Categories
Uncategorized

Cybersecurity Protection: An Insurance Policy Isn’t Enough

Cybersecurity remains a massive issue for every business. The numbers are horrifying: There were over 2,084 ransomware attacks on businesses in the first half of 2022 – a 64% increase. These attacks, and others like them, will cost companies billions of dollars. 

Far too many businesses make the mistake of assuming that having a cybersecurity insurance policy is enough. To be clear, it is essential. However, it’s just the tip of the iceberg when it comes to ensuring that your business is adequately protected from hackers and bad actors who want to steal your data. A variety of other protections are critical to protecting your business. More to the point, if you have cybersecurity insurance but don’t have other protections in place, your cybersecurity policy may not pay out if a breach occurs.

What specific protections do you need? There are many examples, including endpoint protection, MFAs, staff cybersecurity training, and vulnerability assessments and testing.

Endpoint Protection

Endpoint protection means applying appropriate security measures around any devices that allow individuals access to your computer network and thus your sensitive data. This can mean many different things, and it is worth noting that the massive rise in Work from Home arrangements has complicated things even further. The use of personal mobile devices and computers means that your network security must be more robust than ever.

Endpoint protection can involve many different specific items, including:

  • Cybersecurity training for staff ensures they can understand and recognize a cyber threat.
  • An appropriate password policy that tracks devices requires two-step authentication for access and needs passwords to be strong and changed regularly.
  • Appropriate threat-detection software can tell when an unauthorized user has gained access to the network.
  • Appropriate anti-virus and anti-malware software that can reduce the threat posed by viruses. This software may also involve properly using firewalls that can prevent information from leaving or entering your network.

MFAs

MFA is short for multi-factor authentication. When deployed appropriately, MFAs can better secure a system and ensure that only authorized users can gain access to it.

If a password falls into the wrong hands, it can be devastating for your network, as this may mean that an unauthorized user gains access to your critical data and client information.

MFAs deploy the use of two-factor authentication. With an MFA, a user will log into a system, then have a code texted to them. That code must be entered to gain access to the system. While not foolproof, they can dramatically enhance your network’s protection from bad actors. 

Everyday use of MFAs requires them before logging into sensitive information, like a database or email account. However, they can be deployed in multiple ways, potentially using a third or fourth layer of MFA to gain access to extra-sensitive information. MFAs can reduce the risk of stolen passwords, customized per the different levels of access that an individual requires, and can be used so that any access is traced. Traceable access may be necessary if your network is ever broken into.

Staff Cybersecurity Training

Cybersecurity training is critical for any staff, regardless of their position within your organization. For example, if even one person in your company accidentally responds to a phishing email and gives out their username and password, it can compromise your entire network. As such, your entire staff must have the appropriate cybersecurity training. 

Such training can review multiple topics, including:

  • How to recognize a phishing or social engineering attempt and how to respond to it.
  • An update on data threats within a specific industry and how to be made aware of them.
  • Appropriate protocols for securing customer data within a database.
  • Use of real-world examples that examine specific scenarios that may happen within a company’s industry. 
  • Appropriate ways to identify scams that are perpetrated digitally, over the phone, or via postal service.
  • A review of appropriate tools that can be used to detect and prevent cybersecurity attacks.

Vulnerability Assessments and Testing

The only way a business can determine if its network is safe is by having a vulnerability assessment done. Such an assessment can review the weaknesses within a company’s website or network and make specific recommendations for how these weaknesses can be resolved.

A specific type of vulnerability test is also known as a penetration test. In a penetration test, a hired ethical hacker will simulate a real-world attack and attempt to break into your network. They will do so using all up-to-date computer methods currently deployed by cybercriminals. The results can then be used to appropriately patch your network, make it more secure, and ensure that a real-world hacker can never again access your security. Such testing can take many forms and be combined with staff cybersecurity training. For example, a phishing email can be sent out that simulates a real-world one. Employees who fall for the scam can be sent for further cybersecurity training. 

There’s no question that properly protecting your business from cyber threats requires a comprehensive array of solutions that may be beyond your business’s expertise. However, you can find skilled professionals who can completely manage your cybersecurity needs. At

vTECHio, we offer all these services and much more. We can review your cybersecurity insurance policy requirements and ensure that you are covered. We can also provide comprehensive cybersecurity vulnerability assessments, MFAs, and other services.

Are you interested in hearing more? Schedule a call today, and learn more about how we can help your business stay secure.

Categories
Uncategorized

Securing Remote Workers in The Enterprise While Maintaining Productive Access

In order to maintain productivity, many organizations are allowing employees to work remotely. However, this creates a new challenge for IT administrators in terms of security. How can you ensure that remote workers are secure while maintaining access to company resources? In this blog post, we will explore some tips for securing remote workers in the enterprise.

Challenges of Making Remote Work Possible

The COVID-19 pandemic has forced organizations around the globe to re-evaluate their workplace policies and practices. For many, this has meant a shift to remote work. While working remotely can have many benefits, it also comes with a unique set of challenges.

Virtual machines are essentially computer systems that run within another computer system, and they’re often used by businesses to allow employees to access company resources remotely. However, they can also be a major cause of lag and application issues when employees are working from home.

