As consumers continue to live their lives online, they become increasingly aware and worried about the use of their data online. According to research by CPA Canada, 76 per cent of Canadians fear Canadian businesses are vulnerable to cyber attacks regarding their personal data. With the increasing amount of data breaches happening every day, customer data across all industries are in danger of being exposed. Just recently, LifeLabs fell victim to a cyber attack that might have compromised the data of 15 million Canadians. Hackers are getting more sophisticated and regulations like PIPEDA make it imperative for organizations to start taking customer data protection seriously. With this in mind, here are 5 things organizations can do to protect customer data.
Endpoint protection is vital for protection against malicious threats. One compromised endpoint can lead a hacker right into your network, putting data at risk. Protecting endpoints with a solution like Secure IT – Endpoint provides layers of security that goes beyond just an anti-virus. Endpoint protection can prevent data leaks and provide device encryption to protect data. Centralized management of all endpoints make it easier for organizations to keep track of their endpoints and configure security.
2. Be aware of your customer data
The more customer data organizations collect, the more time and resources they need to dedicate to storing and protecting the data. Organizations need to understand the data they’re collecting and ensure that they’re not collecting more than what is needed for business purposes. Organizations also need to limit employee access to customer data. Stories of employees accessing customer information for malicious purposes make customers wary of giving up information and can make them hesitant to do business with your company. Organizations must pay attention to data collection regulations like PIPEDA that govern how organizations store and collect personal information to ensure they are being compliant with the law. If organizations operate globally, they also need to be aware of how international regulations like GDPR and the new California Consumer Privacy Act affect the data they collect.
3. Securely backup your data
Critical to data protection is backing data up in a secure data centre. Backing up data ensures it is protected in the event of a disaster or a ransomware attack and is a vital part of an organization’s disaster recovery plan. Automated scheduling of data backup makes it easier for organizations to ensure that the latest information is backed up. Backing up data locally also ensures that the data is protected by regional privacy laws. Encrypting data while it’s in transit and at rest is vital to prevent hackers from accessing the data. For more information on Jolera’s backup solutions, visit our Store IT product page.
4. Update your infrastructure
Ensure that the devices in your IT infrastructure are running the latest software and hardware updates. Failing to patch your applications and software or continuing to use legacy systems puts your systems at risk to being exploited by hackers. Threat actors can easily scan your systems for unpatched vulnerabilities, which they can exploit to gain access to your network. It’s important to ensure that your systems are always updated to protect against the latest vulnerabilities. Similarly, using a legacy system like the recently unsupported Windows 7 operating system puts customer data at unnecessary risk. These unsupported systems mean that manufacturers will no longer provide security updates. This makes it easier for threat actors to exploit vulnerabilities because they know that manufacturers won’t be issuing patches or updates to prevent them from being exploited.
5. Monitor with SIEM
When it comes to data protection, monitoring your systems is essential. SIEM systems aggregate log data from the devices across your network, prevent data exfiltration by using behavioural analysis to detect suspicious activity. SIEM can detect large amounts of data being transferred across your system or through the use of external web applications. Intelligent analysis can also correlate seemingly unrelated activities such as a user plugging in a USB and accessing data they don’t normally use. When SIEM detects unusual behaviour, it generates a security alert that is then investigated by a security expert who takes action to remediate the alert. SIEM is an invaluable tool that provides an automated layer of detection to determine actions indicative of threats. For more information on Jolera’s Secure IT – SIEM solution or how Jolera can help you secure customer data, contact us today.
An emergent and effective data-harvesting tool dubbed Oski is proliferating in North America and China, stealing online account credentials, credit-card numbers, cryptowallet accounts and more.
Oski started out targeting victims in North America, but in the last few days has added China to its set of targeted geographies. It’s also virulent: when it was first investigated, Oski had racked up 43,336 stolen passwords, primarily from Google campaigns. About 10 hours later, that number had increased to 49,942, with an in the logs from 88 to 249.
Proper security measures must be in place to defend against Oski malware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2019-16466
Adobe has released security updates for Adobe Experience Manager (AEM). These updates resolve multiple vulnerabilities in AEM versions 6.5 and below rated Important and Moderate. Successful exploitation could result in sensitive information disclosure.
