Busting The Top Four Myths About Hacking

By Torben Andersen, CCO, SMS PASSCODE

Are you protecting your data with just a password? If your answer is no, and you have strong multi-factor authentication in place, then good job: you are free to go out and enjoy the sunshine. If you answered yes, then stick around for a few more minutes to learn why a password alone is not enough to secure access to your corporate networks and applications.

Still here? Okay then, allow me to start by busting some of the typical myths about hacking today.

1# Myth – Hackers only target the big brands
blog-image-1

When big brands like Target, eBay, Adobe, and Sony are hacked, it’s big news for business and mainstream publications. Don’t be fooled: big companies aren’t the only ones being targeted. In fact, research shows that 31 percent of all hacking attacks were aimed at businesses with fewer than 250 employees.

2# Myth – You have nothing valuable for hackers to steal

blog image 2.jpgFair enough. Not everyone is fortunate enough to be storing breakthrough research with the potential to revolutionize your industrythe world if only you can keep it secret long enough to secure a patent. But what about your business email? Email often contains highly sensitive data, such as competitive bids, investment plans or pipeline information. Imagine the damage if these details were to fall into the wrong hands.

There’s even more low-hanging fruit to steal if hackers breach your network. Customer records, credit card information and even employee user credentials are worth as much as $50 USD per record when sold on the Internet. An entire shadow economy has emerged online with brokers selling stolen user records; according to the FBI, cybercrime has become even more profitable than drug-related crimes. This makes everyone a target.

3# Myth – Your anti-virus and network vulnerability tests will keep you safe

blog-image-3Patch management, updated anti-virus applications and frequent network vulnerability tests are all good weapons in a defense against hackers. However if you are not securely authenticating your users when they access your corporate networks or applications, then you’re leaving the front door open for the hackers. Research shows that weak or stolen passwords are exploited in 76 percent of all network breaches. So, yes, this really is the hackers’ preferred way in.

4# Myth – Hackers are teenagers lurking in a basement somewhere

For most of us, the word “hacker” prompts images of pale teenage boys with long hair, black t-shirts and a serious grudge against Microsoft. While many hackers probably still fit this description, the reality is that the hacker has evolved. Today’s hacker is highly-educated, well-connected, and well-equipped, enjoying a high-income profession as a professional cybercriminal. The hackers have some powerful tools at their disposal, and many poorly-protected victims has made hacking easier than ever before, resulting in cybercrime becoming the fastest growing crime type in the world.

Hackers’ motive is most often financial gain, but “hacktivism” is also becoming a growing threat to nations and organizations that don’t sympathize with the hacker’s cause.

Knowing what’s myth and what’s fact is essential to avoid running unnecessary risks to your business. SMS Passcode have created an infographic and short video that capture the key facts from the latest research about the threat companies face from hacks.

Additional Resources:

Webinar Recording – Traps Demo Palo Alto Networks

AV can no longer stop today’s threats. Traps™ advanced endpoint protection is the only product offering that replaces AV with “multi-method prevention”: a proprietary combination of malware and exploit prevention methods that pre-emptively block both known and unknown threats.

If you are concerned about uptime, reputation and IP then view our webinar to learn how to secure the endpoint with Traps™.

Privacy Is a Human Right; do you understand your data obligations?

On Thursday we gathered together with clients at information security consultants Blackfoot UK’s head office in London to talk about a trending topic in the IT world today.

Data and Cyber Security Matters in a Post Brexit World.

David Silsby our Sales Director welcomed us on this very chilly morning reiterating the Network Utilities ethos of “Identity should be at the heart of everything we do; the identity of the individual and the device is key! Remembering Who is on your network, What they are trying to access and How is critical to ensuring your network remains secure, fast and compliant.”