One of the biggest problems with virtual machines is that they can be quite resource-intensive, which can lead to lag and performance issues on employee laptops or home computers. Additionally, virtual machines can be less stable than physical machines, which can also lead to issues with applications crashing or not working properly.

There are a few things that businesses can do to try and mitigate these issues, such as optimizing their virtual machine settings or investing in more powerful laptops for employees. However, at the end of the day, it’s important to remember that virtual machines come with their own set of challenges and are not always the best option for every business.

Managing and Securing Access

As companies increasingly embrace remote work, they must also take steps to manage and secure employees’ accounts and devices. Otherwise, they risk leaving themselves open to attack.

Fortunately, there are a number of ways companies can go about managing and securing remote worker accounts. One common approach is to use a centralized management platform like Microsoft Active Directory. This allows businesses to control employee access to corporate resources and data. Additionally, businesses can use security tools like two-factor authentication (2FA) to further protect remote worker accounts.

Another approach is to leverage mobile device management (MDM) solutions. These allow businesses to remotely monitor and manage employee mobile devices. This can help businesses ensure that only authorized devices have access to corporate data and networks.

Ultimately, the best way to manage and secure remote worker accounts will vary from business to business. However, by using a combination of centralized management platforms and security tools, businesses can keep their remote workers safe and secure.

Protecting Remote Workers and Their Data 

It is important to consider the cybersecurity implications of this new way of doing business. Remote workers are more vulnerable to cyber attacks than their office-based counterparts for a variety of reasons.

  • Firstly, they often do not have access to the same level of security infrastructure as those in an office environment.
  • Secondly, they may be using personal devices for work purposes, which can introduce new risks.
  • Finally, they may be working in locations with weaker internet security, such as public Wi-Fi hotspots.

Here are some ways to protect remote workers and their data from such attacks:

  1. Educate employees about cybersecurity risks and best practices.
  2. Implement strong authentication measures, such as two-factor authentication.
  3. Encrypt all sensitive data, both in transit and at rest.
  4. Use a Virtual Private Network (VPN) to secure all communication between employees and the company network.
  5. Regularly back up all data to an offsite location.
  6. Implement security awareness training for all employees on a regular basis.
  7. Keep all software up to date with the latest security patches.
  8. Use a firewall to block access to known malicious websites and online services.
  9. Monitor the network for unusual activity and investigate any suspicious behavior immediately.
  10. Plan for disaster recovery in case of a successful cyber attack.

Future of Remote Working

The future of remote working is looking very promising, especially with advances in technology. However, there are still some concerns about the security of enterprise data and systems when employees are working remotely.

The biggest security risk is the potential for data breaches, which can occur when devices or networks are compromised. Enterprises can mitigate this risk by implementing strong security protocols and ensuring that all employees have the appropriate training on how to keep data safe.

Other risks include phishing attacks and malware infections, which can be mitigated with good security awareness training and effective anti-malware solutions.

Overall, the future of remote working is very promising, but enterprises need to be aware of the potential security risks and take steps to mitigate them.

vCyberGuard by vTECHio can work with your organization to develop a remote security plan that includes secured internet and network access, antivirus software, secure storage solutions, MFA applications, anti-phishing tools, employee training, and more! Reach out today and find out how vCyberGuard by vTECHio can ensure your remote workers are secure and productive.

Categories
Uncategorized

Training Employees on Cybersecurity Awareness

These days, one of the most effective training challenges any business faces is ensuring they protect the integrity of their computer systems and the sensitive data contained in those systems. The data is stark:

  • The cost of cybercrime is massive: It costs $2.9 million every minute, and the average cyberattack costs businesses $3.86 million.
  • The leading cost of cybercrime? Human error. Employees making mistakes are believed to be responsible for up to 95% of all cybercrimes.
  • The rate at which cybercrime is accelerating: An estimated 2,244 cybercrime occurs every day. One cybercrime occurs every 38 seconds.

Thankfully, organizations can protect their systems by training employees. Doing so can reduce the odds of making a massive business mistake that results in a cybercrime or data breach.

Employees Are Among the Most Common Causes of Cybersecurity Breaches

As noted above, human error is responsible for most data breaches and cybercrime. This often happens when an employee makes a mistake that gives an unauthorized user access to a computer system, enabling them to steal sensitive data.

There are many techniques hackers will use to access your security network. They include:

  • Phishing, in which a hacker will send an email that appears to be from a legitimate source. This email will almost always have some urgency. For example, it may say your network has been compromised and encourage you to click on a link to fix it. Users may then click on the link and give away their username and password, allowing a hacker to steal network credentials and gain access to the system.
  • Viruses or Trojans, in which individuals will install a malicious piece of code on a network, giving them access to the network.
  • Bait and Switch, in which a user clicks on what appears to be a legitimate advertising link, only to have that link direct users to a website that allows their personal information to be stolen. 

Proper Training and Data Are Needed

Fortunately, with the proper training, a business can learn how to stop cybercrime and ensure that their employees are trained to recognize cyber threats and prevent bad actors from accessing a computer system.

