Category: Cyber Security

A 6-Step Framework for Vulnerability Assessment

Posted on | by J Ellis | Leave a Comment on A 6-Step Framework for Vulnerability Assessment

Technology vulnerabilities are weaknesses in the code that can be exploited by hackers when new software updates or hardware releases come out. As technology advances and companies create new products and services, their security measures don’t always keep up with the innovations. Hackers take advantage of these flaws in the system, in cycles with each new update.

It’s estimated that about 93% of corporate networks are susceptible to being hacked. Assessing and managing these network weaknesses isn’t always a priority for organizations. As a result, many suffer breaches because of poor vulnerability management.

61% of security vulnerabilities in corporate networks are over 5 years old. 

Many types of attacks take advantage of vulnerabilities that have not been fixed. This includes ransomware attacks, account takeover, and other common cyberattacks.

Whenever you see the term “exploit” when reading about a data breach, that’s an exploit of a vulnerability. Bad actors take advantage of these “loopholes.” They can then access systems with , Or to run system commands or perform other dangerous network intrusions.

Putting together an effective vulnerability management process can reduce your risk. It doesn’t have to be complicated. Just follow the steps we’ve outlined below to get started.

Vulnerability Management Process

Step 1. Identify Your Assets

First, you need to identify all the devices and software that you will need to assess. You’ll want to include all devices that connect to your network, including:

  • Computers
  • Smartphones
  • Tablets
  • IoT devices
  • Servers
  • Cloud services

Vulnerabilities can appear in many places. For instance, the code for an operating system, a cloud platform, software, or firmware.  So, you’ll want a full inventory of all systems and endpoints in your network.

This is an important first step, so you will know what you need to include in the scope of your assessment.

Step 2: Perform a Vulnerability Assessment

Next will be performing a vulnerability assessment. This is usually done by an IT professional using assessment software. One of the assessments if conducted through penetration testing.

During the assessment, the professional scans your systems for any known vulnerabilities. The assessment tool matches found software versions against vulnerability databases. 

For example, a database may note that a version of Microsoft Exchange has a vulnerability. If it detects that you have a server running that same version, it will note it as a found weakness in your security.

Step 3: Prioritize Vulnerabilities by Threat Level

The assessment results provide a roadmap for mitigating network vulnerabilities. There will usually be several, and not all are as severe as others. You will next need to rank which ones to address first.

At the top of the list should be those experts consider severe. Many vulnerability assessment tools will use the Common Vulnerability Scoring System (CVSS). This categorizes vulnerabilities with a rating score from low to critical severity.

In addition, you’ll also want to rank vulnerabilities by your own business needs. If a software is only used occasionally on one device, you may consider it a lower priority to address. On the other hand, a vulnerability in software used on all employee devices, you may rank as a high priority.

Step 4: Remediate Vulnerabilities

Remediate vulnerabilities according to the prioritized list. Remediation often means applying an issued update or security patch. But it may also mean upgrading hardware that may be too old for you to update.

Another form of remediation may be ringfencing. This is when you “wall off” an application or device from others in the network. A company may do this if a scan turns up a vulnerability for which a patch does not yet exist.

Increasing advanced threat protection settings in your network can also help. Once you’ve remediated the weaknesses, you should confirm the fixes.

Step 5: Document Activities

It’s important to document the vulnerability assessment and management process. This is vital both for cybersecurity needs and compliance. 

You’ll want to document when you performed the last vulnerability assessment.  Then document all the steps taken to remediate each vulnerability. Keeping these logs will be vital in the case of a future breach. They also can inform the next vulnerability assessment.

Step 6. Schedule Your Next Vulnerability Assessment Scan

Once you go through a round of vulnerability assessment and mitigation, you’re not done. Vulnerability management is an ongoing process.

In 2022, there were over 22,500 new vulnerabilities documented. Developers continue to update their software continuously. Each of those updates can introduce new vulnerabilities into your network.

It’s a best practice to have a schedule for regular vulnerability assessments. The cycle of assessment, prioritization, mitigation, and documentation should be ongoing. This fortifies your network against cyberattacks. It removes one of the main enablers of hackers.  

Get Started with a Vulnerability Assessment

Take the first step towards effective vulnerability management. We can help you fortify your network against attacks. Give us a call today to schedule a vulnerability assessment to get started.

