Educate Your Personnel

Attackers often enter the organization by tricking a user to disclose a password or click on a virus-laden email attachment.

 Remind employees to never click unsolicited links or open unsolicited attachments in emails. To improve workforce awareness, the internal security team may test the training of an organization’s workforce with simulated phishing emails.

You will need and experience security consulting firm to guide you remediate the ransomware.

Proactive Prevention is the Best Defense

Prevention is the most effective defense against ransomware and it is critical to take precautions for protection. Infections can be devastating to an individual or organization, and recovery may be a difficult process requiring the services of a reputable data recovery specialist.

 The U.S. Government (USG) recommends that users and administrators take the following preventive measures to protect their computer networks from falling victim to a ransomware infection:

Preventive Measures 

•      Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered. 

•      Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing. 

•      Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.

•      Configure firewalls to block access to known malicious IP addresses.

•      Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system. 

•      Set anti-virus and anti-malware programs to conduct regular scans automatically.

•      Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary. 

•      Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If a user only needs to read specific files, the user should not have write access to those files, directories, or shares. 

•      Disable macro scripts from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications. 

•      Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder. 

•      Consider disabling Remote Desktop protocol (RDP) if it is not being used.

•      Use application whitelisting, which only allows systems to execute programs known and permitted by security policy. 

•      Execute operating system environments or specific programs in a virtualized environment. 

•      Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.  Business Continuity Considerations 

•      Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working. 

•      Conduct an annual penetration test and vulnerability assessment. 

•      Secure your backups. Ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data. 

What to Do If Infected with Ransomware

Should preventive measures fail, the USG recommends that organizations consider taking the following steps upon an infection with ransomware: 

•      Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives. 

•      Isolate or power-off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage, and prevent worsening conditions.

•      Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.

•      Contact law enforcement immediately. We strongly encourage you to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and contact CyberSecOp to request assistance.

•      If available, collect and secure partial portions of the ransomed data that might exist.

•      If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.

•      Delete Registry values and files to stop the program from loading.

Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data

There are serious risks to consider before paying the ransom. CyberSecOp does not encourage paying a ransom to criminal actors. However, after systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers. Victims will want to evaluate the technical feasibility, timeliness, and cost of restarting systems from backup. Ransomware victims may also wish to consider the following factors:

•      Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom. 

•      Some victims who paid the demand were targeted again by cyber actors.

•      After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key. CyberSecOp can negotiate the ransom for you, we have a 60% t rate of reducing the ransom.

•      Paying could inadvertently encourage this criminal business model. 

Ransomware Variants

Ransomware is a growing criminal activity involving numerous variants. Since 2012 when police locker ransomware variants first emerged, ransomware variants have become more sophisticated and destructive. Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives, externally attached storage media devices, and cloud storage services that are mapped to infected computers. These variants are considered destructive because they encrypt users’ and organizations’ files, and render those files useless until a ransom is paid. 

 Recent federal investigations by the FBI reveal that ransomware authors continue to improve ransomware code by using anonymizing services like “Tor” for end-to-end communication to infected systems and Bitcoin virtual currency to collect ransom payments. Currently, the top five ransomware variants targeting U.S. companies and individuals are CryptoWall, CTBLocker, TeslaCrypt, MSIL/Samas, and Locky. New ransomware variants are continually emerging.  

CryptoWall

CryptoWall and its variants have been actively used to target U.S. victims since April 2014.

CryptoWall was the first ransomware variant that only accepted ransom payments in Bitcoin.

The ransom amounts associated with CryptoWall are typically between $200 and $10,000. Following the takedown of the CryptoLocker botnet, CryptoWall has become the most successful ransomware variant with victims all over the world. Between April 2014 and June 2015, IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million. CryptoWall is primarily spread via spam email but also infects victims through drive-by downloads and malvertising. 

CTB-Locker

CTB-Locker emerged in June 2014 and is one of the first ransomware variants to use Tor for its C2 infrastructure. CTB-Locker uses Tor exclusively for its C2 servers and only connects to the C2 after encrypting victims’ files. Additionally, unlike other ransomware variants that utilize the Tor network for some communication, the Tor components are embedded in the CTBLocker malware, making it more efficient and harder to detect. CTB-Locker is spread through drive-by downloads and spam emails.

TeslaCrypt

TeslaCrypt emerged in February 2015, initially targeting the video game community by encrypting gaming files. These files were targeted in addition to the files typically targeted by ransomware (documents, images, and database files). Once the data was encrypted, TeslaCrypt attempted to delete all Shadow Volume Copies and system restore points to prevent file recovery. TeslaCrypt was distributed through the Angler, Sweet Orange, and Nuclear exploit kits.

MSIL or Samas (SAMSAM)

MSIL or Samas (SAMSAM) was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities  that were running outdated versions of the JBoss content management application. SAMSAM exploits vulnerable Java-based Web servers. SAMSAM uses open-source tools to identify and compile a list of hosts reporting to the victim’s active directory. The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system. The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim.

Locky

In early 2016, a destructive ransomware variant, Locky, was observed infecting computers belonging to businesses globally, including those in the United States, New Zealand, Australia, Germany and the United Kingdom. Locky propagates through spam emails that include malicious Microsoft Office documents or compressed attachments (e.g., .rar, .zip) that were previously associated with banking Trojans such as Dridex and Pony. The malicious attachments contain macros or JavaScript files to download the Locky files. Recently, this ransomware has also been distributed using the Nuclear Exploit Kit.

Links to Other Types of Malware

Systems infected with ransomware are also often infected with other malware. In the case of

CryptoLocker, a user typically was infected by opening a malicious attachment from an email.

This malicious attachment contained Upatre, a downloader, which infected the user with GameOver Zeus. GameOver Zeus was a variant of the Zeus Trojan used to steal banking information and other types of data. After a system became infected with GameOver Zeus, Upatre would also download CryptoLocker. Finally, CryptoLocker encrypted files on the infected system and demanded a ransom payment

 The disruption operation against the GameOver Zeus botnet also affected CryptoLocker, demonstrating the close ties between ransomware and other types of malware. In June 2014,

an international law enforcement operation successfully weakened the infrastructure of both

GameOverZeus and CryptoLocker.

What is Computer Network Security and Cyber Security

They have different responsibilities, but both plays apart in securing your organization

Network security is concerned about maintaining peace and calm within the walls of the castle. It focuses on maintaining the fortifications, of course, but its primary purpose is to guard against problems from within. A person concerned with network security will be focusing on protecting a company's internal information by monitoring employee and network behavior in several ways. They are the shire reeve responsible for keeping peace in the land.

  • IDs and passwords - making certain they are effective and updated frequently

  • Firewalls - keeping outside threats at bay

  • Internet access - monitoring the sites employees visit on the company's computers

  • Encryption - making certain that company information is useless to anyone outside the company

  • Backups - scheduling regular backups of company information in case of a hardware malfunction or successful outside threat

  • Scans - conducting regular virus and malware scans to detect any outside infection

Cyber security is much more concerned with threats from outside the castle. Where network security is worried about what is going on within the castle walls, cyber security is watching who is trying to pass through the gate or breach the parapets. The two areas have a lot of overlap, but their areas of concern are quite different. The cyber security specialist is the crusading knight defending the kingdom. Cyber security focuses on the barbarians at the gate and how the castle connects to the world around it. 

