Human error is a threat actor’s best friend, but comprehensive security training can go a long way to reducing the likelihood of a data breach.
Human-related error continues to be the primary cause of successful cloud breaches, and if you think you’re too small to be a target, think again. Small businesses are more likely to experience a data breach incident.
But there are things you can do improve your security posture, and training your employees should be at the top of the list.
Keep training short and focused: The challenge with security training is it’s another task on an employee’s to do list – the trick is to make it short and relevant – rather doing occasional, long sessions, consider doing more frequent, focused security awareness training. Everyone in your company is busy, including your IT staff.
Simulate common threat scenarios: A “micro learning” approach should include simulations of common social engineering attacks such as phishing, which commonly come in form of slick looking emails, but are increasingly phony voice mails created by artificial intelligence (AI) voice generators. These short sprints of security training will help employees learn to recognize and respond to phishing attempts.
Remind your remote workers: Remote work continues to be the norm, which is why it’s critical employees know to secure their devices and information while working from home or on the road – remote workers are a preferred target of hackers and a significant attack surface along with other network endpoints. Security training for remote workers keeps them from becoming complacent and goes hand in hand with mandatory VPNs for accessing sensitive data from beyond the company firewall.
Simplify password management: Passwords are important no matter where employees are working but consider streamlining their management – cumbersome password policies will prompt employees to take shortcuts by reusing the same simple passwords and keeping them handy on a post-it note pasted to their workstation. Having a frequent yet short refresher on password creation will go a long way to safeguarding employee credentials, as will reminding employees to lock their screens when they step away from their workstation.
Security training doesn’t have to be an overwhelming task – breaking it down into smaller sessions can make it more manageable and more effective.
- March 14, 2024
- Catagory Data Protection
Protect Your Backups from Ransomware Infections
Your backups are not immune to ransomware – infected data can be replicated, so it’s important to configure your data protection so that mission critical information isn’t corrupted and clean copies can be easily restored.
Ransomware is sneaky, and it’s cross-platform. It can sit in in your backups – whether it’s an email, PDF, or Zip file, among many others – waiting to go off. And ransomware attacks don’t discriminate, either. Small and medium-sized organizations are just as viable a target for threat actors as large enterprises.
Ransomware starts with one computer, encrypting some or all its valuable data, but it can easily spread across the network, making all users susceptible and all systems potentially unusable. If ransomware corrupts a critical database, it can cripple your organization, which is why you must protect all your backups.
Preventing dangerous duplicates
If your backups are infected by ransomware, they are no more useful than your primary data – your restoration will just ignite a reinfection.
Protecting your backups from ransomware always starts by preventing users from downloading dangerous files that are riddle with malware, viruses, and ransomware. If a nefarious file does get through due to clever phishing and human error, you must make sure infections can’t be transmitted across your network through file sharing and syncing.
Most of all, you must prevent ransomware from accessing your backups at all costs. Although it’s impossible to fully protect your backups from threats, including ransomware, applying the right rules and leveraging smart software can minimize the likelihood of your backups getting infected.
Follow tried-and-true backup rules
The well-established 3-2-1 rule for backups continues be a good strategy for preventing ransomware infection of replicated files – you should have your original copy of a file, a duplicate that is stored on-site on a different medium, and a copy that is stored off-site. It is recommended that your on-site copy be stored on removeable media, such as tape.
Each of your backups requires a different approach – if you use tape, you should do a full backup rather than a differential or incremental backup. Your onsite tapes should be stored in a secure, fireproof location.
Using versioning for your backups can also prevent ransomware from infected all copies of your data – it saves a new version of the file as backup rather than wiping out the previous backup so you can return to an uninfected iteration, allowing you to easily roll back to a clean copy.
Roll backs are where software tools can help prevent your backups from being infected with ransomware as they can help manage versioning. However, your strategy is just as important as the tools. If you do a complete backup to on-site tape daily outside of office hours, you can back up the most current version. Even if ransomware hits the next day when users are likely to trigger it, you only lose that day.
