Cityscape blackout with a spotlight pointed at the sky with the Nerds Support logo

AT&T Outage: Why You Need Managed IT Services

On January 13, 2021 AT&T experienced a massive outage that disrupted the internet and phone services of across South Florida.

A representative of the company said the outage came from equipment failure at one of their facilities.

Users were reporting no service at around 3:30 in the afternoon. It wasn’t until 6:00pm that users were posting about their internet and mobile phone services returning.

Outages were reported in Key West, Coral Gables, Pompano Beach, Parkland, Plantation and Sunny Iles Beach.

“Why does any of this matter?”, you might be asking yourself. If the issues were resolved and services were restored what’s the big deal?

The reason it’s important to bring up is because of how often it can happen. An outage of this size would be a major problem for businesses normally, but now that many companies have moved to a remote operation, an outage like this, even one that lasts an hour can have serious negative effects on a business.

Thousands of employees, working on various projects to be completed on deadline are suddenly frozen in place. Business owners monitoring and running their operation were left in the dark almost literally. Think about what that does to productivity. Consider further how much money is lost or thrown away in those hours of downtime.

What Causes a Network Outage?

In the case of the AT&T outage it was equipment failure. However, it can be caused by electrical storms, mismanagement of devices, failed software, server hardware failure, or even freak accidents like a rodent chewing through a cable.

One of the main reasons for an outages is attributed to router failure from a configuration change. In fact 23 percent of all downtime on a network is caused by router failure , according to research by the University of Michigan.

Cyber Attacks Can Also Cause Outages

Even though Internet service provider failures, like with AT&T, natural disasters, technology error and human error are the main causes for network outage, cyber attacks are becoming more prominent ways of disrupting a network as well.

Cyberattacks represent the fastest growing cause of outages within data centers. There was a growth from 2 percent of outages in 2010 to 22 percent in 2016.

There is a specific type of cyberattack that is most effective in shutting down networks. Some of you might be familiar with this type of attack called Denial of Service attack (DDoS for short). They occur almost every day now. It doesn’t matter how big or small your business is, your services can be slowed or halted entirely through a DDoS attack.

Even more disturbing is the fact that in many cases a DDoS attack is used as a distraction in order to execute other cyber attacks like data theft.

A DDoS attack pretty much overwhelms your computer by bombarding it with data to the point where it gets overloaded and shuts down. This is a gross simplification of what actually happens but the purposes of this article it will due.

The most recent example of a DDoS attack was in 2020 when Amazon Web Services (AWS)  was struck by a DDoS attack in February. The fact that an attack like this was capable of disrupting Amazon’s cloud services giant should say a lot about the sophistication of the attack. The attack used a technique called Connectionless Lightweight Directory Access Protocol Reflection. You don’t have to worry about the details because that name alone is a mouthful. However, it is important to note the attack lasted three days and amplified the quantity of data sent across the victim’s IP address by up to 70 times.

How Do We Solve Outages?

Continuous Network Monitoring

Consistent 24/7 network monitoring is your key to tackling downtime disasters. Network monitoring allows you to collect data about your network’s status by going through network devices performance and availability. statistics. One the data is collected you can use it to determine what caused the downtime event. Specific information about the outage will also be made available. What device caused the event, the location , and the time of the outage are all things you can determine through network monitoring. IT professionals usually understand how to go about the process of inferring the cause of downtime by reviewing specific data.

Managed IT services companies offer IT consulting services that organize a continuity plan to prepare a business for such event. Like a fire drill, IT consulting involves working through internal processes to find the quickest and most effective way to respond to and diagnose an outage.

That’s why it isn’t enough to have the right strategy but the right cyber security tools to prepare and safeguard against cyber attacks. If you have one It professional working for your business, they might not have the resources or time to fully commit to proactively assess cyber threats and take measured steps to avoid them.

 

Logistics docking loading station with cloud symbols surrounding

Why Cyber Security is More Important For Logistics Firms

Supply chains and logistics firms are always at risk of some form of error or another. Shipment delays, loss of inventory, incorrect orders etc. The Covid pandemic, however, has manifested a new risk in the logistics industry. That risk is cyber security. A large chunk of a logistics enterprise deals with transferring and handling sensitive electronic data. The more advanced the technology, the quicker access to necessary information, the quicker the access to that information, the more efficient the logistics process becomes.

However, supply chains can become extremely vulnerable the larger the links are in that chain. Also, the larger and more reliant on technology they become the more at risk they are of a major attack.

Attack on The Vaccine

Data and information is crucial to the process because that information is shared through the various parties involved in the delivery of products and services in the chain. In other words, the amount of data transferred, used, and accessed within the supply chain process is massive. And that makes the logistics industry a very appealing target for cyber criminals.

The impact of a single cyber-attack on a logistics firm can be incredibly destructive for everyone involved. A perfect example of this was back in December 2020 when IBM’s cyber security division discovered a series of planned cyber-attacks on companies planning on distributing the coronavirus vaccine.

The threats were so alarming that the Department of Homeland Security issued its own warning about the threat.

IBM said the European Commission’s Directorate-General for Taxation and Customs Union was one target of the attacks, as well as European and Asian companies involved in the supply chain, whose names have not been disclosed.

IBM disclosed that among the targets were the European Commission’s Directorate-General for Taxation and Customs Union as well as certain European and Asian companies that dealt with the supply chain.

Hackers Want Access To Data

The purpose of the attack may is still unclear but it may have been to gain credentials, potentially get access to corporate networks and sensitive information regarding the vaccine itself.
That means it will require specialized logistics companies such as Haier Biomedical, a Chinese-owned cold chain supply company working with the World Health Organization and the United Nations.

Since a variation of the vaccine requires storage in special containers at -20 degrees Celsius only very specialized cold chain supply companies could undertake its distribution. Such a company was Haier Biomedical, a Chinese-owned supply chain company that worked with the World Health Organizations and the United Nations to transport the vaccine.

Hackers impersonated an executive from the company and sent phishing emails to different organizations they believed were responsible for providing materials to transport the vaccine.

The New Dangers of Supply Chain Cyber Attacks

Even more problematic, however, is the fact that a cyber-attack on a logistics company doesn’t only impact the logistics firm, it has detrimental consequences on everyone in the supply chain. 80 percent of cyber-attacks now begin at the supply-chain. Meaning that a breach in the smallest vendor can have major ramifications for even the largest enterprises.

The Solar Winds supply-chain attack proved that definitively. The Sunspot virus was deployed on the Orion digital platforming service, a solar winds product. As a result, the attack endangered Solar Winds and every single company, organization, and institution that used Orion.

One problem in securing the supply chain is where the organizational responsibility lies. Many different departments of an enterprise work with the supply chain and other critical partners, but there’s no one person or team held accountable.

So how can logistics firms ensure protection?

Protect Your Internal Systems

To protect your internal systems from malware attacks like the ones described above, invest in firewall and anti-virus programs. The programs your company uses should have a strong security and password protection capabilities such as multifactor authentication and verification codes.

Moreover, perform regular backups for all your data to avoid losing valuable information in the event of an attack.

Train Your Employees

All employees and personnel should trained on cyber security hygiene. They should learn about the potential for a major cyber-attack, hacking attempts and what they look like. That includes suspicious emails, unfamiliar links or URLs, and email attachments. Anticipation of a threat is the best way to prevent it.

Choose Your Supply Chain Partners Wisely

As we’ve demonstrated, the larger the supply chain the easier it is to fall into a cyber attack that can affect the entire network of vendors and distributors. And for the most part, there isn’t any system of accountability. Therefore choose supply chain partners that take the appropriate measures to safeguard their own data by conducting periodic security audits or have security credentials. In essence find partners that adhere to basic cyber security practices to ensure everyone’s protection.

