Author: zafirt

Back To Basics in 2019 – Must Have Cybersecurity Issues

What was different about 2018 that will confound us in 2019?  Is there anything new in 2019 that will cause problems for us?

By ‘us’ I mean businesses trying to keep going with their business lives. I.e. run your business, try to make profits, grow product lines or services.

None of us are in tune with new technologies that can be used to upend  our current world that we live in until it is too late and we have to play catch -up. In 2007 how many people actually went and bought a smartphone before it was obvious everyone was going to get one?

This next picture is of an IBM Quantum computer as written about in Wired UK among others:

If you have not heard your computers and phones are built on an old architecture(from the 50’s and 60’s) The quantum computer is a new architecture much faster the current binary machines.

What can possibly be created with a quantum computer?

  1. Unbreakable encryption for one.
  2. Artificial Intelligence and Machine learning (similar yet different)
  3. Molecular Modeling and other sophisticated modeling
  4. Optimization programs
  5. Financial Modeling
  6. Sophisticated new attacks on hardened targets

My point is not that a new Armageddon is coming, it may be but most important is that new days may bring new challenges, and you have to be ready to take them on.

Most important you must take a little time to review new technologies and techniques to see if these methods can create security headaches for your organization.

Practically though the place where we all will get hit is regulations. As more high profile cyber attacks make inroads in organizations the regulations will make life more difficult(more paperwork).

More paperwork means risk based analysis and scanning / audits of networks and computers.

End result is we need more vigilance even if our computers are in “the cloud”.

In the above AWS youtube video   some common sense:

The first thing any auditor will want to see is your documentation.  What is your documentation? Do you have a security policy? Do your employees read it and sign off on it? I.e. is Cybersecurity at least a little bit important?

We are in the business of Computer Cyber audits to help your business be more secure and thus handle the coming challenges in 2019 wherever they may come (technological or regulatory).

Contact Us to discuss

 

Is Compliance Enough for Your Company?

If you accept credit cards you need PCI compliance

If you have health data then you need HIPAA compliance.

A financial company gets many pieces of compliance which depends on what types of financial instruments you sell. You may need other types of compliance.

Unfortunately PCI compliance does not require a backup of your critical data , so if you have critical data then it is up to your judgement to set up processes to make sure if they are corrupted then can be recovered.

This point of corruption of data to recovery is the single most likely reason for small businesses to fail six months after a major cybersecurity event.

In 2019 your company could be doing business as usual in January, then in February the right attack could cause problems for your company…  if you are not ready for it, six months later you could be out of business.

Which is why we want to highlight it and make sure you understand the inattention that can cause disaster.

We are here to go over your processes to make sure that this type of disaster does not happen. You can make it go away for a few dollars and attention. That is all it takes.

Contact Us to discuss – Three-One-Four-five -zero-four, three,nine, seven, four.  Leave me a message and I will get back to you.

TonyZ

 

 

Unknown Risks – Are you ready for 2019?

Are you ready for new year surprises?

Why is it that 60% of businesses fail after a major Cyber attack?

  1. Spam Email – most attacks come in through well crafted emails (spear phishing)
  2. Social Engineering – An attacker can use 1 and 4 to call you to craft a sneaky method to get on your network.
  3. Darkweb – all information created from 1,2,4, and 5 are here and for sale to other hackers. I.e. a cyber attacker does not need to be an expert at all things, only at 1 and buy the others.
  4. Facebook Hacks – or other social media. Hackers use social media to profile you and then use 1&2 to attack you
  5. IoT (Internet of Things) in House – vulnerabilities are not patched and attacks come into IoT devices
  6. Unknown Zero-Day – unknown sophisticated attack using non-defensible methods(i.e. cannot defend against this)

The following is per Smallbiztrends.com ,  and it looks like that is what it says: 60% of small companies go out of business within 6 months of a cyber attack.

I want to discuss why that is?

Let’s assume our small business is like most small businesses, they are living “paycheck-to-paycheck” in a small biz manner. I.e. there is enough business to make payroll and to do a few things for the business: small changes for new technological improvements(new computer, new phones, website improvements).  But is there enough time and effort to overhaul IT cyberdefense?  Why overhaul when you can make adjustments, since with adjustments we can still stay alive and keep on surviving another year.

What if an unforeseen attack occurs? That we are not ready for? So that means we have to reconstruct our IT information “from scratch”. I.e. from non-electronic sources. In that case a lot of things can go wrong, and if expenses go too high or it takes too long to reconstruct, one can easily see how it might be easier for the small business to go out of business rather than create a huge debt burden. This is why 60% of small business goes out of business with a successful cyber attack.