First: All businesses should develop a cybersecurity handbook. This handbook should outline potential threats and past instances where a business’ systems have been accessed. It should also explain security systems, how to use them, and the policies for accessing them. It should also contain information security standards, what websites cannot be accessed, and the guidelines about accessing the computer network when not in the office. It should also show how often passwords and other vital access credentials should be trained. Finally, it should have a “what if” section: What should someone do if they believe the network should be breached, and who — including customers — should be notified? 

Furthermore, your business should train employees to recognize how to use computer systems in the safest way possible, how to stop a cyber threat from accessing systems, and what to do if there is some cybersecurity issue or data breach. This training can take many forms. It should include:

  • How to recognize a phishing attack and what to do if you get one.
  • An overview of security systems and measures used by the company and how to operate those systems (if necessary).
  • What to do if a system has been breached.
  • How to recognize other security threats. 
  • What websites are most likely to contain malicious links, and what websites should be avoided.
  • Company policies for accessing networks from home or public spaces where public Wi-Fi may be more vulnerable to security threats. 

Finally, it is worth noting that this training should be regularly updated. The world of cybersecurity is constantly evolving, with new viruses, penetration methods, and phishing techniques developed regularly. A business and its employees must stay current on these potential threats. This will require frequent training to ensure that all activity is up to date.

How to Develop This Training

There are two potential ways to develop this training. First, you can attempt to do so on your own. You can use internet resources to try and ensure that you and your employees know the latest threats, the potential techniques to stop these threats, and how you can best train your employees in these methods. However, this can be a real challenge if you aren’t an expert in computer systems or security. After all, your area of expertise is whatever your business is, not cybersecurity.

 

This explains why businesses generally prefer to work with outside, expert consultants who fully understand best practices in the world of cybersecurity, how to train employees, and what the most effective training will look like. Outside experts are paid to ensure they are up to date on the latest cybersecurity threats and understand how to train employees and small businesses in these threats.

 

If you are interested in getting the latest training and software to protect your business and educate your employees on cybersecurity, reach out to vTECH io. At vTECH io, we know how to protect your organization, train your employees, and ensure that you use the latest tools and techniques to protect your business.

Categories
Uncategorized

6 Best Practices in Patching and Patch Management for Security

Patching and patch management is one of the most important and undervalued aspects of cybersecurity. In fact, 57% of cyberattack victims have stated that the application of a patch would have prevented the attack they were subject to. Worse still, the same study found that 34% of them knew about the vulnerability before the attack happened!

Here we will discuss six best practices for patching and patch management to help improve your organization’s security posture. Implementing these best practices will help you keep your software up to date and improve your organization’s security posture.

1. Take Inventory of Systems

Taking inventory of systems is one of the most important aspects of patching and patch management. By keeping track of all the systems in your network, you can ensure that every system is properly patched and up-to-date. This will help you avoid any potential security vulnerabilities that could be exploited by attackers.

In order to take inventory of systems, you need to have a system in place that can track all of the assets in your network. This system should be able to identify each asset, its location, and its purpose. Once you have this information, you can then start to create a patching schedule for each system.

One of the best ways to take inventory of systems is by using a network discovery tool. These tools can help you quickly and easily identify all of the assets in your network. They can also provide you with detailed information about each asset, including its operating system, software, and hardware. Once you have this information, you can then start to create a patching schedule for each system.

2. Determine Risk and Vulnerability

By understanding the risks and vulnerabilities present in your system, you can more effectively determine which patches are needed and how to deploy them.

There are a number of factors to consider when assessing risk and vulnerability.

  • Identify what assets are most important to your organization and which ones are most at risk. This will help you prioritize which patches should be applied first.
  • Understand the potential impact of each vulnerability. How severe could the consequences be if this particular vulnerability was exploited? Would it allow an attacker to gain access to sensitive data or systems? Could it result in a Denial of Service attack?
  • Consider the likelihood of each vulnerability being exploited. Is this a known vulnerability with publicly available exploit code? Is it a 0-day vulnerability? How easy would it be for an attacker to exploit this particular flaw?
  • Weigh the cost of patching against the risk and impact of not patching. In some cases, it may be more cost-effective to implement other security controls rather than deploy a patch.

3. Automate Patch Management

Automating patch management is undoubtedly one of the best practices in patching and patch management for security. By automating the process of identifying, downloading, and installing patches, administrators can ensure that all systems are up to date with the latest security fixes. This not only reduces the amount of time spent on patch management but also helps to improve security by ensuring that systems are less likely to be vulnerable to attack.

There are a number of different ways to automate patch management including using third-party tools,  scripts, or even integrating it into existing workflows such as Configuration Management or Systems Management. However, whichever approach is taken, there are a few key considerations that should be kept in mind in order to make sure that the process is as effective as possible.

4. Critical-Updates-First Approach

A critical-updates-first approach ensures that the most important patches are applied first before any other patches are considered. 

There are a few different types of patches that should be considered critical. These include security patches, stability patches, and performance patches.

  • Security patches are the most important type of patch, as they address vulnerabilities that could be exploited by attackers.
  • Stability patches fix issues that could cause system crashes or instability.
  • Performance patches improve the overall performance of the system.

There are a few different ways to implement a critical-updates-first approach. One option is to manually select the most critical patches and apply them first. Another option is to use a patch management tool that supports this approach. Patch management tools can automate the process of selecting and applying patches, making it easier to implement a critical-updates-first approach.

