North Carolina, the First State to Ban Ransom Payments

/in /by

Al Capone had it right. He once said, “Prohibition has made nothing but trouble.” One hundred years on, we will see if he was right. It never stopped the rum runners—will it stop the cybercriminals?

Earlier this year, North Carolina became the first state to prohibit government agencies from paying ransoms in the wake of a cyberattack. As part of the latest 2021-2022 budget appropriations, North Carolina bars communications with adversaries and funds transfers.  The law applies to agency, department, institution, board, commission, committee, division, bureau, officer, official, or other entity of the executive, judicial, or legislative branches of State government and other entities for which the state has oversight responsibility.

While the law applies to institutions like the University of North Carolina, it does not apply to private sector businesses. Other states are pursuing similar legislation, with New York pushing legislation to ban ransom payments across both public agencies and private businesses and Pennsylvania’s Senate approving a bill to ban the use of taxpayer funds to pay ransoms.

Congress is also considering a bill (by a representative from North Carolina) to make it illegal for financial firms to pay ransoms over $100,000 without prior government approval. This move is contrary to FBI advice to not ban payments which could result in companies facing alternate extortion tactics or hiding payments from authorities. Of course, the FBI does not officially support the paying of ransoms in response to cyberattacks.

Before considering the merit and efficacy of ransom payment prohibition, it is important to mention that US Treasury published an advisory warning of risks facilitating or paying ransoms to recipients on the Office of Foreign Assets Control (OFAC) sanctions list. I cannot complete this point without noting that the Internal Revenue Service (the largest bureau in the Treasury department) allows ransom payments (partner of a larger list of theft acts) as a tax deduction. (Play canned laugh track here.)

Should ransom payments be made illegal? Well, by their very nature, they are illegal. The question is should payment by victims be banned, prohibited, or governed?

Pro-ban advocates argue that ransoms are, after all, illegal, and banning payments would break the economic supply-demand engine that makes ransomware so profitable. This tough-love approach might cause short-term pain to unprepared victims who cannot recover without purchasing decryption keys.

Pro-pay (or choice) advocates argue that banning payments will not discourage ransomware gangs and will only leave victims helpless in the wake of costly operational disruptions. In fact, they often invoke scenarios in which hospitals and clinics are disrupted for weeks and months, patient care suffers and causes medical chaos, and payment prohibition costs lives and not just money. Their approach is the lesser-of-two-evils ethos.

Here is an insightful article on the debate.

Beyond the philosophical or political charge, it remains to see if ransomware bans will have the desired effect of diminishing ransomware attacks. Ransomware attacks continued to increase after Treasury’s saber-rattling about OFAC sanctions. It doesn’t seem the courts are clogged with cases filed against companies that paid ransoms to parties they could not verify as OFAC sanctions. That said, anecdotally, a cottage industry is popping up to conduct OFAC checks, and insurance companies will refuse coverage if payments violate Treasury regulations.

The other question is whether paying the ransom improves the outcome for the victim organization and its operations. Indicators suggest paying ransoms is simply adding insult to injury. One study that surveyed 5,000 companies found that the cost of a ransomware attack doubled for companies that paid the ransom. That same report also noted that 92 percent of ransom payers never recovered the entirety of their data and systems.

I am often asked how best a firm can avoid paying a ransom. And my answer is always this: the best way is to avoid being hit by a ransomware attack. Awareness, training, preparation, and rapid detection can stop ransomware attacks before they disrupt your business. The second-best way is a rapid response based on well-tested business continuity and disaster recovery planning. The interruptions are short, with fail-over to hot backup systems minimizing the impact.

The companies that face the to-pay-or-not-to-pay dilemma are the ones that were not prepared, thought their insurance would solve the problem or the ones that never tested their backup systems. Backup systems were designed for business continuity scenarios like power outages, floods, or fires. They were not designed with out-of-the-box resilience to withstand intentional sabotage by criminals.

Most frustrating is the oft-quoted statements that there were no signs before the attack. This inaccurate statement is misleading and absolves the affected parties of all responsibility. I am not shaming the victim here. But events like ransomware attacks are like airline accidents. It takes a confluence of many factors that culminate in an incident.

Cybercriminals are more chefs than Jason Bourne or James Bond. The sophistication in their attacks lies in the way they stage the attack and use expertise where it counts. The actual ingredients they use are well-known malware or practices, referred to as tactics, techniques, and procedures (TTPs). And ransomware disruptions require longer dwell times and multiple touchpoints within your environment. Each touch, step, file change, login, upload, and so on is another chance for you to detect their presence and do something about it before it is too late.

Adversaries combine publicly available documents and information with stolen credentials or data sold on the dark web to build convincing phishing emails and fake websites. These lures are designed to trick unwitting victims into surrendering their passwords. In the early stages, you can search for compromised credentials on the dark web, detect concurrent log-ins, impossible travel events (consecutive log-ins from two geo locations in a time frame that eliminates travel as a possibility), or failed log-in attempts when criminals hit controls like multi-factor authentication. They aren’t even in, and you can catch them checking the door locks and rattling the windows.

