Credential Theft: How It Works and How to Protect Your Business

Credential Theft: How It Works and How to Protect Your Business

A threat actor only needs one employee’s credentials to gain access to your organization’s entire infrastructure and/or data. The potential consequences of stolen credentials in the wrong hands are endless. You can experience direct financial loss, damage to brand reputation, loss of intellectual property, downtime, etc.

Anyone in your organization can have their credentials stolen. According to the Cybersecurity Threatscape report by Positive Technologies, one in five data thefts involved stealing account credentials. It’s important that organizations understand the threat of credential theft and take action to defend against it.  

Source: Verizon 

How Do Cybercriminals Steal Credentials?

Hackers looking to steal credentials may use any of the following methods:

Keylogging: Hackers can install malware with keylogggers that record the keystrokes on a computer and send the data back to hackers.  

Phishing: Hackers will send users sophisticated phishing emails urging them to change their passwords or update their information. These emails will provide the user with links to web pages that look legitimate but are really phishing websites that are built to steal credentials and personal information. 

Web injections: Hackers inject malicious code into your web browser via malicious browser extensions, links, or ads that allow them to intercept data as its being transmitted.

What Happens to Stolen Credentials? 

Cybercriminals can do any of the following with your stolen credentials:

Engage in fraud: Hackers can impersonate your organization and request fraudulent wire transfers from vendors or business partners. 

Sell: There are several forums on the dark web dedicated to selling and buying user credentials. Once these credentials are bought, cyber criminals can essentially do whatever they want with the stolen credentials. 

Spy: Hackers can use your stolen credentials to spy on your company and gather intelligence regarding your business dealings. They can then leak this information to your competitors or use this information to blackmail your organization. 

Install malware: Hackers can alter the code of your website to steal customer information through formjacking or install malicious ads that can infect visitors with malware. 

How to Protect Your Credentials

Credentials are the keys to your organization and it’s imperative that organizations take the necessary steps to secure them. Here are three things you can do to defend against credential theft: 

Monitor credentials: Sometimes hackers don’t even have to work to steal your credentials – they can easily find them on the dark web after a massive data breach. By monitoring the dark web for your company’s credentials, you can take action before they are maliciously used by a threat actor. You can start monitoring your organization’s credentials today with our Secure IT – User Defence solution. We will alert your organization as soon as any compromised credentials are found on the dark web, reducing the potential impact of a breach. 

Have a good password policy: Users are responsible for creating safe passwords for their accounts. It’s important that they use good password security, such as never sharing or reusing their passwords.

Act immediately: If you experience suspicious activity in your network or find out your credentials have been exposed in a data breach, you must change your passwords immediately. Users should also never use default passwords or logins as they are easy to guess or can be easily found online. Always change the default passwords of any accounts or hardware as soon as they are added to your infrastructure. 

Why Testing Employee Behaviour Improves Security

Why Testing Employee Behaviour Improves Security

Employees play a vital role in an organization’s overall security. According to Statistics Canada, the majority of large (91%), medium-sized (83%) and small (72%) businesses in Canada reported having employees primarily responsible for the overall cybersecurity of their business in 2017. To strengthen user security, organizations should supplement employee awareness training with cybersecurity testing. Testing is a great way for organizations to establish a baseline of user behaviour to determine how users respond to potential threats. Without evaluating employees, organizations won’t be able to make impactful changes on how to improve.  Testing also helps organizations determine the effectiveness of their training.

Source: Statistics Canada

How to Test User Behaviour

Organizations can test employees through various means such as online quizzes on common cyber threats or through simulated phishing. Simulated phishing exposes employees to the latest phishing threats by sending mock phishing campaigns to employee inboxes and tracking who clicks on phishing links.

Our new security product Secure IT – User Defence features both of these elements. With Secure IT – User Defence, organizations can train and test employees, as well as monitor the dark web for stolen credentials. User Defence includes simulated phishing emails that can be customized and online training that includes quizzes to validate retention of content.

Reinforce Best Practices

Social engineering attacks are incredibly dangerous because they rely on user error or lax user behaviour in order to work. Testing can help users adhere to good security practices and help change their behaviour so that they remain more alert against these types of attacks.

Engaging employees with simulated phishing emails allows them to feel real consequences in a safe environment. Simulated phishing attacks give employees an idea of what phishing emails look like and help them spot common signs that indicate a potential phishing attack. Over time, this will help employees develop the habit of carefully inspecting emails before they respond or click on any links.

