Article originally written by ATI partner AT&T Business

Is your organization prepared? Is your security maturity advancing? Are you concerned with meeting compliance privacy regulations? At AT&T, we help organizations minimize risks, manage security operations effectively and work toward meeting compliance requirements.

Organizations often struggle to get the visibility they need to truly understand their cyber risks and to address regulatory compliance requirements. What’s more, organizations struggle to maintain this visibility as their environments and risks change with new digital business transformation and cloud computing initiatives. This is especially true for organizations with limited IT resources. IT-constrained organizations often juggle multiple security products and vendors to address cyber risks and compliance, while also managing internal security policies and working to stay on top of changes in the regulatory landscape. And, they’re managing this amid their own, continuous network changes and a shifting threat landscape.

With unrivaled visibility across data, network and devices, leading insights from AT&T Alien Labs and our open source threat exchange, we can anticipate and act on threats to protect your business. We’re delivering a new era of transparency, giving you confidence in your decisions, your data, and your partnerships.

Every organization’s security program is unique in its maturity, architecture, resources, and risk tolerance. All too often, products and services for cyber risk and compliance management are packaged and priced exclusively for large enterprises. They are often rigid and do not easily adapt to your existing program or business objectives. AT&T Cybersecurity offers flexible solutions and services that align to the goals and budgets of your organization, while making it simple and fast to purchase, deploy, and get started. Select any product or combination of products to meet your needs and budget, and choose a deployment model that best suits your IT resourcing, either self-managed or as a co- or fully managed security service.

Security

10 Easy Ways to Improve Your Security Posture

By Jeff Becker on

July 16, 2019

- Security

No matter what type of business your company conducts, even if it is technology-based, your business can benefit from an outside set of eyes. The technology and data surrounding cybersecurity are constantly changing and evolving. This means that while you may have some of the most brilliant tech minds around grinding out your code, their focus is not necessarily security — and the result is vulnerability.

In the past year alone, two out of three small business have suffered a cyber-attack, according to Ponemon Institute, making cybersecurity a definite problem for small and mid-sized business –and one they need help addressing.

This month’s download, 10 Easy Ways to Improve Your Security Posture. These ten tips are simple and relatively quick to deploy; every bit of protection helps and these suggestions can help provide direction and peace of mind.

DOWNLOAD HERE

Security

Securing the Mobile Workforce

By Jeff Becker on

July 11, 2019

- Security

It’s interesting to note that device loss accounts for 41% of breaches, compared with 25% that derived from hacking and malware, according to Trend Micro. Overall, there has been a 300% increase in mobile device OS vulnerabilities since 2011, and businesses are realizing the increasingly critical need to protect the company—and customer data. As networking environments have evolved, IT departments adapted to growing security threats in mobile devices. Cabir, the first virus that infected smartphones, reared its ugly head in 2004, and by the time iPhones and other smartphones emerged, a whole new generation of security woes had been born.

More than half of organizations have identified employees as the source of a major security breach, either due to falling victim to phishing, using unapproved apps, using unsecured Wi-Fi networks or through simple human error. In a report by Apricorn, nearly 20% of organizations believe their mobile workers don’t particularly care about security, with one in three experiencing data loss as the direct result of their mobile workforce.

In this age of “supermobility” in which mobile devices provide all the tools employees need to be productive away from the office and IoT initiatives increase, there are a seemingly infinite number of endpoints that need to be secured. Mobile device security is the measures taken specifically to protect sensitive data stored on portable devices. Additionally, it refers to the ability to prevent unauthorized users from accessing mobile devices and the enterprise network. Devices that require protection of this sort include laptops, tablets, smartphones, wearables, and other portable devices. Today, the majority of businesses are using these devices to conduct routine business and the devices themselves could contain hundreds of gigabytes of private data on them—everything from healthcare information to customer credit card and social security numbers and more.

While the first instinct might be to lock everything down like Alcatraz, company security policies, an efficient security posture and back up plans for mobile devices can help align policy with culture and avoid the airtight seal on the organization.

