Friday, December 27, 2013

Free business resources from Ready.gov

One aspect of cybersecurity is physical security. The concept, and practice, of physical security goes beyond making sure unauthorized personnel can't walk up to a critical system and tamper with it. You may find your organization faced with threats to more than just its IT systems. Hurricanes, tornadoes and other natural disasters are just some of the physical dangers your organization faces and you need to prepare for.

To that end the Federal Emergency Management Agency (FEMA) runs the Ready.gov campaign.  The goal of Ready.gov is to raise awareness for emergency preparedness.  There is much that you, as an employer, are responsible for if/when disaster strikes.

Ready.gov's Preparedness Planning for Your Business page aims to assist organization with creating BC/DR plans. It offers templates to create an Emergency Response Plan and Business Continuity Plan. In addition to these helpful documents you can find excellent guidance on how to implement and manage your organizations preparedness plan.

Whenever a disaster or emergency arises first and foremost you must ensure the safety of your employees.  Beyond that you need to ensure the safety of your business.  In order to accomplish this you need adequate Emergency Response, Disaster Recovery (DR) and Business Continuity Planning (BCP) plans.  These documents, and related exercises, serve as proactive measures you need to take in order to guarantee the safety of your staff and business during a crisis.

2013-12-27 Link of the Day: Sophos Threatsaurus

More great free stuff from Sophos:

Sophos Threatsaurus

Per vendor "This guide is written in plain language, not security jargon. So it’s perfect for IT managers and end users alike. Whether you're an IT professional, use a computer at work, or just browse the Internet, our Threatsaurus is for you."

This is a great piece for people who are not familiar with cybersecurity terms.  The free .pdf contains chapters on; Threats, Security Software & Hardware, Safety Tips and a Malware Timeline.  Each chapters provides the reader with simple and easy to understand explanations of the term or concept.  Where applicable, the Threatsaurus provides advice on how to defend yourself and your organization against the threat. 

Tuesday, December 24, 2013

2013-12-24 Link of the Day: United States Computer Emergency Readiness Team (US-CERT)

Merry Christmas to everyone.  The United States Computer Emergency Readiness Team (US-CERT) is a great source of cybersecurity info for consumers and SMB's.  With a number of email alerts from various government agencies (not all cybersecurity related but pretty interesting nonetheless) the latest threat information is delivered to your inbox.

This is a site for beginners and seasoned security professionals.  Regardless of your experience you will find a wealth of free information available here.

Friday, December 20, 2013

Target Data Breach: Updated

From Brian Krebs:

Cards Stolen in Target Breach Flood Underground Markets

Target Data Breach: What to do if you've been affected

Yesterday Target disclosed that it was the victim of a cyber attack.  The cybercriminals were able to obtain the credit/debit card numbers of approximately 40 million people between 2013-11-27 and 2013-12-15.  If you or someone from your organization shopped at Target, using either a personal or company card, between those dates there's a good chance you may have been impacted.

According to Target the thieves were able to capture the following info from customers credit/debit cards:
  • Cardholders name
  • Card number
  • Card expiration date
  • Card CVV (security) code

As of this writing Target has not stated whether other PII; SSN's, addresses ... had been breached.  Regardless, with what has already disclosed a thief has enough to begin making purchases with your card information.

If you think you or your firm may be a victim of this data breach consider taking the following steps:

Contact Target Directly

Target has set up the following two ways to contact them regarding the data breach
  • Phone - 866-852-8680
  • Website - Great source of information with an excellent set of FAQ's to assist customers.

Bank/Card Issuer

  1. Begin monitoring your account(s) immediately. Do not wait for your monthly statement, use online or mobile app's to access your account.
    1. If you notice any unauthorized activity contact your bank immediately to dispute the charges.  Consumers are not responsible for charges incurred when the card has been stolen.  SMB's may not be afforded the same level of protection as consumers so make sure any unauthorized charges are addressed as soon as they are discovered.
    2. Look for "microcharges".  These are small purchases, usually under $5USD that cybercriminals use to verify the card is valid.  Once validated the cybercriminal can sell the card data at a premium.
    3. Also be aware of whats called "bust out" activity.  This is when a cybercriminal attempts to purchase as much as possible on your card as quickly as they can.
  2. File a fraud report with your bank/card issuer.
  3. If applicable, call your bank/card issuer and either have your PIN changed or have them issue you a new card or cards.
    1. Don't forget to update any information that references the old accounts, i.e. automated payment methods
  4. If available, configure email/text alerts for your account.  This service provided by most banks will alert you via email/text message when your account has been charged.

