Is there recovery from ransomware?

That really does depend on you.

A ransomware attack can happen to anyone, at any time and on any systems.

If you think it will not happen to me then you could have a problem.

Ransomware is the scourge of cybercrime.

It can be enacted by people who have no technical knowledge and are just following a script and system that was downloaded from the internet.

It can be enacted by sending a couple of thousand email to a list of people that they purchased on the internet.

It can be enacted by targeting a group of internet addresses that they thought would be lucrative.

There use to be a thing called “security by obscurity” where you can hide on the internet and we’re relatively secure.

 

That capability is no longer a viable defence strategy.

If you think you will never be targeted, too small or have nothing worth stealing and you do have a cyber event there is little chance of you being able to recover.

But

If you have a different attitude.

If you think the opposite.

Then there is a chance that you will not be a victim.

If you think that you could be a target then you are already thinking about your response.

You are already thinking proactive.

You are ready to think of contingencies.

Even if you do have a ransomware attack then you already know and your team already knows what to do because you have thought about it.

You have plans, processes, procedures and policies in place.

If you have tested them and improved on them then that makes it even more possible that you will survive.

The old adage expects the best but plan for the worst is prevalent today against the cybercriminal.

Do a podcast they say, it’s easy they say. Sure it is!

Do a podcast they said, it’s easy they said!

Sure it is!

A touch of sarcasm there I am afraid.

My first idea for a podcast was to interview people who had been targeted, exploited and/or who had experienced a cyber event.

It would be full of information about, no wait…..

No one is going to talk about being breached!

That conversation, if they had lost thousands of dollars or worse closed their doors, would be way tooooo painful.

Although it would be of huge benefit to others and my target audience it would definitely be detrimental to the interviewee’s health

If they survived, talking about it would have a negative impact on their revenue, reputation and brand.

Not the best idea I have had.

Scratch that!

Second idea!

Let’s interview people in the industry.

A bit of research on the interwebs and it confirmed a long-standing realization that not-for-profit organisations, charities and small and medium businesses are treated shoddily by the cybersecurity industry.

After a couple of conversations, I soon realized that the best in cyber had very little understanding of the space that is occupied by organisations with less than 50 staff.

There are a number of people that are in the cyber industry who are wholly based in normal business and who understand cyber and smaller organisations.

I actually hope that I can interview them, but

Most do not understand the challenges and problems associated with a struggling small and medium business environment.

Where making a simple decision could mean that you have a cash flow issue, a marketing issue, a cyber problem or a going out of the business problem

So number 3 idea was born

There are two areas where everyone has problems in cyberspace.

The first are NFPs, Charities and SMEs.

Second, are the elderly and mature.

Coming soon as a podcast and video:

“Need help – ask Roger”

Cybersecurity for normal small businesses.

Some straight answers to cyber questions that the others are reluctant to answer.

A podcast about how to build resilience and security into your business from the basics up.

Get answers to the questions that you need to ask about business security

And to make myself even busier I thought,

“An old persons take on protecting their digital stuff”

The most under-protected user of the digital world are the elderly, retired and mature

This area of the population are uneducated and ill-informed but most important they are innocent to the true capability of the cyber-criminal.

This makes them the number one target for the cyber creep.

They are under constant attack through scams, extortion and fear-mongering.

Hopefully going to be launching them both this month, see lockdown has some advantages.

The first episodes of both of them went live this week all I have to do is find the URL for them

#nonprofits #smallbusiness #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo  #CareMIT #cybersecurity #infosec

Why didn’t I insure my bike?

wHAT iF

When I was in the Navy, I was based at Garden Island in Western Australia on and off for 5 years.

In that time I was relatively fit and I represented the Navy in a number of sports.

I would pedal to work (20Km each way) at least 4 days a week.

On a good day 40 minutes from the front door to the office.

90 minutes on the way home because you had to stop at the pub to get the goss

If you know the island you know that there is one problem.

No matter what direction you were going morning, afternoon or even if you had the luxury of knocking off early, you ran into the wind

On the causeway, the easterly and the sea breeze were always in your face.

Both of them could get up to 40Km per hour.

The only consolation was the flatness around the area.

One day my bike was stolen.

Taken out of the backyard.

It wasn’t until it was gone did I realize what it was doing in my life, apart from keeping me fit.

