Thought leadership. threat analysis, news and alerts.
How to Detect and Control Network Security Threats
Would you ever leave the front door of your home wide open and unlocked? Odds are you wouldn't.
The same should stand true for your network.
Your network likely holds a lot of data. Networks house customer information, business documents, and other confidential and sensitive information.
In other words? A hackers goldmine!
It's critical to protect your company's assets, especially digital ones. Without proper protection, the risk of a data breach grows exponentially.
Did you know that the average data breach costs $3.62 million? Protecting your network is no longer optional.
One of the keys to protecting your network is understanding network security threats. You don't have to be a cyber security expert to understand the terminology, and knowing the basics is helpful.
Network Security Threats 101
A network security threat is a vulnerability on your network. While no network can be 100% vulnerability free, you must understand and reduce the risks. Common vulnerabilities include:
A network vulnerability can be exploited by an internal or external threat. Unaddressed vulnerabilities leave your company open to:
Want to minimize the risk of a successful network attack? Looking to avoid the dangers of having an improperly secured network? If so, keep reading to learn more about protecting your company.
Here are three tips for detecting and controlling network security threats.
1. Use Security Best Practices.
The first way to protect your network is to implement standard security controls. A secure network should use:
With these best practices, your network is less vulnerable to network security threats. This means an attacker is less likely to be successful.
To determine which tools are best for your network, conduct a vulnerability and risk assessment. A through assessment will identify threats and determine the best safeguards.
2. Understand Commonly Used Attacks.
Attacks continue to grow and morph. It is important to know what attacks your network is most vulnerable to. While there are dozens of network attacks, some are more popular than others.
The most common network-based attacks include:
Understanding these methods allows you to better understand how to protect your network.
3. Cyber Security Awareness and Training
Creating a culture of cybersecurity within your company is crucial. Shouldn't all employees understand how to protect the assets and data they use?
Protect your Company by Protecting its Network
Don't let your network go unprotected any longer. Protect your business assets with risk and vulnerability assessments, and web application security.
Leave the security work to us. We will secure your assets while you grow your company.
Contact The Driz Group to get started. We offer vulnerability assessments and management, and a variety of cyber security services.
Web Protection: 8 Ways to Protect Yourself Online
A cyber attack is a scary thing for any business to have to deal with.
While desktops have always been the main target, cell phones in this day and age are just as likely to be a target as a PC.
Earlier this year, a major ransomware attack crippled tens of thousands of systems in almost 100 countries.
Don't allow yourself or your business to become a victim.
Here are 8 forms of web protection that can help keep your business safe.
1. DDoS Web Protection
Denial of service attacks are no laughing matter and are one of the biggest threats in the cyber security world today. They're popular with hackers and gamer fanatics (World of Warcraft gets DDoS'd multiple times a year).
The worst part is that they aren't hard to pull off and even easier to get away with. Spending the cash on the premium web protection service is the only proper decision. Needless to say that both self managed and fully-managed DDoS protection plans are affordable and only take a few minutes to implement. Just imagine that you could stop worrying about DDoS attacks in under an hour. Sounds good?
2. Use Better Passwords
Password1234 has never been good enough and now passwords that used to be good enough are no longer adequate. Keep different passwords for private and business accounts.
Use multiple step verification whenever possible, especially on social media.
The more characters, the better. For the best passwords, use variation between uppercase and lowercase letters, symbols, and numbers.
3. Anti-virus and Malware Protection
There's some great free anti-virus and anti-malware web protection out there so there isn't a business around that has an excuse not to have any.
Keep these services updated and run them at least a couple of times a month to keep your system free of nasty cyber critters. Don't forget to keep whatever browser that you're using up to date, as these updates often contain tweaked security settings.
4. Keep Private Information Private
So keep it away from social media.
Don't make information public that could give an enemy the means to attack your business. Anything that can be used for a password, such as your mother's maiden name.
LinkedIn was a victim of a cyber attack in 2012, with over 100 million email addresses and passwords being compromised.