 Credit Bureau

  1. Contact the 3 major credit reporting agencies
    1. Equifax - 800-525-6285
    2. TransUnion - 800-680-7289
    3. Experian - 888-397-3742
  2. Consider enabling a fraud alert or credit freeze.  Talk to the credit bureau's representative and decide what the best option is for you or your organization.
  3. Obtain a credit report from each credit bureau.  Upon receipt thoroughly review the information in them and take any corrective measures that may be needed.

 Additional Steps
 

If you have confirmed you are a victim.
  1. Contact the Federal Trade commission (FTC) at 877-438-4338 or their website to file an Identity Theft Fraud Report.  Remember to print your ID Theft Affitdavit as you will need it to dispute any adverse effects
  2. Take the ID Theft Affidavit to your local police and ask them to file a ID Theft Report.

Sophos Security Threat Report 2014

More good stuff from Sophos:

Security Threat Report 2014

How To: Set up Parental Controls on Windows 7/8 & Mac OS X Mavericks

From Sophos NakedSecurity:

Five-minute fix: Setting up parental controls on Windows 7

Five-minute fix: Setting up parental controls on Windows 8

Five-minute fix: Setting up parental controls on Mac OS X Mavericks

Not really for the SMB crowd but for those of us with kids this is useful.

2013-12-20 Link of the Day: WinSCP

Hello & happy Friday.  Today's link is to WinSCP, a free secure file transfer client for Microsoft Windows.  Using WinSCP you can quickly and, most importantly, securely transfer files between systems.

Download WinSCP here.


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Wednesday, December 18, 2013

CryptoLocker: What it is, what it does & how you can defend against it

The CryptoLocker virus, actually a trojan horse, has been making a lot of headlines lately.  With publications such as ZDNet labelling it the "Menace of 2013" it's not hard to see why.  Lets take a look at what all the hype is about.

What Is CryptoLocker?
CryptoLocker is a form of malware known as ransomware.  It is called ransomware because it requires the victim to pay a ransom in order to undo the damage caused by it.  As of this writing CryptoLocker is only known to target Microsoft Windows based systems.


CryptoLocker infections usually come from one of two sources.  The primary method of infection is from clicking a link contained in a phishing email.  Fraudulent delivery notifications from UPS, FedEx or DHL are the most common form of CryptoLocker phishing emails.

Another method of infection is from other malware infections.  Through their Command & Control (C&C) servers cybercriminals are able to do any number of things to your compromised PC.  One of them is to push updated or new versions of malware to your machine.  It is through this channel cybercriminals are able to covertly install CryptoLocker on your system.  If you were infected by this method it would be a very good idea to scan all your organizations computers with an offline AV product like Windows Defender Offline or Kaspersky's Rescue CD 10.  Chances are you'll find a number of infected machines, failing to clean them will only result in additional infections and other headaches.

What does CryptoLocker do?
After a successful installation on a Windows system CryptoLocker "dials home" to a remote C&C server.  Once connected to the server it uploads a file (Sophos refers to this as your "CryptoLocker ID") then generates a 2048-bit RSA key pair, one public the other private.  The private key, required for decryption, is stored on the remote server while the public key is sent to the infected machine.

Once the private & public keys have been generated the malware looks for and then encrypts certain types of data.  This encryption doesn't just affect what's stored on the local machine.  CryptoLocker will search for data on network (mapped) drives, USB drives, web-based storage connected to the system (think Google Drive) and any other data it can access.

After it has encrypted the user data CryptoLocker makes itself known.  The malware will display a pop up informing the user of the infection.  It will tell the user they have 72 hours to pay the ransom or their data will be lost forever. Clicking Next>> on the malware pop up will provide instructions on how to pay the ransom.

I cannot stress this enough, DO NOT PAY THE RANSOM.  Remember, you are dealing with criminals, there is no guarantee you will receive the private key if you pay.  As of this writing there is no way of decrypting data affected by CryptoLocker.