  • Network protection - detecting and protecting against outside attempts to get into the network

  • Up-to-date information - staying informed on how attackers and hackers are improving their efforts

  • Intelligence - identifying the sources of outside attacks and protecting against them

  • Applications - monitoring the use of applications to avoid unintended breaches from within

What is Computer Security/Network Security

Computer security, or information technology security is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide. information technology consulting as a field of activity focuses on advising organizations on how best to use information technology in achieving their business objectives, computer security is. usually managed by a network engineer or a network consultant.

What is an Network Consultant

a network consultant might be a network architect, a system administrator, a security specialist, or a number of different things. These consultants are responsible for designing, setting up, maintaining, and securing computer networks. Computer network architects gather extensive knowledge of an organization’s business plan in order to design and build data communication networks that can help the organization achieve its goals. This data communication network includes local area networks (LANs), wide area networks (WANs), and intranets.

Network Engineer Responsibilities: Maintaining and administering computer networks and related computing environments including systems software, applications software, hardware, and configurations. ... Protecting data, software, and hardware by coordinating, planning and implementing network security measures

What is Cyber Security

Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks. In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems.

What is a cyber security consultant

A cyber security consultant performs a variety of roles within the cyber security field. They play both the attacker and the defender in computer systems, networks, and software programs. Seeing what weaknesses there are and figuring out how to strengthen systems to prevent hackers from exploiting vulnerabilities.

A security consultant is a catch-all cybersecurity expert. They assess cybersecurity risks, problems and solutions for different organizations and guide them in protecting and securing their physical capital and data, Earn a mid-level role as a security administrator, analyst, engineer or auditor.

Cyber Security Engineer Responsibilities: Planning, implementing, managing, monitoring and upgrading security measures for the protection of the organizations data, systems and networks. Troubleshooting security and network problems. Responding to all system and/or network security breaches.

Ransomware Attack: Threats, and Countermeasures

When you combine cryptography with malware, you get a very dangerous mix of problems. This is a type of computer virus that goes by another name, “ransomware”. This type of virus is part of a field of study called “cryptovirology”. Through the use of techniques called phishing, a threat actor sends the ransomware file to an unknowing victim. If the file is opened it will execute the virus payload, which is malicious code. The ransomware runs the code that encrypts user data on the infected computer or host. The data are user files like documents, spreadsheets, photos, multimedia files and even confidential records. The ransomware targets your personal computer files and applies an encryption algorithm like RSA which makes the file inaccessible. The only way to access them is if the user pays a ransom to the threat actor by following instructions which appear encoded into the encrypted files. Thus it is called ransomware, because a form of payment is demanded in order to fix the problem.

bad guys attack.png

Once they have all publicly available email addresses, the fun starts. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there. Now they can send all employees an email supposedly coming from Accounting, Human Resources, the CEO or perhaps the mail room, and social engineer your users to click on a link. almost 90 percent of attack are done via the internet, based on the new software model, and yes the bad guys are also moving to the cloud. Software is shifting away from locally-installed apps to Software as a Service web applications that run in the cloud. Criminals are cashing in on this trend, which has led to the creation of Ransomware as a Service (RaaS), a growing threat to business.

RaaS refers to various online malware exploits that bad actors can use to attack the IT assets of businesses and individuals. These attack programs are created by criminal entrepreneurs who sell their services to other criminals. The people who buy these programs then extort or blackmail their victims by holding computer systems to ransom.

How does Ransomware spread?

Ransomware is typically spread through phishing emails that contain malicious attachments. These emails appear to come from a legitimate source and give a compelling reason that the document is important. Malicious attachments are often PDF,  ZIP, DOC, XLS, PPT files that appear as invoices, legitimate business documents, or other work-related files.  In some cases, Ransonware may end up on your computer by visiting infected web sites. To avoid malicious drive-by downloads, ensure that antivirus and all installed software is up-to-date.

How to Mitigate the Risk of Ransomware Infections

These recommendations are not comprehensive but provide general best practices.

Securing Networks and Systems

  • Have an incident response plan that includes what to do during a ransomware event.

  • Backups are critical. Use a backup system that allows multiple iterations of the backups to be saved, in case a copy of the backups includes encrypted or infected files. Routinely test backups for data integrity and to ensure it is operational.

  • Use antivirus and anti-spam solutions. Enable regular system and network scans with antivirus programs enabled to automatically update signatures. Implement an anti-spam solution to stop phishing emails from reaching the network. Consider adding a warning banner to all emails from external sources that reminds users of the dangers of clicking on links and opening attachments.

  • Disable macros scripts. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full office suite applications.

  • Keep all systems patched, including all hardware, including mobile devices, operating systems, software, and applications, including cloud locations and content management systems (CMS), patched and up-to-date. Use a centralized patch management system if possible. Implement application white-listing and software restriction policies (SRP) to prevent the execution of programs in common ransomware locations, such as temporary folders.

  • Restrict Internet access. Use a proxy server for Internet access and consider ad-blocking software. Restrict access to common ransomware entry points, such as personal email accounts and social networking websites.

  • Apply the principles of least privilege and network segmentation. Categorize and separate data based on organizational value and where possible, implement virtual environments and the physical and logical separation of networks and data. Apply the principle of least privilege.

  • Vet and monitor third parties that have remote access to the organization’s network and/or your connections to third parties, to ensure they are diligent with cybersecurity best practices.

  • Participate in cybersecurity information sharing programs and organizations, such as MS-ISAC and InfraGard.

Securing the End User

  • Provide social engineering and phishing training to employees. Urge them not to open suspicious emails, not to click on links or open attachments contained in such emails, and to be cautious before visiting unknown websites.

  • Remind users to close their browser when not in use.

  • Have a reporting plan that ensures staff knows where and how to report suspicious activity.

Responding to a Compromise/Attack

  • Immediately disconnect the infected system from the network to prevent infection propagation.

  • Call CyberSecOp.com Ransomware Response Team: They provide remediation and bitcoin payment services.

  • Determine the affected data as some sensitive data, such as electronic protected health information (ePHI) may require additional reporting and/or mitigation measures.

  • Determine if a decryptor is available. Online resources such as No More Ransom! can help.

  • Restore files from regularly maintained backups.

  • Report the infection. It is highly recommended that SLTT government agencies report ransomware incidents to MS-ISAC. Other sectors and home users may report to infections to local Federal Bureau of Investigation (FBI) field offices or to the Internet Crime Complaint Center (IC3).

Ransomware Checker & Removal Tools

Why You Need a Cybersecurity Management Program

Many organization’s cybersecurity teams (or information security teams as they used to be known) continue to struggle to communicate cybersecurity issues to senior leadership. Likewise, senior management also struggles to effectively articulate cybersecurity strategy to technical cybersecurity personnel. It is as though two parts of the same organization speak foreign languages to one another, and each party has a very limited, or no, knowledge of the other party’s language. However, it does not have to be like this.