The Ryuk Ransomware uses the Wake-on-Lan feature to turn on powered off devices on a compromised network to have greater success encrypting them.
Wake-on-Lan is a hardware feature that allows a powered down device to be woken up, or powered on, by sending a special network packet to it. This is useful for administrators who may need to push out updates to a computer or perform scheduled tasks when it is powered down.
Proper security measures must be in place to defend against Ryuk Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
As of January 14, Microsoft is no longer providing regular security updates and patches for Windows 7. According to data from NetMarketShare, approximately 26% of devices are still running Windows 7. Although the Windows 7 deadline has passed, organizations should still plan a Windows 10 migration. Otherwise, organizations have the option to get Windows 7 Extended Security Updates (ESU).
What is Windows 7 ESU?
Windows 7 ESU provides businesses of any size still using Windows 7 Professional or Windows 7 Enterprise with security updates for critical and important issues. It’s important to note that Windows 7 ESU is meant to be a temporary fix and is only available for up to three years.
What are my options?
Organizations should prioritize migrating to Windows 10 to ensure they stay protected. Not only is Windows 10 more secure but it has better features to help improve business productivity. Migrating to Windows 10 also provides peace of mind, knowing you won’t have to spend a lot of time and effort trying to support an obsolete operating system and feeling left behind.
If you are unable to migrate to Windows 10 right away, you will need to purchase Windows 7 ESU to stay secure. The purpose of Windows 7 ESU is to support organizations as they get ready to migrate to Windows 10. Without security patches and updates, Windows 7 users become exposed to unpatched vulnerabilities and threats like ransomware. Hackers know that the security features in Windows 7 are weaker and easier to exploit, making Windows 7 users likely targets for cyber attacks. This puts client data and business productivity can be at risk.
For more information on Windows 7 ESU pricing or how Jolera can help with your Windows 10 migration, contact us today.
Phishing remains one of the top threats to organizations. According to Proofpoint’s 2019 State of the Phish report, 83% of organizations experienced phishing attacks. While most inboxes come with basic protection like spam filters, it’s often not enough. A 2019 Global Phish Report found that 25 per cent of phishing emails bypass default security. To defend against the ever-evolving threat of phishing, many email security solutions are integrating artificial intelligence (AI).
AI goes beyond signature-based detection. Signature based detection analyzes attack patterns to determine incoming attacks. A phishing signature will include information like known malicious IPs or domains or specific types of email headers. If a signature is identified, the email will automatically be classified as phishing and will be blocked. Signature based detection is important, especially for detecting known attacks. However, hackers know that by tweaking certain elements like HTML code or image metadata, they can evade these filters.
AI enhances detection with machine learning capabilities. AI scans for similar signature features such as malicious links but has other abilities like scanning images to determine fake login pages. AI also focuses on detecting phishing characteristics/behaviours as opposed to known signatures. Even if a hacker sends a phishing email with altered signature, AI will be able to automatically detect it as a phishing email and block it accordingly.
Behavioural Analysis
Some phishing attacks like CEO fraud and social engineering imitate users or companies to trick victims into wiring money or providing confidential information. These attacks can bypass spam filters because they come with no malicious payloads (such as links or attachments). A user who receives these kinds of emails may think they are legitimate, especially if they look very convincing.
AI can analyze user communication patterns to establish a baseline
for normal user behaviour. This makes it easier to detect anomalies if hackers
are trying to impersonate employees. Behavioural analysis can examine
characteristics like writing style and grammar and syntax to determine a user’s
unique profile. If a user receives an email claiming to be from the CEO but the
message has grammatical errors it can be flagged as suspicious, even if the
headers and sender address look legitimate.
Continuous Learning
Phishing attacks are always evolving, and threat actors are always
trying to evade the latest security technologies. In order to stay ahead of
threats, cybersecurity technologies also have to evolve and improve.
Artificial intelligence is continuously learning from not only an organization’s unique environment but also from other open source threat intelligence feeds. By constantly updating and feeding its capabilities, AI is able to constantly improve its ability to detect the latest phishing threats.
