What are the four questions every CEO should ask after a breach? According to an article on inc.com they are:

1. What information was impacted?

All information is not created equal or valued equally. In general, Personally Identifiable Information (PII) is valued more highly by both cybercriminals and regulators. This means that the ramifications for losing this type of information are greater than for losing other types of more generic information.

2. How many customers were impacted?

Of course, the more customers, the worse the breach in general and the more likely you are to find yourself in the press. But beyond that, the size of the breach determines how you will notify the victims and whether or not you may find yourself in a class action law suit.

3. What geographies were impacted?

Breaches are handled differently in different parts of the world. Who you must report to, how quickly you must report and what is considered personal information all varies depending upon who has jurisdiction.

4. Do we have logs?

Logs are the history of what actions took place on a database or server. Logs are crucial! They hold the entire history of the event and the more accurate and detailed the better. Without good logs your technical team is at a huge disadvantage when attempting to piece together how the breach occurred and what actions were taken in response.

Your Quick-Start Road Map

In summary, knowing what information was compromised, how many individuals were impacted, where they were impacted and how well your team and security measures responded to the breach provides you and your C-Team the information you need in a capsule summary format.

You will quickly know what types of ramifications to expect and what other resources you will need. Of course, as the event continues to unfold you will need additional, more granular information but the answers to these four simple questions will serve you well as a “quick-start road map” to your journey ahead.

The Case for Managed Security Services

If an ounce of prevention is worth a pound of cure, then Konsultek’s managed security services may be the best way to keep your organization out of the headlines and focused on your core competencies. To learn more about the advantages of managed security services, please give us a call.

 

 

read more

Closing on a Home? Beware of Spearphishing

On November 3rd, 2017, posted in: spearphishing by konweb

We’ve highlighted spear phishing in the past and noted that what makes it most effective is when one of the parties carries some level of authority; there is a legitimate/expected reason for this authority to be contacting the victim and there is a large sum of money in play.

The Home Closing – The Perfect Spearphishing Opportunity

You have to hand it to the cybercriminal mind. When homeowners are going to closing you have:

1. An authority figure [Title or Escrow Agent]

2. A reason for that authority figure to be contacting the victim [Funds needed for settlement]

3. Large sums of money [Settlement funds].

According to an article in the Chicago Tribune this scam is growing in popularity because it works so well and yields enticingly lucrative profits.

How the Scam Works

The scam is pretty simple. It begins by the hackers finding a vulnerability in the title company’s or real estate company’s email system. Once inside, the hackers track upcoming closings and prior to the legitimate request for funds being sent to the victim, the hacker’s send their own request for funds which conveniently funnels the funds into a bank account they control.

It’s only days or weeks later when the real request comes through that the victim realizes that they sent their money to a criminal, not the title or escrow company.

“It’s unbelievable how often this is happening,” said Jessica Edgerton, associate counsel for the National Association of Realtors in Chicago. And now real estate clients who’ve been scammed are fighting back, seeking recovery of funds through the courts and turning to an FBI weapon that has been little known to the general public: the “Financial Fraud Kill Chain.”

Funds Lost Forever?

Unfortunately, it seems as though the victim is frequently left holding the empty bag when these crimes occur. As reported in the Chicago Tribune article, the FBI can help with recovery if:

  • The wire transfer was $50,000 or more in value
  • The wire transfer was international
  • The bank issues a recall notice
  • The FBI is informed of the details within 72 hours.  .

Be Diligent, Follow-up and Use the IC3

If you are going to settlement you can help protect yourself by looking for inconsistencies in instruction and following up by phone or in person with the party requesting funds to make sure that the request is 100% legitimate. And, if you sense something has gone awry using the reporting tool we highlighted just a few posts ago at www.ic3.gov

Is Your Security too Much to Handle?

Konsultek can help! Our managed security services allow even the smallest organization to have world-class security without the need for massive capital and human resource investments. Give us a call today to learn why more and more organizations are turning to Konsultek for their managed security solutions.

 

read more

In a recent Forbes.com article author Guarav Banga Founder and CEO of Balbix makes the case that the cyber security needs of all organizations fall into one of three classes.

The Needs of the Security Unready

Still an alarmingly large group, the “security unready” are represented by organizations that despite the overwhelming body of evidence regarding the need for heightened security, have implemented few if any modern security processes and technologies. For some in this class their lack of security represents a naïve, misplaced sense of “it can’t happen to me”. For others, the root cause can be traced to budgetary or talent restraints. And for still others, a sense of “if ___________ was hacked (fill in the blank with any of the day’s latest victims [SEC, Target, Home Depot…]) how am I supposed to protect my organization” leads to the conclusion that heightened security is ultimately pointless.

