4 Tips for Detecting Data Breaches

4 Tips for Detecting Data Breaches

When a data breach happens on one of your systems, how fast do you think you can prevent it from spreading? Moreover, how fast do you think you need to act?

A recent threat report found that hackers from Russia were able to access critical systems in 20 minutes, the fastest in the world.

Finding and containing a breach in less than 20 minutes is not easy. In fact, the average time it takes for an organization to detect a breach is about 6.5 months (197 days), while the average time to contain a breach is 69 days. This is why when a data breach is disclosed, it’s often months after it actually occurred.

Being able to limit a data breach can prevent more data from being lost and decrease associated costs, including compliance fines. This means that companies should aim to find and contain breaches as soon as possible.

Source: Ponemon Institute

Who Detects Breaches

Being able to internally detect security alerts is important for your company. Internal detection (from security systems, IT/security experts, employees, etc.) can save your business embarrassment from lack of security self awareness and perhaps put a stop to the breach earlier. However, a majority of breaches are usually detected by external parties, such as third-party providers, law enforcement and in some cases, consumers.

Why Does Breach Detection Take So Long?

When Marriott disclosed their data breach in November last year, they said that they first learned of the breach in September 2018. That’s about two months between the disclosure and discovery. They also found that hackers had been accessing their systems since November 2014. That’s a four year gap between the initial compromise and the time they discovered the breach!

The amount of time it takes to discover a data breach depends on the type of attack. For example, stolen credit card information is often not detected until fraudulent activity is determined. In the case of a third-party breach, a company won’t know they’re at risk until they are told by the third party.

On the other hand, a cyber criminal who manages to hack privileged credentials can get away with snooping around their victim’s network undetected.

How Can I Protect My Business Data?

1. Identification: It’s important to be aware of key indicators of compromise and know how to identify them. Such signs can include: multiple log in attempts, slow internet traffic, unusual log in activities (i.e. from strange countries, unknown devices etc.), unauthorized users trying to access confidential data, etc. It’s important to teach your employees these types of signs so that they can help prevent potential attacks.

2. Detection: Using automated security tools like a SIEM system is vital in detecting potential attacks. SIEM uses behavioural analytics to detect suspicious activity across your network. It does this by collecting data from all your devices and correlating it with global threat intelligence feeds and use cases. SIEM can detect behaviours like multiple log ins, access from suspicious IP addresses and more. Automated tools like SIEM are faster than solely relying on teams to help detect threats and are therefore important in protecting your data.

3. Monitoring: In order to determine what seems suspicious, you need to monitor your networks to establish a baseline. Our Monitor IT solution provides real time reporting on your IT infrastructure and systems to ensure your infrastructure uptime availability and performance. The technicians in our Network Operations Centre will monitor your infrastructure and bring attention to availability and operating performance.

4. Prevention: Active prevention through human insight and security solutions like next generation firewalls is a continuous process. Threats are always changing and evolving, which is why it’s important to stay up-to-date. As part of your prevention process, you should conduct regular cyber awareness training for your employees so they can spot common attacks and navigate the web safely. In conjunction with that, using preventative security solutions like firewalls to block malware from entering your network.

3 Reasons Why Cybersecurity Is Everyone’s Responsibility

3 Reasons Why Cybersecurity Is Everyone’s Responsibility

Cybersecurity affects every employee – from the executive team to HR, sales, marketing, etc. For this reason, cybersecurity should be everyone’s responsibility. But not all employees understand this. A survey by Citrix found that 40% of employees believe that they bear no responsibility for securing information. Cybersecurity is often thought of as a job for a company’s IT department; it makes sense as they are the tech experts who would most understand how to keep a business secure. But your employees are at risk every time they log onto their computers. Therefore, a company shouldn’t rely solely on one team for security. Everyone must work together to achieve security. Here are three reasons why cybersecurity is everyone’s responsibility.

Source: Help Net Security

Every Employee Is A Potential Target

Employees engage in activities that put them at risk, whether they realize it or not. Coming across a suspicious link while browsing or receiving a spam email can happen to anyone.  Those who work with confidential information may find themselves more likely to be a target.

