Sean Connery Shares Cybersecurity Tips On The Wolfe Den Show

Sean Connery, Orbis Solutions’ CSO, recently appeared on The Wolfe Den Show to discuss the threat of ransomware and what businesses can do to stay protected.

Orbis Solutions Shares Critical Business Cybersecurity Tips On The Wolfe Den Show

Sean Connery, Orbis Solutions’ CSO, recently appeared on The Wolfe Den Show to discuss the threat of ransomware and what businesses can do to stay protected.

Key points in this article:

  • Cybercriminals are becoming more organized, structured, and effective.
  • Your unaware staff members pose the biggest threat to your security.
  • Proper defense means more than protection; you need to be able to detect threats, respond in real-time, and recover quickly.

YouTube video

Cybercrime Is Evolving

“Nowadays, these groups are full-blown companies because it’s all about money,” says Sean. “They are fully equipped and good to go.”

The fact is that cybercriminals are no longer just lone wolves using computers in dark basements—they’re organized, structured, and well-funded. It’s big business, which means cybercriminals have more resources to work with. This has led to more and more advanced attack vectors, especially ransomware.

A few years ago, ransomware wasn’t a big concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data, you could rely on that to replace your data if it was encrypted by ransomware.

Ransomware is malware that encrypts the target's data (making it unreadable and inaccessible) and holds it for ransom. It targets all data on the target's systems, making it impossible for them to ignore until they pay the ransom or restore the data from backup.

Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. The attachment installs a malicious software program (malware) onto the computer system.

There are several ways that hackers can trick targets into downloading ransomware:

Phishing

Phishing is a social engineering technique that "fishes" for victims by sending them deceptive emails. Phishing attacks are often mass emails that include ransomware as an attachment.

Malvertising

Hackers have found vulnerabilities in many popular, modern browsers like Google Chrome and Mozilla Firefox. They spam users with official-looking pop-ups informing them of an “infection” or “security alert,” prompting them to download a file or click a link.

Out Of Date Hardware

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix and protect the users.

However, the way cybercriminals use ransomware has evolved in the past few years. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:

Expanded Timelines

Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their entry method isn’t discovered immediately. This gives them time to embed themselves, steal data, and more, all before they activate the ransomware and infect the systems.

Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to back up their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.

Improved Capabilities

Modern forms of ransomware can even target and infect backup hard drives and cloud-based data if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility. All of this is to say that you can’t assume you won’t be infected at some point.

Think Of Cybersecurity Like Home Security

Talking about cybersecurity with users unfamiliar with conventional network infrastructure can be a little complicated. To simplify it, Sean proposed a metaphor—what if you thought about your network like your house?

You employ a range of security measures for your home, which lines up directly with recommended network security measures:

Prevent

  • Front Door
  • Lock

Detect

  • Glass Break Sensors
  • CCTV Cameras
  • Alarm System

Monitor

  • Humans keeping watch

Response

  • Neighborhood security
  • Police and local law enforcement
  • Insurance coverage

Despite how obvious these measures are regarding home security, we often meet business owners and managers who have essentially left their doors unlocked, turned off their alarm system, and gone to sleep for the night.

An especially important and often overlooked aspect is detection…

Detection Is Just As Important As Protection

You cannot just passively protect your IT assets and expect to stay safe. Effective cybersecurity also requires active monitoring for incoming threats.

Key components of your detection capabilities include:

Antivirus

Antivirus software is used with a firewall to defend against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation.

The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t damage your data and legitimate software.

Antivirus, known as endpoint protection, is installed to protect at the user level. It is designed to detect and block a virus or malware from taking root on a user's computer or accessing a network to which the user is connected.

Antimalware

These types of solutions should be used in combination with antivirus software to defend against common malware threats.

Event Monitoring

This is the practice of monitoring IT systems (through both automated tools and manual oversight) to identify potentially dangerous events and address them before they become serious threats.

Intrusion Detection & Prevention

These systems can further improve event monitoring efficacy by scanning for known security events and raising the alarm when they are identified.

Threat Monitoring

Threat monitoring is the practice of staying up to date on the latest cybercrime attack vectors. This is a key part of Cybersecurity Awareness Training and ensures your staff actively contributes to organization-wide detection processes.

The Limitations Of Perimeter Security

When we talk about perimeter security, we’re referring to that “Prevent” level from above. In network security, this means a simple firewall and antivirus. This is where many small businesses stop with their cybersecurity initiatives.

Unfortunately, this is simply not enough to defend against modern threats. Case in point: the zero-day attack.

Some of the worst data breaches are based on "zero-day exploits", which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.

A recent example of this type of attack is the Kaseya Ransomware attack. On July 2, 2021, a number of Kaseya VSA servers were used to deploy ransomware.

Kaseya VSA software is a remote monitoring and management tool used by IT managed service providers to provide services to their clients. By design, these tools have administrative access to all systems they manage, making this breach particularly dangerous and damaging.

The Dutch Institute for Vulnerability Disclosure (DIVD) revealed it had alerted Kaseya to several zero-day vulnerabilities in its VSA software (CVE-2021-30116) that it said were being exploited as a conduit to deploy ransomware. The nonprofit entity said the company was resolving the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place.

Long-term consequences for affected businesses will likely include extensive data loss, long-lasting downtime, and high costs for recovery. For example, a grocery store chain affected by the attack had to close down 800 stores while they dealt with the infection.

