Month: July 2018

Is your business or organization still susceptible to the KRACK Vulnerability?

A major hole in Wi-Fi security makes it possible for attackers to eavesdrop on your data when you connect to your wireless networks. The vulnerability was given the name “KRACK”. Go figure: A “crack” in your wireless networks. The problem is how KRACK attacks the built-in security setup on your Wi-Fi network. Think of it like this: When you buy a car it comes with standard options or upgrades. Depending on your specific (WI-FI) wireless network, you can implement certain add-on security options.  For this KRACK vulnerability, a (security hole) affects the Wi-Fi security protocol itself, not specific products. That means that if your device uses Wi-Fi, KRACK likely impacts it. 

Here are 5 ways to protect your organization or business against KRACK Wi-Fi Vulnerability

1. Update all the wireless settings on your network

• Update all devices on your network that can be updated
• Update all your routers and Wi-Fi devices (laptops, tablets) with the latest security patches.  
• Consider turning on auto updates for future vulnerabilities that might need a fix as this won’t be the last.
• For the systems that don’t receive a lot of updates consider having a test environment for these systems/devices to prevent risks.

An important point: The clients (any systems that connect to your wireless network) and routers need to be fixed to ensure your systems are safe!

2. Update your router

• Update your router software.
• If the router is provided by your ISP, ask the company when the router will be patched (fixed).
• Consider purchasing a wireless router/access point from a company that has already patched their devices. 

3. Use Ethernet

• If your router doesn’t yet have a fix, and you don’t have a patched Wi-Fi access point that could be used for wireless, you could plug your Ethernet cable into your router and turn off its wireless function until it’s patched.
• Turn off Wi-Fi on your device as well, so that you ensure all traffic goes through your Ethernet cable.
• If you still want to keep Wi-Fi for some devices, consider switching to Ethernet for your essential devices.

4. What about Internet-of-Things devices?

If you own lots of devices, consider which of those devices pose the most serious risk if unencrypted traffic is intercepted. For example, you own a connected security camera that doesn’t encrypt traffic when you’re on the same Wi-Fi network, that could allow attackers to snoop on raw video footage inside your home or office

• Take action accordingly (e.g. by pulling the riskiest devices off your network until their makers’ issue patches). 
• Be sure to keep an eye on the kinds of devices your employees might be connecting to your network.
• At the same time, if an attacker can intercept traffic between your smart light bulbs and your router, it’s probably fine. You should determine your level of risk and act accordingly.

That said, the Internet of Things does have a horrible reputation when it comes to security. Take this time to audit your connected device collection and consider removing any Wi-Fi devices from your network whose makers don’t quickly issue a patch as they could pose some form of long-term risk to your network.

5. Install HTTPS everywhere

You can imagine the risk with browsing the internet in the clear is a big one! Consider having a standard to set encryption setting in all browsers so if someone in your organization goes to an unencrypted website it will automatically tell the browser to use encryption (HTTPS).

In closing, if you need assistance or would like to know if you are vulnerable to this critical vulnerability, we can provide a vulnerability assessment or penetration test to give your organization the keys to “KRACK” this vulnerability.

 

According to Security magazine, 2017 marked another record year for cyber breaches and cyber incidents around the world. 

The leak of NSA tools sparked a rash of many zero-day exploits for cybercriminals as discussed in this article from Wired.com. Wanna-Cry, Eternal Blue, Adobe Struts and NotPetya are a few of the weaponized exploits that came from those leaks. Wanna-Cry hit an estimated 300,000 computers in over 150 countries. To review, let’s take a look at the following 2017 incident highlights: 

The good news is that over 90% could be prevented with the proper preparation and diligence.  Businesses can protect their clients and assets from a breach, by following a few basic security measures.

• Risk Assessment – Know your internal systems, external systems and cloud base assets as well what risk each asset has for your business.
• Patching / Vulnerability Reports – Know what vulnerabilities your assets have and patch them on a regular basis. Have a process for scanning and remediating findings.
• Misconfigurations – Risk assessments and vulnerability scanning can help find and fix this issue.
• Data Confidentiality – Ensure data encryption management is properly followed and only those that need access, have access.
• Unsupported / End-Of-Life Devices – Have a plan of action on these devices. (i.e.) replacement or extended service agreements.
• Employee Training – Social engineering and employee accidental disclosure is the easiest way to compromise a business.
• Email- Have a solution to block malicious emails.
• Two-factor authentication on all public accessible assets and email

Business Need/Problem

Today there are more compliance regulations around adequately protecting critical cyber infrastructure against the increasingly sophisticated and complex landscape of security and privacy threats and vulnerabilities. Company networks have seen an increase in the scale and frequency of security attacks and threats in recent years.  This is a similar experience in both public and private companies across the world. A 2016 global security report made available through the Multi-State Information Sharing and Analysis Center (MS-ISAC) reported that attackers were increasingly part of well-organized and funded underground groups, generating millions of dollars in the underground economy, “where tools specifically developed to facilitate fraud and theft are freely bought and sold.”   