The first step of a cyber attack is reconnaissance, where hackers research their targets beforehand. A simple LinkedIn search can show a hacker a wealth of people to target. From there they can find other social media accounts to further get information on how to tailor their attacks. They can target employees through a variety of ways such as phishing, impersonation and other social engineering tactics. Employees need to understand that their actions have an impact on your company’s security. They should be trained regularly on the cyber threat landscape and learn to engage in cyber safe habits.

Technology Isn’t a One Stop Solution

Having next generation security technologies like Firewalls and SIEM systems are key to limiting cyber attacks and protecting your data. But technology can only do the initial blocking of an attack. Whether a person clicks on a malicious link in their email or responds to an email containing CEO fraud is up to them.

There are also some attacks that technology may not be able to prevent, such as vishing. Vishing is a form of phishing where hackers call their targets to extract information instead of emailing them. Thus, your employees must work in conjunction with technology to protect themselves.

Cybersecurity Policies and Procedures Apply to Everyone

Having a strong cybersecurity culture is key to engaging employees with cybersecurity. A solid cybersecurity culture will include procedures and policies that ensure all employees meet the same security standards, such as every employee needing to change their password every 30 days. This will also show employees that they are a vital part in keeping your business safe. Updating your procedures and policies regularly will help reinforce your security mandates with your employees.

The Formjacking Threat Explained

The Formjacking Threat Explained

Last year, several retailers fell victim to a cyber attack that exposed the payment information of several of their customers. One well known example is the British Airways breach that affected more than 380,000 passengers. All of these retailers were targets of an attack known as formjacking. Formjacking is not a new attack but it is seeing a rise in the threat landscape. According to a new report by Symantec, formjacking attacks affect an average of more than 4,800 websites each month. As companies start to get more savvy in blocking attacks, hackers will be looking to use more creative ways, like formjacking, to target businesses.

formjacking

Source: BleepingComputer

What is Formjacking?

Formjacking is a type of website hijacking, which is when hackers inject malicious codes into websites to steal user information. Formjacking tends to target retail websites in order to steal credit card information. It’s important to note that formjacking is not an infection that spreads to your network, but a code injection embedded in websites.

How Formjacking Works

A hacker will inject malicious script into the payment section of a website. When a user on the infected website uses the payment form to check out, the script will copy the details entered by the user and send it to the hackers. These attacks go undetected because the website continues to operate normally. Thus, users are giving their information to hackers without even realizing it.

4 Preventative Measures You Can Take

1. Don’t enter payment information directly:  When making online purchases, try to avoid using the website payment form by using a payment service like PayPal instead. Customers who use PayPal are redirected to the PayPal website when making the purchase. Since your payment information is entered in a separate website, your information will not be compromised. Using mobile payment options like Apple Pay or Google Pay will also help hide your payment information, which makes it harder to steal.

2. Monitor Outbound Traffic with SIEM: Security Information and Event Management (SIEM) systems use behavioural analytics to detect threats with the help of use cases. Using a SIEM system like Secure IT – SIEM can help detect suspicious activity like increased outbound traffic. If your traffic activity is looking suspicious, it might be time to investigate your website for malicious code.

3, Review third party scripts: Formjacking attacks are also affecting businesses via third party providers. Ticketmaster was breached last year via a third party chat bot it uses for customer support. It’s important for businesses to do their research when partnering with a third-party and ensure they are properly audited. Companies should also look to reduce the amount of third-party scripts on their websites and only keep those that are essential.

4. Conduct a vulnerability assessment: Vulnerabilities tend to be discovered once they start doing damage. A vulnerability assessment will analyze your systems and networks to help you detect and address security gaps. This can help your organization address security gaps and issues before they become a larger problem. Catching malicious script in your website before it can do damage to your brand and customers is key. Have your websites scanned for malicious code when doing your assessment. If you’d like to conduct a vulnerability assessment, contact Jolera today.

How to Create an Incident Response Plan

How to Create an Incident Response Plan

The threat of a cyber attack is constantly present and 80% of IT business leaders expect to face a critical breach this year. Companies who experience a data breach can expect loss of revenue due to downtime, reputation and recovery. One of the ways a company can reduce the impact of a cyber attack is to implement an incident response plan. According to a study done by IBM, having an incident response plan in place can save a company an average of $340,000.

Source: IBM 

What is an Incident Response Plan?