Protect Against Phishing
A combination of trained users and using evolving tech like AI is necessary for organizations to defend against phishing attacks. At Jolera, our Secure IT – Mail solution provides comprehensive security, archiving, backup and user defence features to protect your organization. Included in the solution is an AI component that protects email against spear phishing. For more information on how Secure IT – Mail can protect your organization, contact us today.
A hacking campaign that infects victims with username and password-stealing malware has been updated with new tricks as cyber criminals look to make their attacks more efficient, stealthier and more lucrative.
It adds new phishing documents to use as the lure to hook victims, such as invoices; a previous campaign used a fake court summons as a lure. The malware has also been provided with more tricks to avoid detection and analysis, using shellcode to make the malware more effective at detecting debuggers and sandboxes – something it now checks for every five seconds.
Proper security measures must be in place to defend against Lampion Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE-2020-0002
Android has released its monthly security bulletin that contains details of security vulnerabilities affecting Android devices.
In one vulnerability, a remote attacker could use a specially crafted file to execute arbitrary code within the context of a privileged process.
A new ransomware family has been discovered that is being used to target and encrypt all of the devices on business networks.
The SNAKE ransomware is the latest example of enterprise targeting ransomware which is used by cybercriminals to infiltrate business networks, gather administrative credentials and encrypt the files of every computer on a network using post-exploitation tools.
Proper security measures must be in place to defend against SNAKE Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
Most organizations recognize the importance of user awareness training but often approach it as a one-off activity. According to research from Mimecast, only 6 per cent of organizations that provide security awareness training do it monthly. In order for users to build good security habits and stay alert to the latest threats, security awareness training needs to be continuous. Here are three simple ways you can boost your security awareness program.
Most businesses have heavy workloads which can lead security to become an afterthought. Having to schedule in-person cyber awareness training sessions can be time consuming for businesses, which can make them even more hesitant to implement training.
Fortunately, businesses can make the training process easier thanks to computer based online training. Online training is more interactive which can lead to better retention for employees. Employees can also learn at their own pace and at their own time. Online training is also easier for organizations to set up, which makes it easier for employees to regularly engage with the training more regularly.
2. Measure your progress
The purpose of security awareness is to not only educate users but to also ensure you’re developing a strong security culture amongst your employees. To start, organizations need to gain a snapshot of employee habits. They can use this information to determine which areas need improvement and take the appropriate steps to address any weak spots. One way to determine user habits is to test them with simulated phishing.
Simulated phishing campaigns emulate real life phishing scenarios users could potentially encounter during work or at home. A user awareness solution like our Secure IT – User Defence service provides customizable phishing templates that can be easily scheduled and sent to users. It tracks if users fall for any of the phishing simulations and redirects them to training if they do.
3. Share security news
Security affects everyone, whether they’re at work, at home or on vacation. Sometimes, people just need to remember that. Simply sharing a news story about a recent data breach or sending security tips to employees once a week can help foster strong user awareness. It also makes security more applicable to their lives and helps them understand the consequences of cyber threats. You can also subscribe to security blogs (like ours) or newsletters and forward those emails to employees.
Proper security measures must be in place to defend against Lampion Trojan and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE 2019-20144
Gitlab has released a software security update for for GitLab Community Edition (CE) and Enterprise Edition (EE).
In one vulnerability, insufficient access verification lead to unauthorized modification of group runners through the API.
Download and install versions 12.6.2, 12.5.6, and 12.4.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
Clop Ransomware
The Clop Ransomware continues to evolve with a new and integrated process killer that targets some interesting processes belonging to Windows 10 apps, text editors, programming IDEs and languages, and office applications.
Proper security measures must be in place to defend against Clop Ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
The new year is upon us which means it’s time to reflect on the past year and prepare for what may come in 2020. With the threat landscape constantly evolving, it’s important to look ahead at what the future may hold so that we can take action to stay secure in 2020. Here’s a look at what 5 security habits to leave behind while looking ahead at 5 security predictions for 2020.
