Posts

Businesses need disaster recovery plan to protect from cyber security attacks.

Why Cyber Security Needs To Be Part of Business Continuity

As governments and businesses struggle with COVID-19, their digital infrastructure and data systems are targets for cybercriminals. Now more than ever, businesses need to reconsider how they view cyber attacks.

Cyber Attacks Are Not Considered Part of Disaster Recovery Plans

Cyberattacks have more in common with biological attacks than other types of attacks. What I mean by that is, it takes a while to understand when and how an attack has happened. Government agencies and business owners must develop a new way of understanding disaster recovery. In a natural disaster like a hurricane, a fire or an earthquake, restoring infrastructure could require investing in reconstruction. Recovering from a cyber attack, however, requires a more robust approach.

When a business experiences some disaster, it should work to mitigate the damage and risk to its employees and the business itself. Unfortunately, there are businesses using outdated and vulnerable computer systems and that makes them more vulnerable to a cyber attack.

When , for example, a hacker attacks a financial firm for valuable information, restoring a secure network environment could replacing devices, a digital forensics investigation, and policy changes to properly contain it.

Cyber Attacks Are Getting Worse

We know cybercriminals are targeting hospitals and even private organizations with malware. In fact, over a third, or 34 percent, of malware based cyber-attacks during the first quarter of 2020 were ransomware attacks. Government agencies were hit even harder accounting for 21 percent of all malware attacks.

Ransomware attacks succeed because cyber criminals leverage unpatched systems and vulnerabilities left unattended by all of these institutions. Due to the lockdown in March 2020, IT and security personnel aim to support remote workforces as more business closed to avoid infection. Some companies were prepared for the transition but many companies in very vulnerable industries struggled to keep up.

In late April of 2020 Ransomware attacks shut down Parkview Medical Center’s IT Network in Colorado. This attack caused numerous IT network outages while they worked to treat patients for COVID-19.

A third party forensics team investigated the cyber breach and it may take months to understand the consequences of the breach itself.

Developing A Strong Business Continuity Plan

Building a proper continuity plan requires reevaluating priorities as remote work becomes the standard for many businesses. More and more industries are relying remote operations meaning hackers are using the resulting struggle and confusion to attack systems made vulnerable from the transition.

As we’ve seen, depending on the severity of the attack, it could lead to a variety of  problems like systems failures, power outages and huge disruptions.

In the event of a cyber attack a business leader should know:

  • When the call should be made
  • what information should be provided 
  • And how to create a cooperative environment between members of the company and cyber experts investigating the breach.

Make Disaster Recovery a Practice

After this is properly explored by the company, it should be communicated to all employees and tested frequently. You should always be testing, improving and adapting your disaster recovery plan so that employees and personnel in the company are aware of their role in resolving a breach.

This will go a long way in improving company culture and staving off a cyber threat.

Incorporating protocols addressing the steps your business is required to take in the event of an attack is pivotal. All businesses know (I hope) what to do in the case of a fire or a electrical outage. Unfortunately, not many have a measured plan for how to take on cyber attacks.

When developing a strategy answer these questions:

  • Who should I contact first?
  • How I do to identify what was stolen?
  • What measures are in place to prevent an attack in the first place?

Why Cyber Criminals Attack

Obviously, those are basic questions that won’t sufficiently prepare you for an attack but the point is business owners don’t even think about them. What tends to happen is a business owner will put off developing a disaster recovery plan for cyber attacks until an attack happens. From there on it’s a scramble and fumble to fix everything at once without a strategy. If you’ve ever experienced a cyber attack you know how chaotic it can be when it’s uncovered.  In some cases, hackers attack franchises like Wawa.

Other cases it’s large companies like DoorDash. But the most often, hackers target medium and small sized businesses. The reason is simple. Smaller businesses don’t have as many resources and might have weaker systems as a result. Furthermore, hackers assume they don’t have enough capital properly investigate a breach if it happens. And best of all, the target will be small enough that an attack will fly under the radar and go unnoticed by investigators and authorities.

Cyber-security needs the same level of care companies invest in all other aspects of operations. To be successful in repelling or avoiding these types of attacks. Incorporate cybersecurity into your business framework because society as a whole is more dependent on digital networks. However, both the public and private sectors have failed to actually improve on their cyber vulnerabilities.
As a result, the number of attacks on schools, hospitals, government agencies, continue to grow and attackers will continue to reap the benefits of a weak infrastructure. Nerds Support works along side its clients to develop comprehensive business continuity and disaster recovery plans. IT support companies and MSP’s, like Nerds Support, are the best options when establishing a secure remote environment, working to strengthen your IT security or grow your business.