Hire a Cybersecurity Expert

While the aforementioned methods will significantly reduce the cyber risks your company may face, the threat can never be fully eliminated. However, you can do more to strengthen your security, namely, having a skilled cybersecurity expert on your IT team. Cybersecurity professionals have been trained to protect data and are not just IT professionals with some knowledge of cybersecurity. This difference will often determine which companies will react well to a cybersecurity incident and those that will not.

Contract Cybersecurity professionals

Cyber threats can be managed but never completely eliminated. Hiring experienced experts with IT consulting and cyber security skills can do more to improve your cyber security. As we’ve seen with the Coronavirus pandemic of 2020, supply chains and logistics companies are more important than ever. They’ve become an invaluable resource for distributing important goods across the world including medicine, foods, vaccines, personal protective equipment and more.

But as we’ve also seen, hackers are taking notice. Any disruption into the supply chain when delivering critical medicines or equipment can cause irreparable harm to not only companies but ordinary citizens. Hackers attack essential systems in healthcare, and now logistics, because they hope that the desperation to get supplies to the right people will force companies to give in and pay large sums of money in exchange for access to their own systems again.

The cyber threats are real and they are becoming more dangerous. Improving your firms cyber security in light of all the attacks in recent years should be a main focus. As a logistics company you want to aware of all possibilities and prepare for them accordingly.

 

Business man holding a device displaying a cloud with a lock on it

How Do You Know When You’re Ready For An MSP

Managed Services Providers

IT systems are expected to advance at a pace that meets increasingly higher standards of operation. The emergence of remote work practices has forced businesses to keep pace with constantly changing IT trends and technologies. Whole industries have had to reinvent themselves in the wake of the pandemic of 2020. As a result, businesses have opted to outsourcing their IT systems and challenges to a Managed Services Provider (MSP) to help them excel in challenging times.

But how do you know you’re ready for an MSP? How do you know an MSP is right for you?

If You’re Facing Constant IT problems

Now more than ever, it’s common for businesses to deal with constant IT issues. Technology is changing to adapt to the needs of clients and consumers and it can be easy to get swept up all of the requirements, applications, and digital tools that cloud computing has to offer. A managed services provider keeps your technology up to date with regards to digital platforms, hardware, software and applications. That means you can spend less time worrying about your infrastructure and more time on your business.
But what exactly is managed services and what role does an MSP play?

Managed services providers handle day-to-day IT operations to improve efficiency and cut costs. You can hand over specific IT operations to them and choose the degree of responsibility they have. That is the case for a co-managed solution. Co-management is delegating IT tasks over to an MSP that your current IT department is too busy, understaffed, or underequipped to tackle.

If You Lack in IT Strategy

More specifically a Managed Service Provider optimizes, reports and analyzes IT operations to promote growth. They reduce risk and increase efficiency by bringing in the technologies and processes so that businesses don’t stagnate.

In many cases, a business will have a running IT department but they won’t have an IT strategy. They don’t see a need for an IT strategy because to them their IT strategy is: “keep things working.” In today’s world, that is no longer enough. There is a stronger emphasis on remote capabilities and cyber security than ever before. Cyber attacks are on the rise with cyber-crime damages predicted to cost the world $6 trillion annually by 2021.

If you know Cyber security is more important than ever

Cyber crime costs include destruction of data, money theft, Intellectual Property theft, productivity loss, forensic investigations into an attack, restoration of hacked systems, reputational damage to the organization and more.

Global spending on cyber security is also on the rise. From 2017 to 2021, global cybersecurity spending was predicted to go up to $1 trillion . For some perspective, the global cybersecurity market was valued at $3.5 billion in 2004.

Cyber security is not like an issue with a car where you take it to a mechanic and they fix it. It’s an ongoing process that requires constant maintenance like brushing your teeth or staying healthy. If you’re only doing it when there’s a problem you will suffer in the long term.

If you understand innovation is KEY

Furthermore, businesses are adapting to the needs of their clients and customers. These needs require a digital presence and a greater emphasis on ease-of-use for mobile devices. Large banking institutions like Goldman Sachs are innovating in mobile banking by launching Marcus.

