Just as we were posting last month’s article about security, I came across an interesting document developed from actual “playbook” notes from a hacker. As a follow-up to my July security article, I wanted to arm you with more information and insight regarding how cybercriminals think and work.
Today’s Hackers Don’t Believe in the “Big Bang” Theory. Unlike the hackers of yesteryear, whose aim might have been to show off their skills or make a public statement with a highly visible breach, today’s cybercriminals thrive on anonymity. Their goal is to gain entry into your network and insinuate themselves into your systems and, hopefully, those of the vendors and customers that trust your company as a data exchange partner.
One method noted in the “playbook” is to hide malware in system folders and camouflage it to look and behave like system processes. Hackers want your systems to become comfortable with their presence. It’s easier to do more damage, undetected, that way.
76% of breached organizations need someone else―a regulatory body; a customer; their IT vendor―to tell them they have been compromised.
Hackers Don’t Grab, They Leak: Successful hackers know that copying big chunks of your data from one network to another may set off red flags. Emailing it could also be problematic and may be prohibited due to internal security settings.
In his playbook, the hacker notes that most companies do not set their firewalls to block outbound Internet traffic, and that public web traffic can be one of the most effective conduits to achieve what cybercriminals call “exfiltration.” They do this very slowly, essentially leaking data out of the network in small packets that firewall monitoring systems will perceive as normal outbound activity. Increasingly, they disguise these leaks as “secure” transmissions.
More than 25% of all data exfiltrated by attackers is encrypted by the cybercriminals using the company’s own encryption processes.
The playbook is filled with other hair-raising tidbits that I don’t have room to share here. All of them underscore the importance of encouraging recognition within your organization that these attacks can happen very surreptitiously. Executive leadership is often resistant to accept this fact, which is one reason so many companies are penetrated and remain that way for so long.
Network assessments are a great first step to determining if your company could be―or has already been―compromised. The majority of companies we assess―even those with a security solution in place (other than ours, of course) have undetected malware on their systems. To learn more about the playbook and how we can help you defend against it, give me a call.
By Dave Moorman, Founder and President, DynaSis
The increasing number of cyber attacks against governments and large, often multi-national corporations makes for great headlines (and deep concern on the part of these giant entities). Despite the best efforts of expert in-house IT teams, governments and big (often Fortune 500 or even 100) companies continue to have sensitive business and customer data stolen by individuals and organizations with bad intent.
The unsung story behind the headlines is that small and medium-sized businesses are increasingly becoming targets, as well. In its latest Internet Security Threat Report, security software developer Symantec found that 31% of targeted attacks in 2012 were on businesses with fewer than 250 employees.
Why, you may ask, are cybercriminals interested in SMBs? Don't larger firms offer more data to steal, and profits to make? While the answer to this question is certainly yes, the decision-making process for cyber-attacks isn't limited to the profit potential or the size of the data pool.
Think of it this way. You are given the opportunity to scale a 100-foot wall by any means and at the top of it is $500. You can also climb a 10-foot hill and collect $50. While you may take the time to gather climbing gear and attempt to collect that big prize, you're certainly not going to ignore the easy target. The same is true for cybercriminals.
In this analogy, SMBs are the 10-foot hill. Most of them devote less money and resources to Internet security and protection, making them easy prey. Furthermore, today's sophisticated cyber-ploys often don't focus on one company, alone. Some of the most successful attacks have involved compromising machines at less-well-guarded companies and using them as "back-doors," gaining access to larger targets through trusted networks.
In other cases, criminals gain access to smaller businesses and then compromise their blogs or websites. When the target visits them, the attack code downloads to their machine or mobile device in the background. If the target has already marked the site as "trusted," the attack is that much easier to pull off. Web-based attacks increased by one third in 2012; many of them originated from the websites of SMBs. And of course, your data is valuable, as well. While you may not have data on 50,000 customers, if a cyber attacker can use automated routines to compromise 500 SMBs with 100 customers each, they've collected quite a bit of data with very little effort.
Attacks and their behaviors can go undetected for a long time, because they often show up only through slow Internet speeds or poor machine performance. And SMBs often have budgetary restrictions that cause them to ignore these performance issues for weeks, months and even years.