Next up was Matthew Tyler, CEO of Blackfoot UK and our keynote speaker for the day. Giving us a time hop into the past where we learned some interesting facts. The European Convention on Human Rights (ECHR) came into effect in 1953 and is an international treaty to protect human rights. The definition of privacy as in Article 8 states “A right for one’s ‘private and family life, his home and correspondence’ to be free from unlawful searches”.  In the UK human rights are protected by the Human Rights Act 1998. Matthew went on to explain how the internet has changed the economics of data and contributed to the erosion of privacy, he also detailed current privacy laws and how Brexit will change the future. Below you can see the 8 principles of the Data Protection Act, governing the use of personal information which we must comply with, unless an exemption applies, the principles state that data must be:

  • Used fairly and lawfully
  • Used for limited, specifically stated purposes
  • Used in a way that is adequate, relevant and not excessive
  • Accurate
  • Kept for no longer than is absolutely necessary
  • Handled according to people’s data protection rights
  • Kept safe and secure
  • Not transferred outside the UK without adequate protection

Data is an extremely powerful tool in today’s business world. Knowing your customer well can create a tailor made customer experience. The future of business intelligence is evolving and we will soon start to see new services and businesses arise to help us harness the power of this business intelligence.

iot_of_ransomware

Protecting your customer’s data has never been more critical

The cost of a data breach can have a huge impact on you and your business including; bankruptcy, reputational damage, legal implications and of course loss of data. You need to have the appropriate security in place depending on the value of the data you hold i.e. credit card details or email addresses. Do you know the value of your data? Do your staff know what risky looks like? And are they fully trained and aware of the implications of clicking on a malicious links, for example? Research tells us you are only as strong as your weakest link, and that in most cases is your staff.

This brings me onto 5 key questions posed by Matthew around what you need to be asking yourself and your business to truly understand the type of data your business holds.

  1. Do we know what data we have?
  2. Do we understand its potential value and the associated risk?
  3. Do we know who could want our data (for good or bad)?
  4. Do we understand where our data is and who can access it?
  5. Do we know what protection our data needs?

The cost of a data breach

The Cost of a Data Breach

* IBM Security 2016 – Cost of a Data Breach Study

If you would like to know more about European regulations and what’s changing in the UK, how to keep your customers data safe and the implications of personal data being lost or misused then you can download Protecting Data and Privacy to get a full overview. Remember you are only as strong as your weakest link!

Will the defenders ever be faster than the attackers?

Our Principal Technology Strategist, Malcolm Orekoya shared his research on the current threat landscape. Did you know that 89% of breaches had a financial or espionage motive?

In order for us to understand cyber security we need to understand the cyber-crime world. These attackers have the same technology advancements that we do and they are always one step ahead. The resources are available for anyone online and you can even pay for “cyber-crime” support. Organised crime is evolving quickly due to underground criminal networks and the so called dark web. The tools are getting smarter and depending on what these criminals are after they will attack in different ways.

“Analysis of known bad malware found that the 91.3% of that malware uses the Domain Name Service (DNS) to carry out campaigns.” Cisco Annual Security Report 2016

There has been an explosion in ransomware and exploit kits are sophisticated. “The Angler exploit kit is one of the largest and most effective exploit kits on the market. It has been linked to several high-profile malvertising (malicious advertising) and ransomware campaigns. And it has been a major factor in the overall explosion of ransomware.” Cisco Annual Security Report 2016

“33% of the malware observed in 2016 research used encryption.” Trustwave Global Security Report 2016

Most legacy platforms cannot see encrypted traffic therefore there is a loss of visibility. Malicious users are aware of this vulnerability and that you don’t have visibility so exploit this lack of visibility to insert their malware into your network. It’s crucial for you to have network visibility in order to be able to effectively apply security policies.

Education

People are your best network defence, but only if they are educated to understand the risks. We advocate creating a data security awareness culture. The one constant factor that exists in all layers of security is the human element. The idea here is to educate people on common threats and their various guises, test their understanding and responses to this education over time, review the results of such tests and then repeat the entire cycle periodically over and over again. You can read Malcolm’s full blog Stop Phishing Attacks – Harness the Power of Your Human Sensor Network – Here.

It’s not if; it’s when!

You need to collaborate to stay ahead of the trends and the cyber security landscape. Think ahead to prevent future attacks. Think of the cost and rewards of investing in your network security vs the risk of not doing so. Ask yourself, can you afford to lose it all when you do get attacked?

SC Magazine recently ran a survey on 900 business and IT decision makers across the UK – EU GDPR – nine out of ten don’t understand it. A staggering 91% of respondents have concerns about their organisation’s ability to comply with GDPR. This regulation will come into effect in 2018 and the penalties will be high, that might seem like a long way away but it’s just around the corner, and you’ll need to be prepared.