Assuming they gain initial access, we can catch establishing, persistent access. Unusual administrative access, bandwidth spikes, new user accounts, and other well-documented tactics give away their presence. User and Entity Behavioral Analytics (UEBA) identifies suspicious actions committed by authorized accounts and devices, and the endpoint can detect changes and flag attempted sabotage of defensive controls. And then, of course, there are beacons calling back to bad guy headquarters, payloaders, lateral movement, and a plethora of TTPs that give away malicious activity.

There were plenty of signs. Post-event, your insurance company will find them, or their appointed incident response firm will. So, pretending there were no signs won’t help. As I say, ignorance is not bliss—it’s potential negligence or liability.

So why do ransomware attacks go unnoticed if there are so many early signs of compromise? Simple. Most companies don’t know where to look in the shadows to find the indicators. What you can’t see poses the most significant risk. Between the cloud, hybrid networks, and the darknet, there are countless gaps where threats can hide. Most companies are in the dark regarding what is happening in their environment. And no one likes to be in the dark alone.

That’s where Adlumin comes in. We illuminate threats to eliminate the risks. We illuminate threats that would have otherwise gone unseen with powerful automation that enables rapid action and continuous compliance. And our platform is backed by an expert team delivering human insights and trusted support.

That might sound like marketing (and it is) but is more than a well-honed tagline. I have been in the cybersecurity business for over 25 years, and I helped define Managed Detection and Response. I’ve seen nation-state attacks, rampaging ransomware gangs, and clever criminals take down companies of all sizes.

I joined Adlumin because they get it. They know where to look and how to respond to protect their customers. And I am proud to represent the experts who develop our products and analysts that work in our security operations centers. They face these sophisticated adversaries every day and stop their attacks before they shutter our customer’s operations.

There are ways of stopping ransomware attacks before you need to consider paying extortion fees or crossing regulatory lines. You can stop attackers before they stop you.

Will prohibition work for ransomware payments when it has failed to control alcohol and narcotics use and distribution? If we ask the pundits, the answer is no. The Nobel prize-winning economist Milton Friedman once likened prohibition to making water run uphill.

While payment ban legislation and bills line up like planes on final approach at a major airport at Thanksgiving, pragmatism and market pressures will decide the matter. As insurance coverage decreases, claim denials increase, and (fingers crossed) companies invest in cybersecurity strategies that reduce their risk, the efficacy of ransomware will erode, and criminals will find a new tactic.

More Money, More Problems: The Most Expensive Data Breaches in History

/in /by

Data breaches are more expensive and detrimental than you expect. Why? Companies are not just paying for the immediate repair of the breach but the aftermath that comes with it. The follow-on effects include not just financial consequences such as lost productivity and revenue but reputational damage and employee attrition. Additionally, these effects can play out over the best part of two years.

A company’s size can also contribute to whether there is a chance of recovery. For example, “60% of small businesses fold within six months of a cyber-attack,” according to Inc. This statistic makes sense when considering that the margin for error is negligible in many businesses that live month to month in terms of solvency. Consider Mossack Fonseca, a little-known law firm in Central America but remembered (if at all) as the epicenter of the Panama Papers scandal. In the wake of a cyberattack, “reputational deterioration” led to the demise of the firm.

Large or small, it is clear that no one company is safe from breaches. Even with many companies folding after an attack, some high-profile companies have worked their way back up after almost business-fatal breaches. Let’s dive into some of the most expensive data breaches to date.

  1. $190 Million – Capital One

What happened?

A hacker broke into a server at Capitol One and gained access to over 100 million customers’ accounts and credit card applications. In addition to 140,000 Social Security numbers. Capital One agreed to pay $190 million to settle a class-action lawsuit.

  • Year: 2019
  • Location: Seattle, Washington
  1. $1.4 Billion – Equifax

What happened?

In 2017, the personal information of over 147 million people was exposed and stolen from Equifax, a credit reporting agency. Equifax faced a lot of backlash and was criticized for its lack of security and response to the breach. Due to failure in patch management, they were hacked through a compliant web portal. Their internal process lacked entirely, and now they suffer from a substantial financial hit.

  • Year: 2017
  • Location: Headquartered in Atlanta, Georgia
  1. $4 Billion – Epsilon

What happened?

After years of recovery, Epsilon, an international marketing company of Alliance Data Systems Corp, comes in first place for the most expensive data breach. The breach affected 75 companies, including Target, Chase, JP Morgan, and Best Buy. Epsilon houses 40 billion emails annually and 2,200+ brands internationally, so you can imagine the impact this had on customers. It is estimated that only 3% of email addresses were exposed, resulting in them losing $45 million worth of business.

