Tag Archives: infosec

Is there recovery from ransomware?

Posted on by

That really does depend on you.

A ransomware attack can happen to anyone, at any time and on any systems.

If you think it will not happen to me then you could have a problem.

Ransomware is the scourge of cybercrime.

It can be enacted by people who have no technical knowledge and are just following a script and system that was downloaded from the internet.

It can be enacted by sending a couple of thousand email to a list of people that they purchased on the internet.

It can be enacted by targeting a group of internet addresses that they thought would be lucrative.

There use to be a thing called “security by obscurity” where you can hide on the internet and we’re relatively secure.

 

That capability is no longer a viable defence strategy.

If you think you will never be targeted, too small or have nothing worth stealing and you do have a cyber event there is little chance of you being able to recover.

But

If you have a different attitude.

If you think the opposite.

Then there is a chance that you will not be a victim.

If you think that you could be a target then you are already thinking about your response.

You are already thinking proactive.

You are ready to think of contingencies.

Even if you do have a ransomware attack then you already know and your team already knows what to do because you have thought about it.

You have plans, processes, procedures and policies in place.

If you have tested them and improved on them then that makes it even more possible that you will survive.

The old adage expects the best but plan for the worst is prevalent today against the cybercriminal.

Why didn’t I insure my bike?

Posted on by

wHAT iF

When I was in the Navy, I was based at Garden Island in Western Australia on and off for 5 years.

In that time I was relatively fit and I represented the Navy in a number of sports.

I would pedal to work (20Km each way) at least 4 days a week.

On a good day 40 minutes from the front door to the office.

90 minutes on the way home because you had to stop at the pub to get the goss

If you know the island you know that there is one problem.

No matter what direction you were going morning, afternoon or even if you had the luxury of knocking off early, you ran into the wind

On the causeway, the easterly and the sea breeze were always in your face.

Both of them could get up to 40Km per hour.

The only consolation was the flatness around the area.

One day my bike was stolen.

Taken out of the backyard.

It wasn’t until it was gone did I realize what it was doing in my life, apart from keeping me fit.

I didn’t have to drive so the wife could have the car to ferry the kids and do all of the other stuff she needed to do.

I didn’t have to drive so there was always extra money in the budget for everything we needed.

I could no longer come and go as I pleased, I now had to fit in with everyone else.

I could no longer go to the pub on the way home.

In fact, apart from the initial cost, the bike had cost me nothing.

This is what is happening in the digital world.

We do not know or understand the heavy lifting that our digital devices and services are doing for us.

That is until they are gone.

When they are gone, we realize that the business, organisation, association or ourselves have taken them for granted.

They were doing everything.

So an accidental loss, a cyber event or an insider will cause havoc unless you have stood back and thought:

What If?

What if we turn it all off?

Now what!

That “what if” makes you proactive.

It builds in resilience.

It is the first step to increased revenue, improved capability and scalability.

Have you looked at the business and thought WHAT IF????

Cybersecurity for the C suite executive (CEO, CFO,COO)

Posted on by

Cybersecurity for the C suite executive (CEO, CFO, COO).

Lets look at the facts!

No matter the size, shape or industry of an organisation.

No one is fully prepared for a full-on, bare knuckles, cyber ninja assault.

We are not talking about a random attack.

An attack that is being perpetrated against your organisation with Metasploit and a new copy of Kali.

This attack is from Mr. Creepy!

He knows what he is doing.

He knows what he is after.

But, more importantly, he also knows how to get it.

He has studied your organisation for months to find your weaknesses.

He has the skills and resources (very important) to break in and steal your crown jewels.

These are the people who give my industry grey hairs and stress lines.

Thinking that there is no way that you would be targeted by a professional is a grave mistake.

Because It no longer needs to be a professional!

They are quite happy to train others in the required skills.

They are quite happy to sell others their expertise.

They are quite happy to tell others where they are going wrong.

They have created capabilities and skills that they have incorporated into something to sell.

This increases the capability of the inexperienced cybercriminal immensely.

Want to avoid being on the radar as a prime target then YOU NEED TO DO SOMETHING.

Here is something to start with.