It's a good idea to keep a different password for each social site.
5. Beware of Apps
There are 2 billion smartphones in use in 2017, with over 2 million apps from Apple and nearly 3 million from Android.
Both companies take their security seriously, but even with those measures, 750,000 malicious apps were found on Android devices in 2017.
Don't download apps from shady sources, keep the useful ones updated, and delete anything that isn't being used regularly.
6. Contact Your Bank
Talk to the people who handle your money. Find out how they handle fraud and security breaches.
Do some research on your own and find out what banks are having the most success with security.
Banking institutions that protect online purchases are a great way to go if you have any kind of eCommerce business.
7. Don't Rely on Banks
Check all financial accounts on a daily basis.
The faster that a business notices something and contacts the proper authorities, the faster that money will be returned and an investigation can be started.
Cybersecurity should be a part of any business.
Educating employees on web protection practices can be beneficial to the business and to the people working for you, they just need to be informed of what the benefits are.
Keep it simple. Let them know how these measures are protection the company, its clients, and how they can use the information to protect themselves.
Protecting clients is a part of the company's job. It's not optional.
If you're looking to update your security or need help or tips with training, contact us to find out what we can do to help.
Why Mobile App Vulnerabilities are Dangerous for a Business
Ninety-nine percent of the business workforce currently uses mobile devices to perform their jobs, this according to the IBM-sponsored 2016 Mobile Security & Business Transformation Study.
While this reliance on mobile devices brings enhanced productivity and other business benefits, it also comes with a greater number of security risks.
According to Statista, there were 1.86 billion smartphone users worldwide in 2015. This number is expected to grow to 2.32 billion in 2017. In the smartphone operating system (OS) market, Gartner reported that the battle is clearly between Android (an OS developed by Google) and iOS (an OS developed by Apple). For the first quarter of 2017, Gartner reported that 86.1% of the smartphones sold worldwide runs on Android, 13.7% runs on iOS, and 0.2% runs on other OS.
The Malicious Apps Issue
One of the security risks of using a mobile device at work is the malicious app. There’s an app – short for application program – for almost everything today. As of March 2017, according to Statista, 2.8 million apps can be downloaded from Google Play and 2.2 million apps from Apple App Store.
While Google and Apple have strong security measures in preventing malicious apps from being part of their app stores, some of these malicious apps still slip right through the security nets of these app stores. In the first quarter of 2017, security firm G DATA discovered over 750,000 malicious apps in Android mobile devices.
McAfee in its 2016 Mobile Threat Report said that in 2015, thousands of apps were pulled out from both Google Play and the Apple App Store for security reasons. “Both Google and Apple have been very quick to remove malicious apps from their associated app stores, however it’s inevitable that some infected apps will still slip through the screening process,” McAfee said.
Business risks after your phone is hacked
Once your phone is hacked, your business data is at risk of being exploited by cyber criminals. Here are 2 ways that put business data at risk after your phone is hacked:
1. Ransomware Attack
Ransomware – a type of software that’s programmed to block users until a sum of money is paid – is often associated with PCs. The reality is ransomware isn’t just a PC problem anymore.
In January 2017, security firm Check Point discovered the ransomware called “Charger”. This ransomware was hidden inside an app called EnergyRescue – a malicious app that was briefly available on Google Play and attacked Android devices before being pulled. The Charger ransomware demanded 0.2 Bitcoins (worth $180) from the affected mobile device users and warned that personal information would be sold on the black market if the ransom was not paid.
The ransomware locks the mobile device and displays the following message:
“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.”
The Charger ransomware demonstrates how a malicious app can be a dangerous threat to your business.
2. Danger of Dead Apps
A dead app is an application that’s removed from the app store, without notice. It also refers to an application that’s abandoned by the developer, also without notice. Like other defective products, applications that are removed from the app stores and those abandoned by developers need recall notices.