The #1 Cybersecurity Measure That Business Owners Overlook

In addition to zero-day exploits, users can also render perimeter defenses meaningless. Did you know that over 90% of cybersecurity incidents can be traced back to human error?

What your employees know about cybersecurity and how securely they use IT can directly affect the future of your business. If you’re breached, the best case scenario is thousands, if not millions of dollars in damage.

You can’t expect a firewall and antivirus solution to keep you 100% secure. Cybercriminals know that the user is the gap in a business’ cyber armor—that’s where they aim.

That’s why cybersecurity awareness training is such a worthwhile investment. It turns your most dangerous weakness into a key strength.

Your Users Will Nullify Your Perimeter Defenses

The fact is that what you (and your staff) don’t know could hurt you. If your staff isn’t up to date on the latest cybercrime scams, then they’re putting your data at risk.

Due to their level of access, an unaware or malicious employee can do a lot of damage:

  • Users can be tricked or phished into handing over credentials and access
  • Users with local admin rights can inadvertently install malicious software
  • Internal bad actors can work to sabotage or bypass systems

Beyond protection and detection, you must also consider how you’ll respond to an attack…

What Is Your Response Plan?

If you think you may have been the victim of ransomware, phishing, or cybercrime, your first step is to get in touch with your IT support immediately.

Don't hesitate to hire professional cybersecurity experts if you haven't already. Hardening your systems against attacks and thereby making yourself a harder target for cybercriminals is critical.

Beyond that, make sure to follow these three steps:

Isolate The Damage

Your first move when an attack occurs is to isolate the computer from the network to prevent further access.

Remove the network cable from the tower or laptop and turn off your networking functions (the Wi-Fi settings). Do this manually even if you have security software that claims to shut down the connection for you.

Power Down

You also need to shut down your computer to prevent damage to your hard drive. Ideally, your anti-virus and anti-spyware will prevent the attacker from getting that far, but you still need to remove it from the computer to protect it fully.

Control Access

Resetting your passwords is also critical. You should be sure to create entirely new passwords and avoid re-using them at any point. Don’t forget to check any accounts linked to your computer, including social media profiles, email accounts, online banking, and any other potential targets.

The incident response plan should carefully detail procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, other organizations, and law enforcement and provide guidance on federal and local reporting notification processes.

This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.

A key consideration you may have already thought of is cybersecurity insurance. Have you managed to qualify for coverage yet?

What You Should Know About Cybersecurity Insurance

“Think back to a few years ago, and carriers would only ask you a couple of questions,” says Sean. “Unfortunately, attacks are more vicious and frequent, so insurance companies are looking to analyze the risk of having a customer.”

Cybersecurity insurance is a relatively new type of protection designed to help cover the potentially massive expenses associated with an unavoidable data breach. It can be a worthwhile investment, so long as you know how it works.

The somewhat inevitable nature of modern cybercrime has led businesses to consider cybersecurity insurance as a final layer of reassuring protection. It’s becoming more and more necessary, as many insurance providers have begun drawing a clear line between normally covered losses and those incurred by cybercrime-related events.

That means that if your cybersecurity doesn’t meet the standards of your insurance provider, you may not be as well covered as you think.

A common misconception is that a cybersecurity insurance policy is a catch-all safety net, but that’s simply not the reality. Without a comprehensive cybersecurity strategy in place, a business may not qualify for a policy in the first place.

All this shows why business owners need to look carefully at the fine print of their cybersecurity insurance policy and ensure their cybersecurity standards are up to par. No one should assume they’re covered in a cybercrime attack—after all, for every $1 million paid in premiums, insurance companies only pay out $320,000 in claims.

3 Steps To Qualifying For Cybersecurity Insurance

Assess

The best way for you and your team to determine the best coverage for your organization is to understand your IT infrastructure.

By evaluating your systems from top to bottom, you’ll have a clear idea of all the different access points that could leave your network vulnerable to threats.

Remediate

Don’t forget to consider how investing in cybersecurity could save you money on premiums. Open up a dialogue about it with your potential Cybersecurity Insurance provider and see what they suggest.

Continually Reassess

Next, it’s best practice to conduct a risk assessment and an impact analysis. Carefully review all your organizational assets—including financial data, customer information, and intellectual property.

Categorize assets according to the risk and consider the potential impacts a data security event could have on all aspects of your business.

You Can’t Ignore Cybercrime And Hope It Goes Away

In summary, there will never be a way to be 100% protected from an attack or an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being breached (or suffering extensive damages in the aftermath of a breach) can be dramatically reduced.

Get in touch with the Orbis Solutions team to discover more about developing a proper cybersecurity defense.

Client Success Stories

Still On The Fence About Switching IT Services Provider? Check Out These Real Success Stories From Real People

“Orbis’ experienced team assessed our situation, listened to our concerns, and educated us to the ever-changing world of technology. Not only are they professionals at what they do, they’re a pleasure to work with and always have a unique, personal approach to our needs.”
Jane Doe
~ LAS VEGAS CONSTRUCTION FIRM
“Thank you Orbis Solutions for providing me and my staff with your monthly Tech Tips. As a Las Vegas business owner I don't have time to keep up with changing technology and your tips are always on point. Always professional and attentive to our growing business needs.”
Jane Doe
~ LAS VEGAS REAL ESTATE BROKER
“We are a small business in Las Vegas, and therefore do not have the revenue to staff full time IT personnel. So last year, we partnered with Orbis Solutions Inc. and they are the “IT Department” for our company.”
Jane Doe
~ Las Vegas CPA Firm
orbissolutionsinc linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram