In a recent Forbes.com article author Guarav Banga Founder and CEO of Balbix makes the case that the cyber security needs of all organizations fall into one of three classes.

The Needs of the Security Unready

Still an alarmingly large group, the “security unready” are represented by organizations that despite the overwhelming body of evidence regarding the need for heightened security, have implemented few if any modern security processes and technologies. For some in this class their lack of security represents a naïve, misplaced sense of “it can’t happen to me”. For others, the root cause can be traced to budgetary or talent restraints. And for still others, a sense of “if ___________ was hacked (fill in the blank with any of the day’s latest victims [SEC, Target, Home Depot…]) how am I supposed to protect my organization” leads to the conclusion that heightened security is ultimately pointless.

The Needs of the Security Mature

In this second class are those who have been playing the security game for awhile now. These can range from huge multinationals that have spent hundreds of millions bolstering their network security at one end of the spectrum to other smaller organizations whose outlay has been less but on a proportional basis have invested significantly in their security. A common theme among them is that they are often drowning in information, data and alerts to the point where it is difficult to see the forest (the REAL threat) for the trees (false positives).

The Needs of the Everybody

As citizens of the connected world we all make decisions on a daily basis that impact the security of our identies and personal information. We live in a world where better coordination amongst private, public and government organizations can help us as individuals and as members of organizations.

Konsultek Can Help No Matter Where You Fall

In reading Mr. Banga’s piece it struck me that we at Konsultek can help you no matter where you fall. For the “security unready” we can assess your vulnerability and more accurately quantify the probability and liability of a risk. If manpower or capital is a constraint our managed services model can give you access to world class security without breaking the bank.

For the “security mature” we can help put processes, protocols and technologies in place to filter out the noise and confusion, allowing you to see significant events more easily. This approach is just part of our holistic approach of prevention, detection and response built around platforms from Palo Alto, FireEye, Firemon, CheckPoint and Forescout.

For the “everybody” we are strongly committed to building a security culture not only in the organizations we work with daily, but as citizens of the wider community. This blog is just one example of how we continually strive to educate and inform everyday people on what is happening in the world of security.

Have a network security or need? Give us a call. Our team is always happy to help!

 

read more

Most frequently when hacks and breaches are discussed in the news and on this blog the focus is on the quantity and quality of the information lost.  How many records? What type of information?

But there is another side to the aftermath of a breach that gets less coverage, is a bit harder to quantify and doesn’t make for quite as exciting headlines. That is the impact that a breach can have on your brand and its reputation.

Damage to Brand Reputation #1 Concern

Buried in the 29 pages of this year’s The Imperative to Raise Enterprise Risk Intelligence from the Ponemon Institute was the chart below:

 

 

 

 

 

 

Source: Ponemon Institute

So while organizations fear a cybersecurity breach and cybersecurity breaches can have huge financial ramifications as Home Depot, Target, FedEx and Maersk can attest, the fear of reputation damage is even greater!

Does a Cyber Breach Damage Reputation?

The simple answer is yes! Both reputation and customer trust are compromised when there is a security breach and this is true for organizations of all sizes. As Tim Critchley, CEO of Semafone said in CSOOnline last year

“…the reputational damage suffered by companies who fail to protect personal data can translate directly into a loss of business”

This sentiment is further supported by the Forbes report FALLOUT THE REPUTATIONAL IMPACT OF IT RISK.  A breach can have a long-lasting impact on customer trust, repeat purchase behavior and loyalty.

Konsultek Can Help

When it comes to IT security and reputation, prevention is better than cure. As a leader in customized security solutions, Konsultek can help your organization protect your data assets which will in turn help protect your reputation. Give us a call today to discuss your organization’s concerns and how one of our unique solutions can help.

 

read more

Rather than write the 1000th post about WannaCry (although our Partners at Proofpoint, their Engineer Darien Huss and a fellow called MalwareTech deserve a serious shout-out from the world for stopping WannaCry) I decided to cover something with potentially huge financial implications that has virtually gone under the radar by comparison.

While WannaCry was grabbing the cybersecurity headlines for the week, it turns out that online signature giant DocuSign was more quietly and in a rather methodical fashion, publicly disclosing the details of a significant and serious cyberbreach themselves.

Here’s an abbreviated timeline of what we know so far from DocuSign themselves.

Update 5/9/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: “Completed: docusign.com – Wire Transfer Instructions for recipient-name Document Ready for Signature”.

The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

Update 5/15/2017 – Malicious Email Campaign

DocuSign is tracking a malicious email campaign where the subject reads: Completed *company name* – Accounting Invoice *number* Document Ready for Signature;The email contains a link to a downloadable Word Document which is designed to trick the recipient into running what’s known as macro-enabled-malware.