What types of data does CryptoLocker target?
CryptoLocker targets a wide variety of file types.  Documents, spreadsheets, PDF documents, pictures, video, Outlook mail files, databases and more are all targets.  CryptoLocker even goes so far as to encrypt certain types of certificate files (*.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c).  This could cause a lot of problems if your organization is using certificate based authentication or other services that rely on certificates.


What can I do to defend against CryptoLocker?
Here is a list of things to help mitigate a potential CryptoLocker infection:


1. Raise awareness of phishing, and other threats, throughout your
   organization, i.e. a Security Awareness program
   (See my 2013-12-17 post for some free resources to help out here)
2. Make sure all computers have anti-virus software installed & the

   virus definition files are current
3. Ensure all systems, both the operating system and applications,

   are up to date with any patches or hotfixes
4. Perform regular backups of your critical data.  This requires

   either a tape (old school) or disk based (HDD/CD/DVD)
   solution.  Online services that backup data can mistake the

   encrypted file as the newest version and archive it
   leaving nothing but encrypted backups with the service
5. Do not put users in the local/domain administrators 
group(s). 
   The malware can only encrypt data it can access so limiting a
   users privileges can help mitigate the damage of a CryptoLocker
   infection
6. Perform regular audits of file shares and applications. 

   Implement a "principle of least privilege" approach, if a user   
   doesn't require access to a resource then they should not have
   access to it
7. Use Windows Volume Shadow Copy Service (VSS), this is not a cure

   all but it has been known to assist in recovering
   unencrypted versions of CryptoLocker affected files

2013-12-18 Link of the Day: Blue Coat K9 Web Protection

Web filtering is essential to any SMB.  You need a way to control what your employees are accessing from their workstations.  Blue Coat offers its K9 Web Protection solution for this problem. 

The product is free for home use.  Businesses can license the application on a monthly/yearly basis at a cost of about $1.85/mo or $18.49/year per license.  This makes K9 Web Protection one of the most cost effective web filtering solutions available.

While this may not be as robust a solution as other content filtering products its price point makes it a very attractive option for SMB's.  Some advantages of the product are:

1. Difficult even for tech savvy users to disable.  Attempts to turn off or uninstall the service require the administrator password.  Unauthorized attemtps to shut it down will result in web access being disabled.

2. The product relies on an external database to categorize web sites.  The advantage of this is that Blue Coat continuously updates the database so you don't need to.  This is also advantageous because the application itself doesn't need to download and store a large amount of data locally.

3. The application can be configured to force all major search engines to use "safe search" options.

4. Reporting is built in for monitoring and controlling employee web behavior.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Tuesday, December 17, 2013

Free cyber security awareness posters

Check out these free cyber security awareness posters.  Great for adding emphasis to any Cyber Security Awareness program.

SANS Securing the Human - You Are A Target



















MindfulSecurity.com:

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 











Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

2013-12-17 Link of the Day: McAfee SiteAdvisor

This is a cool little browser plug-in from McAfee.  Per the vendor "SiteAdvisor software adds safety ratings to your browser and search engine results."

What I find to be most useful with this application is how it rates search engine results.  This is very useful when researching security topics.  Safe sites have a green bullet point with a check mark, questionable sites have an exclamation point in a yellow circle and known malicious sites display a red circle with an X in it.

Please make sure to read any/all product documentation prior to downloading and installing this software.

Download - McAfee SiteAdvisor

Added bonus - McAfee Total Protection Beta (free)


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Monday, December 16, 2013

2013-12-16 Link of the Day: Free for SMB's: A Detailed Guide for Cybersecurity to Ensure Business Vitality

Today's link comes from a great article by Linda Musthaler of Network World.  The article, "Free for SMB's: A Detailed Guide for Cybersecurity to Ensure Business Vitality" talks about the State of Cybersecurity discussion sponsored by the Greater Houston Partnership (GHP).  With talk of the discussion centering around how large corporations are cutting ties with their SMB partners over cybersecurity concerns it is a must read for any SMB decision maker.

The report, although focused on the SMB's in the Houston, TX area, is an excellent cybersecurity guide for any SMB.  You can download it directly here.

You can also use the free GHP Cybersecurity Self Assessment Tool located here.

Friday, December 13, 2013

Survey Says... IT Decision Makers Don't Trust Employees With Company Data

Here's a piece from SecurityWeek:

IT Workers Believe Employees Would Sell Company Data if Price is Right: Survey

"Fifty-two percent admit their employees have read or seen company documents they should not have had access to, and more than 50 percent of the respondents have experienced situations where terminated employees tried to access company data or applications after they left the organization."