5. Evaluate Patches in a Test Environment

By testing patches in an isolated environment, organizations can ensure that the patches will not cause any negative impact on production systems before they are deployed. Additionally, testing patches in a test environment allows organizations to assess the effectiveness of the patch and confirm that it addresses the specific vulnerabilities that it is intended to fix.

Organizations should have a robust testing process in place that includes both automated and manual testing methods. Automated testing can help to quickly identify potential issues with a patch, while manual testing can provide a more in-depth analysis of how the patch will impact system functionality. Patch testing should be conducted on a regular basis to ensure that patches are being properly evaluated and that they will not cause any unexpected problems when deployed in production.

6. Establish A Disaster Recovery Process

Establishing a disaster recovery process can ensure that critical systems and data are recovered in the event of a major outage or disaster.

There are many factors to consider when establishing a disaster recovery process, but some of the most important include identifying critical systems and data, designing a backup and recovery plan, testing the plan regularly, and having a dedicated team in place to manage the process.

While no organization is immune to outages or disasters, those that have a well-defined disaster recovery process in place will be better prepared to minimize the impact of these events.

Protect Yourself with The Experts at vTECH io

While there is no one-size-fits-all approach to patch management, following these best practices can help you develop a process that works for your organization.

The cyber security experts at vCyberGuard from vTECH io can help you build and implement a patch management plan tailored specifically to your organization’s needs. Contact us today to get started!

Categories
Uncategorized

White House Issues Warning on Russian Cyber Attacks

Companies are urged to strengthen their cyber defenses

In a statement on March 21st, 2022, the White House warned American companies to prepare for potential Russian cyberattacks and to boost their cyber defenses.

The statement specifically noted the possibility of these attacks in the wake of sanctions placed on Russia by the United States government and allies. These sanctions come after Russia’s widely condemned invasion of Ukraine and are believed to be having a major impact on the Russian economy. However, Russia has attacked American businesses and governments in the past, and additional attacks can now be expected. As a result, the United States government formally urges all American businesses — large or small — to prepare their own cyber defense and layered security strategy.

Past White House Actions

The statement highlighted the White House’s actions to protect Americans and American businesses from cyberattacks, including:

  • Executive orders that are designed to modernize and improve the cybersecurity of all aspects of the federal government.
  • Combined public-private cyber security plans that are meant to improve the cybersecurity of a variety of critical infrastructure components, including electric, energy, and water pipelines.
  • Mandates that all government agencies use new cybersecurity measures.
  • Increased cooperation among allies — and particularly the G7 nations — that is meant to better coordinate efforts to stop cyberattacks on an international level. 
  • Increased coordination and resource provision with the private sector, specifically by working on expanding and enhancing the CISA Shields Up campaign. This effort — promoted by the Cybersecurity & Infrastructure Security Agency — is meant to give private businesses guidance about the types of cybersecurity measures they can take and resources where they can find these measures.

Recommended Business Actions

The Whitehouse statement also noted that even the most robust government defenses cannot stop all attacks. As such, all American businesses are asked to “execute the following steps with urgency.”

  • Require that all company devices and networks use multi-factor authentication (MFA) to gain access. Multi-factor authentication usually requires the use of two devices to gain access to a company network or company data, thus making hacking a company’s network much more difficult.
  • Ensure that all security measures and patches are as up-to-date as possible and consistently update all devices frequently.
  • Work with professionals to ensure that security measures are as robust and complete as possible. This may involve investing more time and money into cybersecurity efforts, but this is likely an expense well worth making, particularly in today’s perilous cybersecurity world
  • Work to ensure cyber resiliency of their computer networks. This means having all data consistently backed up and potentially using off-site backups to protect data best.
  • Conduct all appropriate cybersecurity risk assessments and cybersecurity training.
  • Plan for a cyber attack. This means training staff and developing the appropriate strategies and procedures for what to do if a network is attacked, breached, or taken down. This may include notification policies in the event that foreign actors access sensitive customer data. 

Long-Term Measures Needed

Finally, the statement noted the need for long-term cooperation from the private sector to boost America’s cybersecurity systems for the foreseeable future. These long-term investments include:

  • Ensuring that cybersecurity is considered throughout an entire product development cycle, not just as something that is added in but something that is part of a product’s entire development. This saves time, money, and work, all while reducing risk.
  • Using software that has as limited access as possible. This can limit the possibility that a bad actor can access critical systems while also ensuring that information cannot be leaked — accidentally or intentionally — by someone else who has access to your data or network.
  • Using the most modern security tools available and create procedures that ensure your business will constantly be on the lookout for new security upgrades. These procedures can make it so that you routinely look to upgrade your security.
  • Ensuring that all developers who use open-source software and coding list where they got their code from, thus making it easy to patch code later down the line. Create procedures with your software developers that will ensure they stay in touch with your business or organization and can protect their software or code if it is later found to be compromised. 

Resources Are Available

Unfortunately, as has been noted by numerous articles on the subject, the vast majority of businesses say that they are unprepared for a cyberattack. This is understandable: Preparing a cyber defense is beyond the capabilities of most small businesses, which often don’t understand how to implement SEC guidance on cyber security threats, add multi-factor authentication, or engage in appropriate cybersecurity risk assessments. All of this helps to drive home the need for businesses to find appropriate guidance from outside experts who understand cyber security and can help provide small businesses with the resources they need. 

