Your address will show here +12 34 56 78
Blog

In 30 minutes or less an organizations network can be compromised. It’s that quick, and it’s that easy for a hacker to exploit specific security failings. 


These failings tend to be widespread across all sectors of business, at least that’s what researchers at Positive Technologies have found during penetration testing. In their newest report titled Penetration Testing of Corporate Information Systems at least 71% of organizations have “one obvious weakness that could provide malicious outsiders with entry into the network.”


The first security vulnerability? The most obvious, weak passwords. It’s the first aspect of cybersecurity, yet it’s the last to be taken seriously and changed on a regular basis as suggested. 


Weak passwords allow brute-force attacks to easily gain access to internal systems, especially when there are other known vulnerabilities to exploit. Positive Technologies head of information security analytics Ekaterina Kilyusheva explains, “The problem lies in the low levels of protection even for large organizations. Attack vectors are based primarily on exploiting known security flaws. This means that companies do not follow basic information security rules.” 


The second is unfortunately practiced at least by two-thirds of organizations… Not updating software to the most recent versions which unintentionally leaves back-doors and vulnerabilities wide open to theft. 


Kilyusheva warns that “an attacker can quickly gain access to an internal network if a web application contains a known vulnerability for which a public exploit exists.” With an increased number of employees working remote, all it takes is “access to the Windows Explorer processes and command lines, allowing the ability to execute commands on the operating system and gain more access.”


During their penetration testing routines, researchers “were able to gain access to the internals of the corporate network by combining the brute forcing and software vulnerabilities,” in one out of three tests. One third of the time is an alarming rate of success. 


By ensuring the use of strong passwords and updating any and all software to apply the most recent security patches, most of these attacks would end unsuccessfully. Luckily these were the ethical hackers… 


Positive Technologies states the average time for their hacker to reach an organizations internal network via these vulnerabilities was 30 minutes. 


Company-wide training and security protocol implementation, along with proper employee and management enforcement, can stop attackers in their tracks. It is possible to protect your network and your organization from cybercriminals, and it’s not all that difficult. 


Contact us to look at a cybersecurity solution. Schedule a meeting today: https://bit.ly/3j6N897


Source: https://www.zdnet.com/article/cybersecurity-these-two-basic-flaws-make-it-easy-for-hackers-to-break-into-you-systems/?ftag=TRE-03-10aaa6b&bhid=28837826891618282212917048574090&mid=12982117&cid=2176732464


Image Source: https://www.pexels.com/photo/two-women-looking-and-pointing-at-macbook-laptop-1569076/


0

Blog

In 2013 “researchers from the Polytechnic Institute of New York University looked into the psychology behind clicking on bad links to find out why some people just can’t resist phishing attacks.” Then, certain personality types were deemed more vulnerable than others.

The result? Neurotic women, but that’s only personality. The researchers then looked at user’s Facebook activity to see if it would correlate and determine a similar theme. Facebook use drastically increased the likelihood of being phished. The research explained “that being more active in online social networks may cause higher susceptibility to such attacks. Therefore, people who feel more comfortable with online communication and expressing themselves online may also be more likely to respond to phishing emails.”

Fast forward seven years to today, is this group still most likely to take the phishing email bait? No. Millennials are now considered most vulnerable to these types of attacks, which is ironic because this generation also spends the most time face-to-face with new technologies.

The connection however between time spent online and vulnerability to phishing attacks remains.

Proofpoint’s fifth annual ‘State of the Phish’ research report in 2018 revealed “58% of those aged 22-27 knew correctly what phishing was, compared to 73% of those aged 54+ who knew correctly what phishing was. In addition, 52% of those aged 54+ knew correctly what ransomware was, whereas only 40% of those aged 22-37 knew correctly what ransomware was.”

Why is that? Generally, because attacks are targeting high value individuals or companies, as these threats have continued to grow so has the need to train employees what to look out for online. Companies that “lack of cybersecurity awareness, in particular amongst the millennial/Generation Z demographic, presents a greater threat than many businesses expect.”

The report again points out the connection, “This tells us that millennials, despite being much more comfortable and at ease with digital platforms, display greater complacency towards threats and perceived risks.”

This year in 2020, millennials are projected to occupy 50 percent of the world’s workforce, that’s a huge risk if these individuals aren’t properly trained in cyber threats and how to handle them.


So, what do you do if you or an employee has fallen victim to a phishing scam?


Notify your current IT and cybersecurity service provider, they will want to run diagnostics and see how far the infection has spread. Then, change your credentials to ensure the attacker can’t regain access to your system. Determine if your financial information was breached, if so, set up fraud alerts to stay informed. Check all your accounts and systems regularly to ensure nothing has laid dormant and returned with vengeance.


Finally, the most important thing we can do to ensure our workforces do not fall prey to bad actors, is to educate them. Cybersecurity training should be the number one priority to keep your first line of defense prepared against any threat.


Sources: https://securityitsummit.co.uk/briefing/millennials-most-vulnerable-to-phishing-attacks/

https://www.digitaltrends.com/social-media/what-makes-people-click-on-spam/


https://www.xpertechs.com/2020/05/fall-victim-phishing-scam/

0

Blog

Security doesn’t end at your desktop. It’s important to get into the habit of securing your presence through your mobile device as well.


Smartphones and tablets have essentially become our desktops, laptops, day planners and best friends, threat actors know this and realize the potential payout these devices contain. Just as we would never leave our computer unattended or unprotected, the same philosophy (and security) should extend to our mobile devices.


If followed, the below steps will help ensure the data you carry around in your pocket, stays in your pocket.