  • Year: 2011
  • Location: Headquartered in Irving, TX

Additional Notable Breaches:

  • Travelex was hit by ransomware, lied about the attack for months (called it a maintenance issue), and finally folded.
  • Starwood Marriott had information of over 500 million guests stolen. Marriott inherited the cost of the breach two years after they acquired Starwood—M&A means assets plus liabilities.
  • Yahoo lost billions in value post-hack during the acquisition by Verizon.
  • US Office of Personnel Management (OPM) experienced over 21.5 million individuals’ background investigation records stolen. In addition, the personal data of 4.2 million former and current Federal government employees was stolen.

Solutions: How to Protect Your Organization

The cost of a data breach is not the only misconception harbored by business leaders. The notion that these attacks are impossible to stop is another. This second fallacy is more damaging because it creates a sense of impunity or fatalistic surrender. It admonishes the company from taking any responsibility in the wake of a data breach. In other words, you can protect your business from sophisticated cyberattacks, and you must defend. Regulators, court decisions, and denied insurance claims are finally beginning to counterbalance this skewed narrative.

As an organization, you may not have control over whether a cybercriminal will go after your data or not, but you do have control over the steps to take to mitigate the risk. Typically, it is best to invest in a managed security services platform that does the heavy lifting for your IT team. These platforms are built to discover threats, malfunctions, and IT operation failures in real-time. You can also receive updates that go directly to your phone and email about what is going on within your IT environment. The managed security platform you choose should be built on the following three components:

  1. Network Health and Compliance
  • This feature will keep your organization’s compliance up to date while actively searching for violations in real-time and keeping you informed.
  1. Detection and Artificial Intelligence
  • A platform that gives you AI and machine learning in the form of User & Entity Behavior Analytics (UEBA) to automatically write (and re-write) your SIEM rules dynamically as your network traffic changes.
  1. Data Research and Log Management
  • With one quick step, all user and account activity can be correlated. A security analytics platform allows you to quickly scope out a potential breach using advanced research tools that help visualize access for every account and system on your network.

In addition, for complete visibility into your enterprise network, there are 24/7 Security Operations Center (SOC) services available. This service can provide you and your IT team with 24/7 monitoring of every system and account on your network. There is a light at the end of the dark tunnel for options for protecting your customers, employees, and organization. The great news is that these options are available as all-in-one solutions and are cost-effective.

Next Steps

If you’re interested in learning more about data breaches, check out Data Breaches: Uncovering the Unknown. Or, if you are looking to enhance your organization’s security, request a demo with one of our experts.

Ransomware Protection Suite: Adlumin’s Method to Combatting Madness

/in /by

Ransomware attacks are increasing by the day, and they’re wreaking havoc across a range of industries. Adlumin has launched the beginning of its Ransomware Protection Suite of products: The Ransomware Self-Assessment Tool (R-SAT). During the early days of COVID-19, which provided new opportunities for attackers, ransomware attacks surged. According to Statista, “ransomware attacks experienced annually by organizations have been on the rise since 2018, peaking at 68.5% in 2021.”

Ransomware is a type of malware designed to encrypt files on a device, making any files and systems that rely on them unusable. When a cybercriminal maliciously encrypts confidential files within an organization’s system, a subsequent monetary demand and payment must ensue before the perpetrator releases the information back to the organization.

R-SAT helps institutions, regardless of size, assess their level of information security, recognize gaps in that security and measure their ability to mitigate the possibility of a ransomware attack. Understanding the vulnerabilities in your institution’s security processes and procedures is imperative to aid in your protection from ransomware. R-SAT is a solid place to start to help identify gaps in your protection strategy and validate effective security practices.

To protect yourself from ransomware, it is critical to recognize the vulnerabilities in your security practices regardless of whether your data is held on-premise or third party. If your organization is victimized by ransomware, many questions may immediately come to mind: If you provide the money, are you certain the information will be released? Will the data be released to the public if you refuse to pay? R-SAT can assist and better prepare you to respond.

Adlumin looks to continue to add to its suite of Ransomware tools such as greater reporting, automated alerts, and more. Below are just a few cost and payment trends for ransomware:

  • “The total cost of a ransomware breach was an average of $4.62 million in 2021, not including a ransom.” (IBM)
  • “The average cost for education institutions to rectify the impacts of a ransomware attack, including the ransom itself, was $2.73 million in 2021 — 48% higher than the global average for all sectors.” (EdScoop)
  • “The 2,084 ransomware complaints received by the IC3 in the first half of 2021 amounted to over $16.8 million in losses.” (FBI and CISA)

Mandatory or Not? Achieving Cybersecurity Compliance for Financial Institutions

/in /by

Compliance can be a challenge for the financial sector for various reasons. To ensure financial institutions’ credibility and trustworthiness, it has become vital to stay up to date with the latest regulations. To close out Financial Literacy Month, we are taking a deeper dive into a cybersecurity compliance checklist for financial institutions.

Achieving Compliance: What’s out there and what’s required?

Can your financial institution provide your customers with the appropriate amount of security while staying up to date with compliance regulations? There are many cybersecurity regulations and certifications within the financial sector—some are considered “nice to have” while others are mandatory. Let’s look at a couple of options.