I didn’t have to drive so the wife could have the car to ferry the kids and do all of the other stuff she needed to do.

I didn’t have to drive so there was always extra money in the budget for everything we needed.

I could no longer come and go as I pleased, I now had to fit in with everyone else.

I could no longer go to the pub on the way home.

In fact, apart from the initial cost, the bike had cost me nothing.

This is what is happening in the digital world.

We do not know or understand the heavy lifting that our digital devices and services are doing for us.

That is until they are gone.

When they are gone, we realize that the business, organisation, association or ourselves have taken them for granted.

They were doing everything.

So an accidental loss, a cyber event or an insider will cause havoc unless you have stood back and thought:

What If?

What if we turn it all off?

Now what!

That “what if” makes you proactive.

It builds in resilience.

It is the first step to increased revenue, improved capability and scalability.

Have you looked at the business and thought WHAT IF????

Cybersecurity for the C suite executive (CEO, CFO,COO)

Cybersecurity for the C suite executive (CEO, CFO, COO).

Lets look at the facts!

No matter the size, shape or industry of an organisation.

No one is fully prepared for a full-on, bare knuckles, cyber ninja assault.

We are not talking about a random attack.

An attack that is being perpetrated against your organisation with Metasploit and a new copy of Kali.

This attack is from Mr. Creepy!

He knows what he is doing.

He knows what he is after.

But, more importantly, he also knows how to get it.

He has studied your organisation for months to find your weaknesses.

He has the skills and resources (very important) to break in and steal your crown jewels.

These are the people who give my industry grey hairs and stress lines.

Thinking that there is no way that you would be targeted by a professional is a grave mistake.

Because It no longer needs to be a professional!

They are quite happy to train others in the required skills.

They are quite happy to sell others their expertise.

They are quite happy to tell others where they are going wrong.

They have created capabilities and skills that they have incorporated into something to sell.

This increases the capability of the inexperienced cybercriminal immensely.

Want to avoid being on the radar as a prime target then YOU NEED TO DO SOMETHING.

Here is something to start with.

Cybersecurity checklist

#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo #CareMIT #cybersecurity #infosec

If you are not worried about a cyber-attack then you have probably not been given the right information

If you are not worried about a cyberattack then you have probably not been given the right information!

#Cybersecurity or business security should be one of those areas of business that keeps you up at night.

To tell you the truth it should be one of those areas that terrify you!

When the script kiddy targets you with a random automated attack it is not personal, it is just business.

If you have done nothing or very little in the way of protection then you quickly become a victim.

With the average time inside a network of more than 250 days, most organisations have no systems or capabilities to detect them never mind identify or stop them.

From initial infection to the point where your world ends can be as little as 24 hours or they can sit inside your network and wait.

6 – 12 months is normal.

In that time they are documenting your network, your people, your intellectual property, your systems, your access to money and anything else that they can find.

While you are blissfully unaware of them being there they are getting ready to deliver the coupe de tar.

In addition, while they are rummaging through your proverbial underwear drawers your systems could be spamming your friends, running denial of services attacks on corporate networks, bitcoin mining, storing porn for pedophiles all while they destroy your backups and other systems.

And that is just a random capability from an inexperienced criminal, just imagine what Mr. Creepy can do you if he singles you out and makes you his sole purpose in life!

We have put together a simple 2 page ransomware advice brochure (The before, during and after plan) that could go a long way to reducing the impact of a ransomware attack.

#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo  #CareMIT #infosec

Download your ransomware guide

Where to start your Business Security / Cybersecurity Journey

Start


Time

3-hour program

What is done

Audit on assets and risk management.

What you get

  • Report on where your organisation is in relation to business security
  • Roadmap to implement basic changes to your business organisation
  • A number of process, procedure and policy templates
  • A number of Plans templates

Tools we use

  • Care-app diagnostic tool
  • Questionnaire similar to basic SWOT
  • Proprietary diagnostic tools
  • Open-source intelligence gathering tools

What do you need to do

  • Implement changes
  • Discuss with management
  • Implement proactive responses to cybersecurity

 

Threshold


Time

8-hour program

What is done

 

What you get

  • Implementation of Internet policy
  • Implementation of online security awareness program
  • In depth Risk analysis
  • In depth Risk mitigation process
  • Full blown digital SWOT

Tools we use

 

What do you need to do

 

 

Baseline

What is done

 

What you get

 

What do you need to do

 

 

Beyond

What is done

 

What you get

 

What do you need to do

 

 

Cybersecurity: Why business security is all about increased profits, productivity and resilience

A bright gold "TRUST" stands atop a dark gray "FEAR" on a deep blue background with light rays shining through both words.