This doesn't mean that any performance issues are the result of a cyber-attack. However, it does point out the need to maintain robust defenses, including an actively managed security program (in-house or third party) that can stay up to date with emerging threats. In addition, network and system assessments (even for firms with security programs in place) can identify current and emerging problems. The final piece of the puzzle is to protect yourself from the inside out (many security "holes" are accidentally opened by employees), but that is a discussion for a different day. Stay tuned, and in the meantime, contact me if you would like to know more.
by Dave Moorman
In January 2013, Internet security firm Kaspersky proclaimed that in 2012, spam hit a five-year low. Specifically, the report stated, “This continual and considerable decrease in spam volumes is unprecedented.”
However, before you and your employees dance in the streets at the thought of less spam, consider this: Kaspersky attributed the reduction, not to a lessening of spam messages, but rather to the success of spam-fighting technologies. In other words, spammers are still plying their nefarious trade, but they are less successful getting through.
Of even greater concern, cybercriminals (with whom spam is now a favorite target) are becoming increasingly malicious and inventive. Kaspersky described the range of subjects used in malicious emails as “impressive.” At DynaSis, we think “alarming” is a better description. For many years, malicious attackers have used tricks such as faked notifications and messages from a variety of legitimate (and fictional) sources such as credit card companies, financial and government organizations, and other trusted entities.
In 2012, criminals expanded their repertoire to include fake messages from airlines, coupon services, travel reservation firms and other leisure-industry firms. Some of these messages look like innocuous reservation confirmations and other routine communications. Others offer too-good-to-be-true “deals.” (Yes, the lure of saving big money continues to take down a lot of folks.)
Like other dangerous spam, these fake emails usually contain malicious attachments or links to malicious sites. Clicking them can do anything from installing a zombie bot that takes over your network to launching a worm that eats your data. And, because it happens inside your defense shields, it may go undetected.
For this reason, it continues to be utterly vital for SMBs to incorporate best-practices IT security management, including strong spam protection, into their overall IT strategy. If you are not absolutely certain your IT infrastructure is a veritable fortress and your email is effectively protected from spam, contact DynaSis for a no-strings-attached consultation.
Don’t count on your employees being savvy enough to outsmart malicious spammers. If they can trick the top management of Fortune 100 firms and global governments, they can dupe anyone.
By Dave Moorman
If you read my blog last week, you know that service-provider hosted cloud environments of all types are more secure than on-premise (in-house) owned and managed infrastructure in nearly every instance. What you may have missed in that blog is that the survey didn’t evaluate on-premise IT environments where a service provider manages its customers’ security needs.
If a cloud-hosted environment isn’t right for you (for any reason) you can significantly mitigate your risk of successful attack or intrusion by using managed security services. For small to medium-sized businesses—especially those with distributed locations where confidential information is being shared across the Internet—the complex, specialized, and rapidly evolving nature of IT security (not to mention the growing focus on regulatory compliance) make it nearly imperative for most SMBs to have some type of managed security solution in place.
“So,” you may be asking, “what does this mean?” Managed security services encompass a wide array of assistance that helps a firm secure the intellectual and business assets that could potentially be acquired by unauthorized individuals (inside or out). Although some firms have created “one-size-fits-most” packages, the best companies will work with their customers to develop a systematic approach to managing the organization’s security needs.
Functions of a managed security service (some of which may already be present in a managed IT services solution, if you have one), may include:
Although organizations are, in the end, legally responsible for defending their networks against security and business risks, offloading the security functions to a service provider lets management focus on core business activities. Using managed security services also makes it easier to certify compliance with the regulatory and privacy requirements that are affecting an increasing number of industries.
Electronic Health Records (EHR) organization TactusMD, Inc. is one of only a few firms that offers its doctor-clients a streamlined, workflow-based solution for creating and retrieving patient data. To allow flexibility of use, the EHRs need to be highly accessible to authorized individuals. Yet, patient privacy acts (HIPPA) and doctors' own beliefs that patient confidentiality is paramount—means TactusMD's cloud solution offering must be extraordinarily stable and secure. When TactusMD sought a new hosting environment, it found the perfect combination of accessibility, security and cost effectiveness with DynaSis.