In an article in Computerworld, Adrian Duigan has some suggestions about establishing a successful security policy; in addition to the suggestions we’re digging into in this blog post, here are a few other considerations to consider when implementing or updating your company’s security policies:

Check out what organizations similar to yours are doing
Ensure your policy conforms to all legal requirements
Overprotection could be a liability, as well; sometimes an Employee Code of Conduct may be all you need
Include staff members in policy development; being a part of the process not only helps with policy adoption, it also makes them a part owner in its success
Make sure your policy is in writing and that all employees have acknowledged their acceptance of the policy in writing
Set clear penalties and enforce them

Employee training

Security awareness training should be rolled out to all existing mobile workforce employees and become a part of on-boarding for new employees. This training should be held annually as both a refresher and a to update any outdated information. Similar to in-office security training (such as keycard usage and clean desk policies), the training for a remote workforce should focus on things like the dangers of public Wi-Fi spots, the usage of removable media (such a USB drives), what to look for in phishing emails or spoofed accounts, and the security and password requirements for smartphones, laptops and other mobile devices. Ensuring that the policy put in place is representative of the overall culture of the organization is a key factor in guaranteeing that employees will follow the policy once it’s rolled out.

Mobile Device Management

Work with a mobile security vendor who can help IT with adding and provisioning apps, policies and devices. IT can then better and more easily activate users, set policies and restrictions, deploy apps and connect to VPN, configure email, connect to Wi-Fi, intranet sites and other resources, remote lock and wipe. Deploy multi-factor authentication (MFA). MFA is a critical component that is virtually no cost, a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction. Combining two (or more) independent credentials consisting of a combination of three things: what the user knows (their password), what the user has (a security token) and/or what the user is (biometric verification). This layered defense makes it more difficult for an unauthorized person to their target (in this case a mobile device). If one factor is compromised or broken, there is still one more line of defense in place before the attacker can successfully break into the target.

BakerHostetler’s 2019 Data Security Incident Response Report notes that raising employee awareness and employing multifactor authentication are still two of the best defenses to address the employee risk factor. “Now more than ever, mobile devices have a target on their back,” said Mike Feibus, principal analyst with FeibusTech. “It’s ironic, but the more mobile devices are used as a multi-factor option to secure PCs, the more desirable they become to hackers. And as everyone knows, where there’s a will, there’s a way.”

Virtual private network (VPN) technology was developed to enable remote users and satellite offices to access corporate applications and resources, securely. Previously, VPN’s were created for fixed networks with high bandwidth and relied on the user having a stable IP address. Now, forward-thinking companies are applying this same technology to their mobile workforces to enhance the privacy and security of their devices. Special care should go into determining which VPN provider is right for your company. Make sure to consider the type of devices, the devices’ OS and the VPN hardware to ensure the solution is a good fit for each of these.

Understanding the risks

It’s easy to underestimate the risk mobility provides to an organization. Whether used by in-office personnel or a remote workforce, mobile devices should not be the source of truth for any of your data. Companies should operate on the assumption that a stolen, misplaced or breached device is highly likely, and therefore plan, accordingly. Examples of this preparation include backing up mobile devices, daily and ensuring that a data classification policy is put into place and followed; allowing users to make more informed decisions about the data that can or should be copied to a mobile device and what data should never leave the network.

Data loss costs companies more than you think. According to cloud data protection company, Druva, “every lost laptop costs an organization approximately $49,000.” These costs are obviously not related to the actual value of the device but rather the value of the data on the device, the loss of intellectual property and the impact of potentially compromised proprietary data. Add to that the inevitable loss of productivity/employee downtime and the financial impact of that data loss increases even more.

In 2018, the University of Utah Eye Center identified that a computer and its associated external storage device had been stolen from their facility. Due to data privacy laws, the university was required to notify more than 600 patients that their protected health information was potentially at risk. As an added measure, they also proactively established a dedicated call center to help the affected patients navigate the aftermath. The potential damage to the Eye Center’s reputation could have reached a point of no return if the University hadn’t mitigated the damage and proactively attempted to retain their patients’ trust.

Security

3 Observations of Cybercriminals on the Dark Web

By Jeff Becker on

April 11, 2019

- Security

Article by ATI partner Dan Kaplan of Trustwave

Not long ago, researchers from the Trustwave SpiderLabs team documented several storylines that emerged from their sojourns to the dark web. The goal of their probe into the underbelly of the internet was to remove the natural disconnect that occurs between cyberattack victim and their assailants.

For many, the dark web is a mysterious and untouchable place, with little being known about it beyond that it is, at least in certain parts, a hotbed of criminal activity.

But once the veil is lifted on the criminal community populating the far recesses of the internet, a much more organized picture emerges, one resembling anything but dysfunction. In fact, the makeup is so bustling and orchestrated that organizations like yours can extract enormous insights and trends by studying it, including expanding knowledge into the latest hacking techniques, malicious tools and what stolen data is being sold.