The attacks coming into your business are no longer from loner hackers or your neighborhood Geek with too much time on his hands… The attackers are sophisticated and in great breadth, which are certainly coming daily  because it is easy to setup thousands and millions of attacks on previously purchased databases with information stolen in years past hacks on the Darkweb. The hacker uses his computer knowledge and this information to craft sneaky spear phishing attacks. Once on the network it could be months before you actually find out what is happening, since he will sell his access to your network to others who are experts at extracting money out of you.

So the hacker goal is to employ a number of experts over time to infiltrate and eventually extract extortion scams out of ransomware schemes…   FBI news and tips for dealing with Ransomware.

New IoT attack examples from Anson McCade’s Twitter feed:

 

So in the future a crafty sneaky attacker could control more than your business servers, but also your fitness devices and more. I.e. Pay the hacker $1000 or else …

 

Contact us to update and overhaul your cyberdefense methods.

Vulnerability Management Fixed!

So that we are all on the same page -Vulnerability Management is when an IT department manages it’s inventory of devices with regard to what vulnerabilities each device could be at risk for.

So if every system you own has a vulnerability, and you have 1000 systems it could get a bit challenging to manage. Consistently updating all systems for all vulnerabilities is a constant job of testing the patch, and updating the production system at a convenient time to the business.

At cvedetails.com you can review all cve’s (Common Vulnerabilities and Exposures)Each piece of software and hardware can have a potential vulnerability. This is much bigger than you think.

Powershell can give you a list of your programs:

Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize

From the “How-To Geek” website:

A sample in this image:

The image above has 38 pieces of software(which is likely not comprehensive).   Technically all of these can have a vulnerability(not including Windows and all of it’s subpieces).

So already you can see that 100 systems with at least 40 or 50 pieces can have 4000 to 5000 software versions that may not be the same versions for your network.

This is why there are 109403 vulnerabilities, since a vulnerability for software ABC v1.0 is different from ABC v2.0.

So if this is such a large difficult beast, how can we tame it? Or even fix it?

Actually it is relatively easy to fix by combining Risk management and vulnerability management.

 

Evaluate all your systems – which system has the most risk and highest impact with failure?

Finding this system should receive most of your focus on testing and updating. And that is just the start, as now the difficult part of figuring what to do with  the other systems, as if you ignore the other systems attackers will come in from that angle.

Contact us to review your systems and set up a risk management matrix for all your systems.

Run Microsoft(Powershell) Software On Linux? More Risk

Did you think it would never happen? Microsoft and Linux are increasing in their ties to each other.

So as we protect systems in our networks, we are increasingly incorporating Linux systems for various reasons, Web servers, specific SQL server database needs  or other reasons (file sharing or other support systems).

A potential threat vector to the Microsoft Windows environment/ network could be the Linux machine. Especially if Microsoft Powershell  commands can be run on a Linux machine. Now you can truly have any machine  that is taken over be the breach entry that takes down your network.

How is this possible (viewing Internet Storm Center posts)? By installing a number of software pieces:

  1. First install Powershell itself
  2. Second install Mono (an open source implementation of Microsoft’s .NET framework)
  3. Install OpenXML
  4. Now you can run Powershell

This is an interesting development as it means that even a Linux machine can be turned into a sophisticated attack machine into your environment.  Of course we knew that as Kali Linux has specific attack tools. But now we are not using attack tools but Microsoft tools running on Linux.

I want to switch directions a little bit and discuss the problems of directing a company:  By stating “Business Decisions” — “External Pressure”  in a Risk Assessment discussion.

The cybersecurity – world of vulnerabilities is in the space of “External Pressure”, but I wanted to create a picture of the whole world of Risk for a company. And the risks are in Supply Chain,cloud, leadership/labor,change in technologies.  When one sees risk for the company in its totality, the new vulnerabilities risk is much smaller in comparison to the others. especially if the other risks are changes in competitors(Amazon) or changes in environment.

It is only when some news event comes into the fore, like a major breach, then it is obvious that Cybersecurity needs to be reviewed periodically.

Of course if one did that in the first place, then one can focus on the market and technology changes.

This is the problem we computer risk professionals wage, as the CEO/CFO are forever working the major problems for the company, and they rarely see cybersecurity as a major threat – due to much more important problems for the company.

Contact Us to discuss how we can let you focus on more important things, let us do some of the Cybersecurity items.