Strong Passwords / Biometric Features


Passwords, passwords, passwords. This can never be stressed enough, but combined with a fingerprint or facial recognition software, your device should be accessible to only you. Passwords should be “eight or more characters long and contain alphanumeric numbers,” and if there’s any opportunity to use 2FA, do so, the more protection, the better. Passwords should also be changed often, they’re easy for some hackers to guess or spoof so we recommend a proactive approach.


Turn off your Bluetooth


Why? Not only does Bluetooth enable the connection between your device and your headphones, soundbar, or car stereo, but your data can be accessible to any other Bluetooth enabled device without you even realizing it. When it’s not in use, switch it “off,” and if it’s used to connect to a rental car, be sure to “unpair your phone from the car and clear any personal data from the car before you return it.” You can leave your device in “hidden” mode instead of “discoverable,” to prevent unauthorized connection.


Public Wi-Fi? Not Recommended


Don’t automatically connect to public Wi-Fi, it’s a risk your computer shouldn’t take. Information can quickly be accessed by hackers who are sitting only feet away, waiting for you to log into your financials or company files. If you have no other option but to log in using a public network, be sure it’s the correct Wi-Fi and not an imposter hotspot, be sure all web addresses begin with “https” so data exchanged is being encrypted, and use a Virtual Private Network or VPN. Turn off your device’s automatic connection to public networks and keep in mind that sometimes, your cell phone data plan is more secure than Wi-Fi.


Download with Caution


There’s an app for everything, literally, so as expected there are apps that will install malicious code onto your mobile device and share your data with hackers. Just because it’s not your desktop doesn’t mean it can’t get a virus. You can however, install a reputable antivirus application to keep your device safe. Some even “erasing your data if you lose your mobile device, tracking and blocking unknown callers who might be a threat, and telling you which applications are not safe.”


Security comes first, at your desktop, and in your pocket.

Contact Micropac for more information on securing your network. Schedule a meeting today: https://bit.ly/3j6N897

 

Sources: https://www.tripwire.com/state-of-security/security-data-protection/secure-mobile-device-six-steps/

https://www.fcc.gov/consumers/guides/how-protect-yourself-online#:~:text=But%20just%20like%20Wi%2DFi,if%20you%20are%20not%20careful.&text=Turn%20Bluetooth%20off%20when%20not,gain%20access%20to%20your%20device.

https://unsplash.com/photos/J2e34-1CVVs

0

Blog

Cyber Threats

We live online. Their is hardly anyone these days who does not know how to access the internet, and most everyone does so daily to perform even the most basic of activities. Banking, shopping, research, liking the hundredth meme you’ve seen that week, these are actions that are basically unimaginable without the internet.

Unfortunately, it’s also unimaginable to navigate online without the threat of a cyber-attack. To keep you aware and safe, below are the top five most common, and most devastating, cyber-attacks.

Ransomware

Ransomware is software with a malicious intent (another form of malware), but ransomware is also deployed by its host with the hopes it will be lucrative, resulting in a ransom paid in exchange for encrypted data. The encrypted (scrambled) files are essentially sold back to their owner with a key to recover the data, although no guarantee is promised that control will be released to the victim once the ransom is paid. Excessive amounts of time and money is lost while suffering from ransomware. Damage costs rose in 2019 to $11.5 billion, with attacks happening every 14 seconds worldwide.

Phishing Attacks

Phishing as we know has absolutely nothing to do with fish, but everything to do with the phrase “hook, line, and sinker,” with unwitting humans ready to take the bait. An attempt to gain sensitive information from an individual or company (or both), phishing emails are convincing, using real company logos, and clickable links that seem to lead to trustworthy websites where credentials or financial information is then stolen. Awareness and education are some of the best ways to decrease risk.

Leaked Data

With data as hot a commodity as gold these days, cyber criminals and data thieves are after any piece of personal information they can get their hands on. Portable storage devices, smart phones, tablets, and laptops are all targets and entry points for bad actors. Preventing data leakage from your organization should be your top priority, meaning all devices should have passcode locks with MFA (multi-factor authentication), GPS tracking, and encryption software at the very least.

Hacking

Not all devices are portable, and to be hacked they don’t need to be. Remote entry gained into a company’s IT systems means not only is it likely they have access to financials, but also to intellectual property. Some are also surprised to find hacking can be done in-person. it’s called social engineering, where staff are tricked into revealing their passwords or other sensitive information, or even letting an intruder pass security into restricted areas. Access to networks and physical locations should be secured and protected by firewalls, policies and procedures, and with awareness and training.

Insider Threat

Accidents happen, but an accidental (or malicious) data leak from an employee is a huge security hazard. The fall-out from leaked documents, financials, or customer data could potentially dismantle an organization so it’s important to keep access to certain company files as limited as possible, with enough access to perform their job role. Monitoring employee behavior and use of portable storage devices will also help keep insider threats at bay, as well as well-developed processes, procedures, and employee training.

Hardware, software, passwords, applications, employees, etc.… there is so much detail involved in each and every business, and none of it should be glossed over or neglected. An Incident Response Plan should be in place in case any of the above attacks, threats or breaches should land on your doorstep. The goal is to have a plan, but to be secure enough that you’ll never need to use it.


If you need assistance with a strategic cyber plan contact Micropac. Schedule a meeting today: https://bit.ly/3j6N897


Sources: https://www.icaew.com/-/media/corporate/files/technical/business-and-financial-management/smes/bas-for-pba/top-five-cyber-risks.ashx https://www.varonis.com/blog/cybersecurity-statistics/ https://www.straightedgetech.com/5-top-cybersecurity-threats-and-their-solutions-for-2020/

0