I can't say I find this surprising.  This is why it is vital SMB's take the time to discover and audit file shares.  The "Principle of least privilege" should always be implemented when determining who has access to a resource.  If an employee doesn't require access to a file/folder to perform their duties they should not have access to it.  This is also applicable to systems, databases, applications and so on.  It is well worth the time to regularly review employee access needs to various company resources.

Another issue this shows SMB's need to be concerned with is user lifecycle management.  No matter the size of your organiation you should have a process in place to immediately revoke all access to an employee that has left the company.  The last thing you need is a former employee having access to your data for any length of time.

2013-12-13 Link of the Day: Microsoft Basline Security Analyzer (MBSA) 2.3

Just released by Microsoft:

Microsoft Basline Security Analyzer (MBSA) 2.3

Use this tool to scan your network for required patches and vulnerabilities.  Very simple to use & presents its findings in an easy to understand report.

Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Thursday, December 5, 2013

DHS Cybersecurity Tips

Here's a great site from the Dept. of Homeland Securitys STOPTHINKCONNECT (@STOPTHINKCONNECT) program.

DHS STOPTHINKCONNECT Cybersecurity Tips & Advice

This site offers simple, but sound, cybersecurity guidelines.  Tech savvy people will already know these but can still benefit from a review of the basics.  For less technical readers let these act as guidelines for more security conscious computing.

2013-12-05 Link of the Day: Windows Defender Offline

Windows Defender Offline - A free malware removal tool from Microsoft for Windows XP and above. 

Windows Defender Offline offers a number of advantages over other anti-malware applications.  You boot the infected system from the Defender CD/DVD, circumventing the normal Windows boot process.  Booting the infected computer this way prevents malware from launching and hiding itself.  In addition, the CD/DVD you create can be updated.  If you're using an older version make sure to use the Update feature available once the system has been booted from the Defender CD/DVD.  This will ensure the most recent virus definition files are being used.

Remember to download and burn Windows Defender on a computer that is not infected.

Using Windows Defender Offline requires several steps.  

1. Download the application
2. Insert a writable CD/DVD into your CD/DVD drive
3. Locate and double click the downloaded file (either mssstool32.exe or
   mssstool64.exe)
4. Burn the CD/DVD
5. After the CD/DVD has been completed place it in the infected computers CD/DVD
   drive and boot the system from it

You can download Windows Defender Offline here.

You can watch a good video tutorial on how to use Windows Defender Offline here.


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Wednesday, December 4, 2013

2013-12-04 Link of the Day: Sophos UTM

Here are two free Unified Threat Management (UTM) firewalls from Sophos.  The Essential Firewall is for small businesses.  It offers a number of features such as; Networking options (routing, DNS, DHCP, proxy ...), Security features, Remote Access and other functionality important to SMB's.  The Home Edition is perfect for use on home computers.  It has parental controls for controlling kids internet access, web & email virus protection, remote access and a number of other features.

They can be downloaded here:

Sophos UTM Essential Firewall

Sophos UTM Home Edition

As always, make sure to locate and read the documentation for this product.


Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

2012-12-03 Link of the Day: DoD DC3 Newsletter

For today I am going to give a link to a newsletter.  It's the Dept. of Defense - Defense Cyber Crime Center (DC3) DC3 Dispatch.  I consider it to be one of my "daily reads".

You can find their website here.

To subscibe to the DC3 Dispatch newsletter send a subscribe email to dispatch@dc3.mil.

2013-12-02 Link of the Day: ZoneAlarm Firewall

Today's link is for:

ZoneAlarm Firewall

You can choose from either the free version or the $19.95 PRO version.  Make sure to read the documentation.  Knowing how to install and properly configure a firewall is very important.



Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Friday, November 29, 2013

The Impact of a Cyber Attack on Your Business

"Statistics show that nearly 60 percent of small businesses will close within six months after a cyber-attack."

That's a scary statistic.  Today I'd like to take a look at how a cyber attack can affect your business.  Let's look at two potential attacks; a malware infection and a DDoS attack on your website.  The first shows the impact of an attack where a system is compromised and used to steal funds from your bank.  The second demonstrates indirect costs associated with an attack that prevents you from making sales.