Improve Security Culture

Testing employees also helps develop an organization’s security culture. It gives organizations an opportunity to openly discuss issues of security and show employees how they play a role in keeping your company safe.

Testing is a good opportunity for organizations to create teachable moments for their employees. If more employees are responding to a specific type of threat, think about why. Is it because the threat appears to be from an executive? Does the word “urgent” in the subject line make them want to click? These are things you can look out for and talk to employees about.

It’s important to not shame or punish employees for failing a test as it can discourage employees from reporting security errors and make security feel more of a taboo topic. Testing is about making sure employees stay safe in the office and in their personal lives. It’s not about tricking them into falling for these threats. The purpose of testing is to them aware of current cyber threats and to empower employees to take action when they encounter them.

3 Ways SIEM Enhances Security

3 Ways SIEM Enhances Security

SIEM is transforming the way organizations are detecting threats thanks to its ability to collect data across several devices and develop actionable intelligence for security response teams. Although SIEM has been around for a while, it continues to evolve and help organizations defend against emerging threats. According to the 2019 SIEM Report, more than 70% of organizations found that SIEM resulted in better detection of threats and a measurable reduction in security breaches.

Source: AlienVault

What is SIEM?

SIEM stands for Security Information and Event Management and is used to detect threats by collecting and analyzing log data from various networks, systems and devices (e.g. firewalls, computers, etc.). The data collected from the SIEM is then turned into actionable information that allows security teams to respond to potential threats.

The Benefits of SIEM for Organizations

1. Compliance: SIEM includes compliance reporting capabilities, which is valuable for organizations who must adhere to compliance regulations like GDPR and HIPAA. The log data generated by SIEM provides historical records which is necessary for incident investigations.

2. Clarity: SIEM analyzes activity from every part of the infrastructure. The log data produced can help organizations understand the events happening in their infrastructure. This is especially useful if a security incident occurs and can help organizations determine what happened.

3. Save time and money: SIEM is typically expensive due to licensing fees and the costs associated with hiring a security team to run the system. Outsourcing SIEM as a service from a provider like Jolera allows organizations of all sizes to have access to an enterprise grade system like SIEM. SIEM solutions like Secure IT – SIEM make SIEM accessible and help organizations save the time and effort required to operate and maintain a SIEM.  

How SIEM Improves Security

One of the biggest benefits of SIEM is its security capabilities. Here are 3 ways our SIEM system can fortify an organization’s security.

1. Improves threat detection

Time is crucial when it comes to detecting threats; the longer a hacker remains undetected the more damage they can do. Therefore, it’s important for organizations to respond to threats as soon as possible.  SIEM can quickly detect potential threats which helps prevent security breaches.

SIEM uses built-in correlation rules and information from a global threat intelligence feed to identify potential threats. The correlation rules are a set of predefined sequences that indicate suspicious behaviour. For example, if a person is trying to login more than 5 times the correlation rule might flag it as suspicious. This would then generate a security alert that would warn your security team of potential malicious activity.

A SIEM is only as good as the threats it can detect. If a SIEM is not correlated to detect advanced threats, they may slip through. Integrating a global threat intelligence feed with SIEM ensures that the system is constantly updated with the latest threat intelligence activity. This is vital in ensuring that SIEM can detect and consequently protect against the latest evolving threats.

2. 24/7 Monitoring

The SIEM is constantly monitoring for unusual behaviours. Round-the-clock monitoring is important to ensure quick response to threats. SIEM also assists security teams in detecting threats because it is constantly monitoring the infrastructure.

Threats like malicious insiders are hard to detect but since SIEM is constantly monitoring for suspicious events it can analyze the pattern of behaviour of a user and determine if they’re acting suspicious.  For example, SIEM can detect a user accessing information they don’t normally access or combine seemingly unrelated events such as a user inserting a USB stick after accessing sensitive information.

3. Provides visibility

In order to understand the threats facing their infrastructure, organizations need clear visibility. It can be difficult for organizations to fully understand their infrastructure because there are many moving parts. Organizations may have a hybrid infrastructure that includes on-premise and cloud environments. As organizations grow they integrate new technology, which in turn increases their attack surface and leads to blind spots like shadow IT. Hackers like to take advantage of these hidden places in your network and exploit them.

SIEM provides organizations with real time visibility into all activity on their systems, networks and applications (whether on-premise or in the cloud) in one centralized view. This is crucial in helping organizations establish a baseline in understanding what constitutes normal behaviour and usage in an environment.  Since SIEM provides an overview of the network it can also detect unknown devices communicating within your network, helping to close the gaps on hidden devices in your network. 