Article used with permission from The Technology Press. 

Data Backup? Nice! How about Data Protection?

Posted on | by J Ellis | Leave a Comment on Data Backup? Nice! How about Data Protection?
data security

The need to back up data has been around since floppy disks. Data loss happens due to viruses, hard drive crashes, and other mishaps. Most people using any type of technology have experienced data loss at least once.

There are about 140,000 hard drive crashes in the US weekly. Every five years, 20% of SMBs suffer data loss due to a major disaster. This has helped to drive a robust cloud backup market that continues to grow.

But one thing that’s changed with data backup in the last few years is security. Simply backing up data so you don’t lose it, isn’t enough anymore. Backing up has morphed into data protection.

What does this mean?

It means that backups need more cybersecurity protection. They face threats such as sleeper ransomware and supply chain attacks. Cloud-based backup has the benefit of being convenient, accessible, and effective. But there is also a need for certain security considerations with an online service.

Companies need to consider data protection when planning a backup and recovery strategy. The tools used need to protect against the growing number of threats.

Some of the modern threats to data backups include:

  • Data Center Outage: The “cloud” basically means data on a server. That server is internet accessible. Those servers can crash. Data centers holding the servers can also have outages.
  • Sleeper Ransomware: This type of ransomware stays silent after infecting a device. The goal is to have it infect all backups. Then, when it’s activated, the victim doesn’t have a clean backup to restore.
  • Supply Chain Attacks: Supply chain attacks have been growing. They include attacks on cloud vendors that companies use. Those vendors suffer a cyberattack that then spreads throughout their clients.
  • Misconfiguration: Misconfiguration of security settings can be a problem. It can allow attackers to gain access to cloud storage. Those attackers can then download and delete files as they like.

What to Look for in a Data Protection Backup System

Just backing up data isn’t enough. You need to make sure the application you use provides adequate data protection. Here are some of the things to look for when reviewing a backup solution.

Ransomware Prevention

Ransomware can spread throughout a network to infect any data that exists. This includes data on computers, servers, and mobile devices. It also includes data in cloud platforms syncing with those devices.

95% of ransomware attacks also try to infect data backup systems.

It’s important that any data backup solution you use have protection from ransomware. This type of feature restricts automated file changes that can happen to documents.

Continuous Data Protection

Continuous data protection is a feature that will back up files as users make changes. This differs from systems that back up on a schedule, such as once per day.

Continuous data protection ensures that the system captures the latest file changes. This mitigates data loss that can occur if a system crashes before the next backup. With the speed of data generation these days, losing a day’s worth of data can be very costly.

Threat Identification

Data protection incorporates proactive measures to protect files. Look for threat identification functions in a backup service. Threat identification is a type of malware and virus prevention tool. 

It looks for malware in new and existing backups. This helps stop sleeper ransomware and similar malware from infecting all backups.

Zero-Trust Tactics

Cybersecurity professionals around the world promote zero-trust security measures. This includes measures such as multi-factor authentication and application safelisting.

A zero-trust approach holds that all users and applications need ongoing authentication. So, just because a user is logged into the system today, doesn’t mean they are completely trusted.

Some of the zero-trust features to look for include:

  • Multi-factor authentication
  • Distinct file and folder permissions
  • Contextual authentication
  • Verification of permissions for file changes

Backup Redundancy

If you back up to a USB drive or CD, you have one copy of those files. If something happens to that copy, you could experience data loss.

Cloud backup providers should have backup redundancy in place. This means that the server holding your data mirrors that data to another server. This prevents data loss in the case of a server crash, natural disaster, or cyberattack.

Air Gapping for More Sensitive Data

Air gapping is a system that keeps a copy of your data offline or separated in another way. This would entail making a second backup copy of your data. Then, putting it on another server. A server disconnected from external sources. 

This is a feature that you may want to seek out if you deal with highly sensitive data. It helps to ensure that you have at least one other copy of your backup. A copy walled off from common internet-based attacks. 

Need Help With Secure Backup & Data Protection Solutions?

Have you updated your backup process for today’s threats? Give us a call today to schedule a chat about data backup and protection. 

Article used with permission from The Technology Press. 