  • Payment Card Industry Data Security Standard (PCI DSS) – Security guidelines safeguard your credit card and debit card information. This guideline limits the number of employees who have access to your information and controls tracking account activity. This regulation is internationally recognized and secures information from processing to transferring.
    • Is PCI DSS mandatory? YES, this is a requirement if your organization processes credit or debit card information.
  • Sarbanes-Oxley Act (SOX) – “The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to help protect investors from fraudulent financial reporting by corporations,” according to Investopedia. With firmer recordkeeping requirements, strict mandates were set for accountants, audits, and corporate officers.
    • Is SOX mandatory? YES, not just for companies within the financial sector, but for all industries.
  • Gramm-Leach-Bliley Act (GLBA) – “The Act addressed concerns relating to consumer financial privacy. The Gramm-Leach-Bliley Act required the Federal Trade Commission (FTC) and other government agencies that regulate financial institutions to implement regulations to carry out the Act’s financial privacy provisions (GLB Act),” according to the Federal Trade Commission. Financial institutions must inform customers about how they share their data and educate them on their right to opt-out of having their information shared with any third parties.
    • Is GLBA mandatory? YES, it is mandatory for all U.S organizations within the financial sector.
  • The National Institute of Standards and Technology (NIST) – This framework can be adopted by any business and is accepted globally. NIST covers a variety of information security standards, which includes cybersecurity compliance. It is flexible and can be integrated with other regulations.
    • Is NIST mandatory? YES, for all federal entities and their contractors. Also, it is free.

Why are some regulations mandatory vs. optional?

The main issue with cybersecurity compliance for financial institutions is the overlap between different requirements. However, there is a benefit to implementing optional regulations as they can add more security and mitigate cybersecurity risks.

Because of all the overlap and the constant adaptations, fraud, data breaches, and large volumes of data, IT professionals carry a heavy burden. Financial institutions need a managed security services platform that will take away much of that responsibility from their IT teams.

The goal is always to ensure your organization is compliant, regardless of the ever-changing industry landscape. By shifting that burden from your IT teams to a third-party vendor, which is built with that need in mind, your organization will be well on its way to achieving compliance.

War Games Aren’t Just for Warriors Anymore

/in /by

Starting weeks into the Russian invasion of Ukraine, the North Atlantic Treaty Organization’s (NATO) Cooperative Cyber Defense Center of Excellence is hosting the event in neighboring Tallinn, Estonia. These virtual exercises come at a time when Russia again demonstrates its preference to wage a hybrid cyber and kinetic war.

This era of hybrid warfare means that it is not only military and government organizations that need to prepare for cyberattacks from nation-states like Russia and China or state-sponsored actors and sophisticated cybercrime gangs. In this hybrid era, there is no distinction between combatants and non-combatants. Civilian targets across all industries are in the cross-hairs, and we have yet to develop the equivalent of the Geneva Convention that established international legal standards for humanitarian treatment in war.

Leading up to the invasion, Russia allegedly launched cyberattacks against 70-plus government websites, services, and banking. Throughout the campaign, they’ve gone after utilities and telecommunications infrastructure. Additionally, it appears the UK and its international allies are investigating a report from the UK National Cyber Security Centre (NCSC) alleging that Chinese actors had targeted more than 600 Ukrainian targets, including the defense ministry.

Before the invasion, it was no secret that criminal cyber gangs operated within friendly borders, such as Russia, from which they launched repeated campaigns against western government and civilian targets in the United States, Canada, the United Kingdom, Ireland, and Australia. These gangs operate with impunity or from districts that lack the enforcement wherewithal to prosecute criminals. It’s generally accepted that as long as these gangs don’t attack domestic targets, then the “the enemy of my enemy” ethos applies. But when Russia elected to invade Ukraine, it’s likely that Russian officials called in the favor and recruited domestic criminals to operate as state-sponsored actors in coordinated attacks against strategic assets in Ukraine.

Oftentimes, state-sponsored actors are civilian affiliations, like the Conti ransomware gang, sharing resources and even funding while directed by government institutions. In other words, civilians participate in aggression alongside their military comrades. This blurring of the line between combatants and civilians is not the only erosion of its kind in the war against Ukraine. As Russian forces attack civilian targets such as schools and hospitals and fight to capture non-military targets and territory, it’s a reminder that we now live in a world with little distinction between legitimate war targets (military) and protected participants (civilian).

Perhaps not since World War II that Europe has witnessed this level of aggression against civilians and the destruction of cities and civil infrastructure. This is not the only relevant comparison. It was the end of World War II that ushered in the cold war, in which NATO and Soviet powers maintained an adversarial posture while avoiding all-out military aggression. The cold-war tensions between the superpowers of the East and West were balanced on the cantilever of nuclear devastation and ran its course in a gray world of espionage, theft, and sabotage.