For more information on how Secure IT – SIEM can help protect your business, contact us today.

4 Sneaky Cyber Threats Hiding in Plain Sight

4 Sneaky Cyber Threats Hiding in Plain Sight

When most people think of a cyber attack, they may imagine a hacker furiously typing away at their keyboard trying to penetrate firewalls and other security barriers to gain entry. However, there are some common user habits most people engage in that make it easier for hackers to gain access to personal information and craft attacks. And facing a cyber attack can cause a lot of financial damage. According to Cisco’s 2018 Security Capabilities Benchmark Study, 55% of attacks resulted in damages of $500,000 or more. Threat actors are always looking for opportunities to exploit. It’s important for users to be aware of common cyber threats so that they can limit their exposure. Here are four common ways a cyber threat can creep up on you.

Source: Cisco

1. Inactive Accounts

With so many options available for apps and social networking sites, it’s easy to sign up for all of them and then move on to the next thing that catches your attention. However, people often forget to remove their accounts on these websites when they leave them. Simply uninstalling an app doesn’t mean that the data on your account is erased. And if that website or app gets hacked your information will most likely be affected, even if you haven’t touched that account in a while. It’s important to ensure that you take the time to properly remove your accounts from the services you are no longer using. Websites will usually outline the steps you can take to remove your accounts in their Help section. If you are unable to find a way to delete your account, you should contact their customer support directly. You should also disconnect third-party services that may be connected to accounts like Facebook or Gmail.  

2. Unauthorized USB Sticks/Cables

Using unauthorized USB sticks and charging cables might save you money but you could end up installing malware onto your computer or give hackers remote access when you plug them in. These products are built to look legitimate so there is no telltale sign that would indicate if it is malicious or not. They also usually end up working as intended which means people will continuously use them and not suspect anything. To prevent this problem, you should only purchase these products from authorized retailers, only borrow them from people you trust and avoid picking up any USBs or cables you might find lying around in public places.

3. Out-of-office messages

Automatic out-of-office replies can potentially end up revealing a lot of information to anyone who emails you while you’re away. A typical out-of-office reply will usually look like the following:

“I will be out of the office to attend a conference in Montreal from November 1-7. For all inquiries about project X, please contact John Doe at johndoe@email.com. For any urgent requests, I can be contacted at XXX-XXX-XXXX.”

A message like this can give threat actors a lot of information they can use. Firstly, you’re telling them where you are. They can use this information to craft a social engineering message pretending to be someone from the conference. Secondly, you’re giving the hacker information on the types of projects you’re working on and another person they can target. To avoid oversharing in your out-of-office message, limit what you say. Don’t provide your location or contact information in your message. It’s a good idea to set different automatic replies for those within your organization and those outside your organization.

4. Smart devices

Technology is getting smarter and many people are integrating IoT devices into their offices and/or homes. While these devices can make life easier, they also run the risk of being hacked. Hackers can use IoT devices to engage in several malicious activities, such as targeting users with mobile malware, spying or hacking billboard screens to spread their own messages. They can also render these devices useless, such as hacking a smart lock and preventing it from working. When choosing to integrate IoT devices, do your research. Check which brands have had issues with their devices in the past and ensure that you’re buying them from authorized retailers. Ensure that all endpoint devices in your corporate network are protected with endpoint security and that they are all protected with strong passwords.

Debunking 5 Cybersecurity Myths

Debunking 5 Cybersecurity Myths

Nearly 80% of organizations rank cyber risk as a top concern according to Microsoft. However, truly understanding cyber risk can be confusing for organizations, especially when there are several myths being spread about security. Some of these myths can negatively impact a business because they uphold false assumptions about security. This can lead those who believe in these myths to falling victim to cyber incidents or put their security in jeopardy. Here are 5 common cybersecurity myths you need to stop believing. 

Source: Microsoft

1. A breach will never happen to me

Some organizations might feel that they are too small to be targeted or think that their industry doesn’t experience cyber attacks. However, hackers will target any organization if they feel they can get access to data or some sort of financial reward. While the headlines often focus on data breaches that affect large companies, a simple Google search will bring up several instances where hackers have also targeted local schools, hospitals, municipalities, charities, manufacturers, etc. Small to medium businesses often lack the resources to secure their infrastructure, making them seem like easy targets to hackers. Research from Verizon found that 43% of breaches involved small businesses. Just because you haven’t been breached yet doesn’t mean that it will never happen.  Organizations need to realize that no one is immune to the threat of a cyber attack and should be prepared to respond to a breach.