If your business is interested in doing more to improve its cybersecurity strategy, including conducting a cybersecurity risk assessment or examining cyber insurance, vTech IO has a slew of free resources to help guide you through implementing recommended cybersecurity best practices. Check out our free resources, and contact us today if you have more questions and are looking for more information. 

Categories
Uncategorized

Securing Your Cloud Infrastructure

Cloud computing enables companies to grow without boundaries. However, growth without a solid controls framework can quickly introduce risk to an environment. Gartner says that “Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and IoT, open-source code, cloud applications, complex digital supply chains, social media and more have brought organizations’ exposed surfaces outside of a set of controllable assets.” Here we’ll discuss some common cybersecurity issues in cloud computing, show you what to look for in your risk assessment and how to mitigate these items.

Cloud Sprawl

Cloud sprawl is the uncontrolled and unplanned growth of computing resources throughout an environment. Cloud resources are easy to create and delete quickly. Unfortunately, this can lead to confusion about how many resources are being used. It also leads to a lack of visibility into the workloads being deployed in the data center.

Preventing Cloud Sprawl

Companies should review and approve requests to provide resources to prevent cloud sprawl. Another strategy to avoid this issue is to implement cloud management software. 

Cloud management software is often designed to report on a company’s cloud usage and the cost of services across different departments or projects. It also helps with provisioning, billing, and analysis, leading to better decision-making about IT resource utilization. 

Data Exposure in Cloud Computing

The HIPAA Journal estimates that between 70%–80% of organizations surveyed suffered a cloud data breach in the past 18 months (as of June 2020, the date of the report). Data stored in remote locations make it hard for security personnel to monitor and control access to sensitive information. The issue often occurs unintentionally due to poor configuration settings or not enforcing security measures.

Preventing Data Breaches

The first step in preventing a data breach is by having a solid cybersecurity strategy in place. Additionally, companies should:

  1. Restrict access to data
  2. Encrypt all information that is not required for day-to-day operations  
  3. Restrict unauthorized users from accessing services

Shadow IT 

Shadow IT refers to employees outside of IT performing IT functions without authorization. The recent work-from-home trend forced companies to find a way to support their remote workforce. Most turned to cloud solutions. Without adequate protection, employees may knowingly or unknowingly perform unauthorized actions.

Preventing Shadow IT 

Enforce strict policies to prevent employees from accessing applications and systems they don’t have permission to use on their work computers. 

Another cybersecurity strategy to prevent Shadow IT is by monitoring internet activity with network monitoring tools, threat detection software, and identity management solutions.

Cloud Service Provider API Compromise

The most critical API security risks include Broken object level, user, and function-level authorization, excessive data exposure, lack of resources (DDoS), security misconfiguration, and insufficient logging and monitoring.

Preventing API Compromise

When designing an API, it is vital to be aware of the potential threats and vulnerabilities. A few tips for preventing your API from being compromised are below:

  • Implement Strict Authentication and Authorization: Provide strict authentication and authorization between client applications requesting data.
  • Secure Data Transmission: Use HTTPS protocol when transmitting sensitive information over both public and private networks (ensure that SSL/TLS certificates are verified).
  • Implement Rate Limiting: With increased use and popularity, APIs are prime targets for DDoS cyberattacks. Avoid this by placing rate limits on how often your API can be called within a specific time. 
  • Use an API Gateway: API gateways manage API traffic. They authenticate, control, and analyze how APIs are used.

The Exploitation of Multi-Tenancy Environments

Multi-Tenancy allows cloud service providers to get maximum hardware utilization, minimizes the cost of operating and maintaining a data center, and offers greater flexibility in provisioning resources. This convenience can create security risks for companies using these shared environments. Specifically:

  • Lack of Isolation: Lack of data isolation in multi-tenant infrastructure makes it a prime target for cyberattacks by competitors or external sources. These attacks happen due to a lack of authorization controls for shared physical resources.
  • Tenant Workload Interference: If one tenant creates an overload, it could negatively impact the workload performance for other tenants.
  • Compromised Virtualization Layer: If a virtualization layer gets compromised, the other virtual machines on the host are impacted. Thus, a malicious user could change configuration settings on each company’s virtual machine.

Mitigating Multi-Tenancy Security Issues

These risks may lead companies to avoid a multi-tenancy environment. However, there are many ways to avoid these issues. For example:   

  • Protect Connections: Use a VPN client for secure data transmissions.
  • Implement Encryption: Encrypt data in transit and at rest with an encryption key management system. 
  • Enforce Access Control: Implement access control lists (ACLs) on all containers that contain sensitive information. 
  • Perform Audits: Perform regular audits about who is accessing what resources. 

Cloud computing gives companies resources to scale their business quickly, efficiently, and cost-effectively. Given the benefits, it is no wonder companies are embracing it for their digital transformation strategy. However, companies should consider the security risks involved. That way, they can plan their transition and minimize their chances of a costly security incident. 