There is a down side to a cyber event and I can tell you, every part is down!

Our role in business security (#cybersecurity) is not to scare the crap out of you but more to educate you in the ways of the cybercriminal.

Have you ever thought what could happen to your company if you did get hacked?

If your organisation was breached by a target cyber attack?

Here are some calculations for you to think about that are factored in when discussing a breach and calculating the impact.

How much down time is too much.

Every organisation has a finite level of payments for staff and workers.

Normally it is calculated in annual, monthly or weekly terms but if we bring it down further, the average cost per hour to the business of wages is considerate.

If your staff can not work due to a cyber event then the costs quickly add up.

How much will it cost to fix

Apart from the old adage of "how long is a piece of string" working out the cost to fix a breach (back to business as normal) really does depend on the severity and the infrastructure.

A targeted attack against an company compared to a random virus infected computer are at opposite ends of the spectrum.

Either one has to be cleaned, restored, rebuilt and checked.  The most overlooked cost is the time it will take to recover.

Impact on revenue

We are all in business to make money.

When the incoming money stops then the company will starve.

If your business is making $20,000 per day and you cannot receive that income for 5 days. What is the impact?

Impact on clients and customers

What happens if you go to a shop and they tell you that they cannot do something because the computers are not working.

You customer has a choice either come back later or buy it from someone else.

Recently Woolworths had a failure in their link to the bank and could not process credit and debit cards. People were leaving trollies at the checkouts and walking out.

Impact on productivity

No matter how you look at it all of these wonderful devices we use in business are just tools.

Our computers, cloud based systems, smart devices, IoT things and phones are just tools for the business to streamline productivity.

If a carpenter cannot use his hammer, how does he hammer in the nails?

When the tools cannot be used then alternatives have to be addressed and implemented.

Impact on staff and management

Not only have you got your team sitting around doing nothing but still getting payed there is a good chance that you now also have a moral problem

There will be recriminations, frustration and anger.

It will radiate out from the team, the groups and the organisation because people are no longer doing what they are good at.

A lack of trust

Outside in the market place there are now rumours about what happened, how it happened and what information of MINE has been exposed to the bad guys.

The only way to counteract a trust issue is through communication.

And now you have a compliance and governance issue

There is a substantial reporting requirement around a breach of an organisation.

Part of the cyber compliance requirements for anyone in business today is in the event of a breach you have to report to a number of government and industry bodies.

Depending on your stance prior to a breach will also depend on how much trouble your business is now in.

Good business security will increase profits, productivity and resilience.

It does not do it as a direct impact on the organisation but it does it through proactivity and making sure that the company has well tested contingency plans.

It may not be noticeable but identifying and addressing the risks, mitigating those risks to a manageable level.

Then implementing the right systems you can avoid the additional costs to the business that a cyber event will deliver.

Secure your business!

Get proactive!

Do the scorecard!

https://caremit.scoreapp.com

How to avoid being a target of script kiddies!

There is a huge difference between a cyber attack generated by a script kiddy running an automated system and one where you are being targeted by a dedicated hacker.

For one, if you are targeted by a dedicated hacker then you already know that you have something worth protecting and you have, hopefully, done something about it.

The biggest problems with cyber attacks on the internet are that 95% of them are coming from an automated system controlled or managed by trainees (script kiddies).

Automated systems have three reasons they are used:

  • They are easy to get.
  • They are easy to use.
  • They are easy to make money out of.

They are easy to get!

There are a number of ways for anyone to get hold of an automated system. They can download an operating system that has an automated system running on it. Kali, Parrot OS or Black-arch are all very good examples but there are others.

Designed as penetration testing tools, these systems have all of the requirements that they need to target organisations, multinationals, or anyone connected to the digital world.

Before you ask, yes it is all legal and above board as long as you are not targeting someone else.

