Posts

Best cybersecurity practices can save companies from hackers’ clutches


Gordon Elder III, founder and owner of No Name IT of Dayton

Gordon Elder III, founder and owner of No Name IT of Dayton

Credit: Contributed

Credit: Contributed

Salisbury likens it to an “arms race” and said attackers have an advantage. They need only find a limited number of places where an organization is vulnerable to intrusion, whereas business owners must focus on all aspects of running the company, including cybersecurity.

Experts are particularly concerned about the recent rise in hacks through third parties, like last year’s attack on Texas-based information technology company SolarWinds. Hackers, believed to be working for Russian intelligence, put malicious code in a software update distributed by SolarWinds to its customers, giving the hackers access to data across a broad range of government and business computer networks.

“The bad guys are going to be coming up with new tricks all the time,” Salisbury said. “The organizations that I think are at greatest risk are small to medium businesses and local governments. They live in the same threat area as larger firms or the federal or state governments but don’t have anything like the resources a large multinational bank might have.”

Cyberattacks and data breaches by the numbers - 2020

Cyberattacks and data breaches by the numbers – 2020

Credit: Alexis Larsen

Credit: Alexis Larsen

JPMorgan Chase bank spends $600 million a year on cybersecurity, according to its April 2019 letter to shareholders. While that is far more than smaller companies need to spend, cybersecurity experts warn that no company should assume all it needs is a firewall and anti-virus software.

“You do have vulnerabilities and you do have data and information that is valuable to these threat actors,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit that tracks publicly reported incidents of compromised personal information and consumer data in the U.S.

ExploreThe newest frontier for hackers: your car

Ransomware attacks disproportionately affect small businesses, according to cybersecurity firm Coveware. Seventy-three percent of ransomware attacks in the first quarter of this year happened to organizations with 1,000 or fewer employees, according to the Connecticut-based company.

In addition to installing protective…

Source…

60 Percent of Companies Call Mobile Devices the Biggest Security Risks

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


60 Percent of Companies Call Mobile Devices the Biggest Security Risks

According to a report recently released by Verizon Business, 60 percent of companies state that mobile devices are the biggest security risk. This information comes from the 2021 Mobile Security Index report, which surveyed 856 IT professionals responsible for the procurement, management, or security of mobile devices. The report revealed how mobile device security continues to be a serious problem for companies.

If you want to learn more about how you can protect your company’s mobile devices, you should check out our Mobility Management Buyer’s Guide. We profile the top vendors in the mobility management field, list their key capabilities, and note our Bottom Line for each.

Verizon Business found that 60 percent of businesses say that mobile devices are the biggest security risk for companies. Part of the problem is that companies are sacrificing mobile security. 76 percent stated that they were pressured to sacrifice the security of their mobile devices in order to increase expediency.

78 percent also noted that they expect remote work to remain high even when COVID-19 is over. The report also showed how the cloud continues to climb in importance for enterprises. Respondents stated that nearly half (46%) of their IT workloads are running in the cloud.

In the company’s press release, Verizon Business’s Chief Revenue Officer Sampath Sowmyanarayan stated: “The pandemic caused a global shift in the way organizations operate, many of which ramped up their digital transformation agendas and working models to meet the fast-changing needs of both employees and customers. While businesses focused their efforts elsewhere, cyber-criminals saw a wealth of new opportunities to strike. With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changed, which for organizations, means there is a greater need to hone in on mobile security to protect themselves and those they serve.”

View the 2021 Mobile Security Index report here.


Daniel Hein

Daniel Hein

Dan is a tech writer who writes about Enterprise Cloud Strategy and Network Monitoring for Solutions Review. He graduated from Fitchburg State University with a…

Source…

400 companies attacked by Conti ransomware


The FBI says a group of criminals behind the Conti ransomware have attacked more than 400 organizations worldwide, 290 of which are in the United States. This includes health facilities, communities and the police force. HSE, Ireland’s national healthcare provider, was recently infected with the Conti ransomware, which affected patient services. The group is demanding up to 25 million euros to encrypt the files.

To access victims’ networks, the Conti Team uses well-known methods, such as links in email messages pointing to malware, victim email links, and stolen RDP credentials. On average, attackers spend four to three weeks on the network before releasing ransomware. The FBI warns that it is common for attackers to call victims when the organization does not respond to the group’s requests two to eight days after the ransomware “”pdf).

a

The monitoring service asks you to share as much information about the group as possible about the victims, namely Bitcoin addresses, the encryption tool provided and the IP addresses. The FBI also makes recommendations to prevent such attacks. For example, it is recommended to disable hyperlinks in incoming email and deliver emails from outside the company with a banner. Organizations are also advised to focus on cyber security awareness and staff training.

Picture

a

Source…

Ransomware Boom Forces More Companies to Cut Deals With Criminals

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Kurtis Minder got into the ransomware negotiation business by accident early last year.

The startup he co-founded, GroupSense Inc., monitors dark web forums and chat groups to see when hackers sell access to businesses’ computer networks. After Mr. Minder’s firm told a software company that criminals appeared to have targeted it, the company asked GroupSense to talk down the attackers from an initial demand of more than $1 million to unlock internal data they had encrypted with ransomware. The two sides settled on a roughly $200,000 payout, he said.

GroupSense soon began fielding more such requests from victims’ law firms and insurance companies, which reached up to 10 a week by the end of last year. The company charges flat rates of $12,000 to $25,000 based on clients’ revenue.

“We did not jump in,” Mr. Minder said of the market for ransom negotiation, adding that it is a loss leader for his firm’s other services. “We got dragged in kicking and screaming, basically.”

The growing prevalence and complexity of ransomware has spurred a cottage industry of first responders to counter it. Startups have launched to communicate with hackers or transmit payments using cryptocurrencies, while large cyber companies have hired personnel or acquired specialty firms to help clients respond to and recover from such incidents.

Ransomware took on new prominence this month after a hacking group known as DarkSide targeted Colonial Pipeline Co. and forced a six-day shutdown of the largest conduit for fuel on the East Coast.

Colonial Pipeline Chief Executive Joseph Blount told The Wall Street Journal Wednesday he decided to pay the hackers about $4.4 million in bitcoin hours after receiving a ransom note.

A…

Source…