Of course, not everyone is savvy, experienced, curious or brave enough to visit the web’s nether regions. Which is why the Trustwave SpiderLabs team is always happy to take the lead – and chronicle what they find along the way.

Here are some of the stranger impressions our researchers took away from their most recent investigation.

1) Dark web dwellers don’t take kindly to malware infections (of each other).

A set of 17 forum rules our researchers stumbled upon wreaked of irony from start to finish – including an admonition not to post any personal information about fellow members – but perhaps none more than No. 3: “Don’t attempt to infect members with trojans, viruses or backdoors.” The truth is, rules like this must exist for an organized system to fully function and flourish. It’s no wonder that professional cybercrime is booming.

2) They are grooming the next generation of cybercriminals.

Like any well-developed economy, the cybercriminal underground requires tasks of all specializations, right down to the lowly duty of data entry. But to attract the right crop of people to these “entry-level” positions that require little skill, leaders must appeal to the interests of youth – and they do this by graffitiing job offers, leveraging popular communication platforms to hawk the openings and using slang. The goal is much larger than finding someone to fill a CAPTCHA solver role: Cultivate a career cybercriminal.

3) They love the gig economy for washing their dirty money.

Capitalizing on the ride- and home-sharing boom, crooks who need to launder their ill-gotten proceeds recruit drivers and hosts who never so much as need to put a car into drive or make a bed. Instead they perform fake rides or accept fake visitors, receive “payment” from the “customers,” and then the funds make their way through legitimate company systems and come out clean on the other side. Part of the money is then paid back to the criminal, and the person who played driver or host walks away with a tidy profit for minimal effort.

Article by ATI partner Dan Kaplan of Trustwave

Security

6 Spam, Phishing and Malicious Email Trends to Watch For

By Jeff Becker on

March 21, 2019

- Security

Article by ATI partner Dan Kaplan of Trustwave

Cybercriminals aren’t going to exert more effort than they have to. For all the talk of the sophisticated investment required to discover and exploit vulnerabilities to obtain a foothold into a targeted environment, email remains a perfectly welcoming – and far more time- and cost-effective – medium.

The payoff is simply too good for cybercriminals. Of course, that doesn’t mean attackers aren’t shifting tactics or developing innovative ways to take advantage of this low-hanging fruit and stay one step ahead of the defenders.

As always, knowledge is power when it comes to combatting the latest cyberthreats. Here is what Trustwave SpiderLabs incident investigators are seeing in the world of email.

1) Sextortion Messages

There is a rise in email-based blackmail, in which malicious senders attempt to trick users into believing that an attacker has obtained embarrassing information about them visiting pornographic websites and has collected pictures and audio from a hacked webcam. The sender threatens to release the allegedly compromising content to everyone in the victim’s contact/friend list or upload to their social media profile unless a payment is made (usually in cryptocurrency). For additional reading on this particularly terrifying threat, our Fahim Abbasi covered produced two blog posts.

2) IoT Botnets Delivering Spam

A collection of compromised IoT devices can form a formidable botnet (as was evident when Mirai arrived on the scene in late 2016) and the susceptibility and sheer growth of connected smart devices is providing a conducive pathway for more to emerge. Most of the action we have observed has been because of home routers, which failed to undergo proper patching as these devices rarely receive any kind of support after their release. Many of 2018’s biggest botnets used 5- or even 8-year-old vulnerabilities in router/modem firmware. These include Pitou, Type52 and Xinbot

3) A New Host Nation

Brazil has risen as a new source of phishing and banking attacks. Campaigns from this country were mainly targeting Latin American financial institutions, but customers from other regions, predominantly North America and EMEA, were affected as well.

4) File Extensions

As more users are trained to recognize tell-tale signs of phishing and spam, such as misspellings, grammatical errors and language issues, well-crafted messages greatly increase attack success rates, as do the usage of popular file types, a common way for malicious actors to mimic third-party communication and avoid detection by traditional email security. Most attachments used in malicious email files continue to be file formats related to message visual aspects (.gif .js) and MS Office documents (.xls and .doc) with malicious macros.

5) Emotet

This banking Trojan obtains financial information by injecting computer code into the networking stack of an infected computer, allowing sensitive data to be stolen via transmission. Emotet is often concealed in documents delivered through emails that pretend to be from financial institutions. The emails came with a Word document embedded with malicious macro code. Once executed, the code downloads and runs Emotet. The malware is not the final payload, though, as it acts as a downloader for additional malicious code.