McAfee identified over 4,000 apps that were removed in 2015 from Google Play without notification to users. McAfee’s 2016 Mobile Threat Report revealed that 500,000 mobile devices still have these dead apps installed and are active. “These users, and the organizations they work for, are still exposed to any vulnerabilities, privacy risks, or malware contained in these dead apps,” McAfee said.
Malicious Apps Prevention
Here are some of the ways to keep your business mobile device safe from malicious apps:
1. Pay close attention to the apps that you’re downloading.
A 3.5 rating for an app on Google Play or Apple App Store isn’t enough in evaluating an app. For instance, sometime before Google Play pulled from its app store, EnergyRescue app – hidden with it was the Charger ransomware – had a 3.6 review rate from 11,584 users. Before downloading an app from known app store such as Google Play and Apple App Store, conduct thorough research about the app developer first.
2. Delete apps that are no longer on the app store.
Apps that are deleted on any app store are vulnerable to cyber criminals as they may have been removed from the app for security reasons or the developer abandoned the app, leaving it without patches or security updates.
To keep the data in your business mobile phone secure and private, it’s a good practice to keep your mobile operating system and the apps up to date. Most of the malicious apps can be blocked by simply updating your mobile operating system. Legitimate app developers also issue patches or security updates.
Skycure’s Mobile Threat Intelligence Report for the 4th Quarter of 2016 showed that the majority of malicious app exploits relies on the existence of unpatched vulnerabilities in the mobile operating systems to be successful. In analyzing the adoption of Android security patches among the five leading wireless carriers in the United States, Skycure found that 71% of Android mobile devices in the 4th Quarter of 2016 were running on security patches that were at least 2 months old, leaving millions unnecessarily vulnerable to malicious app breach.
“About half of devices in use at the end of 2016 had not received a platform security update in the previous year,” said Google in its 2016 Year in Review report.
Pro tip: Administrators, restrict employee access to freely download apps without evaluation and IT approval to prevent device infection and a potential data breach.
You have a backdoor to your business, and it's Email
Email is the most widely used form of business communication today. It’s inexpensive and fast. This form of communication, however, exposes businesses to cyber criminals.
Malicious cyber criminals consider the email as businesses’ backdoor – a vulnerable feature of a computer system that calls for exploitation. Failing to protect your business emails is like fortifying your house with the latest alarm systems and then leaving your backdoor wide open.
Symantec in its 2016 Internet Security Threat Report estimated that nearly 190 billion emails were in circulation each day in 2015 alone, with an average of 42 emails sent and received by each business user every day – a growing number of users reading their emails on their mobile devices.
Symantec reported that in 2015, email spam rate increased by 53%; phishing rate at one in 1,846 emails; and malware rate in one in 220 emails. “For cybercriminals who want to reach the largest number of people electronically, email is still the favored way to do it,” Symantec said.
3 Ways Cyber Criminals Exploit the Vulnerabilities of Emails
Cyber criminals exploit the vulnerabilities of emails in a number of ways. Here are 3 ways cyber criminals exploit emails:
1. Business Email Compromise (BEC) Scams
The cyber threat called business email compromise (BEC) relies on the oldest trick of con artists: deception. In BEC, con artists zero in employees who have access to company’s finances, deceiving them into making wire transfers to bank accounts thought to belong to business partners – when in fact, the money ends up in the accounts of cyber criminals.
BEC is one form of phishing – a form of identity theft that tricks people to reveal their Social Security numbers, bank account numbers and other valuable details – by making an email looks like it came from a legitimate source such as a bank, a partner company or government agency.
The Federal Bureau of Investigation (FBI) reported that since 2013, organized crime groups, employing the business email compromise scam, have targeted small and large organizations and companies in every U.S. state and more than 100 countries around the world. According to the FBI, since January 2015, there has been a 1,300 percent increase in BEC, with losses now totaling over $3 billion.
Tech giants such as Google and Facebook are not spared by BEC scammers. In March 2017, the FBI arrested Evaldas Rimasauskas for scamming multinational internet companies of over $100 million via email compromise scheme. While the FBI didn’t name the companies, a Fortune investigation revealed that the multinational internet companies referred by the FBI as victims of Rimasauskas were tech giants Google and Facebook. In the Rimasauskas case, Google and Facebook thought they were communicating via email with a legitimate staff of Quanta – supplier of the tech giants’ computer servers.