Whether you are just starting your cloud journey or are already migrated your business applications and data the cloud,, vTECH io’s security specialists can support your initiatives and guide you on your way to achieving a robust cloud strategy that ensures productivity, reduces cost and help you stay one step ahead of the cyber criminals.

Contact us to learn more.

Categories
Uncategorized

Cybersecurity Implications of the Escalating Russia-Ukraine Conflict

In today’s modern era, global conflicts look a lot different than they used to. With the essential role that computers, cell phones, smart technology and the internet play in our daily, personal and professional lives, there’s no doubt that this vital tech has become a real go-to target on the world stage as of late. As tensions continued to rise to new and uncertain heights between Russia and Ukraine over the past several months, one thing remained abundantly clear: the combat breaking out between the two countries wasn’t just a physical one. Cyberwarfare had begun well before any bullets were fired. But what exactly does potential cyber warfare mean for your organization and how can you ensure cybersecurity preparation? 

The Current Russia-Ukraine Conflict

As Russia and Ukraine enter a state of physical warfare that many have feared for months — even years — now, what many fail to realize is that the two have been engaged in cyberattacks long before things escalated to real blows. As countries like America and the United Kingdom prepare to launch global cyberattacks of their own at a moment’s notice to protect their ally Ukraine against Russia’s continued cybersecurity threats, there’s a real worry that the world’s cybersecurity is at risk. This begs a couple of questions: How legitimate are these threats and what should organizations be prepared for?

As noted by the US Cybersecurity and Infrastructure Agency (CISA), there are no specific or credible cyber threats to the U.S. homeland at this time. However, Russia’s unprovoked attack on Ukraine — which has involved cyber-attacks on the Ukrainian government and critical infrastructure organizations — may impact organizations both within and beyond the region (particularly in the wake of costs imposed by the United States and our allies).

The Increased Risk of Cybersecurity Attacks

The increased risk of cybersecurity attacks — not just in Russia and Ukraine, but the world over — means that your organization needs to be ready for anything and everything that could come next. This could include everything from malware to distributed denial of service (DDoS) attacks to phishing campaigns and all sorts of other cybersecurity risks in between.

To gauge the current threat level and know what exactly it is that you need to prepare for, it’s worth looking to the experts. Take the DHS cybersecurity strategy, for example. This five-year plan of sorts gives you a good idea of how the government plans to handle any serious threats. The DHS’s Cybersecurity Infrastructure Security Agency is another useful place to look. You can also continue to look to vTECH io. We have the know-how and the expertise to help you protect yourself from the threats of ransomware, the dark web or other forms of cyberattacks that might be looming ahead. Read on to know precisely what you need to prepare for. 

What You Need to Prepare For

While Ukraine and Russia have been engaged in cyberattacks for years now, there’s a very real fear that these attacks will spread outside of the parameters of these two countries and go global. Your incident response plan is going to be integral in keeping you safe from whatever may come. But how do you know what you need to prepare for? After all, not everyone had the foresight to attend cybersecurity conferences 2022 or read up on the best cybersecurity strategies before Russia and Ukraine went to war. Well, preparing for today’s heightened cybersecurity risks starts by taking the following steps to create a cybersecurity strategy and reduce your likelihood of being targeted.

Steps To Take to Reduce the Likelihood of Being Targeted

To reduce your likelihood of being targeted in the heightened security risks between Russia and Ukraine, consider following the steps we’ve outlined below to create your cybersecurity strategy. 

Follow SEC Guidance on Cybersecurity

Many government institutions specialize in making cybersecurity recommendations for organizations. These include the SEC, the CISA and the NYDFS cybersecurity regulation. Take inspiration from these institutions when forming your organization’s cybersecurity preparedness plan.

Get Cyberinsurance

Another important step your organization can take is obtaining cyberinsurance. This kind of policy will protect your organization from liability in any sort of data breach that concerns your customers’ sensitive information.

Invest in Zero-Trust Network Architecture

Zero-trust network architecture is a cybersecurity strategy that assumes every user on your network holds the potential to be a threat, requiring everyone to verify themselves every time they log in. Like blockchain cybersecurity, which uses the blockchain to reduce the risk of fraudulent activity, zero-trust network architecture is a great way to bring maximum security to your preparedness plan.

Hire a Certified Ethical Hacker

Today, you can hire employees who have pursued cybersecurity certificate programs or studied to become cybersecurity majors. These individuals — sometimes referred to as certified ethical hackers — have gotten the cybersecurity certification to keep your organization safe. These educated men and women in cybersecurity know exactly what steps to take to reduce your likelihood of being targeted.

Conduct Cybersecurity Risk Assessment

Last but not least, conducting computer security risk assessment and incident management can be an excellent and foolproof way to mitigate your organization’s risk. By consulting experts in the cybersecurity industry — such as vTECH io — you can get a customized and specialized approach that suits your organization’s unique cybersecurity needs.

The Bottom Line: How vTECH io Can Help

If you’re still feeling uncertain about the current Russia-Ukraine conflict and are unsure of how the increased risk of cybersecurity attacks and incidents might affect your organization, look no further than vTECH io. We have the insight you need on the escalated cyber risk and can help you determine the steps you should take to reduce your likelihood of becoming a target and the severity of the potential damage.