6) Supply Chains

Attackers are increasingly use the supply chain in their email evil-doing, utilizing legitimate business partners – which are the victim of an initial attack – to distribute phishing/spam emails by using compromised legitimate addresses. Most of these third-party companies are unaware that they were spreading malware to all their business contacts. This approach increases ingress success rates for attackers by adding a “trusted” source of communication.

Article by ATI partner Dan Kaplan of Trustwave

Security

Big Threats Bigger Responsibilities

By Jeff Becker on

March 11, 2019

- Security

Technical advancements breed new and greater security threats and digital transformation initiatives opens the door to larger gaps in cyber-defense strategies.

Threats and vulnerabilities will continue to flourish. In 2017 alone, the increase in annual data breaches was close to 30% (2017 Cost of Cybercrime Study, Accenture). This will increase and the problem isn’t access to enterprise-grade security methods and strategies. Instead, the lack of understanding what products fit within the your current environment and the ‘it won’t happen to me’ mentality ends up leaving businesses vulnerable.

The Reality: Security continues to simmer on the back-burner. 65% of companies believe they have appropriate in-house security measures in place, yet 80% have been victims of a successful cyber attack or breach in the previous year.

Learn where to start adding security to your portfolio with this eBook.

Security

Top 4 Security Vulnerabilities

By Jeff Becker on

November 1, 2018

- Security

Securing information is becoming more important than ever. Damages from cybercrime are expected to exceed $6 trillion annually by 2021. Malware is constantly evolving; DDoS attacks are on an exponential rise and ransomware is no longer just a threat to enterprise organizations, but to every company that is online.

With state-sponsored cyberattacks growing in frequency and sophistication and threat actors being governments and professional organizations who focus on hiring the best talent, the profile of a cybercriminal is no longer an early-twentysomething hacking from his mother’s basement.

It goes without saying, the cybersecurity field is in HIGH demand. There is a negative unemployment rate and a huge skills gap with an expected shortage of 2 million positions by 2019. Only one in three IT leaders believe they have the skills in-house to address their needs. That means demand for security professionals and solutions is only growing and it comes from businesses of all sizes and industries.

The biggest vulnerabilities companies face include:

DDoS Attacks

A distributed denial of service (DDoS) attack is an attempt to block an online service by flooding it with traffic. You may be familiar with last year’s DDoS attack on Dyn which disrupted thousands of sites across the US and Europe. For any company that has a mostly online presence like an ecommerce retailer or someone who captures leads online, a DDoS attack could be very costly to their business.

Malware

Short for malicious software, malware comes in a number of forms from viruses and worms to spyware and Trojans, all designed to be undetected and transmit personal data. Credit card numbers still have their value but it is pennies compared to the premium paid for healthcare records on the black market. These threat actors make their way in through social engineering, outdated software, EOL machines, non-password protected IoT devices and basic human error.

Ransomware

Ransomware happens as a result of social engineering and phishing schemes and attempts to extort money out of victims by locking them out of their files. No matter how smart people are, they do stupid things like click an email from a “Nigerian Prince”.

Social Engineering and Human Error

Referenced as a cause for all the items listed above, human error happens. The best line of defense against these cyberthreats is well trained personnel. As attacks become more sophisticated, even the most email-savvy employees fall victim to social engineering. Poor password hygiene and incomplete exit strategies for departing employees also leave companies in vulnerable positions.

So where to start? We are here to educate and work together on a strategic road-map. Let’s start with a no obligation security assessment.

Security

Managed Security Services Provider Survival Guide

By Jeff Becker on

October 30, 2018

- Security

Article by ATI partner Craig D’Abreo from Masergy

Do you need a survival guide to find the right Managed Security Services Provider (MSSP)? Forrester Research and Masergy have joined forces to help you navigate the world of outsourced security.

When firewalls materialized in the 1990s, protecting your network was easier, and outsourcing cybersecurity to a service provider wasn’t necessary. Today, however, it’s a very different story. Defending your network from sophisticated attackers requires a laundry list of services and technologies that must correlate data from multiple devices and sources. When you factor compliance requirements and government regulations with a rapidly growing list of security incidents and seemingly never-ending alerts to monitor and distill down to a short list of high-priority actions, it’s easy to become deluged by the responsibilities. Security has become an untenable situation for most IT teams, stretching personnel resources and budgets to the max.