Business Email Compromise (BEC) Scams Prevention
BEC scams can be prevented in the following manner:
Phishing Scams Prevention
Here are some of the ways to prevent phishing scams in general:
2. Malware Spread
Email is one of the oldest ways to spread malware – short for “malicious software” – software designed to damage or infiltrate computers without the users’ consent. In May 2000, the malware called “ILOVEYOU” infiltrated millions of computers. The ILOVEYOU malware comes in a form of an email from someone the receiver know, with a subject "ILOVEYOU" and the body of the message reads "kindly check the attached LOVELETTER coming from me."
An enormous number of people – probably out of the universal need to be loved – opened the ILOVEYOU email and downloaded the attached file. Once run, the malware overwrites all computer files and then send an identical email to all the contacts of a victim's Outlook address book. As a result of the ILOVEYOU malware, a number of mail systems worldwide were overloaded causing a meltdown of electronic communication among businesses and governments.
Malware Spread Prevention
Here are some of the ways to combat the spread of malware sent via emails:
3. Denial of Service (DoS) Attack
A denial-of-service (DoS) attack is an attempt by cyber criminals to prevent legitimate users from accessing online services like email. Spam email messages can be used by attackers to prevent your customers from emailing your company.
Email accounts, whether supplied by a paid service or free services such as Yahoo or Gmail, are assigned a specific quota. This quota limits the number of emails that your business account can receive at a given period of time. When attackers bombard your business account with too many or large email messages, this can consume your quota and prevents your company from receiving legitimate messages.
DoS Attack Prevention
To prevent DoS attack.
When you have questions, connect with us and get the answers you need.
7 Steps to Prioritize Cyber Security Threats
Today’s businesses are under constant threat of cyber attacks. The recent WannaCry ransomware attack, which affected major businesses and institutions around the world, showed the importance of prioritizing cyber security threat remediation.
Here are 7 steps on how to prioritize cyber security threat remediation within your organization:
Step 1. Involve Business Stakeholders in the Process
Cyber security threat remediation is often left to the “IT people”. Business stakeholders, which include those in the senior management positions and those possessing unique perspectives, experiences and skills that IT may not possess, are invaluable in prioritizing cyber security threat remediation.
A survey conducted by Info-Tech Research Group showed that organizations that were able to engage business stakeholders in cyber threat identification were 79% more successful in identifying all threats compared to organizations where business stakeholders’ participation was minimal. Another Info-Tech survey found that 97% of organizations that involved business stakeholders in the cyber risk assessment process reported success.
It’s beneficial to involve business stakeholders as they can put forward perspectives that IT departments may have overlooked, and they can bolster IT’s knowledge regarding particular risks and their overall effect on the organization.
Step 2: Identify Cyber Security Threats
In identifying cyber security threats, determine the threat categories, threat scenarios and threat events.
Threat categories are advanced groupings that label threats relating to major IT functions. The following are some of the identified categories:
After identifying the threat categories, identify the threat scenarios or common situations for each category. For instance, in the data risk category, threat scenarios could be data theft, data integrity, data confidentiality and data availability.
Threat events refer to specific vulnerabilities under a particular threat scenario. An example of threat event under data integrity includes data recovery/loss within system.
Step 3: Determine the Threshold for Acceptable and Unacceptable Risk
Establish a threshold that sets what comprises as an acceptable and unacceptable risk for the organization. This threshold should be in a concrete dollar value, and should be based on the ability of the organization to absorb financial losses and its tolerance towards risk. For instance, an organization's threshold could be $100,000. A cyber threat costing below $100,000 is acceptable, while above $100,000 is an unacceptable threat.