Once the full backup is restored, you can review the offsite incremental backups done throughout the day to restore specific files with the latest and greatest versions.
Another strategy is to distribute your backups – by having separate backup systems for different types of data you can reduce the likelihood of ransomware spreading between them.
User endpoints are ransomware’s first target
No matter your backup strategy, protecting your endpoints is always your first line of defence when combatting ransomware. Endpoint data protection combined with employee cybersecurity awareness and training will contain ransomware within the first infected machine, reducing the likelihood of it infecting your backups.
- February 29, 2024
- Catagory hardware
Old Routers, Email Impersonators Raise Security Stakes for SMBs
The security stakes for SMBs are high enough already as smaller organizations must grapple with the same threat as large enterprises, including ransomware and malware that’s been augmented by artificial intelligence (AI).
These innovative threats can distract from the reality that other mundane vectors remain a serious threat to SMB security.
It may be working fine, but it’s not secure
On the hardware front, SMBs need to be wary of threat actors targeting old routers. Earlier this month, CRN reported that nation-state hackers from China were linked to an attack that compromised hundreds of small business and home routers. Just because you’re a small business, doesn’t mean you won’t be eyed by international hackers.
One of the reasons SMBs are considered worthwhile targets are because they’re often part of a broader supply chain connected to critical infrastructure. Compromised routers can be used together to form a botnet – such a malware-infected device can become a launchpad to attack other organizations.
What all these routers tend to have in common is that they are end-of-life (EOL) products – they may still be working fine but are no longer being supported by the vendor with firmware and security updates. Since it costs money to replace aging hardware, companies often continue to use old, unsupported routers which not only lack needed updates, but weren’t designed with the smarts to combat the latest security threats.
The CRN article notes that bad actors view SMBs as nothing more than an IP address, so as a supplier organization providing others that provide critical infrastructure, smaller firms can be high priority target.
Check your email carefully
Email has long been an attack surface for businesses of all sizes, but SMBs should be aware of hackers hijacking mailing lists of other business, including those of their email service provider.
A recent example reported by TechRadar involves provider SendGrid, which was exploited by attackers to access client mailing lists to send tailored, authentic looking emails asking recipients to activate multi-factor authentication (MFA) via a link in the email. Unsuspecting users who clicked on the link were sent to fake login landing page that harvested their credentials.
Making sure you use a reliable, reputable email service provider isn’t enough to protect your business communications infrastructure from bad actors, who are getting smarter all the time and better at mimicking real organizations.
What you can do
SMBs need to take equipment upgrades seriously – just because a router still works, doesn’t mean it is secure, so have a process in place to regularly review endpoints to verify they are still supported by vendors with updates.
As long as there’s email, there’s going to be email phishing scams, so it’s important to maintain cybersecurity training so that employees can spot phishing attempts, no matter how sophisticated.
If you’re an SMB that is struggling to keep on top of all the cybersecurity threats in a dynamic digital landscape, consider turning to a managed services provide who can help evaluate your hardware and support cybersecurity training for your team.
- February 15, 2024
- Catagory Security
Are you ready to respond to an inevitable security breach?
Prevention is worth a pound of cure, but when a security breach is inevitable, preparation is just as valuable. A thorough assessment guides your deployment of data protection tools and sets up you up for an effective response that mitigates any impact to your business.
Threat actors are now trying to break down your proverbial door on a regular basis – an attempted security breach is not no longer an unusual, occasional occurrence. Rather than solely focusing on preventing a breach completely, your security strategy should also look at how you can minimize the impact of an incident quickly and effectively.
If you want to bolster your security and build resilience against today’s bad actors, you need a three-pronged approach that assesses, protects, and responds.
Assess your strengths and weaknesses
If you want to thwart any attack you must start where you are. With the help of a managed services provider, you should scan your network, conduct penetration testing, and establish clear IT policies. These essential steps will help you form the foundation of your security strategy so you can protect data and respond to the inevitable attack.
