Categories
IT Security IT Solutions Managed IT Services

Remote Workers, Data Breaches, and Third-Party Vendors

A recent research study shows that there is a large concentration of risk to organizations when it comes to remote workers, data breaches, and third-party vendors.

This is spread across multiple verticals including supply chains, construction, professional services, manufacturing, and much more. While organizations are increasing their IT budgets to address cyber security, the critical question for management is where the funds should be directed to make a tangible impact to help close the gaps in visibility, strategy, and monitoring.

 

  • 93 percent of businesses experience breaches caused by third-party vendors
  • 97 percent of organizations report negative impacted by a cybersecurity breach
  • 93 percent of businesses have suffered a direct cybersecurity breach
  • 37 percent of organizations have seen a yearly increase in third-party cyber risk.
  • 13 percent of businesses report third-party cyber risk as not a priority
  • 31 percent of organizations report that supply chain and third-party cyber risk was not a concern
  • 91 percent of businesses report an increase for cyber risk management
  • 38 percent of organizations stated that they have no way of knowing of a third-party’s cybersecurity position
  • 55 percent of healthcare organizations shows the highest rate of third-party cyber risk awareness
  • 55 percent of organizations stated that identifying cyber risk is a key priority
  • 29 percent of businesses report six to ten data breaches in the last 12 months
  • 89 percent of healthcare organizations report that remote working has added extra risk to their infrastructure
  • 29 percent of business leaders report remote working as no impact to their infrastructure risk.

Cyber security experts agree that even though they are seeing a rise in awareness around the issue, breaches and the resulting negative impact are still high.  Organizations need to be more strategic in cyber security.

What about the remote workers?

According to new research by a data center specialist firm, remote working poses an increased cyber risk for organizations.

Many IT departments or tech savvy employees now work remotely as a result of changes brought about by COVID.  They have reported that 77 percent of business owners consider remote working a cyber security risk.

A survey of 1,000 small and medium-sized businesses showed that 66 percent are struggling to monitor their infrastructure. Another 25 percent leave their IT infrastructure completely unmonitored therefore raising their cyber security risk leaving them a large target to becoming a future victim of a cyber-attack.

Organizations and management need to understand that data may not be included on a balance sheet but it is one of the most valuable assets that cannot be replaced like office equipment, computer, laptops, and servers.

As a result of the research study, remote working increases cyber risks for organizations as they leave their infrastructure unmonitored.  This poses a significant risk of sensitive data that may be exposed, encrypted, third-party, and ransomware attacks.

Organization data and IT infrastructure should be treated as any other asset, and proactively protected. If an organization is unable to secure their infrastructure due to remote working or a lack of IT expertise, they must hire a managed IT services provider to do it for them, or run the risk of having their data compromised in the future.

365 iT SOLUTIONS  is federally certified by the Canadian federal government under the CyberSecure Canada program.

Let our complimentary data breach scan investigate if your credentials have been compromised by hackers.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto that offers Managed IT ServicesTech Support Services, Cloud Services, Managed Security ServicesIT Support ServicesIT Outsourcing ServicesBusiness continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.

We Make IT Simple!

Categories
IT Security IT Solutions Managed IT Services

What Happens To Your Information When There Is a Data Breach

Everyone has become accustomed to it by now but what happens to your information when there is a data breach?

In June 2020, Facebook lost user data and it suddenly popped up for sale online in a dark web forum. By April 2021, the massive data set of 500+ million Facebook profiles became free for download for everyone.  After the cyber criminals cashed in, the hackers give away the data to boost their egos and popularity.

This giant data breach affected up to 20% of Facebook’s users.  The leaked data included user mobile phone number, Facebook ID, name, gender, location, relationship status, occupation/employer, date of birth and email addresses.

Free information like that is hard to come by. Therefore, big data security becomes even more important.

Is a Data Breach Affecting Me?

It is easy to check a user to see if their email has been compromised.  You can go to Have I been Pwned , and discover if your email address was compromised.