Step 4: Create a Financial Impact Assessment Scale
Cyber threat has a corresponding financial consequence. It’s difficult for senior management to make intelligent decisions about cyber security threats if they don’t know what their financial impact will be. For each identified threat event, it’s critical to create a scale to assess the financial impact. Typically, financial risk impacts are assessed on a scale of 1 to 5 or low to extreme. Make sure that that the unacceptable risk threshold is reflected in the scale. Let’s say,
In the financial impact assessment, include project overruns and service outages. For instance, a cyber security project that runs for 20 days, with 8 employees, average cost of $300 per day and a total estimated cost of $48,000, falls under the low impact scale. Another example is a service outage that runs for 4 hours, with $10K loss of revenue per hour and an estimated cost of $40,000, falls under the low impact scale.
Step 5: Create a Probability Scale
For every threat event, create a scale to assess the probability that the event will happen over a given period of time. Make sure that the probability scale has the same number of levels as the financial impact scale. Let’s say,
Step 6: Threat Severity Level Assessment
For all threat events, assess the severity level. To calculate the severity level of each threat event, multiply the financial impact cost with the probability of occurrence. A threat event with a probable financial impact cost of $250K or "high" multiplied with the probability of occurrence which is 10% or "low" generates a $25K or "medium" threat severity level.
Step 7: Determine the Proximity of the Threat Event
Over a period of time, the financial impact and probability of occurrence of a threat event often fluctuate. The relationship between threat severity and time is called threat proximity. These fluctuations are every so often unpredictable. Some threat events are, however, predictable. The risk severity of losing key personnel is constant. The risk severity of data breach leading up to new product launch is confined at a particular point in time. The risk of severity of project overrun after staff layoffs either increases or decreases after a particular point in time.
In determining the proximity of the risk event, focus on “high” and “extreme” threats. Describe the proximity of these high and extreme threats. For instance, for a particular threat event, the threat proximity can be described in this way: “The probability of this threat event will fall when the new budget for the IT department is released.”
So what’s the difference between threat severity and threat proximity? The threat proximity description notifies senior management about the urgency of a cyber threat event and the importance of timely implementation of risk responses, while threat severity notifies senior management about the relative importance of each threat event.
Cyber Security Threat Remediation Equals Cost Effectiveness
Threat identification and prioritizing these threats demand time and money. But the time and money spent on these security risk management tasks can mean the difference between staying on budget and spending too much.
When your organization needs help with assessing and prioritizing cyber security threats, give us a call and we will be happy to help.
Choosing the Right DDoS Protection Service
Distributed denial of service (DDoS) attack is rising in scale as well as in sophistication, emerging as one of the top tools used by cybercriminals. Is your business protected from DDoS attacks?
What is a Distributed Denial of Service (DDoS) Attack
A DDoS attack is an attempt to overwhelm an online service with too much data or damage it in some other way for the purpose of preventing legitimate users’ access. Public and private sectors alike are targets of DDoS attacks.
On May 8, 2017, the U.S. Federal Communications Commission (FCC) became a victim of this attack. “These (multiple DDoS attacks) were deliberate attempts by external actors to bombard the FCC’s comment system with a high amount of traffic to our commercial cloud host,” FCC said in a statement. “These actors were not attempting to file comments themselves; rather they made it difficult for legitimate commenters to access and file with the FCC.”
The 11th Annual Worldwide Infrastructure Security Report of Arbor Networks revealed that from July 2014 to June 2015, an individual or organization calling itself “DD4BC”, which stands for DDoS for Bitcoin, had been bombarding financial institutions like banks, payment acquirers and trading platforms across the United States, Europe, Asia, Australia and New Zealand with DDoS attacks for its extortion attempts.
According to Arbor Networks, DD4BC’s victims typically experience an outage on their website. After the initial attack, the attackers then issue an initial extortion email to the victims. If the target doesn’t pay the ransom, a larger DDoS attack causing serious outage is deployed by the attackers.
One of the ways that cybercriminals launch their DDoS attack is by using CCTV devices as the source of their attack botnet. In one DDoS attack, Sucuri found that the IP addresses generating the DDoS attack came from compromised or hacked CCTV devices from 105 countries around the world.