Espionage is no longer spy-vs-spy crossing the Berlin Wall in a digital world. It’s full-out cyber espionage, digital theft, financial fraud, and extortion. Until the invasion of Ukraine, I called it the “gray cyberwar,” keeping the global temperament just below the boiling point. It seems Russia’s determination to push the west to the brink means it’s no longer a cold war. And it no longer discriminates between military participants and defenseless civilians. As a result, businesses with no government or military affiliations are an open target for unleashed cybercriminals. Industries of all kinds often feel the aftershocks of the tectonic geopolitical events such as tensions in the Middle East, trade wars with China, and now the Russian war on Ukraine. And it reiterates what I’ve been saying for years.

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE) published a joint Cybersecurity Advisory warning against attacks on US and international targets. CISA also regularly publishes alerts about Russian state-sponsored actors, such as Conti, operating against western targets.

Well before the Ukraine war, cybercriminal gangs operated like Fortune 500 companies, relying on an ecosystem of criminal expertise to minimize operational costs and maximize returns from their activities to generate record profits. These groups go after healthcare providers, manufacturers, law firms, accounting services, etc. They use well-established tactics, techniques, and procedures (TTP) to infiltrate and exploit these targets.

Ransomware-as-a-service mirrors similar SaaS services but offers small criminal groups the opportunity to leave or revenue share sophisticated malware sets and experts. These cartels often operate under a common brand name (Conti, Ryuk, DarkSide, etc.) and offer services to assist victims in paying ransoms or other extortion fees.

The Truth About Cybersecurity:

As I wrote in my book, No Safe Harbor: The Inside Truth About Cybercrime, there is no longer collateral damage. There is only damage, and it’s inflicted on businesses like your own. As an IT security practitioner and business leader, you must defend. And one of the first steps is to identify the risks that face your operations and plan a response that can mitigate or minimize the impact on your business.

Take a page from NATO and run a cyber wargame. Perhaps not to test your skills in attacking targets, but to predict attacks and test your security defenses and your ability to make the critical decisions that make the difference between a close-call event and a massive, public disruption. Running cross-company table-top exercises that simulate cyberattacks is one of the best ways to test your metal when making difficult choices during a cyberattack, like a ransomware offensive that shuts down your operations.

As I am fond of saying, cybersecurity is not an IT problem to solve; it’s a business risk to manage. Many of the decisions made have nothing to do with IT or technical decisions, leading to the second-order effect that has a business consequence. For example, a reasonable decision to suspend compromised credentials or internet-facing services can lead to public disruptions eliciting media attention. A technical decision leads to crisis communications and awkward interviews on the evening news.

Far too many companies paid ransoms as their go-to response. Now insurers are pushing back with increasing premiums, tighter security requirements as part of the policy, and a growing trend to refuse claims when those policy requirements are not mine. I am not referring to complex requirements. Unmandated multi-factor authentication, missing security awareness training records, or the lack of security management using a SIEM lead to denied claims, canceled coverage, or refused renewals.

What’s more, paying ransoms can put corporate officers on the wrong side of several federal laws. The US Treasury issued advisories warning against payment to individuals, groups (ransomware gangs), affiliations, institutions, or nations on the Office of Foreign Assets Control (OFAC) sanctions lists. The issue is more complicated, but it reminded me of the quip I used to apply with the C-suite that ROI now stands for Risk of Incarceration. Yes, I’m joking—sort of.

The laundry list of business decisions that confront leaders as they face shutdowns, mounting operational costs, and lost revenue, goes well beyond the simple examples I’ve provided.

How to Run Incident Response Simulations:

When it comes to running table-top exercises or incident response (IR) simulations, here are some suggestions:

The war on Ukraine is a humanitarian disaster and serves as a warning for what our hybrid cyber-kinetic world looks like when aggression boils over. Remember, no matter the size or nature of your business, and you are a target for cybercriminals. They are smart; they will gain access if they want into your organization. The best thing you can do is hope for the best and prepare for the worst. As Winston Churchill famously said, “Never let a good crisis go to waste.” The war on Ukraine is a crisis. Don’t waste this opportunity to prepare your organization for a cyberattack.

Remote Work and The Human Error: 3 Major Challenges

/in /by

As the world begins to return to our new sense of normalcy, most people opt for remote work instead of going back into the office. According to CNBC, “new research from CareerBuilder found that jobs allowing employees to work from home full- or part-time saw seven times more applications than in-person roles last month.” With such significant change comes growing pains, and as the lines between home and work become blurred, security risks soar. Corporate jobs are evolving, which means organizations and IT professionals need to make changes to keep up. Let’s look at three of the biggest rising challenges with remote work.

Challenge 1: The Human Error

According to Forbes, in the past 12 months, one in four employees (26%) have lost their jobs due to a mistake that compromised their company’s security. Cybercriminals are happily targeting remote workers who lack IT support. Most companies are falling behind in providing the same support to employees remotely as they would in the office, and cybercriminals have taken note. To make matters worse, many are not adequately trained on cybersecurity awareness, causing errors to slip through the cracks of their fragile IT landscape. Forbes also reports:

“Two-fifths (40%) of employees sent an email to the wrong person, with almost one-third (29%) saying their business lost a client or customer because of this error.

Over one-third (36%) of employees have made a mistake at work that compromised security, and fewer report their mistakes to IT.

