Cybersecurity: An Unsung Hero of Small Business

Hero: A person who protects and saves a company from being undermined by security hacks

Gigabit Systems

September 24, 2018

•

20 min read

Share this post

Take a moment to think about what your day-to-day activities were ten years ago. From your morning routine to your nighttime rituals, now think about how those activities have transformed over the past ten years. More likely than not, the largest variation in these activities comes from the addition and expansion of technology’s influence in our everyday affairs. It is undeniable that technology provides each and every global citizen with the resources to reach larger audiences than ever before. Yet with great power comes great responsibility – technology’s influence wages just as large of a threat as it does a benefit. The international community and its discourse is more fascinated than ever with their phones, laptops, iPads, and etc., but why do small businesses neglect to realize technology’s most dangerous externality? More importantly, with technology showing little-to-no signs of slowing down, how should the small business community optimize their cyber-security processes? ‍

The impact of a single cyber-attack: How did we get here?

‍As discussed in an interview with Security magazine and Paul Barbosa, the Cyber Security Sales Director, U.S. Commercial, at Cisco, small businesses frequently misstep when it comes to their negligence of cyber-security. In a world as obsessed with their screens as ours, why does this mistake recur? More often than not, small businesses do not realize just how imperative a robust cyber-security management is until it is too late. For example, the cost of a single cyber-security breach can jeopardize a small business’s existence. Cisco’s SMB Cybersecurity study, “Small and Mighty: How Small and Midmarket Businesses Can Fortify Their Defenses Against Today’s Threats” reports that 53% of the survey respondents experienced a security breach. 54% of these attacks cost $500,000, an amount large enough permanently shut a small business’s doors. Notably, small businesses and midmarket organizations also reported to face less than 5,000 security alerts a day – 55.6% of those alerts were investigated.

Investigating on how a cyber-attack could injure a small business should also include an evaluation of potential productivity implications. Simply put, coworkers cannot work at an optimal speed post-attack. Systems will need repair and will likely be inaccessible, which can multiply the turnaround time of a single service. Cisco’s study found that small businesses experienced eight hours or more of system downtime due to a severe security breach in the past year. Even if a small business is not driven out of the market by a single breach, one attack’s ability to slash a small business’s productivity can also wage significant damage to long-run profits. Consider the immeasurable effort and time that goes into rebuilding and sustaining a positive reputation. When an unsuspecting cyber-attack plagues a small business, their clients and employees are consequently at risk of having sensitive information digitally shared. Since small businesses are required by law to communicate if a cyber-attack has compromised a client and/or employee’s data, this could build a lack of trust, and perhaps even a loss of clientele and reputation.

Proactivity versus Reactivity

‍If small businesses considered optimizing their cyber-security infrastructure as a means of remaining a favorable competitor, perhaps there would be more proactive than reactive means of establishing cyber-protection. A robust, sustainable cyber-security infrastructure should offer services that allow a small business to detect an attack before it reaches full throttle. Such management would save a business thousands of dollars, clients, and hours of productivity.

When keeping in mind the benefits from a proactive approach to cyber-security, Security’s four recommended best practices in cyber-security prove incredibly rational. Security recommends the following: driving simplification and integration, “quick wins,” internal security talent and/or partnering with a Managed Security Service Provider (MSSP), like Gigabit Systems. When used in conjunction with each other, these best practices suggest that small businesses develop security training from within. It is important to note that such internal enhancements do not promote isolation, and rather promote collaboration. Barbosa recommends working with a qualified training provider, such as a local university, as a great source of early-in career talent.

Another focus of developing training from within includes responsibility. In the event that a small business chooses to outsource their security management, risk ownership should remain with the SMB’s executive. This “quick win” allows small businesses to seek as refined of a professional expertise as possible, as quickly as possible. Such a decision will integrate the brightest and most reliable thought leaders in the field, while simultaneously ensuring their commitment to protecting their business’s unique, competitive functions.