What I want you to ask yourself is this, "How can I reduce my exposure to these risks?"  Let's look at this in non-technical terms.  Whether you choose to believe it or not, your SMB is exposed to both of them.

For the first example suppose a virus was to infect a system and use a keylogger to obtain the username/password for your SMB's bank account.  You come in one morning and discover there's no money in your bank account.  If you think this can't happen to you then ask Michelle Marsico, owner of Village View EscrowThat's exactly what happened to her SMB.  Almost overnight cyber thieves robbed her company of $465,000.

In the second example you, or someone in your IT dept., receives an email from "Ivan in Russia" threatening to shut your website down unless you pay him $3,500.  Ask yourself, "How many sales per hour/day does my business generate through its website?  How much will we lose if it's down for several hours/days?"

In another real life scenario this is what happened to Endless Wardrobe, an online apparel retailer.  With the companies website down for a week Andrew Burman, Endless Wardrobe's General Manager, estimates they lost "at least a few thousand dollars in business".

As previously stated, I want to look at this in non-technical terms.  The bottom line is your organization experienced a cyber attack that resulted in financial loss.  What can you do to recoup the losses?  I hate to be the bearer of bad news but the answer is most likely nothing.

The only way to protect yourself is to identify your exposure to the risk of a cyber attack.  Beyond implementing technical solutions these involve, among many other things, working with your insurance company, bank and ISP.  Knowing what protections and guarantees these institutions provide beforehand can help you mitigate and recover any losses you may suffer.

Insurance - Talk to your insurance agent.  Determine what, if any, coverage you have against cyber attacks.  If you have coverage make sure it covers against data breaches, cyber theft or a DDoS attacks.  If you don't, look at what is available from your agent or another insurance company.  In either case be sure to perform a cost benefit analysis to make sure you have the right amount of coverage for your SMB.

Bank - You should be familiar with your banks policies and procedures regarding cyber theft.  In many cases you may be out of luck as business accounts are not afforded the same protections as consumer accounts.  If your bank does have a policy/procedure in place make sure you know who to contact or how to report an incident.  One way of reducing your exposure to this kind of theft is through a two-factor authentication, or one time password (OTP), log in method for online banking.  If your bank offers this I strongly recommend you take advantage of it.

ISP - While unable to protect you from cyber theft directly your ISP can help you mitigate a DDoS attack, phishing campaign or malware infection.  Contact your ISP and see what their options for these types of protection are. 

DDoS protection occurs at the network level.  Malicious traffic is filtered out here, before it hits your website.  Make sure you know what number to call or person/department to contact if you are experiencing a DDoS attack. 

For phishing and malware protection they may have a number of solutions.  These could be controls that block spam or prevent access to malicious websites.  Your ISP may be able to provide these services to you but they are usually on a subscription fee basis. 

It's more likely that they will have spam controls that individuals will have to set up on their own.  Ask them for instructions on how to use spam filtering on user accounts.  The ability to block users from accessing malicious websites can usually be found on the ISP provided router.  Check the equipments documentation or ask the ISP for instructions on how to configure web filtering at this level.

Knowing how to handle these three items in advance can significantly influence events in the wake of a cyber attack.  Being able to mitigate or recoup any losses suffered will help you from being one of the 60% who go out of business within 6 months.

2013-11-29 Link of the Day: Kaspersky Rescue Disk 10

Today's LOTD is:

Kaspersky Rescue Disk 10

Just download the free .iso image, burn it to a CD then boot the infected system from it.  For the most up-to-date protection make sure the products A/V signatures are current.  This product will run a complete scan on an infected machine.  If a virus is detected it will remove the infection. 

Download and read the Admin's Guide prior to using this application.
 
 
Any/all products/services are provided for informational purposes only. The author does not endorse any single product.

Use these products/services at your own risk.

Wednesday, November 27, 2013

Network World: Small Businesses Put Themselves at Risk by Not Taking Security Seriously

Great article from Thor Olavsrud:

"Small Businesses Put Themselves at Risk by Not Taking Security Seriously"

2013-11-27 Link of the day: Free Anti-Virus

Todays links are to free virus scanning products from major security vendors.  They offer either online scanning right from your web browser or software you can download to perform a complete virus scan on your system(s) for free.  Links are listed in no particular order.