Talk to specialists who are confident about compliance and threat prevention. Talk to Network Utilities.

If you were unable to attend our Data and Cyber Security workshop in October then join our webinar on the 14th December to find out more on your obligations and how GDPR will affect you and your organisation with information risk, security and compliance specialists Blackfoot. You can register here.

t: 020 8783 3800 e: sales@netutils.com

About Network Utilities
Identity Centric Networks & Security

Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty three years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. Read more at www.netutils.com.

Webinar Recording: No DNS, No Internet, No Business

Following the increase in the number of companies being attacked on their DNS servers, Efficient IP released four major security innovations: Hybrid DNS Engine, DNS Blast, DNS Cloud and DNS Guardian. It is the only Adaptive DNS security solution on the market capable of guaranteeing 100% availability during a DDoS attack.

View the recording of our recent webinar and learn how to:

  • Ensure business continuity
  • Protect customer data and intellectual property against exfiltration
  • Preserve your brand reputation and customer trust
  • Reduce TCO and deliver fast ROI

Palo Alto Networks Traps – Endpoint Protection

Traps prevents security breaches!

traps-hp-chiclet

Traditional antivirus (AV) is not the solution to endpoint security – it is the problem. AV is no longer effective at stopping today’s cyberthreats and to prevent security breaches in your organization, you must protect yourself not only from known and unknown cyberthreats but also from the failures of any traditional AV solutions deployed in your environment.

Traps replaces traditional antivirus with a proprietary combination of purpose-built malware and exploit prevention methods that protect users and endpoints from both known and unknown threats. With Traps, you prevent security breaches, in contrast to detecting and responding to incidents after critical assets have already been compromised.

The updated release of Traps eliminates the need for traditional AV by enabling you to:

  • Prevent cyber breaches by pre-emptively blocking known and unknown malware, exploits and zero-day threats.
  • Protect and enable your users to conduct their daily activities and use web-based technologies without concern for known or unknown cyberthreats.
  • Automate breach prevention by virtue of the autonomous reprogramming of Traps using threat intelligence gained from Palo Alto Networks WildFire threat intelligence service.

To learn more about Traps and its new updated capabilities download the latest resources from Palo Alto Networks:

  • Solution Brief: Traditional endpoint protection solutions use methods that cannot keep up with the rapidly evolving threat landscape. There’s a new way to approach endpoint security. Prevent breaches – without AV. Advanced Endpoint Protection – Technology Overview
  • Whitepaper: It’s time to replace your traditional antivirus with next-generation endpoint security. But how? Protect Yourself from Antivirus.
  • Datasheet: See how Palo Alto Networks Traps advanced endpoint protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks. Traps Datasheet
  • Dummies Guide: Todays’ sophisticated cyberattacks are designed to inflict maximum damage to an organisations systems and networks, steal sensitive information and render an organisations systems and networks unusable. This guide shows you how to protect your assets. Advanced Endpoint Protection for Dummies.

If you would like to know more about Traps and how Network Utilities can educate and support you please get in touch with our specially trained team.

t: 020 8783 3800 e: sales@netutils.com
www.netutils.com

Credits:
You can read the full blog here written by Michael Moshiri (Director, Product Marketing, Palo Alto Networks).

Other pages of interest:
Palo Alto Networks Raises the Bar for Endpoint Security with Updates to Traps Advanced Endpoint Protection Offering. Read the full blog here.

Independent Authority Certifies that Palo Alto Networks Traps Helps Customers Meet PCI and HIPAA Cybersecurity Requirements. Read the full blog here.

About Network Utilities
Identity Centric Networks & Security

Network Utilities (Systems) Ltd have been providing identity centric network and security solutions to organisations ranging from Telecoms and ISPs to large corporates and SMEs for over twenty three years. Partnering closely with both industry leading and niche technology vendors to bring customers the best solutions the industry has to offer. Read more at www.netutils.com.

Network Utilities to launch Monitoring-as-a-Service at IP EXPO

ip-expo-linkedin-imageAs you may or may not know we have recently launched our Monitoring-as-a-Service offering over the summer to help you plan for your IT holiday cover, as we all know networks, application and storage just keep on running.