Are you looking for an all-in-one IT solution? Look no further. Contact Gigabit Systems today.

Moving Forward

‍At the interview’s conclusion, Barbosa admits that more than half of security alerts going uninvestigated is the finding that surprised him most. He attributes this to different tools (such as, but not limited to: cloud systems, anti-virus protection and removal, Ethernet) failing to integrate with one another. All small business should make sure that all processes are in sync, regardless of which security processes are internal and external.

Yet another key takeaway in terms of determining what is next for small businesses and cyber-security lies in knowing that a “one-size-fits-all” model does not exist. There are recommendations, but no recipes. This is why small businesses are encouraged to learn from experts, like Gigabit Systems, as well was one another, about successes and failures in security management. Deciding what works best for a small business may take some time – the Cisco report also reiterates that slow change over time should be expected, and is better than no change at all.

Small businesses need a strong cyber security management plan in order to both survive and thrive in today’s markets. While these investments may have high start-up costs, ensuring that a SMB can effectively detect and combat an upcoming cyber threat can offset thousands of dollars in business-threatening expenses. It is recommend that small businesses continue to work within their staff, while collaborating with external stakeholders, to guarantee that our world’s evolving technologies continue to work in their favor. ‍

Learn more about the latest in cyber security by subscribing to our blog;

‍https://gigabitsys.com/news

Share this post

See some more of our most recent posts...

Cybersecurity

News

Tips

3 Cyber Security Predictions for 2019

November 4, 2018

•

20 min read

The new year is around the corner. This, of course, means new trends and predications for what’s to come. Here are 3 cyber security predictions to be on the lookout for in 2019.

‍The Prevalence of Nation-State Attacks

‍In light of recent acts of terror, we can safely assume that nation-state cyber-attacks will likely continue in 2019. These attacks, as they are now, may be state-conducted or sponsored targeted cyber attacks on any and all adversaries such as, but not limited to, journalists, politicians, business leaders, and entire governments, etc. We unfortunately find evidence to support this from the murder of Saudi journalist Jamal Khashoggi, or NotPetya, the most costly cyber security attack in history, caused by Russia in an attempt to destabilize Ukraine.

Another prediction regarding nation-state attacks in 2019 includes how affected nations will take responsibility, or neglect to take responsibility. Like-minded governments, who target dissenting opinions, are likely to turn the cold shoulder to attacks within their own borders. If businesses are under the impression that their own government might not even stand firm against cyber criminals, perhaps this may motivate corporate leaders to strengthen their cyber-security infrastructure more than ever before.

Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.

The Rise of Multi-Factor Authentication‍

Multi-factor authentication (MFA) entails confirming a user’s claimed identity by only granting access after successfully presenting several pieces of evidence to an authentication mechanism, such as, but not limited to: possession, inheritance, or knowledge. Sometimes, multi-factor authentication is limited to a combination of only two-factors (2FA): something the user knows, has, or is.

While this solution is far from perfect, it is likely that more and more websites and online services will provide multi-factor authentication as opposed to password-only access. This switch is motivated in-part by the increasing number of phishing attacks associated with password use. To accommodate this switch, FIDO2 browser enhancements and the Duo/Cisco acquisition may tip the scales in MFA's favor. These system improvements will make MFA more tempting to use than not to, despite some initial frustration on how to use the mechanism.

‍The Decline of Ransomware

‍Ransomware describes a type of malicious software that denies access to a computer system or data until there is a ransom paid. It is likely that cyber criminals will begin to stray away from ransomware in pursuit of new ways to generate revenue. For example, the number of users who encountered ransomware in 2017 and 2018 fell by nearly 30% over the 2016-2017 time period. Some experts predict that while ransomware will still be employed, it will be more of a targeted attack.