Although the use of biometrics is steadily increasing, it’s far from the end of using passwords to secure accounts. Unfortunately, it’s hard for people to remember their passwords, which results in people using simple and easily hackable passwords. For the second year in a row, 123456 remains the top worst password of 2019 according to SplashData’s Annual Worst Passwords List. Even worse is that people often reuse passwords across accounts. Hackers need only one good set of leaked credentials in order to access accounts. It’s time to leave the bad password security behind. Each account should have a unique password that includes alphanumeric and special characters.
2. Using outdated tech
As the year ends, it’s time to take stock on your IT infrastructure and upgrade any legacy systems. For example, Microsoft will be ending support for Windows Server 2008 and Windows 7 on January 14, 2020. Using outdated technology puts your infrastructure at risk because these systems no longer receive security updates. This means hackers can exploit vulnerabilities present in these outdated systems and use them to enter your network.
3. Ignorance is bliss
Just because you haven’t been hacked yet doesn’t mean you won’t be hacked in the future. Organizations need to step up their security – whether it’s email, backup or IT management. IT is becoming more integrated into business operations which means the impacts of a cyber threat can be detrimental to your business.
4. Bad third-party partnerships
It’s not only important to implement strong security in your own organization but to also ensure your vendors/partners have strong security as well. According to research from Spiceworks, 44 per cent of organizations experienced a significant data breach caused by a vendor. It’s important to have a formalized policy in place for external partners and to evaluate their security. Things like reviewing vendor security policies or obtaining evidence of security certifications can help.
5. Not enough training
Employees play a big role in your organization’s security. Any employee can accidentally fall for a phishing scam or click on a malicious link that leads to ransomware. You need to secure your systems and your employees. Make security a bigger part of your culture through awareness and accountability. Our Secure IT User Defence solution can help integrate security into your organizational fabric by providing users with online training and simulated phishing testing. The solution also includes dark web monitoring for leaked credentials to prevent hackers from using them to enter your infrastructure.
5 Security Predictions for 2020
1. Deepfake attacks
Deepfakes use machine learning software to superimpose fake images onto existing images and videos to manipulate them. They often look real and can be hard to detect. Forrester predicts that costs associated with deepfake scams will exceed $250 million in 2020. 2019 already had one recorded incident of threat actors using a deepfake voice to scam a CEO out of $243,000 by impersonating his boss through the phone. This was the first noted incident of a deepfake voice being used in a scam. Not much is known about how the hackers were able to replicate the voice. As this technology continues to evolve, we may see similar attacks in the future.
2. Use of AI
In a similar vein as above, AI usage will continue to increase, whether it’s through evolving security products or hackers creating AI based malware. The tools for AI and machine learning are becoming more accessible to hackers which can be used to carry out automated, targeted attacks. As a result, security solutions will be trying to integrate more AI to enhance security defence to help identify attacks. Implementing a security information and event management (SIEM) system that uses behavioural analytics will help defend against these attacks.
3. 5G Issues
5G network deployments are expected to ramp up in 2020. According to IDC, the number of 5G connections is forecast to grow from roughly 10 million in 2019 to 1.01 billion in 2023. As with all mobile networks, the arrival of a new network brings several security concerns. The rollout of 5G is expected to increase the attack surface, which can provide hackers several backdoors where they can enter undetected. 5G is also vulnerable to major security flaws which can be exploited to be used in malicious activities such as snooping.
4. Increase in data privacy
In 2020 data privacy will be a greater priority for organization as new regulations like the California Consumer Privacy Act become effective on January 1st. We already saw greater consumer concern for privacy in 2019 and we can expect this to continue. Many companies are struggling to provide customers with their personal data upon request. According to research by Talend, 58 per cent of companies failed to provide copies of data. Companies will have to gain deeper insights into the type of data they collect, where they store it and how it’s being used.
5. Ransomware will expand
Ransomware continues to be a threat to organizations as it’s becoming more sophisticated. With the increase of ransomware-as-a-service it’s only going to be easier for hackers to continue to profit from these attacks. Many public sectors were targeted by ransomware in 2019, such as municipalities and public-school districts. Expect more targeted attacks across all industries, especially those with poor cyber hygiene. This will make endpoint protection crucial for all organizations.
Netgear, D-Link, and Huawei routers are actively being probed for weak Telnet passwords and taken over by a new peer-to-peer (P2P) botnet dubbed Mozi and related to the Gafgyt malware as it reuses some of its code.