Marcus is a commercial banking division of Goldman Sachs that relies on mobile banking technology. Capital One made history by being the first bank to become a cloud-first organization. It migrated to the cloud in 2019 and secured its data with Amazon’s cloud services, AWS.

If You Want To Always be Prepared

All of this to say that in the 21st century, a digital strategy can make a company. Neglecting to have one can break it. Look no further than the pandemic of 2020. Where hundreds of profitable businesses struggled to stay afloat simply because they did not have the procedures, tools, and technology in place to operate remotely when lock-down orders were given. Organizations large and small scrambled to find the technologies necessary to survive only when they were faced with the reality of their situation.

As a result, those who leveraged the cloud, prepared their teams and had the appropriate procedures in place had a huge advantage over those who did not or who started later.

An MSP Partnership is a Collaboration

In the case of a managed services provider, outsourcing doesn’t mean relinquishing all responsibility. An organization is supposed to work with their MSP to better understand its digital strengths, weaknesses, and areas of improvement. IT consulting is one of the prime roles of a good MSP but requires self-awareness and knowledgeable input on the part of the business being consulted.
Rigidness is not useful in many circumstances but this is especially true with IT. A business must be willing to trust in their MSP and work together to resolve issues. On the part of the business it means practicing due diligence. That includes training employees and staff on the various kinds of social engineering techniques. Willingness to give up on older legacy systems that no longer serve the business is big as well.

MSP’s are now playing an incredibly important role in organizations’ overall success. When considering incorporating an Managed Service Provider into your operation, keep in mind that decision is a serious one. Take the time to consider your goals and needs against what the MSP is willing to offer. An MSP partnership is not a one size-fits-all endeavor. Certain MSP’s might focus more a specific industry. Other MSP’s might be stronger in one specific area like security. A managed service provider will have a long lasting impact on your achievements, reputation and success as an organization so make sure to choose correctly.

Business man pressing on a screen displaying 2021

Why Legacy Systems Are Holding Your Business Back

The Problem With Legacy Systems

Businesses have had to adapt to cloud computing to allow personnel and staff access to important company information, files and applications. While the pandemic has accelerated digital transformation among businesses across a variety of industries, some are still not realizing their full potential.

Think of legacy IT systems as an old t-shirt. No matter how comfortable you are with it, eventually it start wear out, fade and tear. Eventually you’ll need to consider replacing it with a newer shirt.

The same goes for legacy IT. Your legacy infrastructure might feel comfortable and reliable because it has worked for so long. However, there will come a time when the flaws and inefficiencies become more apparent. You are going to have to choose between modernizing your business, applications and infrastructure or be left behind by those who do.

What is a Legacy System?

A legacy system is an outdated hardware or software that is still being used by an organization. A legacy system isn’t necessarily one that no longer works but one that isn’t scalable. In fact, the reason why legacy systems are so tempting to keep is precisely because they still work.

For some organizations, investing in IT has developed a system that allows their business to run effectively. So there are instances in which legacy systems are a cheaper and more convenient than migrating to a cloud based service.

However, for many companies, their IT investments are starting to become expensive and inefficient nightmares. For these companies legacy IT is a huge financial burden. Consider the fact that about 75 percent of the $35 trillion spent on technology since 2010 has gone toward maintaining existing systems.

Furthermore, there are many hidden costs associated with slow software and hardware due to the impact on productivity. As previously mentioned, legacy systems might function well but your IT infrastructure is filled with interconnected parts that depend on one another to function. Eventually, your business will need to update applications and programs to operate properly.

Whether it’s because of new compliance protocols, or changes within your industry. Those applications might be incompatible with your legacy systems and that could heavily influence level of productivity.

Poor performance is a big problem with legacy systems as a whole. With businesses modernizing to better suit mobile devices, the ability to access apps at anytime from anywhere improves operations and productivity. Those stuck with older legacy equipment might suffer from lack of compatibility with mobile apps.