2. My current cybersecurity setup is already good enough

Depending on your security needs and whether you’ve recently conducted an assessment to validate your current IT environment, your setup might be good for the moment. However, new threats are emerging daily, and your current security setup might not be equipped to combat the threats of tomorrow. And as technology evolves, you run the risk of having outdated systems that are no longer supported. The security landscape is complex and ever changing, which means you need to be proactive. Security is an ongoing process and the “set and forget” approach is not sufficient. You should supplement your infrastructure with security solutions that protect the different aspects hackers target (such as email, endpoints, etc.) and ensure that these solutions are constantly updated with the latest patches.

3. Security is IT’s problem, not mine

The business impacts of a data breach show that security affects the entire organization. Any employee can be the target of a hacker, especially those who handle sensitive information, such as those in the finance department. Every employee must be responsible for safeguarding themselves and upholding the security standards of an organization. By not training all employees on cyber risks, you increase your chance of falling victim to a preventable error (such as an employee falling victim to a phishing attack).

4. I’ll know if I’ve been attacked

Unlike a physical breach, a cyber breach is harder to detect. Hackers don’t leave broken locks or smashed windows when they break into your system. In fact, a cyber criminal can remain hidden in a network for months or even years, and organizations will usually not realize they’ve been breached until after the damage has been done. According to research by the Ponemon Institute, the average time it takes for an organization to detect a breach is about 6.5 months (197 days). In most cases, a computer will continue to act normally after being hacked or injected with malware. Cyber criminals don’t want to get caught before they’ve managed to extract data or whatever else they’re after. Only in attacks like ransomware, where the hacker wants you to know you’ve been hacked, will it be immediately obvious.

5. If it has a password, it’s already secure

While having a strong password is a good foundation for security it doesn’t guarantee full security. Stolen passwords can be easily found on the dark web after a data breach. Since many people reuse the same passwords, hackers can easily use them to access corporate accounts. This is why it’s important to use an additional verification step in addition to a password.

Similarly, public password protected WiFi can also be unsafe if a hacker has knowledge of the password. WiFi passwords mainly limit the number of users per network which means that others using the same password (such as a hacker) can potentially view the data being transmitted within the network. This is why it’s important to use a VPN when using public WiFi.

3 Things to Know About Zero-Trust Security

3 Things to Know About Zero-Trust Security

The zero-trust security model is as a great approach organizations can use to secure their infrastructure. Defined as “never trust, always verify” the model establishes trust and verification to limit access and increase data security. According to Centrify, 74% of data breaches involve credential abuse. The zero-trust model recognizes that users can be a security risk and lead to insider threats.

Source: ZDNet

Often organizations focus on securing their systems that they forget that their users need to be secured as well. Under zero-trust security, user security is built into the platform. By focusing on user verification, it ensures that all resources are accessed safely and securely. Here are three things to know about zero-trust security.

1. Strong focus on identity management

Under the zero-trust model, every user within the infrastructure is treated equally. This means that all users are required to verify their identity regardless of their privileges or employee position. Verification occurs through strict access controls, multifactor authentication and network segmentation. By continuously authenticating and verifying the identity of users, you ensure that you are only providing access to legitimate users or those that need it.  

2. Continuous monitoring is essential

Unfortunately, user accounts can become compromised, thus allowing a hacker to navigate the network as a verified user. While segmenting your network can limit a hacker’s access, they still might be able to do damage. By continuously monitoring traffic and logs, you can identify signs of malicious activity and provide context to user behaviour. A system like SIEM uses behavioural analysis to identify suspicious actions that indicate potential compromise. For example, if a user is trying to login multiple times it can be difficult to determine whether that user is a someone who just forgot their password or a threat actor trying to gain access. The SIEM system can detect where that person is trying to log in from and whether it’s from an authorized device. This provides the context on whether that user should gain access.

3. It must stay up-to-date

A large part of security is being proactive and updating your current system as needed to ensure that you can defend against the latest threats. The zero-trust model is no different. It’s important to keep updating access permissions as roles within your organization change and as more data is created. Keeping tabs on your data is important so that you know where the most important and sensitive data is and that it has the proper protections. Ensuring that you have the latest security solutions installed is also important. Threat actors are always changing their attack methods to circumvent security tools. In order to stay one step ahead organizations must ensure that they are protecting every layer of their infrastructure.