After a data breach, what happens to data?

A fascinating recent published cyber security report earlier this year provided an inside look at where stolen data ends up.  A file-sharing site on the dark web posted credentials anonymously.

Tracking data was done by cyber security researchers. When anyone opened the document, a hidden watermark could be seen. This watermark revealed geolocation, IP address, device type, and access information, and IP address.

Five countries on three continents were reached by the fake data breach in just a few days with more than 200 views. Over the course of less than two weeks, the video was viewed 1,081 times in 22 countries across five continents.

There are two groups of visitors to the website based on their frequency of viewing. One cybercrime syndicate is based in Nigeria, and the other is based out of Russia.

There are many online marketplaces, including those that operate above-board, that are as organized as the dark web. They are also carefully commoditized by faceless criminals.

Selling and trading information is a highly professional activity.  To profit from a data breach, dark web customers require reliable transactions.  Certain brokers even promise buyers satisfaction.  The data dealers may offer to send another set of card data free of charge if the buyer of stolen credit card data is unable to make a purchase.

Data breach information will be gathered from a variety of sources by sophisticated cyber-criminal sellers.  A provider may send them an email while another may send them credit card information.  Another separate cyber-criminal vendor can provide information such as date of birth, social security number, and address.  As a final step in synthetic identity theft, cyber-attackers can generate profiles about people from stolen medical data.

How Much Does Stolen Data Cost?

If you browse the dark web for stolen data for sale, you might see some prices like this (2021 data according to Privacy Affairs):

  • Credit Card Data Cloned Mastercard with PIN – $25
  • Credit Card Data Cloned American Express with PIN – $35
  • Credit Card Data Cloned VISA with PIN – $25
  • Credit Card Details with account balance up to $1,000 – $150
  • Credit card details, account balance up to $5,000 – $240
  • Stolen PayPal account details, minimum $100 – $30
  • Stolen PayPal account details, minimum $1,000 – $120
  • Coinbase verified account – $610
  • USA verified LocalBitcoins account – $350
  • Social Media Facebook account – $65
  • Social Media Instagram account – $45
  • Social Media Twitter account – $35

Cyber criminals selling stolen personal data is not uncommon on the dark web. They have hundreds of positive reviews and over 1,000 sales. Hundreds of cyber-criminal vendors participate in such activities.

Motives Behind Threat Actors Dictates Where Data Ends Up

Financially motivated data breaches are more common than espionage breaches according to Verizon Data Breach Investigation Reports.  Hacker threat actors typically demand a ransom for the data or sell it on the dark web to make money.

What Happens to Stolen Documents?

When there is a data breach, documents that are mostly hard-drive images converted into common compressed file formats that could be downloaded from file-sharing sites. The data can be packaged as spreadsheets or was run through memory-intensive searches that are very difficult to comprehend.

Corporations or any other organization who experiences a data breach like this have learned a very hard lesson. Your data may still end up on the internet even if you pay the ransom.

What Should You Do About Ransomware?

When there is a data breach and you consider the cyber-attacker’s perspective, collecting ransoms and selling the data is the most profitable scheme.  Data exfiltration after paying a ransom has become more frequent in recent years. Legal police authorities, government agencies, and large corporations like IBM advise against paying ransomware ransoms as there is no guarantee that the cyber criminals will provide the decryption code.

If you pay the ransom and receive the decryption key, you will have to decrypt the files manually. Each needs to be decrypted separately, which can be time-consuming and difficult.  Although decryption keys are available, recovery efforts may be just as complex and challenging as reimaging machines. The cost of paying the ransom may end up being as high as not paying it at all.

365 iT SOLUTIONS  is federally certified by the Canadian federal government under the CyberSecure Canada program.

Let our complimentary data breach scan investigate if your credentials have been compromised by hackers.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto that offers Managed IT ServicesTech Support Services, Cloud Services, Managed Security ServicesIT Support ServicesIT Outsourcing ServicesBusiness continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.