Why so many organizations struggle with Cyber Security

Failure to communicate issues is most often revealed in grassroots cybersecurity initiatives that have evolved into corporate cybersecurity programs. Typically, this resulted from an enterprise in startup mode implementing solutions to address specific technical challenges. Unfortunately, many organizations continue to employ a similar approach to secure much larger and more complex environments against threats that outmatch the capabilities of their original solutions. No longer simply a technical solution, cybersecurity management has become a business function in today’s industry. As a business function, a greater level of integration with other business units requires a greater level of transparency and performance reporting. The evolution of grassroots cybersecurity programs rarely results in the kind of mature cybersecurity solutions that are aligned with, and address business needs. And why should they? The initial programs were designed to solve technical challenges, such as preventing virus outbreak or infection, stopping cyber attackers from compromising or stealing valuable information. Such initial cybersecurity efforts were neither designed as business functions nor defined in business terms.

CyberSecOp Comprehensive Security Program - Going beyond compliance

Cyber Security Program Key Success Factors

The following key success factors are common to many successful cybersecurity programs. The programs:

  • Support and drive strong governance attitudes and actions

  • Are designed, developed, and implemented in a similar way to other business functions

  • Adopt a standard framework approach, usable for an extended period of many years with little or no changes to that framework

  • Are measureable in terms of their effectiveness

Organizations and executives that drive successful cybersecurity programs do so in the same manner as other successful business initiatives. Executives succeed at this not because of industry pressure, but because each aims to improve their organization. Having identified the opportunity, executives evaluate whether the initiative poses additional risks to their organizations and decide whether to accept this additional risk or not. After accepting such risk, executive sponsors continue to evaluate initiatives toward implementation. Even when initiatives are operational, executives still employ strong governance methods, including internal audit teams, to manage and monitor the effectiveness and efficiency of these initiatives. This business approach has become institutionalized across most enterprise units with the exception of IT and cybersecurity. Key stakeholders in IT and cybersecurity often claim that cybersecurity management programs are too technical, only internal facing, or too complex, to properly develop and implement using this approach.

The truth is if these same IT and cybersecurity groups adopted a common framework and designed their cybersecurity management programs based on said framework, cybersecurity management would truly become just a standard business function in their enterprises. Unfortunately, the cybersecurity world does not agree on a standard cybersecurity framework across all countries, industries, and states. Analysis of the commonalities and differences between these standard frameworks show that it is possible to create a universal cybersecurity management framework to address all countries, industries, and states. Such a framework is not firmly associated with any particular cybersecurity standard and can be adapted during implementation to address any specific security standard that organizations using it wishes to follow. This paper introduces a cybersecurity management framework where it is apparent that a successful approach is not too technical, addresses both internal and external concerns, and is not overly complex to implement, operationalize, and manage over the long term.

CyberSecOp Cyber Security Management - Aligning businesses with security

Cybersecurity Management Framework

The design of the CyberSecOP cybersecurity management framework (CMF) assumes cybersecurity management is a business function.

The framework, as a business function, is comprised of three discrete pillars with each subsequent layer unfolding increasing levels of specificity as follows:

The Executive Management (Strategy) Pillar directs Governance and Planning initiatives that drive the framework forward to operation.

The Executive Management Pillar requires people to identify why cybersecurity is needed, consider the business issues, and then define, document, and publish the direction the required cybersecurity program will adopt.

The Operations Pillar that defines what the cybersecurity program must address to comply with the requirements specified in the strategy, what supporting functions are needed, and what level of reporting/ governance monitoring should be provided. These needs are supported through the security intelligence, IT and Cybersecurity Assurance and IT Risk Management operations sub-pillars.

  • The Operations Pillar requires definitions of documented operational standards, processes, procedures, and other collateral that specify what operators should do and how they should do it.

    • The Tactical (Technology) Pillar defines how required cybersecurity controls mandated in the Operations and Executive Management pillars will be applied to the systems, networks and applications used by the organization and how evidence will be provided to management that the security controls implemented actually address the specific requirements and that they perform their job as expected.

    • The security controls in the Tactical pillar, whether requiring technology or not, are responsible for securing all aspects of an enterprise computing environment, continuously monitoring the environment for security events, collecting and analyzing captured events, and reporting defined security metrics, some of which are provided to the SLT.

Addressing Cybersecurity Challenges

Although addressing cybersecurity challenges with just three pillars is perfectly possible, adopting and using it in that way is difficult and potentially open to error or misinterpretation. To minimize these issues, these macro-level pillars must be divided into more manageable chunks. The CyberSecOp LocPar subdivides its three macro pillars into seven discrete focus areas:

  • Executive Management: Key decisions and accountability required to drive the program

  • IT Risk Management: Reducing risk exposure to the organization to a level acceptable to the SLT and Board of Directors.

  • Cybersecurity Intelligence: Required to provide the cybersecurity and IT teams with appropriate information to achieve and surpass IT Risk Management goals.

  • IT and Cybersecurity Assurance: Required to provide evidence to management and especially the SLT that their investments in cybersecurity are delivering the benefits they expected.

  • Secure Network: Required to support secure, on demand access to information to authorized personnel no matter where it is located within, or external to, the organization.

  • Secure Systems: Required to provide controlled access to applications, data and devices according to the identity of the requesting party. This focus area also includes how data is protected, whether at rest, or in transit.

  • Secure Applications: Required to control access to data and other networks, systems and applications according to the identity of the requesting party. For internally developed applications, requirements extend to how the application was designed, developed and managed throughout the whole development lifecycle.

Summary

Development, implementation, and maintenance of a cybersecurity management program for an organization is no small undertaking. However, the overall value that organizations achieve through development and implementation of such programs includes reduced instances of successful cyber attacks. Moreover, a cybersecurity management program provides organizations with a means to reduce a successful attack’s impact on the bottom line due to its programmatic predefined approach for identifying and responding to cybersecurity incidents. Read more about cybersecurity management programs and CyberSecOp Cybersecurity Services at https://www.cybersecop.com/

Addressing Cyber Threats and Enabling Security in your Enterprise

Cybersecurity threats from hacktivists, criminals, and hostile nation states are enough to keep government officials, businesses, and consumers up at night. These attacks are growing in sophistication and frequency and pose serious threats to our national and economic security.

Everyone impacted by these vicious and dangerous acts must work together to help prevent, protect against, and effectively respond to them.

What are the biggest cyber threats CISOs are worried about in 2019? In today's age of breaches, staying ahead of cyber threats is becoming more critical than ever. Dive into how organizations are addressing the threat of cyber attacks, how they are measuring risk, and what they are doing about improving security from some of the top experts in the field.

  1. Ransomware is still a large risk, affecting a large number of businesses

  2. Data Loss and Data Breach based on information available on dark web, proves that organization can’t protect customers data.

  3. Small business with no security program are at risk more than large organization.

  4. All industry need to have some type of cyber regulations based on secure standards such as NIST or ISO.

What can business do, to enable a stronger security posture in their enterprise

Businesses adopt standalone cyber insurance policies as boards and executives wake up to cyber liability. As boards and executives experience and witness the impact of cyber attacks, including reduced earnings, operational disruption, and claims brought against directors and officers, businesses will turn to tailored enterprise cyber insurance policies, rather than relying on “silent” components in other policies. Adoption will spread beyond traditional buyers of cyber insurance, such as retail, financial, and healthcare sectors, to others vulnerable to cyber-related business disruption, including manufacturing, transportation, utility, and oil and gas.