Protect your critical assets
Your assessment will help you prioritize what data needs to be protected – not everything you store is mission critical – and allow you to strike a balance between protection and productivity to ward against viruses, malware, ransomware, insider threats and human error.
Protecting your sensitive data from threat actors who want to sell it or cripple your business operations requires cloud-based Next-Generation Antivirus technology that combines behavioral detection, artificial intelligence, and machine learning algorithms to anticipate and prevents threats. Your firewall provides an essential layer of protection for your network and your endpoints.
Your data protection strategy also provides redundancy – because it’s not a matter of if you but when you experience a data breach or disruption to your operations. Having redundancy, including cloud backups, enables you to quickly restore mission critical data and applications in the event of any incident.
Automate, respond, and mitigate
Your security team can’t keep up with every alert – you need to automate your security if you are to proactively protect your network infrastructure across every endpoint.
Technology such as extended detection and response (XDR) collects threat data from your data protection to provide you with actionable, enriched threat intelligence to help your security teams prioritize, hunt, and eliminate threats quickly and efficiently. A vulnerability management platform, meanwhile, provides complete visibility and automatically discovers your assets as they come online.
Your security response to constant attacks by bad actors is made possible by your initial assessment and the data protection tools you put in place – they set you to effectively respond to any attack, quickly and decisively.
- January 30, 2024
- Catagory privacy
Are you Ready for Major Privacy Legislation Changes?
The Canadian federal government is getting close to passing updated privacy legislation that will impact how you govern the personal information you are storing as well as address the impacts of artificial intelligence (AI).
These changes began more than a year ago and are expected to pass this year or in early 2025, including new privacy legislation that will make significant changes to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Three Key Acts
Bill C-27 lays out a new statutory framework governing personal information practices in the private sector, and includes three new statutes:
Consumer Privacy Protection Act (CPPA): If Bill C-27 passes, this act would repeal and replace the private sector personal information protection framework in PIPEDA. This new privacy legislation would essentially replace PIPEDA with new requirements governing the protection of personal information.
Personal Information and Data Protection Tribunal Act: Under this act, an administrative tribunal would be established to review certain decisions made by the Privacy Commissioner of Canada and impose penalties for contraventions of the CPPA, which is a substantially enhanced enforcement regime when compared with that of PIPEDA.
Artificial Intelligence and Data Act (AIDA): This act would create a risk-based approach to regulating trade and commerce in AI systems.
CPPA would require that organizations implement a privacy management program that includes policies, practices, and procedures to ensure compliance. The act reinforces express consent for the organization to process personal information, although it does outline exceptions under certain circumstances.
Severe Penalties for Non-Compliance
The fines for not complying with CPPA are hefty – as much as $25 million and the amount corresponding to 5% of gross global revenue for the preceding fiscal year. Law firm Osler advises that organizations could also be subjected to administrative monetary penalties of up to the greater of $10 million and the amount corresponding to 3% of gross global revenue for the preceding fiscal year.
Regional Legislation is Also a Factor
If you’re doing business in Quebec, you must also comply with the Quebec Privacy Act, recently reformed by Bill 64, that includes an enforcement regime with potentially severe financial penalties for contraventions that are similar to CPPA.
Quebec’s legislation also requires organizations to create an internal policy suite to address the lifecycle of personal information they store and process.
Navigating data privacy legislation has become another cost of doing business – organizations are responsible for understanding which rules apply to them when operating across Canada and globally.
The many compliance obligations required by government privacy legislation can seem overwhelming, but a managed services provider can help you maintain the necessary IT infrastructure and best practices to secure and protect customer data.
- January 16, 2024
- Catagory Security
5 Considerations for Successful Security Awareness Training
If you want to bolster your cybersecurity in 2024, providing effective security awareness training is just as important as deploying the right data protection tools.