As companies pursue an ambitious plan to modernize the IT environment to meet the needs of customers you must also pursue an aggressive strategy to execute its mandate to protect the IT investments and safeguard information assets from cyber threats. 

Proposed Solution to Mitigate Gaps:

The implementation of an Insider Threat Program would enable your company to establish a comprehensive, ongoing program to continually evaluate threats and vulnerabilities to company IT systems and critical cyber assets; to provide expert-level consultative support for mitigation strategies to validate that existing vulnerabilities and threats are sufficiently mitigated to protect the company from significant economic loss.

An Insider Threat Program provided proactive detection and analysis of threats and threat modeling, has several key benefits that would be leveraged across the IT infrastructure:

• Delivers early warnings about emerging threats
• Prioritization of risks by knowledgeable and experienced program staff
• Allows for the measurement and assessment of risks and existing countermeasures
• Allocates clear ownership of risks, vulnerabilities, and corrective action measures
• Provides actionable cyber intelligence specific to the company, thus providing the company with time to protect critical assets
• Allows for aggregation of new and emerging threats and vulnerabilities relevant to the company’s environment and assets
• Accurately assess threat severity levels using industry and/or vendor resource feeds
• Being able to provide management with the right information for effective risk management and decision making
• Provides identification of root causes
• Allows for allocation and mobilization of resources accordingly to provide most effective mitigation
• Save time and effort by performing the analysis using automated tailored solutions

Precise Cyber Solutions Insider Threat Program operations will consist of the following key program components:

• Monitor the IT and cyber threat and vulnerability landscape
• Includes identifying new/emerging threats; prioritizing threat remediation based on knowledge gathered from various sources; and alerting the company to imminent threats
• Includes monitoring vendor warnings, patches and advisories; providing agencies with notice and appropriate strategies for mitigating the specific threat based on the understanding and knowledge of the technology environment within the company
• Centralize reporting and oversight of security events detected within company IT environments, allowing for coordinated incident detection and response capabilities
• Coordination with the to-be-established federal Cybersecurity liaison
• Conduct on-going testing and assessments as well as targeted regular security assessments for the company when threats and vulnerabilities are present or detected.
• Conduct training for the company
• Includes general threat and vulnerability training for the company users as well as specific training to perform security assessments and mitigate agency-specific threats and risks
• Lead and monitor enterprise risk mitigation activities
• Includes working with the company agencies to respond to findings from the assessments and implement risk mitigating solutions.  Risk mitigation strategies will focus on achieving compliance with, as applicable:
• Federal and other regulatory statutes and policies. 
• Produce timely enterprise level and agency-specific reports
• Includes executive and technical level presentations, agency progress against assessment findings and statistical analysis at the aggregate level that monitor the security and privacy “health” of the company.

 Why Establish An Insider Threat Program?

Establishment of an effective Insider Threat Program is consistent with the United States National Strategy to strengthen communication capabilities, enhance data sharing, alert and early-warning systems, reduce cyber terrorism threats, protect critical infrastructure, and decrease the possibility of catastrophic economic loss and damage caused from cyber incidents.

 

What is ransomware?

Ransomware is a category of malicious software (“malware”) that encrypts a user’s disk drives and demands some form of compensation in return for critical data held hostage. A typical method of infection is an email containing a malicious attachment that will download the ransomware.

Infection with ransomware may compromise sensitive files, rendering those files and associated systems inaccessible to health personnel, thereby disrupting normal operations by inhibiting access to, for example, patient records, appointment information, and test results.

Financial loss is also very likely to affect the targeted companies, as a ransom payment is demanded by the threat actor, with the promise that once payment is received, a decryption key will be provided to restore compromised files.

LEARN ABOUT OUR INSIDER THREAT PROGRAM

Users may encounter this threat through a variety of means. Ransomware is often distributed as attachments to a series of spam campaigns. Ransomware can also be downloaded by unwitting users who visit malicious or compromised websites, or it can arrive as a payload, dropped or downloaded by other malware.

The most recent versions of the virus are TeslaCrypt and Locky, which encrypt files on a computer’s hard drive and any external/shared drives, then direct to a payment page that requests a ransom amount.

Sign up for more great content like this delivered to your inbox!

Are you prepared? Ransomware Checklist

Is your organization secure?

• Have you deployed anti-malware capabilities?
• Are signatures developed/identified for malware?
• Do you encrypt confidential data, including patient data?
• Are appropriate rules added to email firewalls?
• Do you have effective security processes in place (e.g., patch management, vulnerability management, and privileged access management)?
• Do you know your risks from vendors who manage your systems?
• Are there mechanisms in place for whitelisting that allows only “known-good” executables to run on machines?

Is your organization on the lookout for?

• Do you monitor your network to enable timely detection of attacks and unusual behaviors?
• Do you perform analysis of logs (proxy/email/system) to identify additional potential infections?
• Do you have a cyber awareness program, including training on phishing attacks?
• Do you regularly perform vulnerability assessments and penetration testing?

Are you resilient?