To survive, enterprises need outside partners with solutions that ingest data from a wide variety of sources, leveraging machine learning and behavior analytics to discern what’s normal and what should sound the alarms. A must-have for any enterprise is a 24/7 dedicated team of internal resources in place to monitor and manage alerts and incident response. Building such a team often stretches internal IT resources even further, and requires a large budget to cover:

Staffing
Facilities
Equipment/tools
Training
Compliance

The security market has become so saturated that it’s difficult to navigate the plethora of products and services in order to make a smart decision about who and what should be trusted to protect your most important asset–your company data. However, choosing an MSSP can also be daunting, because the selection process is about more than just the features of a given cybersecurity product or solution. It’s a contract to deliver services over a number of years, and once selected, you’re committed to learn to work with your MSSP.

When selecting new technologies and services, questions that are often asked are:

What should I be looking for in a managed security service provider?
Are there industry gold standards that set the best of the best apart from the mediocre MSSPs?
What questions should I ask potential MSSPs before placing my organization’s well-being in their hands?
How does a Security Operations Center (SOC) work? What does the escalation process look like? What will be required of my team?
And finally, what data will need to be exchanged on a regular basis, and how is that data secured?

We find these questions are best answered by the experts. That’s why Masergy has partnered with Forrester Research, to provide you with a survival guide that will assist in your search for the right MSSP. Forrester Research’s Principal Analyst Jeff Pollard and Masergy’s V.P. of Security, Craig D’Abreo have joined forces to help enterprises chart a course for more informed cybersecurity decision making. During the June 13, 2018 webinar, The MSSP Survival Guide, they will discuss the tips you need to know and the traps you need to avoid as you map out a comparison strategy to identify the best partner for your needs.

Article by ATI partner Craig D’Abreo from Masergy

Learn more about Managed Security.

Security

Protect from Evolving Ransomware Threats with Vigilant

By Jeff Becker on

October 25, 2018

- Security

Article by ATI Partner Chris Nyhuis, CEO – Vigilant

In today’s world of Cyber security Incident Response we are seeing evolving threats that are no longer detectable by standard detection. You heard that right, effective evolving threats that can move around artificial intelligence behavior analytics and SIEM. To make it worse, if the security services/solutions you are using are easy to purchase that means threats can purchase them also, testing in their labs prior to attacking bringing them success on the first try.

One of these evolving tactics is in the realm of ransomware. Traditionally, Ransomware was thrown to the wind by the attacker, hoping to hit a random company who the attacker could charge a lion share of bitcoin after encrypting all their data. This approach was successful for quite some time, however, the good guys realized that with the proper backup strategy a company can respond and recover the encrypted data fast taking the wind out of the sails of the attack and money out of their pockets.

Ransomware went dormant for a while, which for us in the security community, meant there was some re-grouping and that there would be another trick up their sleeve. Silence means a wave is on the horizon.

Here’s what they are doing now and it’s ingenious.

Attacker enters the company using everyday malware, not anything special.
Next they manually jump off of that original computer before it’s cleaned by AV and pivots to a few other systems so they have redundancy in the control of the network.
The attacker then manually identifies and takes over critical servers within the customer’s environment. Notice the manual actions here – it’s not easy to detect manual attacks so most organization’s security solutions will miss it.
- They take over the following:
  - Firewalls – Ability to Defend
  - Exchange – Ability to Communicate
  - File Servers – Customer’s Data
  - Active Directory – Ability to Control Access
  - Backup Servers – Ability to Recover
Once they are on all of these they do a surgical encryption of these systems. Not widespread, surgical and at that point the company’s entire data structure and recovery ability is gone.

Did you see that? The attacker took out a company’s ability to RECOVER by destroying their backups! You can see that the threats your customers face each day are not automated dumb attacks. Threat actors can make significant revenue with these attacks, they are smart, agile and evolve in minutes. Vigilant’s been contacted by three companies in the last week ranging from 10 Million in revenue to 2.2 Billion in size completely encrypted and shut down. Two of them will go out of business and one will recover. The hard part for us is knowing that if we were there prior to the attack we could have stopped all three from happening. Vigilant is a Security as a Service organization who specializes in:

Intrusion Detection
Intrusion Prevention
Incident Response
Targeted Vulnerability Management

Vigilant performs a 5-Day no cost threat assessment for your customers to show them a much different and effective approach to security. Schedule one today.

Article by ATI Partner Chris Nyhuis, CEO – Vigilant