Cybersecurity checklist

#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo #CareMIT #cybersecurity #infosec

If you are not worried about a cyber-attack then you have probably not been given the right information

Posted on by

If you are not worried about a cyberattack then you have probably not been given the right information!

#Cybersecurity or business security should be one of those areas of business that keeps you up at night.

To tell you the truth it should be one of those areas that terrify you!

When the script kiddy targets you with a random automated attack it is not personal, it is just business.

If you have done nothing or very little in the way of protection then you quickly become a victim.

With the average time inside a network of more than 250 days, most organisations have no systems or capabilities to detect them never mind identify or stop them.

From initial infection to the point where your world ends can be as little as 24 hours or they can sit inside your network and wait.

6 – 12 months is normal.

In that time they are documenting your network, your people, your intellectual property, your systems, your access to money and anything else that they can find.

While you are blissfully unaware of them being there they are getting ready to deliver the coupe de tar.

In addition, while they are rummaging through your proverbial underwear drawers your systems could be spamming your friends, running denial of services attacks on corporate networks, bitcoin mining, storing porn for pedophiles all while they destroy your backups and other systems.

And that is just a random capability from an inexperienced criminal, just imagine what Mr. Creepy can do you if he singles you out and makes you his sole purpose in life!

We have put together a simple 2 page ransomware advice brochure (The before, during and after plan) that could go a long way to reducing the impact of a ransomware attack.

#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo  #CareMIT #infosec

Download your ransomware guide

Cybersecurity: Why business security is all about increased profits, productivity and resilience

Posted on by

A bright gold "TRUST" stands atop a dark gray "FEAR" on a deep blue background with light rays shining through both words.

There is a down side to a cyber event and I can tell you, every part is down!

Our role in business security (#cybersecurity) is not to scare the crap out of you but more to educate you in the ways of the cybercriminal.

Have you ever thought what could happen to your company if you did get hacked?

If your organisation was breached by a target cyber attack?

Here are some calculations for you to think about that are factored in when discussing a breach and calculating the impact.

How much down time is too much.

Every organisation has a finite level of payments for staff and workers.

Normally it is calculated in annual, monthly or weekly terms but if we bring it down further, the average cost per hour to the business of wages is considerate.

If your staff can not work due to a cyber event then the costs quickly add up.

How much will it cost to fix

Apart from the old adage of "how long is a piece of string" working out the cost to fix a breach (back to business as normal) really does depend on the severity and the infrastructure.

A targeted attack against an company compared to a random virus infected computer are at opposite ends of the spectrum.

Either one has to be cleaned, restored, rebuilt and checked.  The most overlooked cost is the time it will take to recover.

Impact on revenue

We are all in business to make money.

When the incoming money stops then the company will starve.

If your business is making $20,000 per day and you cannot receive that income for 5 days. What is the impact?

Impact on clients and customers

What happens if you go to a shop and they tell you that they cannot do something because the computers are not working.

You customer has a choice either come back later or buy it from someone else.

Recently Woolworths had a failure in their link to the bank and could not process credit and debit cards. People were leaving trollies at the checkouts and walking out.

Impact on productivity

No matter how you look at it all of these wonderful devices we use in business are just tools.

Our computers, cloud based systems, smart devices, IoT things and phones are just tools for the business to streamline productivity.

If a carpenter cannot use his hammer, how does he hammer in the nails?

When the tools cannot be used then alternatives have to be addressed and implemented.

Impact on staff and management

Not only have you got your team sitting around doing nothing but still getting payed there is a good chance that you now also have a moral problem

There will be recriminations, frustration and anger.

It will radiate out from the team, the groups and the organisation because people are no longer doing what they are good at.

A lack of trust

Outside in the market place there are now rumours about what happened, how it happened and what information of MINE has been exposed to the bad guys.

The only way to counteract a trust issue is through communication.

And now you have a compliance and governance issue

There is a substantial reporting requirement around a breach of an organisation.

Part of the cyber compliance requirements for anyone in business today is in the event of a breach you have to report to a number of government and industry bodies.

Depending on your stance prior to a breach will also depend on how much trouble your business is now in.

Good business security will increase profits, productivity and resilience.

It does not do it as a direct impact on the organisation but it does it through proactivity and making sure that the company has well tested contingency plans.