The botnet is implemented using a custom extended Distributed Hash Table (DHT) protocol based on the standard one commonly used by torrent clients and other P2P platforms to store node contact info.
Proper security measures must be in place to defend against Momentum botnet and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
CVE 2019-5702
NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update addresses an issue that may lead to denial of service or escalation of privileges.
To protect your system, download and install this software update through the GeForce Experience Downloads page, or open the client to automatically apply the security update.
Ryuk Ransomware
A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems.
With the rising popularity of the Windows Subsystem for Linux (WSL), the Ryuk actors likely encrypted a Windows machine at some point that also affected the *NIX system folders used by WSL. This would have caused these WSL installations to no longer work.
Proper security measures must be in place to defend against Ryuk ransomware and similar threats. Having proper up-to-date endpoint security provides a cross-generational blend of threat defense techniques to protect systems from malware.
A disaster can hit your organization at any time, causing disruptions and even downtime to your business. According to research from Spiceworks, 27 percent of organizations that experienced one or more outages in the last 12 months reported loss of business revenue as a result. When disaster strikes, an organization needs a disaster recovery plan in place to ensure restoration of services as soon as possible. Here are 5 steps to creating a disaster recovery plan.
Your IT infrastructure is comprised of
several types of resources and processes that make up the core of your
business. To ensure they stay protected, you need to identify your assets and
prioritize the most critical ones.
Start by taking an inventory of your
managed assets, such as your servers, devices, data, etc. Take stock of where
they are located and what data each asset holds. This will help you identify
the most critical assets.
2. Conduct a Risk Assessment
Once you’ve determined your critical assets the next step is to understand the threats to these assets, the potential impacts the threats have to your business and the likelihood they will occur. These threats can range from a wide variety of things such as a natural disaster or a power outage.
To best understand the threats in your
infrastructure, it’s best to conduct a risk assessment. Risk assessments help
identify gaps that would negatively impact an organization. The results of a
risk assessment should help guide your planning on how to best protect your
business during a disaster.
3. Outline Recovery Objectives
Each aspect of your infrastructure will
have a different recovery objective depending on its impact on your business.
Defining your recovery objectives is a crucial part of your disaster recovery
plan because it involves the availability of your infrastructure. This is the
bulk of your strategy so it’s important that you get it right. Your IT
department should work with key business managers to ensure that each IT asset
is given the proper recovery objective that best suits the business. This is
crucial in helping your business recover in the event of a disaster.
Recovery objectives are defined in two
ways:
1. Recovery time objective (RTO): The maximum of time your systems can be unavailable. In other words, how much loss can you take if X application was unavailable? Would you lose a significant amount of revenue? What happens if your employees or customers can’t access your services? Your RTO is crucial for determining the features you need in your data backups.
2. Recovery point objective (RPO): The maximum amount of data loss your organization can stand to lose. For example, if you backup your data at midnight but a disaster occurs at 9 am the following morning, you would have lost about 9 hours of data. If your RPO is less than 9 hours of data, your business might not be able to handle that data loss. RPO is useful for determining how often you should backup your data.
4. Communicate Your Plan
While IT might be in charge of your overall infrastructure, they shouldn’t be the only department privy to your disaster recovery plan. All department heads should be aware of your disaster recovery so that they can act accordingly in event of a disaster. For example, you may get an increase of calls from customers if they are unable to access an application. In this case your communications department should spring into action to notify customers of problems and to update them periodically. Having other departments involved in your disaster recovery plan can also help you determine other business impacts you may not have thought about.
5. Test and Update Your Plan
In the event of a disaster you want to make sure that you will be able to recover efficiently and as soon as possible. While things often go awry in an actual disaster, it’s still best to test the plan beforehand to ensure the plan can work as intended. Practice will also help you spring into action faster because people often panic during a disaster. Testing the entire plan at once might not be feasible so you can break up aspects of your plan and test them in increments.
Once you’ve tested your plan you can determine which parts work and fix the parts that need to be improved. It’s important to always update your plan so that it reflects your current infrastructure.
For more information on our backup solutions, visit our Store IT product page.