On average, a U.S. employee sends four emails to the wrong person every month—and organizations are taking tougher action in response to these mistakes that compromise data.”

Employees are not entirely to blame when there is no robust cybersecurity awareness training or credible command center for security operations to shift the burden onto. Human error is often inevitable. However, the more you know, the more you can avoid making careless mistakes that might cost your organization more than an apology can pay for.

Challenge 2: Skill Gaps are Growing

As discussed in a previous blog post, the cybersecurity industry is experiencing an extreme talent shortage across the country. Some of the many reasons this gap exists include lack of diversity, trouble attracting candidates into the field, and a continuous change in skillset demands. Closing the skills gap must be a combined effort by companies and professionals. To help close this gap, companies should consider doing the following:

  • Upskilling: Consider closing the skills gap by upskilling and reskilling current employees. By giving internal candidates the appropriate training, they may be able to fill open roles in addition to mentoring and training new hires.
  • Diversity: According to a McKinsey report, companies in the top quartile for gender or racial and ethnic diversity are more likely to have financial returns above their national industry medians. Adopting more inclusive hiring practices will only benefit organizations in the long run.

IT professionals have become the backbone of many businesses. They lead the pack in managing a healthy and robust IT environment, including consistently updating and patching holes and conducting cybersecurity awareness training.

Challenge 3: Disaster Recovery and Digital Transformation

The past two years have brought holes in companies’ IT landscapes to light. Many companies were not fully prepared to have employees and operations moved to fully remote environments, which has propelled the need for digital transformation. It has also called for organizations to prioritize disaster recovery and prepare for the future.

Now that we have moved past survival mode and remote work is the new normal, we can embrace this era of digitalization. Turning this challenge into an opportunity can open many doors to companies’ security. If your company begins looking into options for securing employees and building their cyber awareness knowledge, you can create better moral and data protection for your organization.

Mitigating the Remote Risk: Secure Staff Wherever They Are

Working from home is a significant game-changer for corporations and will not disappear anytime soon. Any company looking to attract talent and provide location flexibility must become diligent when managing the risks of remote work.

Prevention is key. Humans have proven time again that they can be the weakest link to an organization’s security, so it is essential to address that reality. Too many corporations look at defending against cyber risk as an expense or afterthought when it needs to be a priority. Cybercrime is continuously evolving; cyber awareness training and investing in a security and compliance automation platform will help mitigate the risks that come with it.

The Rise of Municipal Cyberattacks: Becoming Proactive

/in /by

Municipalities are expected to respond to the demanding needs of maintaining and sustaining vital sectors within our communities, so cities carry a heavy burden of responsibility; now more than ever, they must take cyber threats into account. It is no secret that the municipality industry operates under strict budgets that limit their resources, making them vulnerable and prime targets to cybercriminals. In 2020, 44% of global ransomware attacks targeted municipalities, according to InfoSecurity. This blog will explore four prevention methods your organization can implement to avoid cyberattacks and reduce costs.

Reducing Cost: How to Prevent Cyberattacks on Municipalities

The best way for municipalities to protect themselves from attacks is to prevent them from happening in the first place. Sounds simple, right? It can be. There are solutions to deal with malware infections, but most require more technical skills than the average computer user, so prevention is critical. Let’s start with the easy wins for prevention.

  1. Implement Robust Cybersecurity Training: One of the most significant risks for breaches can be the government’s employees. We are only as strong as our weakest link, and cybercriminals know this. A great way to start building awareness is to create a best practices guide and require consistent cyber awareness training for your employees.
  2. Know the Warning Signs: The first step to combatting malware is recognizing that your computer may have been affected, and it can only be removed if it is appropriately identified. Below are 10 warning signs to look out for:
  • Your computer is freezing or crashing.
  • Your computer runs slow and takes longer to start up/shut down.
  • Ads start popping up.
  • Emails you did not write are being sent on your behalf.
  • New icons are appearing on your desktop or toolbar.
  • Software is difficult to remove or will not allow removal.
  • The battery won’t last.
  • Computer locks and ransom is demanded.
  • Your browser is getting redirected.
  • Everything is normal – this is the most dismaying non-warning sign of them all.
  1. Create Secure Backups: Backups make for an easier recovery after being attacked by malware. There have been ransomware attacks in the past where confidential files could never be recovered—remember when the City of Atlanta’s data was held for ransom in 2018? As a result, years’ worth of confidential police dashcam footage was never recovered. Malware attacks are inevitable, so preparation is vital.
  2. Patch Management: Developers are consistently working on discovering vulnerabilities in their software. Once they are found, patches or updates to fix those vulnerabilities are released. It is crucial not to procrastinate on software updates. When a security network is outdated, cybercriminals see these flaws and attack within those holes. The more out-of-date security is, the more risk you put on sensitive data and information. Investing in Continuous Vulnerability Management (CVM) will not only help with finding vulnerabilities but fix them by discovering and assessing them in real-time. Here is a breakdown of CMV:
  • CMV Lifecycle
    • Asset Management allows known and unknown assets to be automatically discovered, categorized, identified, and managed.
    • Vulnerability Management includes real-time vulnerability and misconfiguration detection within each industry’s most comprehensive range of devices, operating systems, and applications.
    • Threat Detection & Prioritization automatically prioritize the vulnerabilities posing the most significant threats to an organization.
    • Patch Deployment deploys patches across any size environment, keeping systems up-to-date reducing the vulnerabilities operating teams must chase down.