How Using the SLAM Method Can Improve Phishing Detection

Posted on | by J Ellis | Leave a Comment on How Using the SLAM Method Can Improve Phishing Detection
email phishing

There is a reason why phishing is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email. 

Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example. 

If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords. 

In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher. 

Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they’ve learned, and cybersecurity suffers as a result. 

Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing identification 

What is the SLAM Method for Phishing Identification? 

One of the mnemonic devices known to help people remember information is the use of an acronym. SLAM is an acronym for four key areas of an email message to check before trusting it. 

These are: 

S = Sender 

L = Links 

A = Attachments 

M = Message text 

By giving people the term “SLAM” to use, it’s quicker for them to check suspicious email. This device helps them avoid missing something important. All they need to do use the cues in the acronym. 

Check the Sender

It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing. 

In this phishing email below, the email address domain is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you, by putting the real company’s URL inside their fake one. 

You can see that the email is very convincing. It has likely fooled many people into divulging their personal details. People applying for a credit card provide a Social Security Number, income, and more. 

Doing a quick search on the email address, quickly reveals it to be a scam. And a trap used in both email and SMS phishing attacks.  

It only takes a few seconds to type an email address into Google. This allows you to see if any scam warnings come up indicating a phishing email.  

 

Hover Over Links Without Clicking

Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t contain any dangerous code. Instead, it links to a site that does. 

Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam. 

 

When looking at email on a mobile device, it can be trickier to see the URL without clicking on it. There is no mouse like there is with a PC.  In this case, it’s best not to click the URL at all. Instead go to the purported site to check the validity of the message. 

Never Open Unexpected or Strange File Attachments

File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar word document and open it without thinking. 

It’s getting harder to know what file formats to avoid opening. Cybercriminals have become savvier about infecting all types of documents with malware. There have even been PDFs with malware embedded.  

Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening. 

Read the Message Carefully

We’ve gotten great at scanning through text as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake. 

Look at the phishing example posted above in the “Links” section. There is a small error in grammar in the second sentence. Did you spot it? 

It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate 

Get Help Combatting Phishing Attacks

Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs. 

 

Article used with permission from The Technology Press.  

The Critical Importance of Virtualized Infrastructure Security (And 4 Ways to Enhance It)

Posted on | by J Ellis | Leave a Comment on The Critical Importance of Virtualized Infrastructure Security (And 4 Ways to Enhance It)
Virtualized Infrastructure Security

A torn-down virtual infrastructure creates risks for any business. And it can have a significant impact on how quickly you can retrieve your data and resume operations following an attack.  

These days, many businesses use virtualized infrastructure for more straightforward data storage. It’s because this approach is superior to physical solutions due to enhanced flexibility, straightforward provisioning, and affordable pricing.  

However, this model also requires a comprehensive approach to security.  

There’s a much greater risk of data loss, as many tools and practices for physical data protection are nearly useless in the virtual setting. Virtual threats are different, that’s why you need to think beyond traditional perimeter protection.  

So, if you’re using a virtualized infrastructure for data storage, keep reading.  

This article discusses the risks of improper virtualized infrastructure security and talks about ways you can improve it.  

DON’T LEAVE YOUR VIRTUALIZED INFRASTRUCTURE TO CHANCE

Virtualization security is crucial for every business’s security strategy. After all, we now live in a world of virtualized environments and need to apply security to all its layers.  

Let’s explore three of the most common virtualization security issues. 

ISSUE #1. EXTERNAL ATTACKS

These are a real threat to virtualized infrastructure.  

If hackers enter your host-level or server management software, they can easily access other crucial parts of your system. They can create a new user, assign admin rights, and then use that power to extract or destroy your company’s sensitive data.  

ISSUE #2. FILE SHARING AND COPY-PASTING

Host and virtual machine (VM) sharing is normally disabled. The same goes for copy-pasting elements between the remote management console and the VM. You can tweak the default settings by tweaking the ESXi host system, but this action isn’t recommended.  

Why? 

Because if a hacker gains access to your management console, they’d be able to copy data outside your virtual environment or install malware into your virtual machine. 

ISSUE #3. VIRUSES

Virtual machines, or VM, are prone to many attacks, with ransomware being among the most popular ones. For this reason, it’s crucial to keep regular backups of your website data and store them off-site at a place where they can’t be encrypted by hackers.  