It may not be noticeable but identifying and addressing the risks, mitigating those risks to a manageable level.

Then implementing the right systems you can avoid the additional costs to the business that a cyber event will deliver.

Secure your business!

Get proactive!

Do the scorecard!

https://caremit.scoreapp.com

How to avoid being a target of script kiddies!

Posted on by

There is a huge difference between a cyber attack generated by a script kiddy running an automated system and one where you are being targeted by a dedicated hacker.

For one, if you are targeted by a dedicated hacker then you already know that you have something worth protecting and you have, hopefully, done something about it.

The biggest problems with cyber attacks on the internet are that 95% of them are coming from an automated system controlled or managed by trainees (script kiddies).

Automated systems have three reasons they are used:

  • They are easy to get.
  • They are easy to use.
  • They are easy to make money out of.

They are easy to get!

There are a number of ways for anyone to get hold of an automated system. They can download an operating system that has an automated system running on it. Kali, Parrot OS or Black-arch are all very good examples but there are others.

Designed as penetration testing tools, these systems have all of the requirements that they need to target organisations, multinationals, or anyone connected to the digital world.

Before you ask, yes it is all legal and above board as long as you are not targeting someone else.

To make these systems more effective they allow them to either download additional components from GitHub or design and program your own applications.

They are easy to use!

The old saying that whenever anything is free you are the product rings true with these systems as well. The creators of these systems keep track of people using them and incorporate any updates into their own releases.

To set up one of these systems all you need is a computer. Once you have administrator access to a computer you can download a virtual environment (VMware if you have some money or Virtual Box for free) and you can then install these operating systems as a virtual operating system.

You can even run the operating system on a microcomputer (Raspberry Pi) for under $100.

Once set up you now have access to the tools and capabilities that, if used correctly, can rival someone who has been in the industry for years. Almost like a novice woodworker creating a dovetail joint on their first try without knowledge of what to do.

No training, just using other people’s knowledge.

In addition, and a bigger issue, what they do not know can be learned or discovered by simply searching google.

The capability and effectiveness of these systems allow them to set up the automated attack and target a huge number of vulnerable systems based on blocks of internet-based addresses.

Simply they can find out if there is a targetable vulnerability just by using facets of the automated systems.

They are easy to make money out of!

These free operating systems have the capability of making money.

To make serious money, though, you need to work with partners. Working with partners can be both beneficial as well as detrimental to their own security.

When it comes to making money it is either through selling information on the dark web, selling cryptovirus decryption keys to vulnerable people or selling access to compromised systems to leverage other attacks.

How to avoid being a target of script kiddies.

To avoid being a victim you need to implement some protective strategies.

You need to apply the CareMIT business security methodology to the organisation but to start at the basics this is what you need to do:

  • Patch and update everything – operating systems, application and to really be secure remove anything that you do not use from the system. This is applied to computers, websites, servers, and smart devices.
  • Disable macros – do not allow macros to run on the computers
  • Use complex, unique and more than 12 characters for every site, service or system in the digital world
  • Use 2 factor or multi-factor authentication. If you manage websites or other cloud-based services make sure the third level of security is in place – captcha
  • Only allow good applications to run on the system. This is called application whitelisting and only approved applications are allowed to run. There are some anti-virus systems that allow you to do this.
  • The last one is critical to your sanity – DO A BACKUP. All the bad guys have to do is win once. A backup ensures that if and when they win they have not really won.

At the basic level, the users of these automated systems are just as vulnerable as the people that they are targeting. A severe case of “user beware”, because if you do not configure the system correctly you are just as vulnerable as your targets.

At the most fundamental level, we all know that most people between 13 and 30 have a limited ethical attitude and good and bad is debatable.

That’s why we have the proliferation of these systems.

Secure your business!

Get proactive!

Do the scorecard!

Read your report!

Linkto scorecard https://caremit.scoreapp.com

#ceo #ExecutivesAndManagement #ProfessionalWomen #CareMIT #cybersecurity #infosec

Thinking you are immune to a cyber event is a regular occurrence for SME’s

Posted on by

Even if you think you are immune to a cyber attack these ideas are critical to restricting the impact.