As the physical and cyber worlds collide, chief risk officers take center stage to manage cyber as an enterprise risk. As sophisticated cyber attacks generate real-world consequences that impact business operations at increasing scale, C-suites will wake up to the enterprise nature of cyber risk. In 2018, expect CROs to have a seat at the cyber table, working closely with chief information security officers (CISOs) to help organizations understand the holistic impact of cyber risk on the business.

Regulatory spotlight widens and becomes more complex, provoking calls for harmonization. EU holds global companies to account over General Data Protection Regulation (GDPR) violation; big data aggregators come under scrutiny in the U.S. In 2018, regulators at the international, national and local levels will more strictly enforce existing cybersecurity regulations and introduce new regulations. Expect to see EU regulators holding major U.S. and global companies to account for GDPR violations. Across the Atlantic, big data organizations (aggregators and resellers) will come under scrutiny on how they are collecting, using, and securing data. Industry organizations will push back on regulators, calling for alignment of cyber regulations.

Criminals look to attack businesses embracing the Internet of Things, in particular targeting small to mid-sized businesses providing services to global organizations. In 2018, global organizations will need to consider the increased complexities when it comes to how businesses are using the IoT in relation to third-party risk management. The report predicts large companies will be brought down by an attack on a small vendor or contractor that targets the IoT, using it as a way into their network. This will serve as a wake-up call for large organizations to update their third-party risk management, and for small and mid-sized businesses to implement better security measures or risk losing business.

As passwords continue to be hacked, and attackers circumvent physical biometrics, multi-factor authentication becomes more important than ever before. Beyond passwords, companies are implementing new methods of authentication – from facial recognition to fingerprints. However, these technologies are still vulnerable and as such, the report anticipates that a new wave of companies will embrace multi-factor authentication to combat the assault on passwords and attacks targeting biometrics. This will require individuals to present several pieces of evidence to an authentication instrument. With the new need for multi-factor authentication, and consumer demand for unobtrusive layers of security, expect to see the implementation of behavioral biometrics.

Criminals will target transactions that use reward points as currency, spurring mainstream adoption of bug bounty programs: Companies beyond the technology, government, automotive and financial services sectors will introduce bug bounty platforms into their security programs. As criminals target transactions that use points as currency, businesses with loyalty, gift and rewards programs –such as airlines, retailers, and hospitality providers– will be the next wave of companies implementing bug bounty programs. As more organizations adopt the programs, they will require support from external experts to avoid introducing new risks with improperly configured programs.

Ransomware attackers get targeted; crypto currencies help ransomware industry flourish. In 2018, ransomware criminals will evolve their tactics. The reports predicts that attackers utilizing forms of benign malware—such as software designed to cause DDoS attacks or launch display ads on thousands of systems— will launch huge outbreaks of ransomware. While attackers will continue to launch scatter-gun-style attacks to disrupt as many systems as possible, the report predicts an increase in instances of attacks targeting specific companies and demanding ransomware payments proportional to the value of the encrypted assets. Crypto currencies will continue to support the flourishing ransomware industry overall, despite law enforcement becoming more advanced in their ability to trace attacks, for example through bitcoin wallets.

Insider risks plague organizations as they underestimate their severe vulnerability and liability while major attacks fly under the radar. In 2017, businesses under invested in proactive insider risk mitigation strategies, and 2018 will be no different. According to the report, a continued lack of security training and technical controls, coupled with the changing dynamics of the modern workforce, the full extent of cyber attacks and incidents caused by insiders will not become fully public. Many companies will continue to reactively responding to incidents behind closed doors and remain unaware of the true cost and impact of insider risk on the organization.

What is Cybersecurity Risk Management

Cyber Risk Management is the next evolution in enterprise technology risk and security for organizations that increasingly rely on digital processes to run their business. Risk management is a concept that has been around as long as companies have had assets to protect. The simplest example may be insurance. Life, health, auto and other insurance are all designed to help a person protect against losses. Risk management also extends to physical devices, such doors and locks to protect homes and autos, vaults to protect money and precious jewels, and police, fire and security to protect against other physical risks.

What is cybersecurity risk management?

Rather than doors, locks and vaults, IT departments rely on a combination of strategies, technologies and user education to protect an enterprise against cybersecurity attacks that can compromise systems, steal data and other valuable company information, and damage an enterprise’s reputation. As the volume and severity of cyber attacks grow, the need for cybersecurity risk management grows with it.

Cybersecurity risk management takes the idea of real world risk management and applies it to the cyber world. It involves identifying your risks and vulnerabilities and applying administrative actions and comprehensive solutions to make sure your organization is adequately protected.

Setting up your risk management system

Before setting up a cybersecurity risk management system, the enterprise needs to determine what assets it needs to protect and place a priority on. As the National Institute of Standards and Technology (NIST) points out in its Framework for Improving Critical Infrastructure Cybersecurity, there is no one-size-fits all solution. Different organizations have different technology infrastructures and different potential risks. Some organizations such as financial services firms and healthcare organizations, have regulatory concerns in addition to business concerns that need to be addressed in a cybersecurity risk management system. Cybersecurity should follow a layered approach, with additional protections for the most important assets, such as corporate and customer data. Remember that reputational harm from a breach can do more damage than the breach itself.

Risk management with CyberSecOp

  • Identity Services

Identity services help companies manage the explosion of digital identities and access to critical resources, both internal and cloud-based. In this age of digital transformation, the spheres of the individual’s life―as a professional, consumer, and private citizen―are interlinked in a complex digital structure, like a piece of fabric. The growing ability to piece together a digital picture of a person’s life and identity carries both risk and opportunity.

Wherever an organization is on its journey, we can help them achieve efficiencies, reduce risk, and evolve to support the changing needs of the digital business. With 20 years of identity management experience across the major industries, we offer field-tested accelerators and methods that are scalable and adaptive to each client’s specific set of business requirements.

  • Data Protection
    Data Protection services help implement capabilities and technologies to protect sensitive data. As infrastructure and applications become more virtualized and adaptive, new cybersecurity gaps can be created as fast as old ones have been addressed, making the prevention of data breaches more difficult than ever. By prioritizing preventative and detective defenses around highly sensitive data, security teams can help reduce data loss and risk when attackers get past network, application, and infrastructure controls.

    Leveraging these principles and an understanding of each client’s risk profile, CyberSecOp helps organizations design, implement, and manage capabilities to help better protect sensitive information across the end-to-end data lifecycle, and at an organization’s last line of defense.

  • Application Security 
    In the era of digital transformation, application portfolios are becoming exponentially more diverse—and support a growing community of users. As the application “surface area” expands, so does cyber risk. Amid the change, one thing remains constant: applications are the lifeline of the business—and need to be a front line of cyber defense. It’s an important time for organizations to reexamine their approaches to application security.