The problem with legacy software is that it can’t be accessed from anywhere other than an office computer. Businesses operating on legacy devices had to learn this the hard way when the pandemic hit and they were forced to work remotely.

How to Evaluate Change

Even if it is the case that your legacy system is meeting your business needs, you have to consider how your industry is changing. It’s about anticipating your customer’s needs and ensure you have an innovative strategy. Think of all the companies that found success on the cloud. Capital One, Amazon, Netflix, Google and others have changed their respective industries by redefining customer experience.

At the very least, businesses that keep up with industry demands will have a competitive edge on the one hand but just as important you’ll have the systems in place to operate under any circumstance.

Look at what happened when the 2020 pandemic struck. Businesses that had put off cloud migration were at once forced to incorporate it in order stay afloat. The companies best positioned to thrive during the pandemic had the technology required to adapt quickly in a pinch. Cloud computing, remote capable infrastructures, robotics, or online commerce are all examples of tech that helped businesses stay open.

Those able to use this technology emerged as the victors and gained the upper hand over companies slow to adjust. Even as the economy returns to normal, these technologies will continue to reshape and define how businesses operate for the foreseeable future. These changes that were seen as temporary solutions are quickly becoming permanent as employers, workers and customers begin to see the benefits of cloud and remote work.

Think about the technology customers use today. If you’re still using incompatible legacy systems you’ll stagnate and suffer as competition pushes you out.

Security Risks

Legacy systems present major security risks to any businesses or organization that uses them. In fact, many government agencies have experienced major data breaches as a result of outdated, poorly protected legacy infrastructure. There was even a piece of legislation introduced to modernize all government legacy systems to better prepare for cyber threats.

Legacy systems generally don’t receive regular maintenance. As a result, they don’t undergo the updates required to stay secure in a modern world. Rapidly advances in technology are driving business practices and productivity. Cyber criminals exploit the vulnerabilities found in legacy systems to extort them and hamper progress.

How to Transition to The Cloud

In the case of older business, there is plenty of older data you want to have access to. That is why a gradual approach toward cloud adoption is preferred by most.
Organizations can slowly transition to the cloud through a hybrid Co-management solution. If you aren’t comfortable relinquishing your IT team or control, you don’t have to. Co-managed solutions allows you to keep your existing IT department and use a managed services provider (MSP) as a backup. Giving them control over duties and processes your IT department is too busy for.

Many MSP’s offer IT consulting services and help businesses develop a detailed plan of action regarding the application of cloud technology. In any case, MSP’s can add much needed structure and organization to your new IT systems.

There were many lessons to draw from 2020. But the biggest one for businesses is the importance of adaptability. This coming year make it a priority to review your legacy systems and evaluate their effectiveness. Organizations can move to the cloud and experience profound changes by adopting newer applications and infrastructure. In the meantime, businesses will continue to experience difficulties as they fail to recognize the inefficiencies that come with keeping legacy systems in place.

 

 

cyber hacker on his laptop with code and the U.S. in the background

What Can Businesses Learn from SolarWind Hack

SolarWind The Largest Hack in History

Texas-based software services company SolarWinds was at the center of the largest hack of a Western government in recent history, possibly ever.

When the hack was discovered its customers were advised to log out of its Orion platform, a program used to monitor company networks. The big problem here is that many U.S. federal institutions and Fortune 500 companies used the Orion platform to monitor their IT systems also.

How Did It Start?

It all started when the cyber security company FireEye discovered that it had been hacked. FireEye is a cybersecurity company that works to protect and improve the cyber defense of its clients. It also works with many government agencies and organizations. It’s mostly an offensive security organization meaning they actively try to hack into their client organization to check if their systems are secure.

In March of 2020 when IT staff at over 18,000 companies and organizations using the SolarWinds platform were presented with a link to download the latest version of Orion. The IT staff and companies were unaware that this new version was imbedded with malware capable of giving hackers access to any infected network.