"From a security and reliability standpoint, we wanted to bring everything into a single datacenter," says TactusMD CEO Dr. Anthony Mari. "I had met Dave (Moorman, DynaSis's President of Managed IT Services) and had heard great things about DynaSis's service organization. They are personal and professionals and that is the way I like to run our company. Dave worked with us to help architect the type of hosting solution we knew we needed to ensure success for our business."
Building Meaningful Patient Health
Even though TactusMD’s software communicates with hospitals and ties into their systems (through a third-party gateway), it is the local community doctors who actually use TactusMD EHR to record, update, access and share patient data. TactusMD’s unique ability to configure workflows for different doctors based upon the way they practice medicine, combined with visually pleasing user interface and health information exchange capability, makes trading and viewing patient data easy enough for any referring/referral doctors to review patient data in a meaningfully way.
"We offer an ambulatory health record system with the ability to trade patient data with larger enterprise medical systems and any other relevant third party healthcare software provider," says Mari. "We can hook directly into the hospital system and trade patient data in real time, adding true life saving capabilities."
TactusMD also enables universal access to patient records for the doctors themselves, via smartphone, tablet, notebook or through the hospital system. This enables TactusMD's doctors to meet the criteria for meaningful use (a component of the American Recovery and Reinvestment Act (ARRA), which provides a financial incentive for healthcare providers that use data in a meaningful way).
Supporting this criteria was a crucial step for TactusMD (the firm, which is still in its early growth phase and is 100% Meaningful Use 2012 Certified), but it made accessibility, security and reliability vital elements of its IT solution. TactusMD can implement an on-premise client-server solution or a SaaS cloud/hosted solution with in-house customer support. Prior to engaging DynaSis, TactusMD’s cloud solution was divided among hosting providers from Chicago, Atlanta and New York.
"I believe sharing data is key and essential in providing quality healthcare in todays market, but you have to have the appropriate security and permissions in place to allow access to third parties. Our client-partners are counting on us to keep the data not only accessible but secure," says Mari.
All-in-One Convenience
Thanks to its breadth of offerings and expertise, DynaSis was able to help TactusMD transition to a fully hosted solution with best-practices security and reliability for medical data. DynaSis hosts TactusMD's cloud infrastructure, its business and client side infrastructure, and its development servers. "Novatefch provides consistency," Mari notes.
"They provide as close to perfect uptime as anyone possibly can," he continues. "And, they are responsive. I like to be able to pick up the phone and get in touch with someone. That is a big deal for me." When speaking to the security aspects of the DynaSis solution, Mari likens it to that of a bank. "We are confident that when you log-in, there is security that will protect your ID and information."
TactusMD is in the process of developing a web-based application, and DynaSis is ensuring the firm has the right foundation as it makes code modifications for that transition. "It’s a matter of attending to the right things," says Mari. "We needed an environment to be stable as we were a developing company and preparing to scale. We started with a few servers and the relationship just grew."
Mari says DynaSis's solution is also the most cost-effective option for TactusMD, both now and as it scales up to being a larger enterprise. "It was the best business decision for us," he says. "Add to that the capital investment; the learning curve; everything would have been twice as expensive, if not more. Besides, who needs the stress of doing it yourself?"
Large corporations aren’t the only businesses who face a threat from hackers. Increasingly, the targets of cyber attacks are small firms:
Unbeknownst to owner Joe Angelastri, cyber thieves planted a software program on the cash registers at his two Chicago-area magazine shops that sent customer credit-card numbers to Russia. MasterCard Inc. demanded an investigation, at Mr. Angelastri's expense, and the whole ordeal left him out about $22,000.
His experience highlights a growing threat to small businesses. Hackers are expanding their sights beyond multinationals to include any business that stores data in electronic form. Small companies, which are making the leap to computerized systems and digital records, have now become hackers' main target.
"Who would want to break into us?" asked Mr. Angelastri, who says the breach cut his annual profit in half. "We're not running a bank."
