The biggest IT threats
that you need serious protection against
You are constantly at risk
and you need to know how to protect yourself.
Loss of Data
What was critical: Absence of recent backup...
High executive travelling to an urgent meeting overseas, lots of work and preparation before the trip, no time for manual backup and the laptop was left in a taxi or stolen at the hotel. No recent data to recover.
Lesson: always have a recent backup of your critical data, it MUST be automated (or you will fail to do it), must be remote (or data would be lost in case of theft or fire), must be encrypted (too easy to steal a tape or drive), and have a HISTORY. A copy on a disk is NOT a backup.
DATA loss can happen in multiple ways, with the most popular issues are:
-
Hard Drive malfunction
-
Computer loss or theft
-
Virus infection
-
Malware attack
-
Ransomware
-
Human error
-
Natural disaster
It is important to prepare for the loss of Data, and it should be normal procedure.
In fact, every hard drive, due to the mechanical elements, will wear out or suffer from mishandling. Data backup with clear history is the only valid method for recovering from such damage.
Identity Theft
What was critical: a lack of internal procedure.
A hacker managed to infiltrate an email system and observed activity until they identify a purchase process. They immediately build fakes websites to communicate between companies and eventually managed to redirect a payment to a foreign bank account.
Lesson: Never modify a procedure based on email alone, make sure you have multiple ways to acknowledge an important change like bank account, new email address for Director, official person in charge.
The highest risk of Identity theft are:
-
email phishing - where instruction will drive an employee to disclose confidential information, either about himself or the system/passwords he uses or the processes in place in his company.
-
Social Engineering - when an employee is convinced to disclose his credentials to a pseudo colleague, calling from the IT department
This kind of attack is only relying on employee gullibility. Most companies do not have a real security training or an awareness program, and employees are usually launched in their position with little or no explanations of the risks.
SafeComs offers awareness training sessions to get your employee risk aware and consult on company procedures and policies.
Subscribe to our Awareness program newsletter
Ransomware
What was critical: Absence of procedure and of recent backup...
An employee received an unusual email contesting a payment with attached information but clicking on the link failed to open. The employee passed the mail to another accounting employee to check if they can open it, they end up suggesting that the file was corrupt and ignored the incident.
3 days later, all files on both computers and the peripherals attached + the online backup drive were encrypted and a message requesting a ransom appeared on the screen, together with a clear procedure to purchase bit coins and transfer them to a specific account. The Accountant just lost all data that he was using to close the fiscal year and report to the board for the consolidation of country data.
Lesson: always have a recent backup of your critical data, from an automated process, encrypted, remote, with significant history (min 30 days),
Ransomware is a kind of Virus or Worm that propagates through emails. It can also be found in copies of pirated software and is now also distributed through file sharing and software updates.
The Ransomware elements are usually extremely small to allow distribution via all forms of communication, including PDFs. As soon as the first bytes of the trap is downloaded, the malware will communicate back home to download the rest of the program to encrypt the data, meaning the algorithm and the asymmetric keys to perform the encryption and the instruction to organise the payment of the ransom.
Occasionally you meet people who are not really concerned about the security of a PC at home and will happily use illegal software without any consideration for the risk they are taking or maybe pushing on others... They are worms and trojan magnets.
Spammers and Criminal do not use their own cars or guns to attack a bank, instead they will search for isolated PCs with weak or no security and will infect them with a trojan. As a result they now have one more machine at hand in their "BotNet" (meaning a network of thousands robots ready to answer to their master) for when they need to perform some hacking exploit, penetrate an account, request ransomware to be paid, launch a massive attach against their specific target, etc...
This is how you can easily find yourself in the middle of a forensic investigation where a bank and the law enforcement officers are attempting to source the criminal who managed to access their main database and syphon a large sum of money from their clients accounts.
You might have a hard time explaining why your computer was involved in such an attack, and you will end up also having to justify the illegal software they have found on your computer.
Other types of Malware
Occasionally you meet people who are not really concerned about the security of a PC at home and will happily use illegal software without any consideration for the risk they are taking or maybe pushing on others... They are worms and trojan magnets.
Spammers and Criminal do not use their own cars or guns to attack a bank, instead they will search for isolated PCs with weak or no security and will infect them with a trojan. As a result they now have one more machine at hand in their "BotNet" (meaning a network of thousands robots ready to answer to their master) for when they need to perform some hacking exploit, penetrate an account, request ransomware to be paid, launch a massive attach against their specific target, etc...
This is how you can easily find yourself in the middle of a forensic investigation where a bank and the law enforcement officers are attempting to source the criminal who managed to access their main database and syphon a large sum of money from their clients accounts.
You might have a hard time explaining why your computer was involved in such an attack, and you will end up also having to justify the illegal software they have found on your computer.
I got hit! now what?
What was critical: Absence of protection, procedure & backup...
It can take time to know what went wrong and how the hacker got inside your systems, but basically you can expect a human factor to be the cause more than a technology glitch.
Unless you are the CIA or an organisation holding very high level secrets, hackers will not specifically target you, but instead you will appear as a result of a large network operation, targeting easily guessed passwords, gullible employees, simple phishing exploits, or a trojan was imported from installing some pirated software.
Lesson: make sure you have a security policy in place, that your staff are aware of important procedure when handling ordering and payments, and that regularly run awarenesstraining. You can subscribe online on SafeComs awareness training.
What you should do now will greatly depend on what hit you, but basically there are a few steps that are common to all issues.
Disclose the information internally
Immediately inform the management and the security team. This is the best way to prevent the issue from spreading, and also the only one to immediately kick start the recovery procedure.
It will also help share the information on what happened, how it happened when it is known and what should be done to prevent it from happening again.
Isolate the elements that were hit.
Disconnect from the network and cut all access to the system until a security expert can look into it.
Check associated or connected peripherals
Verify if anyone else was hit at the same time and request a check of each element connected on the same network to be performed
Reset all passwords
on all accounts accessed by the compromised device, but also on any other service where you might have used a similar password
Call in a forensic expert
Request a test on all services you have access to and all connected devices, attempt to find the root cause of the hack
Assess damage and kick start recovery procedure
You will now value the time you spent creating this recovery policy, backup in multiple locations, firewalls segregating departments of your infrastructures and all other security measures that were taken.
Document the Incident
Make sure that a serious root cause analysis is performed and that information is disclosed amongst other employees to prevent future recurrence of this type of incident.
You will gain greater knowledge and staff commitment if you share the details of the incident without blaming anyone.
We selected Sophos as our partner
for the best End Point security protection
Security made simple
Sophos has developed an End Point security doubled with pattern and traffic analysis to react immediately in case of abnormal behavior.
To be efficient security has to analyse any threat with a different perspective and finger prints of threats are methods of the past, today behavioral analysis is the only way to stay on top of the risks.
It is today the best protection against phishing, ransomware, penetration attempt, infestation from trojan, worms, viruses and other intrusion malware.
Watch this short presentation of Sophos approach