SUNBURST is the malware hackers implanted into the SolarWinds software.

Solar Winds said it traced hacker activity back to at least October 2019 and is investigating further into the attack. The identity of the hackers are still unknown but some experts say that the attack could have been a result of a phishing email. The President of Microsoft, Brad Smith, said in a statement that the attack was “remarkable for its scope, sophistication and impact.”

How did hackers infect a software update with malware?

Hackers gained access to the system SolarWinds uses to update Orion and inserted the malicious code into the software update for the program. This type of attack is known as a supply-chain attack.

What Is A Supply Chain Attack

A supply chain attack is a cyber-attack that damages an organization by targeting weaker elements within their supply chain. Cybercriminals interfere with certain processes by installing malicious software that allows for access to typically inaccessible to unauthorized users.

What makes supply-chain attacks so dangerous is the fact that it hides the malware inside typically safe and trusted software. Instead of manipulating victims into opening a fraudulent email via a phishing campaign. All they have to do is successfully implant their malware into a new update or program and big companies and agencies will download it.

Cyber security firm FireEye conducted its own analysis of the breach and discovered a killswitch that would prevent Sunburst from operating. The cyber security company worked with GoDaddy and Microsoft to figure out which companies might still be struggling with the SUNBURST infection.

Furthermore, a Chinese cyber security company RedDrip team found in its investigation of the incident that there were nearly a hundred suspected victims of the SolarWinds breach. This includes Universities, governments and private companies.

Why Does This Matter?

Regardless of who was responsible for the hack, the consequences of the attack are dire. Not only for the government agencies impacted by the malware but also for the businesses who may have had their data exposed.

The worst part of a cyber-attack, especially one this big, is that the victims might not know the full impact of the breach until months or maybe even years later. Again, FireEye is a cyber security company that uses complex tools to safeguard the security of its clients. Therefore, if hackers compromised the company and have access to its tools, it also has access to the data of the various organizations FireEye has worked with.

You might be asking yourself, “Why should I care about this SolarWinds stuff? It won’t affect me.” But, you see, when it comes to IT and cyber security the story is much more complicated than that. If you’re a business owner or even a regular customer, you might not have encountered SolarWinds directly. However, the companies you work or interact with might have the SolarWinds software as a part of their digital infrastructure.

In other words, any company that you engage with that might be using Orion or any SolarWinds software has had their sensitive customer data exposed. So we don’t really know how deep this goes or who it could impact in the future.

The Importance of Having a Reliable MSP

SolarWinds, like Managed Services Providers (MSP), provide technology services to its clients and customers. In fact, SolarWinds offers many of its technology solutions to MSP’s. MSP’s, like Nerds Support offer technology services to a variety of businesses across many industries. So if a businesses contracts an MSP using SolarWinds software, that MSP’s data is compromised. If the MSP’s data is compromised then the businesses is compromised. In essence there is a chain of exposed information that leads from SolarWinds all the way down to the businesses who might not even be aware they have been breached.

For that reason, MSP’s are frequently targeted by hackers and cybercriminals. As more businesses rely on MSP’s to manage IT infrastructure and provide digital resources, cybercriminals target MSP’s to gain access to valuable business information.

In a June 2020 report the United States Secret Service issued an alert confirming MSP’s were experiencing more frequent cyber-attacks. That doesn’t mean that MSP’s are unreliable rather that it’s important for business owners and leaders to really do the research and look for an MSP with the proper security protocols and channels in place to keep customer data secure.

Nerds Support, for example, is an IT services company working with Accounting and financial services firms from all across the US. Because financial services companies have so much sensitive client data, we’ve taken the added step of complying with SOC and FINRA guidelines to ensure the security and safety of their information. By following compliance guidelines we’re going further than other MSP’s because we understand that security is everything.

Regardless of the industry you’re in, look for an MSP that follows regulatory guidelines, uses advanced cyber security tools, and has the proper checks in place to secure your data.