    Improving application security requires technical attention to individual applications, but also a broad framework across the application portfolio—from custom-developed to commercial off-the-shelf (COTS) applications and whether managed on-premise, on a mobile platform, in the cloud, or in a hybrid environment. It also requires the flexibility to support varying and often coexisting system methodology processes from waterfall, to agile, to DevOps in order to address application-related cyber risk at the pace of the organization’s digital evolution.

    CyberSecOp’s application security services help organizations to design and implement security mechanisms across the system development methodology that can flex to your operational requirements to drive value through IT while also protecting your application portfolio against the changing cyber threat landscape.

  • Infrastructure Security
    Infrastructure Security services focus on developing advanced protection of core systems and devices. Today’s critical business drivers—the need to digitally transform, modernize the supply chain, enhance customer experience, increase agility, reduce costs, etc.—are driving a major shift in technology priorities. This shift includes increasing focus on cloud adoption, the Internet of Things (IoT), hybrid computing, software-defined networks (SDN), robotic process automation (RPA), blockchain, artificial intelligence, and more. The infrastructure supporting it has become highly virtualized and automated—and the traditional means of securing infrastructure fall short.

    CyberSecOp helps organizations move toward a modernized, risk-focused agile defense approach. While the basic infrastructure domains—physical facilities, networks, systems and storage, and endpoints—that need to be protected remain the same, the means to secure them must evolve. By providing assessment, strategy, architecture, implementation, and operational management assistance across the four infrastructure domains, we help clients face our brave new world with a transformed, agile defense capability.


Data Protection Solutions & Data Security

Protect and secure data and data privacy is critical since most companies hold clients/costumers sensitive data, and protect that data is not only critical to its clients/costumes. Data protection is also critical for companies intellectual properties and reputation.

Data Protection Services

As more organizations move to hybrid or multi-cloud IT strategy, managing data protection services has become increasingly more complex. Various systems, technologies and environments require different tools for data protection management, and many IT teams find they must use a variety of tools to perform backup operations. In addition to greater inefficiency and rising costs, this intensive focus on data protection services diverts IT teams from higher value tasks and other strategic priorities.

Data Protection Simplified by CyberSecOp LocVault services

To simplify data protection services, CyberSecOp offers a Managed Data Protection solution that can protect digital assets across all your environments. Powered by Locvault's best-in-class data backup and recovery software, CyberSecOps Managed Data protection services help simplify data protection by enabling IT teams to use a single tool for backup and restore processes.

Efficiently Protect, Manage and Recover Your Data

  • Protect, manage and access the information you need with a heterogeneous data protection solution

  • A single interface manages data at a fraction of the time, effort and cost required by separate point products

  • Simplify data management in complex networked storage environments with a consistent way to locate and manage data and applications

    With Privacy and Data Protection, CyberSecOp LocVault will help you protect your sensitive business data and help you meet compliance requirements related to data storage and protection.

    We’ll also help you assess your risk, create custom policies to encrypt and restrict access to sensitive data, and report on data access — helping to ensure that your important data remains protected. Speak with an expert

Are Users Your Weakest Link - To Your Cybersecurity Posture

Humans remain the weak link in corporate data protection

Humans remain the weak link in corporate data protection, but you might be surprised that it isn't only rank-and-file employees duped by phishing scams who pose risks. Some companies are lulled into a false sense of cybersecurity by vendors. You read that right, Some enterprises believe the shiny new technologies they've acquired will protect them from anything.

As we continue to build defense in depth and deploy security appliances utilizing AI and other emerging technologies, attackers will continue to pivot to the perennial weak spot: the users. Recently I hosted the Social Engineering Capture The Flag competition at Hackfest in Quebec, and similar to last year, the results were sobering. Every single targeted company had employees that gave detailed information over the phone on their OS and service pack level, and 88 percent gave detailed information on the browser they were using. Three quarters went to a URL that they were given over the phone. The information that the companies bled was disheartening but not shocking. Until we train employees to trust their instincts and tell them it's okay to say no to a customer, things won't change. In the current environment where companies ask their customers to leave a positive review online, employees increasingly feel less empowered to terminate a call they feel is suspicious. Your friendly neighborhood hacker is happy to exploit this weakness.

Billions being send on security tools

The threat of cyber crime has created a significant increase in interest on the topic of cyber security, with organizations spending billions of dollars to protect themselves against a fast evolving array of current and potential future threats. Many spend heavily on monitoring, surveillance and software; however, they often neglect the risk exposure created by their own people – and, in this digital age, by their customers.

Businesses are losing the fight, pay ransom, or lose their lively hood

Businesses are forced to make exceedingly difficult decisions. On one hand, it feels wrong to negotiate with the cybercriminals and give them what they want. On the other hand, the looming financial hit and business interruption is typically far more detrimental than the payoff amount. If business owners don’t engage with the ransomers, they face the prospect that they, and their employees, may lose their livelihood. I see ransomware as a continuing cyber threat in 2019 and beyond. It’s up to business owners to implement the best security practices and ensure that their employees are properly trained to identify and avoid potential threats.

Choosing A Managed Detection & Response Provider

Why Managed Detection & Response Provider may be the right move

Companies outsourcing security need Managed Detection & Response providers (MDR) more than ever to improve cyber resilience. With the security landscape growing more complex, and the costs of maintaining adequate in-house security teams high, it makes sense for many companies to outsource the tasks of threat hunting and response to ensure that they can promptly identify potential threats and react swiftly to mitigate damages. Managed Detection & Response providers often integrate tools such as Endpoint Detection & Response and other solutions to detect threats, analyze risk, and correlate threat data to pinpoint patterns that could indicate a larger attack.

How to choose the right Manged Detection & Response Provider

Smart moves: you’re making them. How do we know? For one, you’re investigating ways to close the gaps in your threat detection and incident response. Which makes sense, given that assembling the talent and tech to thoroughly thwart attackers requires more than most organizations can commit to. Even smarter, you’re checking out Managed Detection and Response (MDR) Services, an increasingly popular solution which combines expertise and tools to provide monitoring and alerting, as well as remote incident investigation and response that can help you detect and remediate threats.

9 things to look our for when choosing a Managed Detection & Response Provider

  1. Your Managed Detection & Response Provider should combine numerous data inputs from security detection tools, threat intel feeds, third party data sources, and the IT asset database to identify not only where there is a threat but its risk compared to others in the queue.

  2. Assess your company's present and future technology needs and initiatives. Qualify, quantify and communicate those needs throughout your company. Is the Managed Detection & Response Provider able to address your range of needs?

  3. Technology strategies should encompass people and processes as part of the organization's mission and strategies. Do they offer ongoing employee training as part of their service?

  4. Does the Managed Detection & Response Provider continuously assess your organization's performance for meeting objectives? You want a partner that focuses on continuous evaluation and improvement of your objectives.

  5. Review your company's goals and mission. Ensure they are clear and concise and can be communicated to all organizational stakeholders as well as your new IT partner.

  6. Perform annual policy and process reviews to assess organization's readiness for external reviews and incident response.

  7. Identify and create teams within your organization to define current challenges and align initiatives to those challenges.

  8. Through playbooks and pre-defined workflows, you can quickly assess and begin to remediate security incidents based on best practices. Ask a Managed Detection & Response Provider if they include such materials as part of their package.