If you fail to perform backups, you may find yourself in a situation where hackers could ask you for money to decipher your data.  

Restoring a VM is quite tricky even if you perform regular backups. Therefore, you need to educate your team members on alleviating the risk of getting ransomware and other viruses. 

Optimizing Your Virtualized Infrastructure Security 

Now that you’re aware of the 3 common issues a business can face if they have an unprotected virtual infrastructure, here are 4 tips on bolstering its security. 

TIP #1. MANAGING VIRTUAL SPRAWL

Virtual sprawls are often associated with growing virtual environments. The concept simply means that the more you expand, the bigger the need to keep your VMs secure. However, the number of machines can outgrow your ability to do so.  

To manage your virtual sprawl, consider doing the following: 

  • Create an inventory of all your machines at all times 
  • Set up lookouts featuring multi-location monitoring 
  • Monitor IP addresses that have access to your VMs 
  • Look for table locks 
  • Don’t use database grant statements to give privileges to other users 
  • Keep both on- and off-site backups 
  • Assess your virtual environment regularly and determine which machines you need and which ones aren’t necessary 
  • Have a central log of your systems and log all hardware actions 
  • Create a patch maintenance schedule for all machines to keep them up to date 

TIP #2. FOCUSING ON VIRTUAL CONFIGURATION SETUP

If you use virtual servers, you risk major configuration defects.  

That’s why it’s essential to make sure initial setups are free from security risks. This includes unnecessary ports, useless services, and similar vulnerabilities. Otherwise, all your virtual machines will inherit the same problems.  

The truth is that many businesses have poor virtual network configurations. You can avoid being one of those by ensuring all virtual applications that call the host (and vice versa) have proper segmentation. This includes databases and all web services.  

It’s also worth mentioning that most virtualization platforms only offer three switch security settings: forged transmits, MAC address changes, and promiscuous mode. There’s no protection for virtual systems that connect to other network areas.  

So, make sure to investigate each virtualization platform that allows this kind of communication, including all memory leaks, copy-paste functions, and device drivers. You can also tweak the system monitoring assets to look out for these pathways.  

TIP #3. SECURING ALL PARTS OF THE INFRASTRUCTURE

It’s imperative that you properly secure all of your infrastructure’s parts. This includes its physical components (switches, hosts, physical storage, routers) and virtual and guest systems. Don’t forget about all your cloud systems as well.  

When it comes to protecting different infrastructure parts, here are some things you can do: 

  • Install the latest firmware for your hosts. Virtualized infrastructure needs to have the latest security patches. So, keep all your VMware tools updated.  
  • Your active network elements such as routers, switches, and load balancers should use the latest firmware. 
  • Patch all operating systems with automatic updates. Schedule patch installations outside of your work hours and include automatic reboots.  
  • All virtualized environments should have reliable anti-malware and antivirus software installed (and regularly updated).  

TIP #4. HAVING A ROBUST BACKUP PLAN

Proper disaster recovery (DR) and backup plans are crucial in ensuring your business can continue operating after an attack. It’s because both your physical and virtual components can equally suffer from damage done by hacker attacks, hurricanes, etc.  

Ideally, you want to have a DR site located at a faraway data center or in the cloud. This way, you’ll alleviate the risk of being shut for a long time if your vital data gets compromised.  

Also, make sure to back up your VMs and your physical servers. Fortunately, you can back up your physical systems that operate on Windows or Linux, as well as your VMs that run on any OS.  

Additionally, you want to make at least three copies of your data and store two of them in different virtual places. And make sure to keep one backup off-site.  

If you want to take things to another level, you can replicate your VMs to a different data center for emergencies.  

PRIORITIZE THE SECURITY OF YOUR VIRTUAL INFRASTRUCTURE

If you never gave much importance to virtualized infrastructure security, doing so should be your priority now. Given the number of possible threats, protecting your VMs from unauthorized data sharing, viruses, and other types of attacks is crucial.  

All aspects of your physical and virtual components need to be protected to avoid issues. If this topic is all Greek to you, you’re not alone. The reality is that many business owners have struggled with the same problem.  

However, you can reach out to us for a 10-15-minute chat where we can discuss how you can bring the security of your virtualized infrastructure to the next level.  

 

Article used with permission from The Technology Press.