We Make IT Simple!

Categories
IT Security IT Solutions Managed IT Services

Your Company is Going to Be the Victim of a Ransomware Attack

The reality is that your company is going to be the victim of a ransomware attack based on statistics and the increasing cyber attacks making the headlines.

There seems to be a report of a new ransomware attack every day. Non-profits, charities, and businesses have been cyber attacked and victim of a ransomware attack.  There has been a significantly large amount of disruption caused by the cyber-attacks, affecting governments, businesses, and individuals worldwide.

Ransomware is a top security priority for most businesses, and they devote a great deal of time and energy to preventing attacks or from becoming a victim of a ransomware attack.  Cyber-attacks are not decreasing, they are increasing at an alarming rate. The reason for this is partly due to the advantages held by bad cyber-criminal actors and substantial financial incentives for them to continue cyber attacking.

This is also due to the constant change in cyber-attack vectors, making defense more difficult for organizations. There is no single tool that can defend against phishing, hijacked websites, infected supply chains, and disgruntled employees.  Cyber criminals are constantly changing their tactics faster than new defensive tools can be developed.

Instead of organizations trying to merely prevent cyber-attacks, they should focus more on how they will respond when one occurs.

There are three components to preparing for attacks: training, technology, and risk management.

Create a Plan

By combining proactive training, latest technology, and risk management, an organization can stay ahead of cyber threats.  If an organization does not have a good plan for coping with ransomware or any other cyber-attack, they will not know who is responsible for what when it occurs.

It may not be possible to recover from a ransomware attack quickly however if your organization has a plan and make sure everyone in your organization knows their part, their time offline can be reduced drastically.  It is impossible to know how effective and efficient a plan is without testing it.  If a cyber security disaster strikes your organization, you don’t want to learn the hard way.

Build resilience into your plan

Even a well-practiced plan will not work if it states something like we need to manually re-image every machine our employees use at home, and no one will be able to use it until it is finished. The latest technology tools will be critical in the recovery process.

The latest technology tools will allow remote actions on your endpoints that will enable you to remove the cyber-attacks as well as restore the applications and data.  The most important attribute of those tools is that they are resilient. Not necessarily resistant, but resilient. Resilience is about the ability to bound back up when knocked down.

When dealing with cyber-attacks, the most reliable and effective way to remove malware is to reinstall the operating system and start from scratch.  Many of the latest technology tools out there will automatically reinstall themselves after the entire disk has been wiped.  If your organization has installed tools like this in advance, you can install, and restore if you are ever faced with a crippling cyber-attack.

Managing risk through recovery

Risk management is the final component of the equation and just as important. The critical factor is that it must be done in advance. Having planned for a cyber-attack forces organizations to think about how to minimize the risk an organization faces when one of their machines is breached.

Zero-trust architecture is based on this premise. Machines, services, and networks cannot be implicitly trusted because they will all be compromised eventually.  A strategy to minimize the likelihood that an infection on one machine will cause a problem on another.

Don’t let yourself become the next victim of a ransomware attack. Know your key risks. Minimize risk by making strategic decisions. Educate your team. Plan ahead. Don’t be a victim of a ransomware attack.

365 iT SOLUTIONS  is federally certified by the Canadian federal government under the CyberSecure Canada program.

Let our complimentary data breach scan investigate if your credentials have been compromised by hackers.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto that offers Managed IT ServicesTech Support Services, Cloud Services, Managed Security ServicesIT Support ServicesIT Outsourcing ServicesBusiness continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.

We Make IT Simple!

 

 

Categories
IT Security IT Solutions Managed IT Services

How Insider Threats Can Cause Big Data Breaches

Cyber security criminals and hackers pose a large risk however how insider threats can cause big data breaches should be an important consideration for organizations.