What attributes to the decline of ransomware? Some associate this decline to cryptojacking, where a hacker hijacks a target’s processes for the purpose of mining cryptocurrency on the hacker’s behalf. Since the number and quantity of cryptomining tools require little-to-no technical training, schemes seem more appealing to money makers than traditional ransomware attacks. Ultimately, cryptomining offers attackers a means of making quick cash from an infection, which is exemplified by the 44.5 percent rise in number of users that have experienced a cryptomining attack in the past year.

‍The future of 2019

‍While trends are expected to shift in the upcoming year, an evaluation of what to expect in 2019 should come as no surprise. Overall, in the upcoming year, cyber-security will likely shift focus away from ransomware, and towards multi-factor authentication. The international community should also be on the lookout for nation-state attacks, while also bearing in mind the impact of these on individual businesses and consumers. At the end of the day, it is important to remember, that no one is immune is to a cyber security attack and it is best to implement a cyber security strategy and recovery plan.

Learn more about the latest in cyber security by subscribing to our blog; https://gigabitsys.com/news

Cybersecurity

News

How IT Departments Ensure Cybersecurity

December 18, 2018

•

20 min read

We often think of our information technology (IT) departments as a team full of computer “nerds” who roam the floors to make sure your laptop isn’t on fire and the like. Believe it or not, there is far more to our IT departments than what meets the eye. Information technology and its professionals provide essential functions and services towards ensuring their business’s vitality. The IT department is not just responsible for your business’s company-wide networking, but also its’ cybersecurity.

Emergency Management
In the event of a cyberattack, all eyes and ears are likely on your company’s IT department to lead emergency management. In 2019, the international community should expect to see more frequent, and more costly attacks than ever before. Some research finds that the cost of data breaches will exceed $2 trillion, quadruple the cost estimates in 2015. With such stunning figures as these, it should come as no surprise that most (if not all) firms with robust cybersecurity infrastructure place their IT department at the center of their cyber-attack management plan.
As the “experts,” IT departments tend to take direction in how a company responds to a cyber-attack. This means that each and every IT team member should be alert and aware at all times of any possible threat to their organization. The IT team members will have to create a cybersecurity plan that includes endpoint security, employee training, penetration and vulnerability testing, and of course a recovery plan. With that said, the international community should overall expect to see cyber threats at every corner, and will continue to need leadership as they meet and defeat these attacks.

Knowledge Sharing
It is safely assumed that a vast majority of a company’s cyber-security knowledge is concentrated within their IT department. In order to maintain the company’s approach to cybersecurity, IT departments must take ownership over organization-wide cyber-education. This can protect a business from external threats by establishing a shield from within.
Successful IT professionals know that they must instruct their colleagues on their individual role in protecting the company’s systems and processes. The organization as a whole must be aware of how their every online behavior puts both themselves and their work environment at risk. Their efforts to keep each employee aware of the potential dangers (type of cyber-attacks, type of tactics that hackers use, and etcetera) helps streamline accountability, while also placing themselves as the first line of defense.
By providing the company’s employees with not just a company conference, but through actual phishing and malware attempts, and real life scenarios, a successful IT department can keep the business cyber secure.

Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.

Innovation
Your business’s IT department helps keep your organization’s cyber-security infrastructure contemporary and effective. They are some of the most equipped employees to optimize your cybersecurity approach. Some ways that IT departments can promote innovative idea-sharing and strategy evolution is through in-house seminars on how to better-perform certain job functions and data evaluation aimed at predicting future incidents. This comprehensive approach keeps IT departments proactive, as opposed to reactive.

Summary
IT departments are not just a group of your go-to technology colleagues. Rather, they are leaders in how your business has, and will continue to face cyber-security threats. Through emergency management, knowledge sharing, and innovation, organizations should continue to rely on and capacity-build their IT departments for the purpose of remaining competitive in a technology-reliant world.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news

Cybersecurity

News

Tips

Business Email Compromise (BEC): How to Prevent ‘Gifting’ In

February 5, 2019

•

20 min read

No matter the season or the occasion, consumers frequently turn to gift cards as one of the only gift giving options with versatility. In today’s digital age, you might not be surprised to hear that even gift cards pose a threat to your online safety. The Federal Bureau of Investigation (FBI) issued a warning in December of 2018 surrounding Business Email Compromise (BEC) scams that specifically involve gift card fraud. Although these tactics do not have a high success rate, hackers can still yield a handsome profit. Here’s what you should know about this up-and-coming cyber-attack method.