• Do you have the right team and skills to respond to a cyber incident?
• Do you have cyber incident response plans to protect mission-critical operations, and do you routinely exercise them?
• Do incident response plans include the wide range of leaders needed, including executives, board members, and leaders of business operations, legal, risk and compliance, and customer communications?
• Are leaders prepared to interface with regulators, legal counsel, and law enforcement during a cyber crisis?

We can help keep your business safe from an IT attack: Contact us

Information Technology (IT) is in a boom. As we see the increases in the growth of the IT sector, the cost of the maintenance of the hardware, development platform and/or software increases, reducing the amount of revenue available for achieving the core business. To overcome these challenges, the concept of Cloud Computing introduced. However, many are unclear about what exactly ‘Cloud Computing ‘means.

Our explanation of Cloud Computing:

Cloud Computing refers to the process of sharing resources (such as hardware, development platforms and/or software) over the internet. Either it enables on-demand network access to store and process data in a privately owned, publically owned or a hybrid cloud. These resources are accessed mostly on a pay-per-use or subscription basis.

Handling confidential and large volumes of data on the cloud for Software as a Service Provider Application (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) is getting more challenging for organizations. Customers are growing concerned about the confidentiality of data, loss of data, privacy risk and transparency of operational control over data. Cloud Security testing helps organizations test for these concerns.

Some benefits of Cloud Security Testing

• • • Users get the same protection, whether they are in the HQ, branch offices, on the road, or at home.
    • Integrated security controls and cloud services correlate information to give you a complete picture of your entire network.
    • Provides fast local breakouts and our single-scan multi-action technology enables our security services to scan simultaneously for faster performance.
    • Cloud security consolidates point products into an integrated platform; there is no hardware or software to buy or manage.
    • Cloud intelligence means that any time a threat is detected anywhere in the cloud, protection is deployed everywhere. 
    • Appliances are expensive to buy and own.

  The following are Cloud Security Pain Points we solve:

  As you transition to meet the growing digital demands of consumers, there are increasing demands for adopting cloud solutions for dynamic scalability, data storage, and computing power. However, cloud adoption also comes with security risks that are different from those affecting traditional network infrastructures.PCS will ensure visibility and ensure the necessary cloud security measures in place, despite limited IT personnel, to make potential data breaches easier to detect.Cyber criminals look to take over cloud environments through account takeover or malware and then sit there to detect and take sensitive data.With high profile data breaches serving as looming threats, organizations still must ensure they have the necessary security controls in place. PCS’s cloud vulnerability management solutions help your organization identify, patch, find malicious exploits for systems/applications and protect your data.Contact us to secure your data and technology! 

In the current climate of ever-evolving cybersecurity threats, it’s important for organizations to take a good look at their company processes and personnel training to ensure that they are promoting the proper levels of security awareness. A once-yearly awareness training most likely isn’t enough – a comprehensive security awareness program requires engaging, on-going exercises. Not sure how to begin building this culture of awareness throughout your organization? Here are 3 simple ways to get started.

1. Increase awareness and motivation

Awareness training often requires multiple approaches. When planning for training, consider that your employees have different learning styles. A lecture may be sufficient for some, while others will require a more hands-on method. Raising awareness of security issues in a context wider than the workplace can motivate all employees to engage with and buy into cybersecurity measures – knowing how to better protect their families and finances in addition to the organization. The best training programs include a variety of approaches to take these diverse learning styles and motivations into consideration.

2. Use interactive exercises

Cyber Security trainings are often perceived as boring (at best) or as a punishment. By implementing interactive security training and awareness, employees are more likely to engage with the information and put it into practice. Interesting, interactive methods include:

• • Desktop/tabletop exercises: These discussion-based exercises help employees learn how they would handle an incident such as a DDoS attack or website defacement. They are a great way to test procedures and discover any communication conflicts that exist, allowing participants to revise and improve company protocol.
  • Phishing campaigns: Conducted by an internal team, phishing campaigns are able to track the percentage of employees who open a purposefully planted fraudulent email, click on a link within the email, and give out their information. These campaigns and their subsequent reports can train employees to spot and disclose any suspicious emails they may receive.
  • USB drops: Are your employees trained to handle a mysteriously-found USB device? A surprisingly high percentage of people will plug an unknown USB drive into their computers, resulting in security compromises. Learn what your employees will do by orchestrating USB drops in the workplace.

3. Publicly recognize your employees

By shining a light on your employees who implement these cybersecurity best practices, you make them feel valued and encourage others to follow their example. This does not have to be complicated and can be easily achieved through mentions in company newsletters, internal marketing materials, and by general management.

As you work to increase cybersecurity awareness within your organization, focus on the specific behaviors you would like to see changed and work at achieving those goals incrementally. Keep in mind that cybersecurity training is not a destination but a journey as threats continue to change on a monthly, weekly, and even daily basis. Offer a variety of training methods and opportunities, and your employees will develop an understanding of the essential role they play in protecting your organization as well as themselves.

We help businesses in the Middle TN Area including Nashville and Mt. Juliet with IT security. Contact us for more information!