Some of the largest cyber security risks come from within and organization. These cyber security incidents tend to involve not just personally identifiable information (PII), but some of the most sensitive data an organization produces and handles including secret recipes, sensitive financial information, patents, and mission-critical infrastructure.

Here is a list of some of the most recent examples of how insider threats can cause big data breaches.

Manufacturing: GE

Type of Incident: IP theft, fraud

Incident Date: 2011-2012

Publicly Disclosed: 2019

The FBI disclosed that a pair of former GE employees had stolen intellectual property and trade secrets. The GE performance engineer committed the initial theft back in 2011 while supporting a customer operations of highly complex turbines manufactured by the firm.

Using their existing network account privileges, the GE employee not only downloaded GE trade secrets about how to run those turbines but they also convinced an employee in the IT department to grant them access to documents about cost models, proposals, and contracts related to that performance consulting.

The former GE employee saw an opportunity to undercut GE and ran the company for years while the FBI investigated the data theft.  The FBI subpoenaed emails and cloud storage accounts including searching a laptop from the employee they found on a layover in the US.

Telecom: AT&T

Type of Incident: Bribery-fueled malware installation, $200 million fraud

Incident Date: 2012-2017

Publicly Disclosed: 2019

An internal AT&T employee caused insider threats with access to the organizations IT infrastructure systems was bribed as part of a organized criminal operation to unlock pricey iPhones for use outside the AT&T network. It appears that among the bad guys’ tactics was the payment of call center employees to install malware on AT&T systems so that they could gain access and eventually compromise the company’s infrastructure with automated unlocking of iPhones.  AT&T suffered a $200 million loss in subscriptions across 2 million unlocked phones as part of the cyber phone scheme. The US District Courts sentenced the employee to 12 years in prison for the crime.

Financial: Capital One

Type of Incident: Breach of 100 million credit card applications and accounts

Incident Date: 2019

Publicly Disclosed: 2019

A former software engineer for Amazon Web Services (AWS) was accused of causing a massive breach at Capital One that was a client of Amazon Web Services (AWS).  The former employee abused their knowledge of the cloud deployments of client.  The US Department of Justice charged the former employee with computer fraud, abuse and access to the device.  The fraud in connection with the 2019 incident in which the former employee allegedly exploited Capital One’s misconfigured firewalls to extract privileged account credentials and steal 100 million credit card applications and account holders’ information.

Technology: Vertafore

Type of Incident: Exposure of 27.7 million PII records

Incident Date: 2020

Publicly Disclosed: 2020

When Vertafore inadvertently stored data files on an unsecured external storage service, it exposed sensitive information for over 27.7 million Texas drivers.  The organization created features for its software based on driver’s license information.  The data and files contained information from millions of license holders.  The organization exposed itself to human error in the age of the cloud.  Storage errors have posed a risk to organizations like this for many years. Vertafore still had to deal with the expense of breach response despite not having financial information or Social Security numbers. A class action lawsuit is potentially pending as a result of the cyber security incident.

Technology: Amazon

Type of Incident: Insider trading aided by access to confidential information

Incident Date: 2016-2018

Publicly Disclosed: 2020

A former employee at Amazon had her family profit through insider trading by using the access she had to financial information for the preparation of quarterly statements according to senior management in Amazon’s tax department. The US Attorney’s Office, stated the former employee provided her husband with information about Amazon’s revenues and earnings.  He then used to it to make illegal stock and options trades ahead of 11 straight earnings announcements. A plea agreement that was finalized this summer resulted in the former employee sentenced to 26 months in prison and a fine of over $2.6 million.  The family profited $1.4 million in the process.

365 iT SOLUTIONS  is federally certified by the Canadian federal government under the CyberSecure Canada program.

Let our complimentary data breach scan investigate if your credentials have been compromised by hackers.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto that offers Managed IT ServicesTech Support Services, Cloud Services, Managed Security ServicesIT Support ServicesIT Outsourcing ServicesBusiness continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.

We Make IT Simple!