We are pleased to announce that our expert team will be at IP EXPO on the 5th and 6th October to talk to you about our new Monitoring-as-a-Service offering. The service, delivered by a 24/7 UK based operations centre and technical team monitors network, server and storage architectures for both security and availability with optional pay-as-you go incident packs for rapid remediation of any issues.

“In the past, SMEs have sometimes overlooked managed services due to the perceived high cost and limited flexibility,” explains David Silsby, Enterprise Sales Director for Network Utilities, “With our new monitoring as a service offering, we have looked at what SME’s really require and created a product that is extremely cost effective and allows the customer to pay for what they need and scale up as they grow – without skimping on crucial elements such as skilled support staff or customer service.”

The service includes flexible notification and escalation that can be setup for contact via phone or email, with a tailored dashboard to allow clients to view all monitored devices in real time, supported by monthly reports detailing the overall health of the network and attached IT infrastructure. Every client also gains a dedicated account manager that helps manage the service while providing guidance on wider networking and security challenges.

Come on down to stand A9 and you could be the winner of an Amazon voucher or an awesome Apple watch.

Register to attend IP EXPO here

We look forward to seeing you there.

Are you ready for a break? Your IT infrastructure may not be….

With summer upon us, many organisations are planning for holiday cover and IT departments are more stretched than ever. Unlike some areas of the business that may work 9 to 5, Monday to Friday; networks, application and storage just keep on running. Yet for many firms, the ability to attract and retain IT staff and especially security specialists means that there is often little available slack to take over the reins.  A better, long term option is needed!

Managing risk

With senior IT specialists potentially away, one of the biggest issues is ensuring that the people taking over responsibilities have the right skill set, and that they understand escalation procedures in the event of a service impacting issue.  Most organisations will have break-fix maintenance contracts in place in case of a hardware breakdown. However, many of the most difficult problems to overcome come from software, configuration changes or the patches issued to fix security vulnerabilities.  A recent survey from EMC found that 49% of all unplanned downtime is down to software issues while the average business experienced more than three working days (25 hours) of unexpected downtime in the last 12 months.

Keeping it secure 

Security is one of the most challenging risks. Although staff may need to take a break, cyber criminals are continually looking for new vulnerabilities to exploit; while software vendors are issuing patches to thwart them. In the event of an emergency patch being issued, the Heartbleed vulnerability of 2014 being a prime example, IT departments need to react quickly to patch affected systems before they are successfully exploited.  One solution is to employ short term IT contractors. However, this is not always ideal as it requires time for these new hands to get up to speed on the systems and procedures of the organisation, and the cost is often prohibitive with day rates well in excess of £500 not unusual. Another option is to put junior staff in an acting senior role to cover any absence. With this approach comes the risk that if something untoward happens, they simply don’t have the skills to deal with the situation. Or in some cases, lack the authority to even enact the fix such as taking critical systems offline to apply a needed patch.

Even after the holiday season passes; the challenge still remains. Many organisations are moving to more flexible hours to satisfy the needs of teleworking staff and international business processes that span time zones. The end result is that even though the supposed ‘night shift’ may be less busy, the core competency of IT skill sets need to be readily available.

A better option

In response, some organisations with deep pockets and regulatory constraints, such as financial services, may well run to the expense of doubling up IT staffing levels with dedicated out-of-hours teams. However, for the vast majority of midmarket organisations, a more sensible approach is to use a managed service approach that can cost effectively take over the bulk of day-to-day time consuming tasks such as device and application monitoring. In addition, if there is a staffing shortage or incident; these managed services can be ramped up to meet short term requirements and then turned down to reduce expense. A good managed service will retain and make available the skilled staff that are needed on certain occasions, and economies of scale of the shared model means that you only need to pay a fraction of the 24/7 staffing that doing it in-house would incur. This approach can be particularly beneficial in overcoming the skills shortage in areas like IT security and networking by freeing up time and allowing in-house IT teams to focus on activities that add value to the business.

Crucial for business continuity and network uptime, our 24/7/365 network monitoring service gives you the peace of mind to know our expert engineers always have a close eye on your network. Visit www.netutils.com/monitoringasaservice.com for more.