An incident response plan is used to help organizations detect threats and minimize the impact of a security incident. An incident response plan is key for organizations to build the foundation of their defence. An effective incident response plan will ensure business continuity in the event of an attack and can help prevent a similar event from happening in the future.

What are the Benefits?

Compliance: Regulations like PIPEDA require organizations to keep and maintain records of any data breaches. Having an incident response plan can assist with record keeping and provide quick access to your records.

Trust: Give your clients and investors the confidence in knowing that your company is ready to respond to any security incident.

Clarity: An effective incident response plan will allow all organization personnel to know their responsibilities, leading to faster response time and clear communication across the organization and between the media/stakeholders.

5 Key Components for An Incident Response Plan

1. Determine critical areas of your network: Visibility is an important part of a response plan because when disaster strikes, things can get chaotic. It’s important to look at every part of your environment and prioritize your assets. Knowing the key assets of your business will ensure your critical components will be protected.

2. Evaluate risks: Your incident response plan should cover common threats that are prevalent in the threat landscape, such as ransomware and DDOS attacks. Vulnerabilities tend to be made aware after the fact so an important part of prevention is to find the risks before they become a problem. One way to evaluate your risk factors is to conduct a security risk assessment. A security risk assessment can help you address current risks that are specific to your organization.

3. Incident Response Team: A crucial part of an incident response plan is to have a team of key players to help mitigate immediate issues and plan for other problems (such as media communication). Assigning the proper roles to your staff members to ensure that when the time comes, everyone knows their responsibilities. Your team should include: executives, a security analyst, IT manager, communications and human resources. You may also include third parties such as legal counsel or third party stakeholders. Your team should be briefed of your incident response plan annually and update the plan if necessary.

4. Create a business continuity plan: In the event of a breach, your business operations may not be accessible. In order to limit downtime, you need to figure out a way to access business critical data. This is why it’s important to backup your data regularly so that when the time comes, you have a backup system ready to go.

5. Involve your staff: All employees should have knowledge of and be familiar with your incident response plan. Full cooperation with all employees can limit distractions and delays. Train all employees on your plan, whether they’re part of your incident response team or not.

5 Ways Hackers Can Breach Your Company and How to Protect Yourself

5 Ways Hackers Can Breach Your Company and How to Protect Yourself

According to a recent study, 2 in 3 companies say they are unable to protect themselves from a data breach. With new regulations like GDPR and PIPEDA in place, companies face even greater fines (in addition to other consequences such as downtime, decrease in share prices and lack of customer trust) if they fall victim to a data breach. Attacks are getting more sophisticated, meaning companies need to keep up-to-date with the latest threats and security technologies in order to protect themselves. But how do hackers breach companies in the first place? And what can companies do to stop them?

Data Breach

Source: Forbes

5 Ways Hackers Can Enter Undetected and What You Can Do

1. Exploiting vulnerabilities: Vulnerabilities are flaws found in software programs or operating systems due to programming errors or improper configurations. Vulnerabilities act as a crack in the wall that give hackers entry into your systems until they are patched. Hackers looking to exploit vulnerabilities can use them to access your computers and/or install malware.

How Can I Protect My Business?

Users should install security updates and software patches as soon as they are released. Addressing vulnerabilities immediately is key because the longer they remain unpatched, the more opportunities a hacker has to exploit them.

2. Insider threats: Although most cyber attacks involve third party hackers, 28% of attacks involved malicious insiders. Malicious insiders can be broken down into two categories:

i) Accidental: These are stolen credentials used by hackers to steal information.

ii) Intentional: Employees, partners or contractors who intend to steal information.

Whether a user is intentionally malicious or not, insider threats are harder to detect because they are posing as a legitimate user. This is dangerous because they can wreak havoc long before they are detected.

How Can I Protect My Business?

Security Information Event Management (SIEM) systems use behavioural analysis to detect suspicious behaviour within your network. Due to its advanced capabilities, SIEM is able to pick up on things like logins at unusual hours or attempts at accessing unusual data. SIEM can also correlate suspicious behaviour with known threats to determine if a threat is taking place. For more information on what our Secure IT – SIEM can do for your business, contact us today.

3. Keylogging: Keyloggers are used to record keystrokes on your devices. When used by hackers, they can be used to steal passwords, personal information and anything else a person types. Keyloggers are spread to various means such as phishing emails or installed through web scripts.