At vTECH io, we stress the importance of the multilayered security approach and the necessity of ensuring that there are no gaps. Our cybersecurity defense framework addresses each of these layers with the utmost care and precision, helping you to detect, prevent, and respond to all cybersecurity incidents that may come your way.

For more information, contact vTECH io today or visit our website, where you will find a library of downloadable resources on the different areas we can assist in your cybersecurity preparedness plan. Click here to learn more.

Categories
Uncategorized

American worldwide logistics and freight forwarding company Expeditors International shuts down global operations after cyber attack

American logistics and freight forwarding company Expeditors International was hit by a cyberattack over the weekend that paralyzed most of its operations worldwide.

Expeditors company has over 18,000 employees worldwide and has annual gross revenue of around $10 billion. The company discovered the attack on February 20, 2022, it doesn’t provide details about the attack and announced to have launched an investigation into the incident.

“Expeditors International of Washington, Inc. (NASDAQ:EXPD) announced that on February 20, 2022, we determined that our company was the subject of a targeted cyber-attack. Upon discovering the incident, we shut down most of our operating systems globally to manage the safety of our overall global systems environment.” reads the announcement published by the company.”The situation is evolving, and we are working with global cybersecurity experts to manage the situation. While our systems are shut down we will have limited ability to conduct operations, including but not limited to arranging for shipments of freight or managing customs and distribution activities for our customers’ shipments.”

The information publicly available on the attack suggests the company was the victim of a ransomware attack and was forced to shut down its network to avoid the threat from spreading.

The attack impacted the company’s operations, including the capability to arrange for shipments of freight or managing customs and distribution activities for our customers’ shipments.

The company hired cybersecurity experts to investigate the security breach and recover from the attack.

The company warned the incident could have a material adverse impact on our business, revenues, results of operations and reputation

“We are incurring expenses relating to the cyber-attack to investigate and remediate this matter and expect to continue to incur expenses of this nature in the future. Depending on the length of the shutdown of our operations, the impact of this cyber-attack could have a material adverse impact on our business, revenues, results of operations and reputation.” concludes the advisory.

Categories
Uncategorized

Fortinet Security Researchers Discover Multiple Vulnerabilities in Adobe Illustrator & Photoshop

By Kushal Arvind Shah and Yonghui Han | February 10, 2022

Affected platforms: Windows and MacOS

Impacted parties: Users of Adobe Illustrator 2022, versions 26.0.2 and earlier

                               Users of Adobe Illustrator 2021, versions 25.4.3 and earlier

                               Users of Adobe Photoshop 2022, versions 23.1 and earlier

                               Users of Adobe Photoshop 2021, versions 22.5.4 and earlier

Impact:  Multiple vulnerabilities leading to Arbitrary Code Execution or Information Disclosure.

Severity level: Critical and Important

Toward the end of 2021, Fortinet security researchers Kushal Arvind Shah and Yonghui Han discovered and reported numerous zero-day vulnerabilities in Adobe Illustrator and Photoshop. This Patch Tuesday (dated Feb 08, 2022), Adobe released several security patches (1 and 2) which fixed 14 of them. These vulnerabilities are identified as CVE-2022-23186, CVE-2022-23188, CVE-2022-23189, CVE-2022-23190, CVE-2022-23191, CVE-2022-23192, CVE-2022-23193, CVE-2022-23194, CVE-2022-23195, CVE-2022-23196, CVE-2022-23197, CVE-2022-23198, CVE-2022-23199, and CVE-2022-23203. All of these vulnerabilities have different root causes pertaining to a multitude of Illustrator and Photoshop Plugins. Due to the severity of these vulnerabilities, we suggest users apply the Adobe patches as soon as possible.

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links, below:

CVE-2022-23186

This is an Arbitrary Code Execution vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an Out of Bounds Write memory access due to an improper bounds check. 

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted CDR file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23186.Arbitrary.Code.Execution for this specific vulnerability to proactively protect our customers.

CVE-2022-23188

This is a Buffer Overflow vulnerability in the Adobe Illustrator ‘MPS’ plugin. Specifically, the vulnerability is caused by a malformed Macintosh Picture Image file (PCT) file, which causes an Out of Bounds Write memory access due to improper bounds check when manipulating a pointer to an allocated buffer.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted PCT file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23188.Buffer.Overflow for this specific vulnerability to proactively protect our customers.

CVE-2022-23189

This is a Null-Pointer Dereference vulnerability that exists in the decoding of AutoCAD Drawing (DWG) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file, which causes a NULL pointer dereference. 

Attackers can exploit this vulnerability with a crafted DWG file, potentially leading to an application denial-of-service.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23189.Null.Pointer.Dereference for this specific vulnerability to proactively protect our customers.