Sophos Virus Removal Tool

McAfee Security Scan Plus

Norton (Symantec) Security Scan

TrendMicro HouseCall

ESET Online Scanner (Click "Run ESET Online Scanner" button on left side of page)

Bitdefender Online Scanner

PandaSecurity ActiveScan 2.0

Kaspersky Security Scan



Note: To avoid conflicts, disable any other anti-virus software running on your system prior to running these tools.  Any/all products/services are provided for informational purposes only.  The author does not endorse any single product. 

Use these products/services at your own risk.

Tuesday, November 26, 2013

Racingpost.com Hacked - How to properly handle a data breach

From Sophos Naked Security "Hackers trot off with RacingPost.com customer records".

According to the companies LinkedIn page they have between 201-500 employees.  Their LinkedIn profile goes on to state they receive "more than 1,000,000 unique visitors per month".  While located in the UK they qualify as an SMB under the definition set by the US Small Business Administration. 

As the article points out the site does not store credit/debit card info.  That is good news for Racingpost.com and its customers.  However, it does store other personally identifiable information (PII) such as; usernames, passwords, first & last names, customer addresses, email addresses and customer dates of birth.  This is a treasure trove of information for identity thieves, hackers and phishers.  At the very least these users can expect to see a substantial increase in the amount of spam they receive.  In a worst case scenario identity theft is a very real possibility.  Affected users may wish to employ a credit protection service to minimize the potential of this.

While the passwords were encrypted it is relatively easy for them to be cracked.  To see how easy this is just Google "Rainbow Tables".  More info on Rainbow Tables can be found here and here (the first two results returned by Google).  Security best practices recommend stored passwords be hashed and "salted", however this was not the case.  Encryption algorithms are reversible.  Hash algorithms are "one way" and are not reversible.  The practice of adding salt to the hashing algorithm makes it exponentially more difficult to crack.  Had the passwords been hashed & salted a Rainbow Tables attack would be much less likely to reveal the passwords.

How many of these username and (potentially cracked) password combinations do you think have been used for other online accounts? As discussed in the article, password reuse is fairly common. All users affected should immediately change their passwords for any/all accounts they have. This is why users should be forced to change theirs on a regular basis.  My recommendation is to follow cyber security best practices and force this change every 45-90 days.

Now for the good news.  This is an excellent example of an SMB handling a crisis correctly.  They detected the compromise in a relatively short period of time and called in cyber security experts immediately.  They then took appropriate measures to control the damage and began the process of customer notification.  It is obvious they had an incident response plan in place to address this type of event.

SMB's can use this as a learning experience.  Speak with your IT staff and ask them about your organizations incident response plan.  If they are able to explain the process then you're in a position to handle a potential crisis.  It would also be a good idea to schedule some time with your staff to review the incident response plan.  Update it and make any necessary adjustments during the review.

If all you get is blank stares and non-answers you're in trouble.  Take the time to gather the appropriate stakeholders from all lines of business and create an incident response plan.  Once completed, incorporate it into your cyber security policy immediately.  Protect your organization by requiring all employees read the cyber security policy and sign a statement that they have and understand it.

I would also recommend conducting at least one table top exercise per year.  This is an exercise where a data breach is simulated.  It ensures that everyone in your organization knows what they are responsible for and the steps required to meet those obligations.  Remember, getting ahead of the incident goes a long way in regards to damage control and restoring customer confidence.

In future posts I will help guide readers through the process of creating an effective cyber security policy.  An incident response plan will be one of the topics that will be covered.

2013-11-26 Link of the Day: The Business Side of Cybersecurity

The Business Side of Cybersecurity from SecurityWeek

Great article by Marc Solomon from Security Week magazine.  He provides a good insight into how to cyber security needs to adapt to changes in both the threat landscape and business requirements.

Friday, November 22, 2013

More Healthcare.gov woes

From Sophos Naked Security: Security pros: If Healthcare.gov hasn't been hacked already, it will be soon 

This is why testing and vulnerability assessments are critical before rolling out a new website or web application. 

If you're going to err, do it on the side of caution.

From Websense - 8 Security Predictions for 2014

From Websense - 8 Security Predictions for 2014 These guys tend to be pretty accurate in their predictions. 

What I find interesting is item #2, "A major data destruction attack will happen". This is something new. Generally attackers like to be stealthy, hiding their tracks to avoid discovery, and interested in stealing data not detroying it. 