 

What Should Concern Businesses About the New Orleans Cyberattack

The city of New Orleans experienced a cyberattack so severe Mayor Latoya Cantrell declared a state of emergency.

The attack occurred on Friday, Dec. 13 and caused the city to shutdown government computers. Officials announced the shutdown via social media posts.

City Shutdown Government Computers

The attack started at 5 in the morning, according to the city of New Orleans. At around 11 a.m., employees noticed what they considered suspicious activity. As a result, the city’s IT department ordered employees disconnect from Wi-Fi and close down their computers.

Fortunately, an investigations into the attack is currently underway as Federal and State agencies gather more information. As of now, nothing is known about the malware used during the attack and the Mayor said no ransom demands had been made yet.

Louisiana’s Third Cyberattack

This ransomware attack is the third to affect Louisiana in five months. In November, another attack prompted Louisiana’s Office of Technological Services to shut down multiple state agencies. And in July, cyber criminals attacked several Louisiana school districts, shutting down their networks for ransom.

As a result of the schools attacks, Governor John Bel Edwards declare a state of emergency that allowed state agencies to help local governments recover from the attack.

What’s the Damage?

Unfortunately, it’s always difficult to tell the extent of the damage. It could take months and, in some cases, years to truly understand what information was stolen.  Furthermore, hackers could have stolen government employee information, financial information and more from New Orleans.

Moreover, they will have to contact financial institutions and implement new procedures to address cyberattacks like this as well as increase security on their networks.

This begs the question, if State governments have to shut down entire systems and declare a state of emergency to deal with a cyberattack, what will it cost a small business?

Since the attack in November, The National Governors Association (NGA) has urged states to develop a formal continuity plan for responding to cyber threats. Additionally, cyber forensic experts will need to be brought in to investigate the breach.

New Orleans Government Cyber Attack Statistics

 

Cyber Response Plan

The NGA released a State Cyber Response plan in July, that governments are developing and 15 states have made their plans public.

Without a doubt, the impact of ransomware attack is nothing to scoff at and governments are learning the hard way. Ultimately, having a continuity plans in place ensures recovery from a breach runs as smoothly as possible.

Cybercriminals Declare Hunting Season

The FBI issued a warning in October declaring an increase of cyberattacks on “big game” targets. These are targets with money and sensitive information, willing to pay ransoms to restore their systems.

That doesn’t just mean local and state governments, municipalities and agencies. For instance, hackers often target businesses, hospitals, accounting firms and financial advisers for their data.

Additionally, businesses have to adapt and invest in security if they expect to succeed. The first of several security lessons: no one is too big or to small to get hacked.  Sensitive data is always in high demand. More importantly, dark web marketplaces, like Joker’s Stash, are always willing to sell it.

The Future of Cybercrime

Researchers warn that ransomware attacks will intensity in 2020. What’s worse, attacks are getting more sophisticated.

On the other hand,with the year coming to a close and a new one beginning, now is the perfect time to audit your IT infrastructure and verify it’s competency against these types of threats. Fortunately, 2020 will also see the rise of things like cyber insurance, AI and cloud-based security solutions.

Transitioning to a cloud-based solution, like a hybrid cloud,  might help industries across the board avoid scenarios like the ones in Louisiana.

You can read our article on how businesses can protect themselves from a cyberattack.

If you want to know more on cybersecurity news, the cloud, managed IT services and more contact us or visit our blog.

 

DoorDash Gets Data Dashed After Breach

DoorDash Data Breach

The food delivery company DoorDash was compromised on May 4th 2019. The company said the data breach exposed the data of 4.9 million users, delivery workers and merchants. Fortunately, users who made accounts after April 5, 2018 were not affected by the breach. However, the breach exposed names, phone numbers, order histories, email addresses, and password information.  DoorDash said the breach happened through a third-party service. If it can happen to them it can happen to anybody and too often, it does.

DoorDash said in light of the hack, it took additional security steps to secure user data. It added security layers around the data and brought in outside consultants and experts to further identify and repel potential threats.

The company also said hackers obtained the last four digits of users’ credit card information. The customers’ full card numbers were not obtained, nor were the card verification values (CVV). The hackers also managed to steal the driver’s license numbers of about 100,000 delivery workers.