  9. CIOs/CISOs should have unprecedented transparency to all aspects of the security environment. Through dashboards and visualization techniques, CIOs/CISOs will be more easily able to communicate with Managed Detection & Response Providers which vulnerabilities and threats exist and the risks of inaction.


Information Security Regulatory Compliance & Services

What is Compliance

Compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations.

Business and Compliance

When it comes to a business and corporate management, compliance refers to the company obeying all of the legal laws and regulations in regards to how they manage the business, their staff, and their treatment towards their consumers. The concept of compliance is to make sure that corporations act responsibly.

The pressure to comply with constantly changing regulatory, third-party, and internal guidelines can be overwhelming. Being unprepared to manage risks yet meet mandates can lead to economic consequences and legal liabilities. Both can contribute to a significant financial impact and hurt to your reputation, which could prove even more damaging. You may be exposed to threats you’re not yet familiar with that could be putting your company’s reputation at risk—and even jeopardizing its future.Many major companies within the United States are subject to some type of security regulation.

Complying to regulatory compliance

Regulations that contain information security requirements are intended to improve the information security level of organizations within that industry and many organizations would welcome such information. The difficulty comes in determining which regulations apply and in interpreting the requirements of the regulation. The regulations are not written in a way that is easily understood by the average business person so many times a security professional is needed to understand the requirements and how to best implement them. Professionals have experience implementing systems, policies, and procedures to satisfy the requirements of the regulation and enhance the security of your organization and some have obtained credentials such as (CyberSecOp Information Security Practitioner) that signify their understanding of the regulations. Often the requirements are given in general terms leaving the company to determine how to best satisfy the requirements.

For those organizations without a robust security department, we provide a Virtual CISO offering with expertise in the following:

  • ISO 27001/27002

  • NIST & NIST Cybersecurity

  • GDPR

  • CCPA

  • FedRamp

  • NY DFS Requirements 23 NYCRR 500

  • FFIEC Handbook

  • FERPA

  • HIPAA/HITECH

  • Hi-Trust

  • PCI-DSS

Phishing Attack Prevention: What is Phishing?

What is Phishing?

Phishing is the practice of sending fraudulent communications that appear to come from a reputable source. It is usually done through email. The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine. Phishing is a common type of cyber attack that everyone should learn about in order to protect themselves.

Phishing Attack Prevention:

Why are so many companies vulnerable to phishing? not having the right tools in place and failing to train employees on the role they play in information security.

Employees possess credentials and overall knowledge that is critical to the success of a breach of the company's security. One of the ways in which an intruder obtains this protected information is via phishing. The purpose of phishing is to collect sensitive information with the intention of using that information to gain access to otherwise protected data, networks, etc. A phisher's success is contingent upon establishing trust with its victims. We live in a digital age, and gathering information has become much easier as we are well beyond the dumpster diving days.

How do I protect against phishing attacks?

User education

One way to protect your organization from phishing is user education. Education should involve all employees. High-level executives are often a target. Teach them how to recognize a phishing email and what to do when they receive one. Simulation exercises are also key for assessing how your employees react to a staged phishing attack.

Security technology

No single cybersecurity technology can prevent phishing attacks. Instead, organizations must take a layered approach to reduce the number of attacks and lessen their impact when they do occur. Network security technologies that should be implemented include email and web security, malware protection, user behavior monitoring, and access control.

How does phishing work?

Phishing starts with a fraudulent email or other communication that is designed to lure a victim. The message is made to look as though it comes from a trusted sender. If it fools the victim, he or she is coaxed into providing confidential information, often on a scam website. Sometimes malware is also downloaded onto the target’s computer.

What are the dangers of phishing attacks?

Sometimes attackers are satisfied with getting a victim’s credit card information or other personal data for financial gain. Other times, phishing emails are sent to obtain employee login information or other details for use in an advanced attack against a specific company. Cybercrime attacks such as advanced persistent threats (APTs) and ransomware often start with phishing.

Types of Phishing

Deceptive Phishing. The term "phishing" originally referred to account theft using instant messaging but the most common broadcast method today is a deceptive email message. Messages about the need to verify account information, system failure requiring users to re-enter their information, fictitious account charges, undesirable account changes, new free services requiring quick action, and many other scams are broadcast to a wide group of recipients with the hope that the unwary will respond by clicking a link to or signing onto a bogus site where their confidential information can be collected.

Malware-Based Phishing refers to scams that involve running malicious software on users' PCs. Malware can be introduced as an email attachment, as a downloadable file from a web site, or by exploiting known security vulnerabilities--a particular issue for small and medium businesses (SMBs) who are not always able to keep their software applications up to date.

Keyloggers and Screenloggers are particular varieties of malware that track keyboard input and send relevant information to the hacker via the Internet. They can embed themselves into users' browsers as small utility programs known as helper objects that run automatically when the browser is started as well as into system files as device drivers or screen monitors.

Session Hijacking describes an attack where users' activities are monitored until they sign in to a target account or transaction and establish their bona fide credentials. At that point the malicious software takes over and can undertake unauthorized actions, such as transferring funds, without the user's knowledge.

Web Trojans pop up invisibly when users are attempting to log in. They collect the user's credentials locally and transmit them to the phisher.

Hosts File Poisoning. When a user types a URL to visit a website it must first be translated into an IP address before it's transmitted over the Internet. The majority of SMB users' PCs running a Microsoft Windows operating system first look up these "host names" in their "hosts" file before undertaking a Domain Name System (DNS) lookup. By "poisoning" the hosts file, hackers have a bogus address transmitted,taking the user unwittingly to a fake "look alike" website where their information can be stolen.

System Reconfiguration Attacks modify settings on a user's PC for malicious purposes. For example: URLs in a favorites file might be modified to direct users to look alike websites. For example: a bank website URL may be changed from "bankofabc.com" to "bancofabc.com".

Data Theft. Unsecured PCs often contain subsets of sensitive information stored elsewhere on secured servers. Certainly PCs are used to access such servers and can be more easily compromised. Data theft is a widely used approach to business espionage. By stealing confidential communications, design documents, legal opinions, employee related records, etc., thieves profit from selling to those who may want to embarrass or cause economic damage or to competitors.

DNS-Based Phishing ("Pharming"). Pharming is the term given to hosts file modification or Domain Name System (DNS)-based phishing. With a pharming scheme, hackers tamper with a company's hosts files or domain name system so that requests for URLs or name service return a bogus address and subsequent communications are directed to a fake site. The result: users are unaware that the website where they are entering confidential information is controlled by hackers and is probably not even in the same country as the legitimate website.

Content-Injection Phishing describes the situation where hackers replace part of the content of a legitimate site with false content designed to mislead or misdirect the user into giving up their confidential information to the hacker. For example, hackers may insert malicious code to log user's credentials or an overlay which can secretly collect information and deliver it to the hacker's phishing server.

Man-in-the-Middle Phishing is harder to detect than many other forms of phishing. In these attacks hackers position themselves between the user and the legitimate website or system. They record the information being entered but continue to pass it on so that users' transactions are not affected. Later they can sell or use the information or credentials collected when the user is not active on the system.