How can I protect my business?

Using a firewall will protect you from a variety of threats, including keylogging. Keyloggers usually require a transmission of your data to the hacker through the internet. A firewall acts as a layer between your network and the internet and can potentially detect this and block malicious IP addresses/websites. At Jolera, our Secure IT – Firewall uses next generation firewalls to provide advanced protection for organizations.

4. Wireless hacking: Hackers who manage to hack your wireless routers put your networks at risk to several vulnerabilities such as eavesdropping, man-in-the-middle attacks and denial of service attacks. Successful hijacking of routers can also lead hackers to gain access to your network and the data you receive and send.

How can I protect my business?                                

As always, it’s important to be notified of any firmware updates for your routers and install them as soon as possible. Consider also using a WiFi security solution like Secure IT – Wifi, which includes next generation access points and 24/7/365 security event management for your wireless networks.

5. Social Engineering: Social engineering is when hackers use deception or manipulation to mislead employees into divulging confidential or private information. This means that Hackers don’t need to use high tech skills or equipment to infiltrate your organization. Social engineering relies on two things: a good impersonation (such as pretending to be a CEO, partner company, etc.) and an employee to take the bait. It can be difficult to detect social engineering because they tend to target users via email as opposed to directly hacking into your network.

How can I protect my business?  

The best way to prevent employees from falling victim to social engineering is to train them on cybersecurity with a cyber awareness course like Secure IT – Training. Courses like Secure IT – Training will help promote cyber awareness in your organization by informing employees of the latest threats and what they can do to prevent them. This will help your employees stay alert for cyberthreats like social engineering and help them develop good security habits that will protect your organization in the long run. Training, combined with an email security solution like Secure IT – Mail, will combine human effort with advanced email security to protect your organization from threats like social engineering.

5 Tips to Secure Business Communications

5 Tips to Secure Business Communications

If your email was hacked today what information would be at risk? Intellectual property? Names of investors? Customer data?

Email hacking is not new; there have been several companies who have made headlines in the past who have been involved in email hacks, such as Sony Pictures and Yahoo Mail. Although email is inherently insecure, it remains the most convenient method of communication between businesses. Email is familiar, and has become a great marketing tool for companies to reach their customers.

Instead of avoiding email, companies should use it safely. There are several steps companies can take to start securing their email communications.

Daily Email Traffic 2017 2018 2019 2020 2021
Total Worldwide Emails Sent/ Received per day (B) 269 281.1 293.6 306.4 319.6
% Growth 4.50% 4.40% 4.40% 4.30%

Source: Radicati Group

5 Ways to Protect Your Email Communications

Backup: Hosting your communications in the cloud does not negate the need for backup and recovery. Emails and important documents are susceptible to corruption and risk being unrecoverable due to malicious attacks or even accidental deletion. In these cases, a business will need be able to access their communications as soon as possible. Having a backup solution within your email tenant like Secure IT – Mail will allow you to restore your emails.

Encrypt: All communication, whether via email or other means, should always be encrypted. Encryption ensures that no bad actors can intercept your emails while in transit. Furthermore, your emails should also be encrypted when it’s stored in your servers.

Enforce your policies: Company wide security policies set the standards for how you decide to protect your data and electronic correspondence. It’s important to have clear security guidelines that are accessible to all members of staff. These policies should review general security practices such as password use, using personal devices/accounts for work and access management. Employees should be aware of and regularly trained in these policies to ensure good security habits.

Use a VPN: Remote workers need to be wary of using their email on shared computers (such as those in libraries) or when connected to public WiFi. Workers can forget to log out of their accounts on shared computers and/or open themselves up to hackers when using unsecure WiFi connections. The best way to avoid these risks are to use a VPN. Using a VPN like our Secure IT – Firewall allows workers outside the office to securely connect to the corporate network.

Archive: Unlike back up, archiving is meant to hold your communications for long term retention so that they can be used for future reference. Typically, this data is old and no longer needed for everyday use but necessary for record keeping. Certain regulatory requirements like PIPEDA require records to be readily available in the event an audit. Our Store IT – Email Archiving solution provides 100% data preservation for a wide variety of email platforms. With Store IT – Email Archiving, your emails remain searchable and accessible in the cloud.