Before you decide what security awareness training you’re going to do this year, consider getting feedback from your employees as well as aligning your training with the key projects you expect to be doing over the next 12 months.
Evaluate last year’s training
Find out what your employees liked about the security awareness training they have received in the past – both the positive and the negative. Was it engaging? What content did your employees like or dislike? Did like they like in-person workshops? What about online content such as videos? Understanding what works best will help make any future security awareness training more effective and enjoyable, as well as ensuring it’s effective.
How will you communicate?
Leveraging your employees to bolster your cyber security posture isn’t just about the security awareness training you provide, but also how you engage them on a day-to-day basis about any issues, concerns, or incidents. How effective is email for making sure everyone is on the same page? Are you leveraging channels on your collaboration platforms such as Slack and Microsoft Teams? How do you ensure that remote workers are receiving security-related bulletins?
What issues does your security awareness training need to address?
Broadly speaking, it’s easy to identify which challenges and threats your security awareness training must consider, but have you given thought to the specific issues that the executive team and employees are most concerned about? Were there specific threats in the past year such as phishing or ransomware that weren’t handled adequately? How well is your organization securing remote workers?
How should your projects in 2024 shape your training?
Security awareness training should not only apply to routine business operations, but also for major projects, whether it is customer deliverables or your own strategic digital transformation efforts. New endeavors often require access to data as well as the need for new cloud-based applications, all of which have an impact on your security posture. New customers may have security requirements that may require you to implement new processes and policies that your employees must be made aware of.
Getting new employees up to speed
If you’ve already added new staff or plan to scale up your headcount in 2024, you must gear your security awareness training for newcomers. They may come from an organization with less stringent security policies or conversely, they might be able to bring something to the table that enhances both your training and your security policies. No matter what, onboarding new employees should include security awareness training, and it should specifically address how certain roles engage with sensitive data.
Security awareness training works hand in hand with your cybersecurity and data protection tools – your employees are a critical element in securing your organization. If you’re to improve and expand your security awareness training, a managed services provider with a focus on security can help you develop, deliver, and maintain an effective program.
Artificial intelligence (AI) and geopolitical instability will continue to disrupt businesses in 2024 and put pressure on their cybersecurity strategies to keep pace.
AI is an enemy and an ally
The bad news is that threat actors will continue to use AI, including generative AI, to try to steal your data and compromise your IT infrastructure through smarter social engineering. But even as AI-assisted attacks are expected to increase in 2024, security providers are going to leverage AI to improve cybersecurity tools.
More compliance obligations
You can expect the internet to get more regulated which means you will have more obligations as part of your efforts to secure your data. The UK recently passed its Online Safety Law, and Canada is working on similar legislation. This past year the European Union and the Federal Communications Commission both recommended additional data breach reporting requirements to be introduced in 2024.
Quantum encryption is coming
While it’s several years away, quantum computing will likely be able to thwart today’s encryption, so efforts are already underway to counter the threat through hardware-based protection that will require a transformation of existing IT infrastructure.
Beware nations, not just thieves
Nation states will invest in new technology such as AI and quantum computing to create and distribute malicious tools to not only achieve more scale, but also increase deniability. Expect “ransomware-as-a-service” to be expanded to more attack surfaces. The amount of investment necessary exploit these technologies will also see governments look to assist small and medium-sized businesses with their security investments in 2024 – Australia and the U.S. have already begun.
Get ready to fight on the mobile front
Security strategies in 2024 are poised to be mobile-first as mobile apps have become so dominant. Even with Runtime Application Self Protection (RASP), it’s still easy for threat actors to turn mobile apps into weapons to attack backend systems and APIs. The year ahead will require increased adoption of mobile security.
These aren’t the only things organizations need to worry about going into 2024, so tapping into the expertise of a managed service provider with a focus on security should be your top resolution of the new year.
Even if you’re confident in your cybersecurity strategy, it’s not complete if you’re not managing third-party risk.