I want to talk about some of the problems we have encountered when being called into a cyber event situation for a new client.

Have you looked at all of our business risks?

Risk is the biggest invisible issue in today’s business world.

Most Organisation does not know how to evaluate the risks that their digital component brings to the Organisation because they cannot visualize the risk.

Only by looking at the digital risks will it become apparent that more is needed to be done.

Get some good legal advice!

We regularly come across businesses that do not know what their legal obligations are when it comes to protecting data that they are the custodian of.

If your Organisation collects information about a person or a business you are now the custodian of that data.   The legal implication of being the custodian need to be understood before you make the decisions concerning the information or type of information collected.

Always err on the side of less.  If you cannot justify it do not collect it.

Check your response plan!

When it comes to SME’s, they think they are Bulletproof.

It will never happen to us, we are too small, yadda yadda!

Well, NO.   A cyber event can happen anytime and to anything digital.   When it comes to a true cyber attack you need to have a breach plan.

A plan that tells everyone in your Organisation what you expect them to do, how they will do it, who they report to and the process needed to preserve evidence and get back to business as normal.   Without it, chickens missing heads, running, lots of running, come to mind!

Test your systems with a tabletop war game.

This is absolutely essential to any Organisation with more than 5 staff.

Run some hypothetical scenarios.    Think of a problem and make sure that everyone knows what to do if it ever occurred.   Especially test disaster recovery, business continuity and breach plans.

After testing the system do both a hot wash up (debrief) and a report.

Implement any discovered failures.   Things that could be done better.   Things that were done badly.

You do not want a real emergency to be the first test of these plans.

Test some “what if …” plans.

Another alternative is to come up with some unusual issues.

A fire in the building that does not impact your business but your business is in the same location and your staff can no longer get to the office, showroom, shop for a week.

What is the impact?   What is your solution?

Tested our backup, we have.

We have a rule.   When it comes to backups we have the 3-2-1 rule.

There are 3 copies of all data.   The original data plus 2 other copies.   Those 2 copies consist of an on-site incremental data copy and an off-site copy.  There is always 1 copy of the data stored off-site.

Once again a backup is useless unless it has been tested.    A regular restore copy of a couple of files should be documented every month.   A full-blown restore of the system should be done every year from both locations.

Who do we have to report to?

When it comes to a breach there also needs to be a reporting structure.   Part of your business continuity plan should be a list of people who are allowed to talk to the media, post on social media, talk to vendors or talk internally and to who.

Reputation always impacts needs to be controlled as much as possible in today’s live world.   The policies, plans, and tests will ensure that everyone knows what they need to do.

Does anyone know how to preserve evidence?

If you are knee-deep in a cyber event the last thing that anyone is going to think about is the preservation of evidence.

Once again if the breach plan has been tested then you will know what has to be done.   If would be cold comfort to know that someone who has ruined you life will not face the consequences because there is no evidence against them.

Preservation of digital evidence can also include the information and machine learning that comes from your System Information and Event Management system (SIEM).

Train everyone, security should be part of everyone’s role in the organisation.

Social engineering is the process of targeting people.

It is used to great effect against everyone in business.   Social engineering is a 2 fold process – the bait, the email SPAM, phishing and the bad technology – link, application or attachment.

Combined together they are an effective attack system for the bad guys.

To counteract the social engineering you need to educate everyone.   There are free online courses but additional resources can include competitions, posters.

Get a framework and implement it.

One of the best protective strategies any business can implement is a framework.   I recommend the National Institute of Standards and Technology (NIST) Cybersecurity framework.

By answering the 98 questions, you get an instant base level indication of where your Organisation is in regards to the security maturity.

A framework does a number of things.   It gives you a base level, it gives you a score between 0 and 4, it ensures that you do not forget anything and gives you a road map for business security within your Organisation.

As a flow-on effect, it gives you a score that you can compare apples with apples (security maturity with security maturity) against other Organisations.   When it comes to data sharing you can make informed decisions on how secure the other Organisation will be in regards to data protection.

You have done a vulnerability assessment

Every device that is connected to a network has the capability of compromising the whole network.   The first law of Cybersecurity is “if there is a vulnerability it will be discovered and it will be exploited – no exceptions”.