Whether hackers are stealing information or destroying it, you may be more vulnerable than you would expect. What would happen to your business if, suddenly, days, months or even years of data suddenly disappeared? Spreadsheets, financial history, customer data, employee records, presentations and plans just… gone? A recent study discovered that, of companies experiencing a “major loss” of computer records:
Using best practices developed from over 20 years of experience, DynaSis knows what data to backup and how often. You can choose which data storage option is right for you:
Our storage options can include:
IT systems are vulnerable to spam, viruses, spyware, and even disgruntled employees. Any of these could destroy or syphon data from your network. Therefor it is important to protect both the server and client side of your network. If reducing risk is important to your business, focusing on IT liabilities should be your top priority.
Recently, the public has become aware of massive technology attacks and vulnerabilities. There has been an enormous increase in sensational news stories covering hacking scandals. Hacking groups like LulzSec, who hacked Sony, Anonymous, and other hacktivist organizations have spotlighted the reality of technological malice. Unprotected systems of all sizes are ripe targets for sophisticated hacking attacks and viruses.
Even if you have a firewall, anti-virus software, and malware protection, the largest data vulnerability still isn't protected. Physical theft and disaster is one of the most common forms of tech malice. Losing data results in revenue loss, reputation damage, and diminished employee and consumer confidence.
Staying up to date with security is a major initiative in business and yet, it still poses a great challenge to even the largest corporations. For companies that don’t have security as a core competency, building the right infrastructure, hiring and training personnel, and maintaining security practices can be a heavy investment, fraught with risk.
Hiring security professionals in the past might have seemed like a nice luxury. But now, as businesses rely more on technology, the necessity to maintain an IT system’s integrity is fundamental. You can talk to DynaSis today to review your security needs. We will present you with the options available and build a solution that is right for your business. With over 20 years of industry experience, our track record speaks for itself. DynaSis’ experts build world class security systems with industry leading technologies. We manage these systems 24/7/365 in real-time and provide immediate support if anything arises. Data integrity is ensured with the highest levels of authentication, access control, and confidentiality available.
Data security and protection have been cornerstones for IT infrastructure development since the creation of the world wide web. The ability to connect to the Internet and store sensitive data is vital to nearly every business. With great power comes great responsibility. With DynaSis managed security, you can concentrate on using the power and we will bear the responsibility.
By Brad Bromelow, VP Operations
Use of fake anti-virus, anti-spyware software is a fast-growing scam, especially as more people become aware of the dangers of spyware, adware and malware. Fake antivirus programs, or scareware, are very common and provide a way for scammers to make easy money. The scammers prey on the fears of Web surfers who are misled into believing their systems are infected and then pay, typically, $50 for a program that not only doesn't protect their computers, but often turns out to be malicious. By following the tips below, however, users will be better protected from becoming the victim of scammers, identity thieves and hackers.
Some general security practices to avoid malware attacks include not opening attachments from unknown senders, changing passwords regularly, and using additional measures such as firewalls or anti-spam software. The complete list of prevention tips for fake antivirus attacks along with a common list of fake software can be found below.
Its been said that you are only as strong as your weakest link, and so it goes with your network security. You may have the latest and greatest equipment and software guarding the gateway to your network, but all that means nothing if you don’t have an IT security policy in place that is being enforced.
A security policy includes details such as which websites are approved, and which should be blocked, as well as what kind of content or programs employees are allowed to download. Do they really need to download and install the latest version of Texas hold’em? Other points include the frequency of changing passwords and ensuring passwords are not written down or stored in obvious locations.
One quid pro quo to an IT security policy: it needs to be enforced. There is growing recognition among employers that, however much time and money they spend on ramping up their IT security, it counts for very little if they fail to change the practices and mindset of their workforce. Have employees sign an agreement so they are held accountable for their actions. In extreme cases, larger companies have even charged for damages done to business PC’s due to employee misuse or have adopted the policy of employees supplying their own personal computers. Employees may think twice if they’ve got skin in the game.
The moral of that story is clear: No matter how secure your network may be, it's only as secure as its weakest link. And people--meaning you and your employees--are often the weakest link. So get on the phone with your trusted IT advisor and start creating your detailed security plan today. You'll sleep better tonight.