Search Engine Phishing occurs when phishers create websites with attractive (often too attractive) sounding offers and have them indexed legitimately with search engines. Users find the sites in the normal course of searching for products or services and are fooled into giving up their information. For example, scammers have set up false banking sites offering lower credit costs or better interest rates than other banks. Victims who use these sites to save or make more from interest charges are encouraged to transfer existing accounts and deceived into giving up their details.

CEOs and Cyber Security: are they the road block?

CEOs and cybersecurity: are they the road block?

Senior executives may be the weakest link in the corporate cyber security chain and are a primary target of hackers, fraud and phishing scams, says report. it also should be know that the are the road block to approve budget for information security, and most often security takes back sit to profit.

Report by many source and research done by many firm identity senior executive has the road block to good security within their firms, Many CEOs think they are immune to hackers, at least that’s what a new report According to the report, these findings are ironic given that CEOs are the ideal victim.

Senior Executive Are You the Weakest Link?

According to the report, Are You the Weakest Link? How Senior Executives Can Avoid Breaking the Cybersecurity Chain, many senior executives ignore the threat from hackers and cyber criminals and often feel that security policies in their respective organisations do not apply to their unique position.

In reality, their often privileged access to company information makes their personal accounts extremely valuable to exploit and heightens the need for extra care.

Professional hackers and adversaries will usually do a thorough investigation into a senior executive or board level director, including full analysis which could entail in-depth monitoring of the company website and associated social media accounts (including employees and their extended networks).

It appears that many CEOs commonly view cyber security as a responsibility for the IT department only. In reality, IT security has now become a remit for all individuals.

“All employees — especially those at the top of the corporate ladder — need to realise that cybercriminals use social engineering, email phishing and malware to access personal accounts, and C-level staff especially need to avoid becoming the weakest link in the cybersecurity chain by adhering to regularly updated, company-wide security policies regarding data sharing and backup,”

“Reviewing corporate policies, with a focus on people, premises, processes, systems and suppliers will provide valuable insights into which areas to improve, and by championing a ‘security first’ corporate culture, organisations and their senior executives will be well positioned to avoid the high financial costs, reputation damage and unexpected downtime that could result from a cyberattack or data breach.”

Cloud Security - Cloud Cyber Security

Cloud Security - Cloud Cyber Security

Of the large amount of data that has been moved to the cloud, a huge segment of it has been compromised. The compromised data includes election data, financial information like bank cards, health data, etc. Maintaining integrity and security continues to be a significant challenge for cloud platforms. [3]

In an attempt to provide extra security for cloud data, many cloud service providers (CSPs), have launched extensive cloud security technologies. Google has announced ‘shielded VMs’ to prevent hostile attacks. Even with these security technologies in place, however, users still have a large role to play in keeping their data safe.

In many cases, IT teams have recognized the lack of control when data is placed in the cloud. This lack of control is a symptom of the absence of an overarching security strategy. The challenge presents itself when an organization transfers data to the CSPs without maintaining any additional backup, as this could result In the loss of data at times. Stressing on the importance to maintain an additional backup of data. [3]

Another common challenge with the cloud is the unclear point-to-point access. Access permissions are complicated when an organization’s data is placed on a third-party cloud server. Planning and strategizing the access controls around crucial data is as important as defining the access points and control measures. Security in the cloud is different from on-premises security, making it complex due to the various rules implemented and security issues faced, such as failure to encrypt data. Access to the cloud server should be defined on a point-to-point basis. That means that access to data should be restricted based on the requirement of every individual, whether management or staff, should be clearly defined. A flow chart explaining the access points should be shared with the CSP to bring them on equal understanding to avoid conflicts.

Securing Your Data on the Cloud

The main objective of cloud security is to keep data secure, sharing the responsibility between the provider and the client. Here are some good practices that can be implemented to leverage the benefits of cloud services.

a) Encryption of Data

End-to-end encryption of data in transit

For high-security processes, where the data is highly confidential, all interactions with servers should happen over a secure socket layer (SSL) transmission. To ensure the end-to-end encryption of data, the SSL should terminate within the CSP’s network. Comprehensive encryption, when performed at the file level, makes cloud security stronger. All data should be encrypted before being uploaded to the cloud.

Encryption of data when at rest

Even when data is at rest, encryption should be enabled. This helps in complying with regulatory requirements, privacy policies, and contractual obligations related to confidential data. Before registering with your CSP, security policies should be verified with an auditor. AES-256 is used for encrypting data in the cloud and the keys should be encrypted with master keys in the rotation. Field-level encryption will also help keep the data secure.

b) Robust and Continuous Vulnerability Testing and Incident Response

A good CSP contract includes regular vulnerability assessment and incident response tools that extend to devices and networks. The solutions given by incidence response tools might enable automated security assessments to test system weaknesses. CSPs should be able to perform scans on demand.

c) End-user Device Security

Securing cloud-connected end-user devices is an often-overlooked component of a well-rounded security program. When utilizing infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) models, deploying firewall solutions in your end devices to protect the network perimeter is very important.

d) A Private Cloud and Network are Best

Opting for a cloud environment which is private and where you can have complete control over access to your data is the preferred method as opposed to using a multi-tenant instance. Also, opt for cloud storage or software-as-a-service (SaaS) which belongs to only you and is not shared with others. These personal clouds are called virtual private clouds (VPC) and all traffic to and from these VPCs can be routed to the corporate data center. This can be done through an internet protocol security (IPsec) hardware VPN connection.

e) Compliance Certifications

The two most important certifications that you should consider are SOC 2 Type II and PCI DSS.

SOC 2 Type II is a type of regulatory report that defines the internal controls of how a company should safeguard its customer data and operation controls. SOC2 deals with regulatory compliance, internal risk management processes, and vendor management programs. It confirms that a cloud service has robust management as it is specifically designed to ensure higher standards of data security.

PCI DSS – PCI DSS stands for Payment Card Industry Data Security Standard and is important to organizations that deal with credit card transactions. Meeting this standard helps keep cardholder data safe from fraud. It ensures that sensitive data stored in a cloud is processed and transmitted in a secure manner. It impacts security policies, procedures, software design, network architecture, and various protective measures.

Leading public cloud providers like Microsoft and Amazon offer proprietary credential management tools to provide legitimate access and keep intruders away from sensitive data. Having sophisticated tools can help ensure the security of your data in the cloud.

Defense is a matter of strict design principles and security policies scattered over various departments. By implementing the above key guidelines as part of your cloud strategy, you are on your way to securing your data in the cloud.

Ethical Hacker for Secure Cloud Storage

An ethical hacker is a skilled trained professional who knows how to locate the vulnerabilities in target systems, including cloud storage platforms and networks. The term ‘ethical’ differentiates a black-hat hacker from a white-hat hacker.

Cybercrime To Cost Businesses $5.2 Trillion - Cyber Security Is Very Important

Cybercrime To Cost Businesses $5.2 Trillion - Cyber Security Very Important

Global companies could incur $5.2 trillion in cybercrime costs and lost revenue associated with cyberattacks over the next five years, according to a survey of more than 1,700 business leaders conducted by Accenture.

  • 80 percent of business leaders said protecting their companies from third-party security weaknesses is becoming “increasingly difficult.”