Focusing on the Bigger Picture

Anti-virus programs are not enough to protect municipalities or businesses when constant monitoring is necessary. Regardless of size or location, municipalities’ cybersecurity is a critical issue. Focus on the basics first, teaching password and email security, best practices within any organization, and implementing a cybersecurity platform that includes managed services. Mitigating the level of destruction from malware attacks will reduce costs in the long run.

Malware Madness: Combatting the Chaos

/in /by

It’s that time of year again when millions of people dedicate valuable time, effort, and money crafting the perfect bracket for March Madness. Even with slim chances of winning, followers still spend hours researching teams and submitting their brackets online. However, many do not know that they are perfect targets for cybercriminals.

There are increases in phishing emails, sites, and messages during March Madness, all designed to fool people into submitting teams last minute, leaving them with busted brackets or empty bank accounts. These emails and messages are vehicles used for malware. While there may not be a high chance of winning with a perfect bracket, there is a high probability of being attacked by some type of malware.

According to Comparitech, 74% of organizations experienced a malware attack last year, and it may be the biggest threat to you and your organization because it exploits weaknesses within your IT landscape. Let’s talk about what malware is, the common types, and how to combat it.

What is Malware?

Malware, or “malicious software,” is a worldwide issue that is continuously evolving. It is also an umbrella term describing viruses, ransomware, worms, and any other type of software, file, or code made to destroy. Cybercriminals use malware to intentionally wreak-havoc to harm a computer, network, or server. In 2020, over 268,000 “never-before-seen” variants were detected, adding to the existing amount.

Common Types of Malware:

  • Virus
    • A computer virus is a “malicious code that replicates by copying itself to another program, computer boot sector, or document and changes how a computer works,” TechTarget Network It can spread innocently when an employee opens an infected email attachment file or visits a malicious website.
  • Worm
    • Worm malware is a program spread through software vulnerabilities that copies itself from computer to computer. Much like viruses, worms can infect your computer from spam emails or messages. Most firewalls or default security settings can block worms.
  • Trojans
    • Trojan malware is mainly used as a vehicle for hackers to let other malware into a network. They are much different from other types of malware because they are hidden and disguise themselves as legitimate programs to download. They survive by going unnoticed while slowly collecting private or sensitive information over time. It is essential to ensure that what you are downloading is legitimate—always double-check.
  • Spyware
    • Spyware is exactly how it sounds. It is malware that infects your computer and silently collects data from you, including what you download, usernames and passwords, credit/debit card information, etc. There are countless ways spyware can infect your security system, making it difficult to eliminate. The main issue is that this malware tends to go undetected, leaving you vulnerable.
  • Ransomware
    • As we have explored previously, ransomware takes the cake as one of the fastest-growing types of malware. The Cybersecurity and Infrastructure Security Agency (CISA) describes ransomware as “a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.” If a ransom is not paid, cybercriminals threaten to expose sensitive information or sell data.

Combatting the Madness of Malware

With the percentage of malware attacks being so high, it is imperative to arm your network with the right security solution. Malware can only be removed if it can be appropriately identified. The reassuring truth is that there are preventative tools and services that secure your IT landscape and cyber awareness best practices to implement within your business. Antivirus programs are not enough to protect your business when consistent monitoring is essential. Consequently, it is crucial to educate your organization on security services platforms that only take 90 minutes to deploy and can help you protect against the madness.

Social Media and Cybersecurity: What’s the Relationship Status?

/in /by

It’s clear. Social media and cybersecurity have quite a relationship. We often expose essential parts of our lives on the web, down to the tiniest details. As a result, we should know how social media and cybersecurity mingle. Previously, we’ve discussed the impact social media has had on cybersecurity and the power of misinformation. But now that some time has passed, you may be wondering: what’s the update? What does the relationship look like now? Well, hold on to your seats. After massive shifts like data privacy updates and other emerging trends- this will be a whirlwind.

According to Statusbrew, “over the past 12 months, the number of active social media users increased by more than 400 million, an addition of 9.9% for the total number to reach 4.55 billion.” Shocking? Not exactly, but a great reminder that social media is one of the most popular forms of communication around the world today. Although most social media platforms have security settings, cybercriminals find ways to access sensitive information. This sensitive information can include your passwords, bank account details, email addresses, or anything that they can use to steal your identity. For that very reason, social media and cybersecurity need each other now, more than ever. Let’s explore:

Significant Changes Call for Cybersecurity

Social media platforms are constantly changing their policies and algorithms, and with new updates come new security risks. Social media platforms must rely on cybersecurity protocols and best practices to mitigate risk. Let’s look at Facebook’s plans to transform into Meta as a popular example:

In 2021, Facebook announced that it would change its name and rebrand itself to — Meta. Meta will be based around Virtual Reality (VR) and augmented reality. Although the social media platform’s structure will stay the same, the new rebrand raises possible concerns about privacy and security. This presents the possibility of data such as usernames, email addresses, and other sensitive information being mishandled or breached by bad actors attempting to break into this new space. Subsequently, the power of cybersecurity comes into play at this moment.