Hashing

DoorDash uses a method of encrypting data called Hashing. Hashing is taking a way of representing data in the form of a series of symbols. Moreover, it allows you to take an input, say a password, of any length and turn it into a string of characters that turn out to be the same length.

There are algorithms, like SHA1 and SHA256, that do this for you and generate unique hashes. They will take a name like Thomas Johnson and turn it into something that resembles “aeb4048c96b086739900f4f4144cd1f5”. The good thing about these hashing algorithms is that there’s no way of reversing the process. If someone had access to the hash, they couldn’t reverse engineer the name. At least in theory.

Brute Force-Attacks

There is are some methods of getting the non-hashed password or information hackers often exploit, sometimes quite successfully. One of these methods is called a brute force attack or a dictionary attack. The hackers take a long list of passwords and run it through the appropriate algorithm. Then the hacker looks at the hash they wish to recover and look for it in the list of hashes. Like looking for a number in the phone book when all you have is a name. If they find a hash in the list that matches the one they have, they simply look at the plain text version on their list.

If you couldn’t tell, this is a very intensive process. However, experienced hackers will use huge word lists and run them through their systems. These systems can analyze passwords in a matter of seconds.

Hash Collision

Hash collisions happen when two sets of data correspond to the same hash. This is very rare but useful. The hacker would be able to use a series of characters to access your account since it generates the same hash as your password.

Doordash assured its users and the cyber community that the hashing routine used salt to increase its complexity. No, not actual salt. “Salt” in cryptography simply means adding random data to the input (the password going into the algorithm)  so the hash is unique. This decreases the chances of a brute force attack or a hash collision.

Adding Salt to a Hash

Hashing isn’t full proof. It’s very deterministic, meaning a certain input will always give you the same output. Thomas Johnson as an input will always produce the same hash. So, if two people coincidentally use the same input for a password, they will both generate the same hash.

Adding salt to a hash means you take a random variable of a specific length and add it to the input. So, even if the input itself isn’t unique, the variable makes the hash unique. Metaphorically adding salt gives the hash a more distinctive flavor.

Despite the fact DoorDash took these extra precautions to encrypt their users passwords, experts suggest that any user affected by the breach should change their passwords to something as complex and secure as possible.

It’s Common

Unfortunately,  data breaches like the one in DoorDash occur fairly often. The more sensitive the information the more lucrative the hack will seem to a cybercriminal. That’s why the healthcare, accounting and financial services industry are often targets of cyber-attacks. 71 percent of breaches in 2019 were financially motivated, meaning hackers are looking to get information they can use to enrich themselves. Then, company that regularly deals with clients’ financial information would be a prime target. Doordash has credit card information to facilitate purchases but accountants and financial advisers have much more specific information.

That’s why managed IT for Finance and accounting is so important. Companies take their IT infrastructure for granted, often times, because they see it as an extra expense not a necessity. However, security is an expectation not a luxury. Providing managed IT for accounting and fiance is mostly about planning with compliance and security in mind.

That’s why agencies regulate these types of companies . Many compliance laws force industries like fiance and accounting to maintain high levels of security. That way, financial information isn’t compromised. Yes a thief is blamed for a robbery, but if the bank has poor security and didn’t install security cameras to cut costs, the bank is just as much to blame. This metaphor might simplify things a bit too much, but sadly that is the case for many industries. They don’t invest in newer cyber security because they’re too small to get attacked. Other times companies will think the security measures they take are good enough.

Small Sized Businesses are More at Risk

If a business owner reads this article and thinks to themselves, “I’m not Doordash, I run a small accounting firm,” they’re sadly mistaken. As a matter of fact, 43 percent of data breaches in 2019 targeted small businesses. People only take notice of the breaches occurring in large companies like Doordash and Capital One because those make interesting news articles and blogs. More often, it’s the smaller companies that suffer the greatest losses. 60 percent of small companies go out of business within six months to a year of a cyberattack. This is a number taken from the U.S. National Cyber Security Alliance.

Most of these breaches occur because a low level employee does something wrong. They open an email that contains malware, they don’t secure their passwords, they expose valuable information on social media, they are victims of an elaborate phishing scam. Nerds Support works as a financial cloud provider giving extensive training, security protocols, policies and procedures within the company.