The Needs of the Security Mature

In this second class are those who have been playing the security game for awhile now. These can range from huge multinationals that have spent hundreds of millions bolstering their network security at one end of the spectrum to other smaller organizations whose outlay has been less but on a proportional basis have invested significantly in their security. A common theme among them is that they are often drowning in information, data and alerts to the point where it is difficult to see the forest (the REAL threat) for the trees (false positives).

The Needs of the Everybody

As citizens of the connected world we all make decisions on a daily basis that impact the security of our identies and personal information. We live in a world where better coordination amongst private, public and government organizations can help us as individuals and as members of organizations.

Konsultek Can Help No Matter Where You Fall

In reading Mr. Banga’s piece it struck me that we at Konsultek can help you no matter where you fall. For the “security unready” we can assess your vulnerability and more accurately quantify the probability and liability of a risk. If manpower or capital is a constraint our managed services model can give you access to world class security without breaking the bank.

For the “security mature” we can help put processes, protocols and technologies in place to filter out the noise and confusion, allowing you to see significant events more easily. This approach is just part of our holistic approach of prevention, detection and response built around platforms from Palo Alto, FireEye, Firemon, CheckPoint and Forescout.

For the “everybody” we are strongly committed to building a security culture not only in the organizations we work with daily, but as citizens of the wider community. This blog is just one example of how we continually strive to educate and inform everyday people on what is happening in the world of security.

Have a network security or need? Give us a call. Our team is always happy to help!

 

read more

Most frequently when hacks and breaches are discussed in the news and on this blog the focus is on the quantity and quality of the information lost.  How many records? What type of information?

But there is another side to the aftermath of a breach that gets less coverage, is a bit harder to quantify and doesn’t make for quite as exciting headlines. That is the impact that a breach can have on your brand and its reputation.

Damage to Brand Reputation #1 Concern

Buried in the 29 pages of this year’s The Imperative to Raise Enterprise Risk Intelligence from the Ponemon Institute was the chart below:

 

 

 

 

 

 

Source: Ponemon Institute

So while organizations fear a cybersecurity breach and cybersecurity breaches can have huge financial ramifications as Home Depot, Target, FedEx and Maersk can attest, the fear of reputation damage is even greater!

Does a Cyber Breach Damage Reputation?

The simple answer is yes! Both reputation and customer trust are compromised when there is a security breach and this is true for organizations of all sizes. As Tim Critchley, CEO of Semafone said in CSOOnline last year

“…the reputational damage suffered by companies who fail to protect personal data can translate directly into a loss of business”

This sentiment is further supported by the Forbes report FALLOUT THE REPUTATIONAL IMPACT OF IT RISK.  A breach can have a long-lasting impact on customer trust, repeat purchase behavior and loyalty.

Konsultek Can Help

When it comes to IT security and reputation, prevention is better than cure. As a leader in customized security solutions, Konsultek can help your organization protect your data assets which will in turn help protect your reputation. Give us a call today to discuss your organization’s concerns and how one of our unique solutions can help.

 

read more

Yesterday NBCNews.com reported that they had in their possession a report from FireEye which shows that North Korean hackers have been spearphishing electric utilities in the US.

We can only assume that such campaigns are being launched in an attempt to gain access to the grid with the intention of possibly disrupting it. We reported on just such a scenario just a month ago in our blog post Hackers Appear Ready to Turn Off the Lights.

North Korea has proven itself to be a vexing cyber opponent and has been a continual source of concern for neighboring South Korea for years.

Safe and Reliable Delivery Unaffected

Scott Aaronson, a top security official at the Edison Electric Institute, an industry trade group, said in a statement:

“Phishing attacks are something that electric companies prepare for and deal with on a regular basis, often in coordination with security experts and industry stakeholders. In this case, the delivery of safe and reliable energy has not been affected, and there has been no operational impact to facilities or to the systems controlling the North American energy grid.”

While this appears to be technically true, as reported previously, hackers seem to be closing in on the capability to disrupt the grid.

As Goes the Grid Goes the Economy

The prospect of a large scale power disruption is scary on both a personal and professional level. However, taking one step back and surveying the potential harm to the larger economy is even more frightening. We’ve been reporting on the estimated harm of the Petya virus, cumulatively likely exceeding $1 billion dollars across just a handful of companies. What would be the economic impact of having large portions of the power grid go down for 12 hours? A day? A week?

Why Hasn’t it Happened Yet?

According to Stuart Madnick in an insightful piece on HBR.org, there are three conditions necessary for an attack such as this to occur:: opportunity, capability, and motivation. We have on this blog alone provided enough evidence of opportunity and capability and the increasing tensions with North Korea may just be setting the third requirement, motivation into place.

Be Prepared

Holistic cybersecurity solutions like the ones we develop at Konsultek consider not just what impact a targeted attack might have but also what might happen if a larger disruptive event might occur. As with all aspects of network security, an ounce of prevention is worth far more than a pound of cure. If your current security provider is asking the tough “what if” questions perhaps its time you give us a call!

 

read more