  • 79 percent noted digital economy advancement “will be severely hindered” unless dramatic Internet security improvements take place.

  • 76 percent indicated that consumers cannot trust the safety of their online identities due to the fact that too much of their personal data is already available without restrictions.

  • 75 percent said addressing cybersecurity challenges will require an organized group effort.

  • 56 percent want stricter Internet security regulations imposed by a central organization or governing body.

Today’s business leaders often understand cyber threats and are increasing their cyber security investments accordingly, Accenture said. However, business leaders also must collaborate with executives, government leaders and regulators to develop principle-based standards and policies to safeguard the Internet.

How Can Business Leaders Address Internet Security Threats?

Accenture offered the following recommendations to help business leaders keep pace with evolving Internet security threats:

  • Create an Industry-Wide Internet Code of Security: Business leaders can promote the development and implementation of ethical codes of conduct for software professionals across their respective industries.

  • Encourage Consumers to Take Control of Their Digital Identities: Business leaders can teach consumers about Internet security and offer tools and resources to help them secure their digital identities.

  • Be Transparent About Cyberattacks: Business leaders can acknowledge cyberattacks and share details about these incidents with consumers and other key stakeholders.

  • Embed Security into a Business Architecture: Business leaders can make security a part of all aspects of a company, including its business model and leadership structure.

  • Make All Lines of Business Accountable: Business leaders can offer incentives to business-line managers who prioritize cyber security in their day-to-day activities.

Business leaders frequently deploy security strategies that address past cyber threats, CyberSecOp indicated. Yet business leaders who frequently evaluate the cybersecurity landscape are better equipped than ever before to protect their companies against cyberattacks both now and in the future.

INSC Cyber Security acquire CyberSecOp Strategic Security firm

INSC Cyber Security acquired CyberSecOp Strategic Security firm

INSC Cyber Security acquired CyberSecOp Strategic Security firm to boost it’s cyber security services across the world, CyberSecOp company provide services including technical, risk, governance, and compliance solutions.

"This acquisition will strengthen INSC cybersecurity capabilities as CyberSecOp will be the global cybersecurity arm of INSC. integrate CyberSecOp's advisory services into INSC's security offerings across the US and worldwide.

CyberSecOp's software-as-a-service platform Security Conform provides access to information security management systems, policies, standards, and templates for subscribers.

"Protecting businesses from data breaches, disruption of operations, and loss of IP and economic assets has become a key objective for C-suite and board-level executives," INSC CEO and CyberSecOp Cyber Security CEO Vinny La Rocca said.

"Additionally, US business leaders already leveraging CyberSecOp as a preferred security advisor now have direct access to the complete CyberSecOp portfolio of security solutions, managed security services, and advanced education programs."

The CyberSecOp staffers provide the business with cyber security expertise while they work on developing solutions and providing training and guidance "to help bridge US cyberskills shortage" for seven years.

INSC business had added cybersecurity prevention, detection, and monitoring capabilities to government and enterprise managed security services portfolio in September 2016.

CyberSecOp will be providing security services to enterprise and government agency. To ensure national and worldwide cyber security.

CCPA Data Privacy - California Consumer Privacy Act (CCPA)

CCPA Data Privacy

The California Consumer Privacy Act of 2018 (CCPA) into effect. This new consumer privacy law comes post Europe’s General Data Protection Regulation (GDPR) and, for some, is seen as a smaller version – without the option to opt-out of data collection all-together that the GDPR has.

CCPA is a consumer privacy law that will be coming into effect on January 1, 2020. The bill – which is aggressive for American privacy policy standards – will put guidelines on personal information collection and post-data-acquisition data usage by businesses.

Come 2020, the California Consumer Privacy Act (“CCPA”) may significantly impact businesses’ data practices, with new and burdensome compliance obligations such as “sale” opt-out requirements and, in certain circumstances, restrictions on tiered pricing and service levels. The breadth of personal information covered by the CCPA, going beyond what is typically covered by U.S. privacy laws, will complicate compliance and business operations.

Who need to comply with CCPA

Companies, especially those outside of California, may wonder whether they are subject to the CCPA. CCPA applies to for-profit entities that (1) have greater than $25 million in gross annual revenues; (2) annually handle personal information of 50,000 or more consumers, households, or devices; or (3) derive 50% or more of annual revenue from selling personal information. These criteria will result in a wide swath of businesses being subject to the CCPA. For example, a website might only need 137 unique visitors from California per day to reach the threshold of 50,000 consumers. That website’s collection of data through cookies may be captured by the CCPA’s broad definition of personal information. And given the third criterion focused on revenue percentage, even very small businesses that regularly exchange data, for example in the online ecosystem, might be captured if their activities are deemed to be a “sale” under the CCPA.

CCPA PRIVACY OVERSIGHT

The CCPA will impose substantial compliance obligations on all businesses that handle personal information of California consumers. Such obligations may pose particular challenges for the ever increasing array of businesses that leverage consumer data for analytics, profiling, advertising, and other monetization activities, particularly as the compliance requirements are not easily gleaned from the statutory language. Addressing these challenges will require creative, thoughtful approaches and may potentially involve industry-wide coordination to develop and advance practical solutions.

CyberSecOp CCPA privacy consultants incorporates your CCPA compliance requirements, powered by a unique combination of deep privacy expertise developed over two decades, proven methodologies refined through tens of thousands of engagements, and powerful technology operating at scale for 20 years.

WHAT DO SECURITY CONSULTANTS DO?

WHAT DO SECURITY CONSULTANTS DO?

Security consults deal with various threats to physical and computer security. Security threats come in many forms such as computer hackers, terrorists, and attacks on physical assets. There are specializations for security consultants of building security, natural and man-made disaster prevention, or with computer security issues.

Some of the roles security consultants may do for companies or private individuals are installing physical protections of video surveillance and alarm systems. Physical security risks are issues for many companies and security consultants may determine physical security risks such as threats of violence in the workplace, the stability of a building during tornadoes, earthquakes, fires, or other natural disasters, and development of evacuation plans for personnel during emergencies. Security consultants also may advise on building maintenance issues.

What services does a security consultants provide?

Security consultants can also help to incorporate security changes at all levels of the company. Based upon the security audit that’s conducted, a security consultant, if allowed to, can implement various new security measures and procedures throughout the company, which can include security related to:

  • Analyzing areas that are currently exposed and if they have had their security compromised in the past;

  • Performing a gap analysis in order to determine if any areas of a company’s current security does not meet accepted industry standards;

  • Gauging the work environment through performing interviews with important personnel and company employees;

  • Providing a list of recommendations based upon found security vulnerabilities, which includes security measures that should be incorporated.

  • Policies and procedures;

  • Electronic surveillance and alarm systems;

  • Security personnel.

A security consultant will work closely with management for the purposes of transparent communication and to make sure that any security changes that are implemented are done so within the allotted budget. The degree to which a security consultant can incorporate security changes depends largely upon this, in addition to the management’s instructions.

CyberSecOp Security Services has been providing expert security consulting services for decades. Make sure to contact us today to ask about our advanced security consulting services, which will be personalized to your company’s particular needs.