Now, notice how they published a blog regarding the incident. They didn’t have to do this. DoorDash could’ve gone to the press but they knew it was important to retain a sense of confidence in the company. The company needed to tell as many people as possible that everything was taken care of. That’s obviously because perception builds trust and trust is the currency that builds companies.

A Data-Breach in Trust

If a breach occurs it’s highly likely that confidence in the companies ability to secure sensitive data will decrease. Restaurants have gone out of business because a customer found insects or filth in their foods. Companies fail more often from a decline in trust than anything else.

Nerd Support provides FINRA approved cloud storage to financial firms because keeping with industry compliance creates a safer digital environment for both the company and its clients. If someone is looking for a firm and sees it’s following all regulatory and security standards, then it’s a subconscious relief that builds confidence in the firm.
That being said, IT solutions for finance differ from the solutions other companies need, but all industries are regulated to some degree.

What can you do to Avoid a Breach?

Create a business continuity plan. This will mitigate the impact of a breach and ensure your business survives and recovers. DoorDash has one, which is why it immediately took steps to bounce back from the attack. The company added new security measures to their systems, hired outside consultants, and took to social media to update everyone on the status of the company. There is no doubt the company discussed all of this at some point in it’s history.

This was a swift and comprehensive move on DoorDash’s part because they knew the longer it takes to act after a disaster the bigger the losses.

Delete all emails, links online posts that you suspect might lead to a virus or data-breach. These are how many cybercriminals steal information.

Update and secure all software. This is often overlooked but it can be one of the best defenses against malware and viruses.

Encrypt sensitive data. Like DoorDash, encrypting sensitive data will make access to it difficult at worst and nearly impossible at best. Encrypting data is just converting data into another form.  Like hashing a password by turning it into a series of numbers and letters. Nerds Support encrypt its partner’s data and store it in a highly secure data center. We focus more on software encryption but you can also encrypt hardware.

DoorDash is just an example of what can befall any company in today’s world. Companies experience hacks, data  leaks, and personal data’s constantly stolen. The threat is more visible to the public now as larger companies fall victim to attacks. Cyber-crime is the world’s highest paying business, estimated in the trillions of dollars.

Business owners need to take action. If they don’t do anything, they’re just waiting to be next

Plantation gas leak aftermath

Plantation Gas Leak : Always be Prepared for any Disaster

Over the weekend, there was a gas explosion in the South Florida city of Plantation.  23 people were injured and the former PizzaFire restaurant was destroyed more than 20 local businesses were damaged and closed. Dozens of people’s livelihoods were disrupted by this disaster, leaving many wondering what their next move should be. Many businesses rely on some form of IT to help run their business.

When you have in-house IT, if something happens, you could lose everything and if you don’t chances are recovery will be painstakingly difficult. You are at the mercy of the elements, a victim of circumstance. You don’t really think about it, but you’re always vulnerable, and life offers no guarantees.

Chances are, no one going to work that day planned on having their business damaged in a gas explosion.  Yet it occurs without warning. If the lights go out and the infrastructure of your workplace is compromised, that could mean days and weeks spent trying to recover, which takes a huge toll on you and your business.

Crews spent that Sunday closing off the Plantation site by installing metal chain-link fencing. If you’re unable to access your workspace due to damages that could also inconvenience you and your staff. Cloud computing can be the solution to these very real issues. It provides the freedom and flexibility to manage these types of unpredictable situations and can mitigate losses tremendously.

Cloud Computing Benefits

 The cloud allows you to back up your files, applications and even desktop computers so that you can operate virtually from anywhere at any time. If some unforeseen travesty occurs, your business won’t be at a stand-still. Your employees won’t be sitting around waiting for your office to relocate or reorganize. If your computers get damaged or destroyed in an event like the one in Plantation, all you’ve lost is hardware. All of your data is secured, encrypted and protected by a network of servers that are independent of physical machines.

Nerds Support, for example, has a team of dedicated specialists that can provide a business continuity plan and help reestablish your routine workflow within hours of an event. You’ll have access to all your data and can continue working unimpeded. Cloud computing makes any place your place of business. You don’t have to look for a temporary office space or wait around helplessly for the city to clean up the damage or clear any obstructions. Dealing with the event itself is strenuous enough.

Visit our website where we have free e-books on how cloud computing can protect your business from natural disasters, accident, and even cybercriminals.

Like the old saying goes, “You can plan a pretty picnic, but you can’t predict the weather.” Let Nerds Support and the cloud be your umbrella.

*image by Daniel A. Varela, Miami Herald