To make these systems more effective they allow them to either download additional components from GitHub or design and program your own applications.

They are easy to use!

The old saying that whenever anything is free you are the product rings true with these systems as well. The creators of these systems keep track of people using them and incorporate any updates into their own releases.

To set up one of these systems all you need is a computer. Once you have administrator access to a computer you can download a virtual environment (VMware if you have some money or Virtual Box for free) and you can then install these operating systems as a virtual operating system.

You can even run the operating system on a microcomputer (Raspberry Pi) for under $100.

Once set up you now have access to the tools and capabilities that, if used correctly, can rival someone who has been in the industry for years. Almost like a novice woodworker creating a dovetail joint on their first try without knowledge of what to do.

No training, just using other people’s knowledge.

In addition, and a bigger issue, what they do not know can be learned or discovered by simply searching google.

The capability and effectiveness of these systems allow them to set up the automated attack and target a huge number of vulnerable systems based on blocks of internet-based addresses.

Simply they can find out if there is a targetable vulnerability just by using facets of the automated systems.

They are easy to make money out of!

These free operating systems have the capability of making money.

To make serious money, though, you need to work with partners. Working with partners can be both beneficial as well as detrimental to their own security.

When it comes to making money it is either through selling information on the dark web, selling cryptovirus decryption keys to vulnerable people or selling access to compromised systems to leverage other attacks.

How to avoid being a target of script kiddies.

To avoid being a victim you need to implement some protective strategies.

You need to apply the CareMIT business security methodology to the organisation but to start at the basics this is what you need to do:

  • Patch and update everything – operating systems, application and to really be secure remove anything that you do not use from the system. This is applied to computers, websites, servers, and smart devices.
  • Disable macros – do not allow macros to run on the computers
  • Use complex, unique and more than 12 characters for every site, service or system in the digital world
  • Use 2 factor or multi-factor authentication. If you manage websites or other cloud-based services make sure the third level of security is in place – captcha
  • Only allow good applications to run on the system. This is called application whitelisting and only approved applications are allowed to run. There are some anti-virus systems that allow you to do this.
  • The last one is critical to your sanity – DO A BACKUP. All the bad guys have to do is win once. A backup ensures that if and when they win they have not really won.

At the basic level, the users of these automated systems are just as vulnerable as the people that they are targeting. A severe case of “user beware”, because if you do not configure the system correctly you are just as vulnerable as your targets.

At the most fundamental level, we all know that most people between 13 and 30 have a limited ethical attitude and good and bad is debatable.

That’s why we have the proliferation of these systems.

Secure your business!

Get proactive!

Do the scorecard!

Read your report!

Linkto scorecard https://caremit.scoreapp.com

#ceo #ExecutivesAndManagement #ProfessionalWomen #CareMIT #cybersecurity #infosec

All organisations must face up to their business security requirements

Since small and medium businesses, charities and not for profit organisations are now the bread and butter of cybercriminals targeting.

Isn’t it about time that we started to look at the reasons?

Reason 1 – SME’s have a lack of expertise!

The digital world is complex.

Every area requires a different set of skills and knowledge.  There are areas where some of the skills and requirements flow from one area to another, but these are definitely an uncommon occurrence.

The skills to implement and manage a website are different from networking which in turn are different from the requirements for coding.   Its not the fact they are different, the problem is the required level of skill to do it correctly.

Anyone with a little bit of help can write code, but to write it correctly, securely and properly requires years of skill and practice.

When it comes to the business world, we have a significant requirement for using the digital world.  In most cases, we see the introduction of a digital component into an organisation as easy.

It is not.   To implement and configure is easy.   To implement and configure securely, correctly and in a way that will benefit the organisation takes more than a fundamental underlying knowledge.

Reason 2 – SME’s have a lack of time!

Most SME’s are doing more with less just to keep themselves in profit.   Throw in another complicated process or system and they now have more to do with the same amount of time.

Business security takes time.   To secure an organisation takes time.

A solution is to employ someone on staff to manage the ICT and we will then give him the role of security professionals.   Getting someone with the required skills will cost money.

The second alternative is to enter a service level agreement (SLA) with a Managed Service Provider (MSP) and contract the support of the OCT and security to someone else.   Again this requires the correct skills as well as culture.

Both options will free up some time.