My guess is this would be used to create a new revenue stream for the attacker(s). Steal the PII or intellectual property (IP) then destroy it. This would allow for the data to be sold on the black market (Dark Web) and then ransomed back to the victim, i.e. pay me and I'll return your data.

2013-11-22 Link of the Day: Microsoft Security Guide for Small Business

Microsoft Security Guide for Small Business

Thursday, November 21, 2013

Cybersecurity meets psychology - Microsoft & Maslow

I received an interesting Tweet from Microsoft Security (@msftsecurity) regarding a report they published in conjunction with Oxford-Analytica.  Here is a link to the report titled "Hierarchy of Cybersecurity Needs: Developing National Priorities in a Connected World" (look for the link at the bottom of Kevin's article).

While this is written at a national level I think it is highly applicable to SMB's.  In accordance with Maslow's Hierarchy of Needs the report defines 5 levels of cyber security needs.  With each layer building on the one below it, if lower needs are not met then they will be dominate.  As these lower level requirements are met then higher level needs become evident.

Let's take a look at how it breaks down, or builds upon itself, whichever you prefer.

Access - The first need that a SMB requires is secure access to the network.  Without secure access to shared resources such as; files/folders, databases or printers ... even the Internet itself is a resource in this case, no organiation can SMB's function at an acceptable level of efficiency.  This is even true in more traditional scenarios, POS terminals and credit card processing systems require access to their respective networks in order to perform their functions.  In other words, without access to a network people and machines cannot fulfill the basic needs of the organization.

Resilience - Once the need for access has been fulfilled the organization and its personnel need the network to be reliable.  If the organizations network is not resilient and staff cannot access the resources they require to do their job a breakdown occurs.  The IT industry has made resiliency a core requirement of any quality network design, there can be no single point of failure that would cause a disruption to the business.  Whether it be a RAID array on a server or a highly available router/firewall configuration the architecture of the network should be built in order to function properly even in the event a single component fails.

Connectivity - This need is tightly integrated with its predecessors.  Whether it's to shared resources, business partners or customers organizations are not able to function without secure connectivity.  Think of it this way, if your customers are incapable of connecting to your website, or walking into your brick and mortar location because the entrance is blocked, to purchase goods/services then your business will suffer significantly.

Trust - When conducting business it is vital your customers have an acceptable level of trust in you and your technologies.  Your employees, partners and customers must trust that the information they provide you with; whether it be an employees Social Security number, a business partners bank account information for automated deposits or a customers credit card number, if there is no trust that information will be protected then they will not provide you with it.  In cyber security terms this equates to, among a myriad of other things, protecting your data from hackers, providing secure SSL connections to your website or establishing VPN connections to business partners when exchanging data.

Optimum - When all underying requirements have been met the organization's cyber security posture is in its optimum state.  All parties involved can access the network, resiliency provides fault tolerance to provide a minimum of 99.999%+ uptime, there is connectivity to required resources and trust is established using security best practices. Employee's are secure knowing their personally idenitifable information (PII) and other information they require is secured.  Business partners and customers have assurances that their data will remain confidential.

If you're an SMB owner/partner, IT manager or part of the IT staff take some time to think about how your organizations security practices meet these needs.  Do they?  If not, at what level is there a problem?  If you keep reading this blog on a regular basis I will show you how you can implement a cyber security program that will.

Wednesday, November 20, 2013

SMB Cyber Security: Perception vs Reality

Many SMB's do not consider cyber security a priority.  A recent Gartner survey found that organizations spend 5%, or less, of their annual IT budget on cyber security measures.  This is understandable since it is difficult to justify an expenditure that does not directly impact the companies bottom line by either increasing profits or reducing costs.  The practice of risk avoidance is difficult to quantify when looked at this way.

A good example of this is disaster recovery, an often overlooked aspect of cyber security.  However your data is your companies lifeblood and this practice is essential to preserve the confidentiality, integrity and availability of said data.  Everyone knows they should have current backups of their data but how many actually have an effective backup strategy in place?  Who wants to spend money on backup applications, extra hard disks and other storage media?  What about the cost associated with time spent by IT staff reviewing backup logs to confirm they were completed successfully and rerun the job if it didn't?  How many SMB's have ever engaged (invested) in a data recovery exercise?  Regardless of the size of your business it is critical to ensure you can effectively recover from something as simple as a hard disk failure.  If you cannot recover from a common issue like this how would you be able to recover from something like a data breach, virus outbreak or other cyber attack?