The top 10 countries targeted by DDoS attackers in 2016, according to Arbor Networks, are the United States (32.2%), China (10.5%), France (6.4%), South Korea (6.3%), Switzerland (4.9%), Great Britain (4.2%), Canada (4%), Germany (3.9%), Malaysia (3.7%) and Australia (2.8%).
Types of DDoS Attacks
While there are thousands of different ways that cybercriminals carry out DDoS attacks, these attacks fall into three broad categories:
1) Volumetric Attack
This is an attempt to consume the bandwidth of a website.
2) TCP State-Exhaustion Attack
This is an attempt to consume the connection of infrastructure components such as server, load-balancer and firewall.
3) Application Layer Attack
This is an attempt to target the weaknesses of an application with the purpose of exhausting the processes and transactions.
Some attackers are combining volumetric, TCP state-exhaustion and application layer attacks into a single, yet sustained attack. Cybercriminals likewise launch DDoS attacks to distract security teams and at the same time introducing a malware into the computer system with the purpose of stealing critical customer or financial information.
5 Things to Consider in Choosing the Right DDoS Protection Service
According to Frost & Sullivan, because of the growing scale and sophistication of DDoS attacks, the use of a DDoS protection service has gained traction among businesses of all sizes. Frost & Sullivan finds that the Global DDoS mitigation market’s earned revenue in 2013 was $354 million and is estimated to reach $929.5 million by 2018.
Given that DDoS attacks have potentially devastating consequences on your business, it’s critical to choose the right DDoS protection service. Here are the top 5 things to consider in choosing the right DDoS protection service:
1. Capacity to Stop Varied Attack Sizes
The size of DDoS attacks continues to increase. Arbor Networks’ 12th Annual Worldwide Infrastructure Security Report showed that the largest DDoS attack reported in 2016 was 800 gigabits per second (Gbps), a 60% increase over 2015’s largest attack of 500 Gbps.
In choosing a DDoS protection service, find out if it can mitigate or stop large DDoS attacks. In particular, your DDoS protection service should be able to provide protection in the Cloud to stop high-volume attacks, which are exceeding 800 Gbps. Your company’s DDoS protection service should also be able to detect small but continuous attacks as these too can have devastating effects on your business.
2. Far-reaching DDoS Protection
In choosing a DDoS protection service, it’s important that such service will be able to protect your business, not just from one type of DDoS attack but from different types of DDoS attacks.
It’s critical that your DDoS protection service should be able to provide on-premise protection against sneaky application layer attacks, and attacks against existing infrastructure devices like firewall. It should also be able to stop attackers from injecting malwares into your computer system.
3. Non-disruption of Business Operation
Businesses today rely on the internet and web-based applications and services in the same way as they rely on electricity. Organizations rely on them to manage daily operations and for customer relationship management.
Customers have no patience with websites that are down or slow, or web-applications that are unavailable. The effects of the breakdown of your business’ online services are immediate: angry customers, brand damage and loss of revenue.
“With the importance of internet access and web services in businesses increasing, high volume network-based attacks, combined with application-layer attacks, represent an effective threat against any online business,” said Frost & Sullivan Network Security Senior Industry Analyst Chris Rodriguez.
In choosing a DDoS protection service, it’s important that your company’s usual business operation shouldn’t be disrupted by DDoS attempts.
4. 24/7 Managed Security Service
In choosing a DDoS protection service, it’s important as well that your company can contact the protection team at any time of the day as attacks don’t have regard to business hours. Always ask for automated DDoS protection based on clearly defined service levels.
5. Affordable Protection
Hiring a DDoS protection experts saves money. Your company doesn’t need to invest in expensive hardware, software solutions and technical resources for this security measure. Some DDoS protection services, however, are asking for exorbitant fees. Look for a firm that offers not only quality service, but at the same time offers a reasonable price.
Call us today to learn more about truly affordable, Guaranteed DDoS protection.
Steve E. Driz, I.S.P., ITCP