Significant changes in cyberspace are bound to call for shifting priorities and ensuring that user safety and security come first. Social media platforms must roll out privacy and security settings that outline how user data will be utilized and protected. Meta’s new privacy policy can be found here.

What Role Do You Play?

Like all relationships, social media and cybersecurity face challenges. However, throughout it all, they rely on one another to keep individuals safe. As the popularity of social networking sites among businesses worldwide increases, cybercrime will take a bigger bite out of companies unprepared for battle. Whether you are an organization using social media to help generate brand awareness or an individual using social media to keep up with friends, you must be aware of your responsibilities concerning security. A few of those responsibilities include:

  • Use two-step authentication to enter and protect all accounts.
  • Keep your passwords updated regularly; refrain from repeating the same password across multiple accounts.
  • Manage your privacy settings.
  • Use precaution on all platforms; if something looks suspicious, report it.

Keeping the relationship between social media and cybersecurity healthy is not an easy job that can be done quickly. It will require help from us all by using these social platforms directly as they are intended.

Two Peas, One Pod

As long as the Internet of Things is around, bad actors will continue to pose a massive threat to businesses and personal lives. Social media’s intent is to provide access to one another by sharing our personal information and experiences, making it the primary target for hackers.

To sum up the ongoing status of this relationship, social networking sites will always need cybersecurity to protect shared experiences and information. Cybersecurity will always need social media as a channel to communicate the importance of navigating the cyberworld safely.

If you’re interested in learning more about this evolving relationship, check out a recent blog post: Cybersecurity’s Latest Battle: The Rise of Misinformation on Social Media.

2022 Need to Know: The Importance of Data Privacy

/in /by

As humans, we constantly battle the balancing act of our online life with offline life. Unfortunately for us, those lines can be easily blurred; from oversharing to data breaches, there is much opportunity for disaster. This is precisely where the power of data privacy comes into play.

Data privacy often referred to as information privacy, is the proper handling of sensitive data, including personal and other confidential data. This type of data can include financial, intellectual property, and more. Data privacy is all about limiting who has access to this information and how they can use it. Now, do you see its importance? If not, keep reading; there’s a lot more to uncover here.

Data Privacy and Your Safety

Whether or not you are an avid internet user, the probability that your personal information is available online is more significant than you think. From Google to personal social media accounts, it’s beyond your control once your personal information reaches the internet. Data privacy is important because it has regulations to protect your information. The concept is centered around the way data should be collected, stored, managed, and shared with third parties.

Securing your customer’s sensitive data should be your main priority. Cybercriminals are attracted to cracks in an organization’s or platform’s security infrastructure. Ensuring that all data privacy rules and regulations are followed by your organization, employees, and customers is vital to safeguarding information.

3 Elements of Data Privacy

The CIA Triad is a benchmark model created to govern and evaluate how organizations store, transmit, and process data. According to CISecuirty, below are the top three elements of data privacy:

  1. Confidentiality – Data shouldn’t be accessed without proper authorization. This ensures that authorized parties are the only people that have access to the information.
  2. Integrity – Data shouldn’t be altered or compromised. This element assumes that data remains in the intended state and should only be edited by authorized parties.
  3. Availability – Data should be accessible upon legitimate requests only. This ensures that all authorized parties have access to the data when required.

The main goal is to give individuals control over their data while it is in the hands of a third party. Companies need to understand how to respect personal data while also processing it. Trust is a significant piece of a successful business, and people need to feel like their information is in safe hands.

So Why is Data Privacy Important?

There must be a reason why this topic has its own day every year, right? The answer is yes. Data privacy is important because it holds organizations and individuals accountable when dealing with confidential information. Regulatory compliance is an essential piece to this puzzle because it requires businesses to meet legal responsibilities for collecting, storing, and processing the personal data of their partners, customers, and employees. Any form of non-compliance or misuse of information could lead to a significant fine or lawsuit.

Long story short, it is vital to ensure all your bases are covered when it comes to data privacy to prevent any unwanted activity or breaches. As 2022 begins, it is 100% better to be proactive with your data instead of reactive. It’ll save you money, time, and your brand reputation in the long run.

Adlumin Cybersecurity

1140 3rd St. NE, Suite 340
Washington, DC 20002
(202) 570-7907

Get a Demo Free Trial Contact Adlumin
Adlumin Inc 5000

Privacy Policy  Sitemap  GDPR Privacy Notice

GDPR Data Processing Addendum  GDPR Privacy Request Form

Copyright 2024 Adlumin, Inc. All Rights Reserved