Reason 3 – SME’s have a lack of money!

Security solutions for SME’s can be expensive.   When it comes to technology and the integration of different technologies into the business environment we see some significant costs.

Comparing the costs of a breach to the costs of putting the right technology in place, it is a no brainer, but not until after the fact.

SME’s have the same compliance and governance of multinational corporations but do not have the resources to implement tier 1 or 2 technological solutions.

They make do with what is available and inexpensive not realizing the impact of these additional vulnerabilities can have on their business.

We know the problems here are some solutions

To reduce all three of these issues, as already mentioned is a contractual agreement with an MSP or a Managed Security Solution Provider (MSSP).

They bring the required expertise, they free up time and in most cases they are a viable and cost-effective.

A better solution is to look for an Organisation that has normal MSSP skills but has the capability to add additional security components around your Organisation.

Why 2020 could be a bad cybersecurity year for SME’s

SME’s are a prime target for cybercrime.

They have reduced expertise, minimal money, and an attitude, we are too small to be a target, that leaves them wide open to a cyber event.

Our industry, the people who know and think we understand the bad guys have been pushing for an attitude change for the last 10 years. In a large number of ways, we have failed, especially in the SME space.

In some, we have failed significantly.

By the time we get called in, after a cyber event, it is way too late.

To late to recover, too late to respond and definitely too late, in a number of organisations, to get back to business as normal.

Most SMEs, after a cyber event and especially after a ransomware attack, have but 3 choices,

  • pay the ransom,
  • recover from backup and hope you have a decent backup (a decent, tested backup is vital, no matter the situation)
  • or go out of business.

Here are 3 cybersecurity strategies that every SME should implement to be more secure and avoid that devastating cyber event.

Training users

Increased awareness of business security in a workplace is vital in today’s business world.

Not many businesses know where to go to get that training.

Training needs to be done as an ongoing process.

Once or twice a year is inadequate. But training and education has to be easy, bite-size pieces, easily digested, easily implemented and easily followed.

In addition to ongoing training, you also need to incorporate business security into your onboarding process to instill the required cultural elements into new people on staff.

Want some free cybersecurity training, here is something that will definitely help
https://wizer-training.com/partner/caremit

Risk management and gap analysis

SME’s have a limited understanding of the new risks delivered to the business via our digital components.

The game has changed significantly in the last 10 years and we, as small and medium businesses, are constantly playing catch-up.

We are significantly hampered and handicapped by the impact and scale of our digital usage.

It is everywhere, used in every component and used all of the time.

To understand the risks without understanding the systems you need some help.

Here is some help for you.
Https://CareMIT.scoreapp.com

With the report, you can now implement a gap analysis and work out what you need to do to increase security around your organisation.

The report also ties in well with:

Implemented a framework

If you are looking for a better way to manage security within your Organisation, you need to look no further than a framework.

A framework is a documented system that allows an organisation to follow the bouncing ball and tighten up the security in a regimented way.

The more the components of the framework are implemented the more secure and mature the organisation.

Frameworks are easy to follow and implement and the one I recommend is the National Institute of Standards and Technology (NIST) cybersecurity framework.
https://www.nist.gov/cyberframework

Answer the 98 questions, honestly, and you now have a road map to implement cybersecurity in a significant way.

The NIST cybersecurity framework also gives you a number.

Between 0 – 4, it can be used as a comparison between businesses, supply chain components, and government departments so you can do business with like-minded organisations.

What can SME’s do?

It is not too late to implement any of these strategies. The bad guys are getting more and more clever, so time is running out.

They are targeting everyone who is connected to the digital world, the internet, with more sophisticated systems, a number of them are now fully automated.

Some of those automated systems have minimal human involvement after the initial set up.

From initial social engineering attack, all the way through to payment of ransom everything is automated and driven by machine learning.

Every SME should be implementing a training and education process, doing a risk and gap analysis and implementing a cybersecurity and business security framework.

With that everything else will follow.

The business will be more stable, the culture of the organisation will change and getting back to business as normal after an attack can be significantly easier.

The impact of a cyber event for an organisation implementing these 3 components or not is significant.

If you haven’t implemented these 3 strategies in the last 12 months, 2 years or 5 years then 2020 is going to be a bad year.

But it’s not too late.