CVE-2022-23190

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile (CGM) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CGM file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23190.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23191

This is a Memory Corruption vulnerability that exists in the decoding of Macintosh Picture Image file (PCT) in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PCT file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘MPS’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted PCT file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23191.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23192

This is a Memory Corruption vulnerability existing in the decoding of Adobe Illustrator Artwork (AI) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed AI file, which causes an Out of Bounds memory access due to an improper bounds check.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted AI file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23192.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23193

This is a Memory Corruption vulnerability existing in the decoding of Portable Document Format (PDF) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed PDF file, which causes an Out of Bounds memory access, due to improper bounds check.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak, via a crafted PDF file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23193.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23194

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile (CGM) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CGM file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23194.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23195

This is a Memory Corruption vulnerability that exists in the decoding of Computer Graphics Metafile (CGM) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CGM file, which causes an Out of Bounds Read memory access due to an improper bounds check. The specific vulnerability exists in the ‘Reader_for_CGM’ plugin.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CGM file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23195.Memory.Corruption for this specific vulnerability to proactively protect our customers.

CVE-2022-23196

This is a Memory Leak vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an Out of Bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CDR file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23196.Memory.Leak for this specific vulnerability to proactively protect our customers.

CVE-2022-23197

This is a Memory Leak vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes an Out of Bounds memory access due to an improper bounds check. 

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak via a crafted CDR file.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23197.Memory.Leak for this specific vulnerability to proactively protect our customers.

CVE-2022-23198

This is a Null-Pointer Dereference vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes a NULL pointer dereference. 

Attackers can exploit this vulnerability with a crafted CDR file, potentially leading to an application denial-of-service.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23198.Null.Pointer.Dereference for this specific vulnerability to proactively protect our customers

CVE-2022-23199

This is a Null-Pointer Dereference vulnerability that exists in the decoding of CorelDraw Drawing (CDR) files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed CDR file, which causes a NULL pointer dereference. 

Attackers can exploit this vulnerability with a crafted CDR file, potentially leading to an application denial-of-service.

Fortinet released IPS signature Adobe.Illustrator.CVE-2022-23199.NULL.Pointer.Dereference for this specific vulnerability to proactively protect our customers

CVE-2022-23203

This is a Buffer Overflow vulnerability existing in the decoding of Universal 3D (U3D) files in Adobe Photoshop. Specifically, the vulnerability is caused by a malformed U3D file, which causes an Out of Bounds memory access due to improper bounds check. The specific vulnerability exists in the ‘U3D’ plugin.

A remote attacker may be able to exploit this vulnerability to execute arbitrary code within the context of the application via a crafted U3D file.

Fortinet released IPS signature Adobe.Photoshop.CVE-2022-23203.Arbitrary.Code.Execution for this specific vulnerability to proactively protect our customers.

Categories
Uncategorized

How to protect your network from a future attack

While it’s certainly wise to make the initial fixes to strengthen your defenses, these actions need to be applied on a regular basis

A new report on how to protect your networks from attack can be a helpful document that covers a lot of different bases within the cybersecurity landscape. The report, Proactive Preparation and Hardening to Protect Against Destructive Attackswas written by several cybersecurity analysts “based on front-line expertise with helping organizations prepare, contain, eradicate, and recover from potentially destructive threat actors and incidents,” in the words of the authors.

It contains hundreds of tips for protecting Windows deployments, including command-line strings, adjusting various group policy parameters, and other very practical tips that could indicate potential compromised systems.

While reading the report is sobering because of its enormity of vision, that same vision is also tremendously useful and can serve as a blueprint for how IT and security managers can prepare for the inevitable attack, no matter if you’re the size of General Motors or the corner flower shop. The report covers several specific areas that require strengthening.

Active Directory hardening and backups

Organizations should verify that backups (recommended are system state backups, and the report shows the commands to initiate and verify such backups) for domain controllers and critical assets are available and protected against unauthorized access or modification. The report also has loads of suggestions on malware “tells” that security managers can look for, such as unauthorized users accessing backup media or shadow copies being deleted (a common event that precedes a ransomware attack).

Network segmentation

Organizations should have both physical and logical separation between IT domains and operational technology processes and controls. This means having separate AD forests and network segments, along with IP protocols and ports that could bridge the divide between the two domains. One common indication of potential compromise is where a failed login is attempted across domains, whereby an attacker is attempting to reuse credentials to move around your infrastructure.

Disable administrative access wherever possible

Auditing and limiting this access is another security mechanism, since many organizations have created far too many accounts with a wide collection of permissions. The report suggests using registry key modifications, stopping certain service accounts (or using group policies to get this under control), and provides the necessary commands to track and lock down these accounts, along with detecting and preventing abuses of other privileged accounts.


Further reading:
Why SMBs should include access revocation in their employee separation process
Avast finds employees connecting personal devices to SMB networks



RDP hardening

As we wrote about earlier this year, the Remote Desktop Protocol (RDP) can be a major way for attackers to enter your networks. Organizations should periodically scan their public IP address ranges to ensure that all systems do not have any open ports 445 and 3389. The link above has other suggestions to lock down this vulnerability, and the report also has additional proactive measures, such as using network-level authentication settings in group policies and using RDP’s restricted admin mode.

We suggest reading through the full report to explore the full collection of tips and research that it contains. Before you get overwhelmed, though, you should realize that the report shows how you need to be making these changes and looking for possible compromised systems on a regular basis after you’ve implement these “hardening” activities.

Many organizations don’t have regular follow ups to see if changes to their network infrastructure or securing the accounts of former employees are actually done. While it’s certainly wise to make the initial fixes to strengthen your defenses, these actions need to be applied on a regular basis. 

Publish with permission from Avast Business