What is Gift Card Fraud?

Business Email Compromise scams, also referred to as “CEO Fraud” or “Whaling” pose a significant financial cyber threat to businesses across the United States. The FBI’s Internet Crime Complaint Center, IC3.gov, reported that gift card fraud led to estimated losses of over $1 million. These damages are felt on a local level as well. In Arizona, BEC gift card scams went from amounting $845 in losses during 2017, to $90,000 in 2018.

The FBI explained in their December 2018 press release that BEC gift card fraud takes advantage of employees using concise, assertive language. Prior to the attack, an assailant organization will look to gain access to the intended victim organization’s emails. This helps the hackers craft as convincing of a message as possible. Here, timing is everything - BEC is far more successful around the holidays, or among employees who work closely with clients, third-party vendors, and etcetera.

Messages looking to accomplish gift card fraud appear to come from a CEO or another powerful executive, and typically encourage their employees to buy gift cards for a holiday party, personal use, and etcetera. The email usually asks the employee to send the gift card information, i.e. the number and PIN, back to the executive who allegedly sent the email. The hacker who is behind the email will then cash out the value.

The Scarlet Widow Case Study: Why Your Business Should Take Gift Card Fraud Seriously

There have been several international examples that shed a light on the potential consequences of a successful BEC maneuver. One includes a Nigerian organization known as the Scarlet Widow, which targets thousands of nonprofits, education-related institutions, and their associated individuals using gift card fraud. They typically request Apple iTunes or Google Play gift cards using a narrative that makes the suggestion fit. For example, Scarlet Widow was able to convince an Australian university administrator into both purchasing and distributing $1,800 of iTunes gift cards. The administrator later admitted that they believed the request came from the head of the university’s financial department. Scarlet Widow completed their mission by selling the cards via bitcoin and converting that to cash, all in a little over two hours.

What this case study shows us is just how quickly this type of social engineering can flourish. A single employee’s mistake led to thousands of dollars lost in a matter of hours. Given the ability of organizations like the Scarlet Widow to identify and mask themselves within their intended victims organization, all businesses should take this incident into serious consideration when developing their cyber-security strategy.

How to Prevent Gift Card Fraud

If you suspect that an email might not have come from its alleged sender, first look at the email header of the sender. Hackers sometimes will send an email from an address that looks similar, but slightly varies, from a legitimate executive. If you are still unsure about the email’s validity, do not be intimidated to ask from help. Reaching out to your CEO or executive directly is the easiest and quickest way to conclude fraud.

Are you looking for an IT company that specializes in Cyber Security while staying within budget? Contact Gigabit Systems.

The email’s contents can, too, point you in the right direction. The FBI warns that requests to buy multiple gift cards, even if the request itself doesn’t seem too outrageous, should concern you. Employees should also watch out for overly assertive language, i.e. a tone that pressures you to purchase the cards and/or send the gift card number and PIN as quickly as possible. Lastly, any sort of odd phrasing, grammar errors, and any instinctive variation from the sender’s usual emails should warrant some hesitation. As is the case with all types of widespread social engineering attacks, business leadership and information technology experts must educate on an organizational level as a means of dwindling any possible financial or reputational damage.

Conclusion

Business Email Compromise, specifically in the context of gift card fraud, poses a severe threat to businesses of any size. Since hackers are able to identify as apart of their intended victims' organization, these assailants have a great opportunity at success. Encouraging your employees to say something when they see something, study previous examples, and carefully read through their messages must become commonplace in order for these damages to dwindle.

Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news