In 2013 security firm McAfee teamed up with Office Depot to create the Office Depot Small Business Index survey.  With over 1,000 participating SMB's the survey found these two interesting facts:

- 77% of respondents indicated they had not been compromised (hacked)
- 66% felt their data & devices were secured from hackers

A recent Ponemon Institute survey of 2000 SMB's revealed:
- 60% of upper management do not think cyber attacks represent a threat to their business

That's the perception.  

Here's the reality.

The Office Depot Small Business Index found that:
- 14% of SMB's have no security protections whatsoever
- Less than half employ an email security solution
- Approximately half have implemented some type of Internet security measures
- Most dramatically, a full 80% do not utilize any type of protection to secure their data

The Ponemon Institute survey found:
- 33% don't know whether or not their business has been the victim of a cyber attack
- 42% have been the victim of a cyber attack in the last 12 months

Other respected publications have discovered:
- 72% of data breaches involved companies with less than 100 employees (Verizon's 2012 Data Breach Investigations Report)
- There was a 13% increase in targeted attacks aimed at companies with 250 or less employees from 2011 (18%) to 2012 (31%) (Symantec's Internet Security Threat Report)
- Most states in the US require that a company whose suffered a data breach notify each and every person affected by the breach.  Current estimates place the cost of a data breach at $130.00 per person. Ask yourself how many consumer/customer records are in your company database and other electronic records then multiply that by 130 to estimate what a breach will cost you.
- Between 2005 and 2010 there were more than 500,000,000 records containing personally identifiable information (PII) breached.  Of those approximately one fifth came from SMB's. (Privacy Rights Clearinghouse's Chronology of Data Breaches report, published in August of 2010)
- 80% of SMB's that are breached suffer significant financial loss or declare bankruptcy within two years of the event. (Per statistics compiled by Identity Theft expert John Sileo http://www.thinklikeaspy.com) 

I could go on and on with these facts and figures but I won't since these are more than enough to lend credence to my asserton that SMB's must take measures to protect themselves.  If you wish to see more examples of what happens to SMB's that take a lackadaisical approach to cyber security just Google the phrase (include quotes) "hackers target SMB's".  The results should convince you to take cyber security seriously.

This post will end the fear, uncertainty and doubt (FUD) surrounding cyber security and the SMB.  From here on out we will focus on ways to protect your business.  Future posts will show you how this can be accomplished through developing policies and procedures, implementation of security best practices and a variety of security applications that are available at no, or very low, cost.

2013-11-21 Link of the Day: FCC Small Biz Cyber Planner 2.0

FCC Small Biz Cyber Planner 2.0

2013-11-20 Link of the Day: NIST Small Business Information Security: The Fundamentals

NISTIR 7621 - Small Business Information Security: The Fundamentals by Richard Kissel

Tuesday, November 19, 2013

Welcome to the realm of The Cyber Security Sentinel


Hello & welcome to my blog. 
 
My name is Eric Cissorsky, The Cyber Security Sentinel.  I have over 15 years experience in the IT field and have spent the last decade of my life dedicated to the discipline of cyber security.  My resume includes working in the pharmaceutical, aerospace & financial sectors.  In addition, I spent a number of years at a large managed services provider giving cyber security architectural/engineering guidance to it's customers, many of whom belong to the Fortune 500 and run the gamut of various industries.  In that time I have developed a deep understanding of cyber security.  You can view my complete resume at http://www.linkedin.com/in/ecissorsky.

The purpose of this blog is to help small-medium businesses (SMB's) benefit from my knoweldge and experience.  Statistics from the SBE Council put the number of employer firms in the US at around 5.8 million.  Of that 89.7% employ 20 people or less.  Very few of these firms have the resources to implement "enterprise class" cyber defenses.  The purpose of this blog is to show how SMB's can leverage their limited resources to develop effective cyber defenses to the most common, and some uncommon ones as well, cyber threats.

As previously stated the target audience of this blog is small-medium businesses (SMB's).  These are typically organizations with less than 500 employees.  Most of them do not have information security professionals on their payroll.  Many may not even have a dedicated IT staff.  I am here to show firms in this position how to increase their security posture by using information security best practices and no/low cost tools.