Good cybersecurity and robust risk management require that you consider the impact of your partners in your supply chain – the risk posed by these third parties is significant. Security questionnaires and third-party risk analysis services are ineffective, and you run the risk of having a data breach involving these third parties.
The problem with using third-party risk analysis services is what many organizations consider to be security posture indicators don’t fully represent their actual security posture. These services draw from information available on the internet, which don’t have much to do with the services the third party in the supply chain offers.
Security questionnaires tend to be somewhat general, and your supplier is unlikely to have much insight into the risk of the software or cloud services they use. The surveys also tend to focus on security technology and their settings without addressing the risk itself.
When managing third-party risk, it is critical that you evaluate each supplier individually because each one will expose you to a different level of risk depending on the product or service they provide. The most important things to do is assess how likely it is the supplier will become unavailable, and if sensitive information will be compromised as a result.
A more detailed approach is to review specific business processes that might be vulnerable and contribute to risk, which requires people on both sides who understand risk management and how it intersects data security. This review should result in a remediation plan that would be implemented in the wake of any incident involving the supplier.
Privacy legislation such as the EU General Data Protection Regulation (GDPR) can provide some inspiration as to what all parties should have in place to ensure an adequate security posture for any service provided.
It’s important that you establish internal processes and assessment criteria so you can comprehensively assess vendors in your supply chain as part of your risk management process. Security metrics to consider include frequency of security incidents when you compare potential vendors, as well as their response time to patch vulnerabilities.
A managed IT service provider knows all about evaluating third-party risk, so consider tapping into their expertise to help shore up risk management so you can protect against security threats that might emerge from the supply chain.
- November 29, 2023
- Catagory Data Protection
How AI and Machine Learning Will Impact Your Cybersecurity in 2024
There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.
Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes. Â
With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.
Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.
Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.
If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.
AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.
There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.
IT teams are tasked with monitoring data from so many sources, there’s risk of information overload without security orchestration, automation, and response (SOAR).
A SOAR platform pulls together software designed to bolster organization’s security posture so your IT team can keep on top of all the data coming in from your various IT systems and threat intelligence platforms.
SOAR is a must-have tool in today’s dynamic digital business landscape – it allows IT teams and security analysts to be more efficient and responsive and reduces the need for human intervention.
ABCs of SOAR
A SOAR platform allows your security team members to prioritize their attention by collecting threat information, automating routine responses, and triaging more complex threats that pose a real danger to the organization.
SOAR software has three core capabilities. It manages threats and vulnerabilities, responds to security incidents, and automates security operations. The goal is to collect as much data as possible and automate as much as possible by leveraging machine learning technology.
The “orchestration” in SOAR coordinates all your security and productivity tools so they can communicate – much like a conductor guides an orchestra of many different musicians. The coordination of firewalls and intrusion detection tools and streamlined security processes allows for a centralized response.
That response is automated wherever possible as to reduce the burden on your IT staff. The final response is also automated as much as possible, although SOAR provides the data necessary for people to intervene when necessary.
SOAR follows the rules
A SOAR platform knows what to do because it’s guided by a playbook which outlines your standardized response processes for security incidents – these standards allow you to prioritize your response to any threat and enables efficient collaboration. It is also integrated with your complementary security tools, including Security Information and Event Management (SIEM).
By using a SOAR platform to automate the ingestion of data and incident response as much as possible, your security team can keep pace with the onslaught threats. By leveraging machine learning, SOAR not only automates your security response, but also improves your readiness because it’s learning from historical data over time to anticipate threats before they happen.
How to start with SOAR
You can’t automate security when you don’t have in place it. If you want to fully benefit from the automation provided by a SOAR platform, you need to have the right security tools, process, and playbook already in place.
A managed service provider with a focus on security can help full flesh out your security operations, including development of workflows and a security playbook, so you can effectively implement a SOAR platform and reap the benefits that come with its automation and response capabilities.
Latest Blogs
FAQ