To ensure that those vulnerabilities are addressed you need to do regular vulnerability scans on the network.

This can be achieved with expensive or free systems.   Either type it is important that vulnerability scans are completed and mitigated and vulnerabilities are patched and managed correctly.

Cybersecurity is not easy!

There’s no such thing as set and forget when it comes to protecting your Organisation from a cyber event.

It is a diligent and continuous process that needs to be done correctly to protect the integrity of the data within your custodianship.

Keep it safe, protect it, monitor it and ensure that if something does happen you have a way back to business as normal.

How fast will your business be back to business as normal after a disaster?

Why you need a new breed of Business security

Posted on by

Introduction

In the last 20 years, there has been a slow change in how the business approaches the management of the ICT component.

As business and technology changes there have been significant changes in the management process of these systems.   The more complex and costly the systems the more dedicated the support has to be.   We have gone from onsite support from staff (I know computers) to off-site support from a service provider.

SME’s no longer have the resources available to manage their ICT and a new breed of company has been slowly taking more and more control over these parts of your business.

Managed Service Provider (MSP)

Originally these organisations were known as ICT or IT companies.   They were usually run out of hardware and software stores and were more focused on those areas.

It was eventually realized that just managing the hardware and software of small and medium business and not for profit organisations was not enough.   When technology broke, the most organisation still could not afford a technician to come to the site and an IT company need to make their resources go further.

The managed service provider did a number of additional things:

  • They had systems that remotely monitored and managed (RMM) the technology within the organisation.   This allowed them to give feedback to the clients in the way of comprehensive reports on their network
  • They had helpdesk capability to fix issues as they arose from the RMM systems or issues that arose from the users.
  • They started to become proactive, not reactive.
  • In a number of ways they even became vendor managers.  They looked after their clients from the internet down to the user.

Managed Security Service Provider (MSSP)

The business has changed and the requirements for ICT support have changed, the MSP needed to do more.

To be competitive and to be more productive they started adding on services.   These services included if not delivered by the MSP:

  • off site backup,
  • managed firewall,
  • web application firewalls,
  • web site management,
  • managed Anti Virus and many more.

In most cases, they were a bolt-on action to the MSP requirements and were supplied to maximize profit and reduce cost.   In a large number of situations, the customer was not getting value for money because the MSP was tied to a specific vendor.

In the last 5 – 10 years, the bigger the perceived problem with security was the more clients were going to purchase systems from their trusted advised – their MSP.   Once again increasing profits by reducing costs.

Any MSSP that does this is actually exposing their clients to huge problems.   Most of the service level agreements (SLA) reduce this down to “all care no responsibility”

Managed Business security service provider (MBSSP)

SME’s and NFP organisations needed to approach business security in today’s business world from a new direction.

Business security has to be approached from the top down.    Management and board members HAVE to get involved.   Your MSP or MSSP who is not recommending risk management and cybersecurity frameworks is in fact doing a huge disservice to your organisation.

Risk management and a risk management process looks at all of the risks to the organisations and allows you to think and work through the process and deliver strategies to protect the organisation.   It includes the ICT and technology area but there is so much more that has to be incorporated into a risk management plan.

The second part is a cybersecurity framework.   A framework does a number of things:

  • It focuses management on the required tasks to secure the organisation.
  • It removes knee jerk reactions to perceived threats.
  • The more you implement the framework the more secure your organisation.
  • It has to be done with the involvement of all areas of the organisation from management down and from coal face up.
  • It can be managed with reduced costs, expertise and time constraints

Most frameworks have a baseline requirement.   When you start to implement the framework you have to know how secure you are before you can start to improve.   The baseline also allows you to look at priorities within the organisation.

Conclusion

If your organisation is still using an MSP or an MSSP to manage your security without looking at the risk components or without implementing a cybersecurity framework (we recommend the National Institute of Standards and  Technology (NIST) cybersecurity framework) then you need to rethink your business security requirements.

Talk to an organisation that is focused on MBSSP capability.

Secure your business!

Get proactive!

Do the scorecard!

Read your report!

Link to scorecard https://caremit.scoreapp.com

#ceo #ExecutivesAndManagement #ProfessionalWomen #CareMIT #cybersecurity #infosec