These emails are not associated with DocuSign. They originate from a malicious third-party using DocuSign branding in the headers and body of the email. The emails are sent from non-DocuSign-related domains including dse@docus.com. Legitimate DocuSign signing emails come from @docusign.com or @docusign.net email addresses.

Update 5/15/2017 – Latest update on malicious email campaign

Last week and again this morning, DocuSign detected an increase in phishing emails sent to some of our customers and users – and we posted alerts here on the DocuSign Trust Site and in social media. The emails “spoofed” the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software. As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.

However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign’s eSignature system was accessed; and DocuSign’s core eSignature service, envelopes and customer documents and data remain secure.

Update 5/16/2017 @ 8:55 Pacific Time – Key Update on Malicious Campaign

Q: Have the email addresses of my employees, customers or customers’ customers been exposed as part of this incident?
A: As part of our ongoing investigation, we can now confirm that no signers were on the list of email addresses that was accessed maliciously unless they had signed up for a DocuSign account. That could include direct DocuSign customers; someone who signed a document and elected to open a DocuSign account; or someone who signed up for a DocuSign freemium account – via docusign.com, through a partner integration, or via the DocuSign mobile client.

Update 5/17/2017 @ 1:02 PM Pacific Time – New Phishing Campaign Discovered Today

DocuSign has observed a new phishing campaign that began the morning of May 16 (Pacific Time). The email comes from “dse@dousign.com” with the subject “Legal acknowledgement for <person> Document is Ready for Signature” and it contains a link to a malicious, macro-enabled Word document. We suggest you do not open this email, but rather delete it immediately.

The Ultimate Phishing Scam?

This may very well be the ultimate spear phishing campaign. While the number of email addresses compromised has not been disclosed, we can assume it is A LOT and a considerable portion of those affected routinely use DocuSign multiple times a month, if not weekly or daily. Since DocuSign emails are both expected and “trusted” we can only further assume that these phishing campaigns are being effective. No official report on just how effective, so far, but perhaps we’ll get an update further details emerge.

It seems likely that this scam will continue for a very long time given that DocuSign reportedly has 100 million users.

The Lesson You Can Learn

“However, as part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core communication system used for service-related announcements that contained a list of email addresses.” (Emphasis added)

The lesson to be learned here is that in today’s world no part of your network can be considered “non-core” when it comes to security. If the data is worth saving within your network, it is worth protecting!

Konsultek and Its Partners

Konsultek and its partners like Proofpoint, CheckPoint, ForeScout, CarbonBlack and many others work together to build custom security solutions for businesses of all sizes in all markets. When you’re ready to learn about your network vulnerabilities and how to correct them please give us a call.

 

read more

The 2017 Cisco Annual Cybersecurity report was just published. Weighing in at 110 pages and filled with detailed analysis, this is a report that should be downloaded and reviewed by anyone with an interest in the ever changing cybersecurity landscape.

Here are some of the major findings outlined in the report:

● The top constraints to adopting advanced security products and solutions, according to the benchmark study, are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).

● The Cisco 2017 Security Capabilities Benchmark Study found that, due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; less than half (46 percent) of legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5000 security alerts per day.

● Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed a high security risk. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access.  See our previous post on private vs. public cloud

● According to the Security Capabilities Benchmark Study, organizations that have not yet suffered a security breach may believe their networks are safe. This confidence is probably misplaced, considering that 49 percent of the security professionals surveyed said their organizations have had to manage public scrutiny following a security breach. 6 Executive Summary and Major Findings Cisco 2017 Annual Cybersecurity Report

● The Cisco 2017 Security Capabilities Benchmark Study also found that nearly a quarter of the organizations that have suffered an attack lost business opportunities. Four in 10 said those losses are substantial. One in five organizations lost customers due to an attack, and nearly 30 percent lost revenue.

● When breaches occur, operations and finance were the functions most likely to be affected (36 percent and 30 percent, respectively), followed by brand reputation and customer retention (both at 26 percent), according to respondents to the benchmark study.

● Network outages that are caused by security breaches can often have a long-lasting impact. According to the benchmark study, 45 percent of the outages lasted from 1 to 8 hours; 15 percent lasted 9 to 16 hours, and 11 percent lasted 17 to 24 hours. Fortyone percent (see page 55) of these outages affected between 11 percent and 30 percent of systems. See our recent post on Business Continuity

● The 2017 Security Capabilities Benchmark Study found that most organizations rely on third-party vendors for at least 20 percent of their security, and those who rely most heavily on these resources are most likely to expand their use in the future. Review Konsultek’s Managed Security Services

Konsultek Knows Security

When it comes to protecting organizational assets within your network, Konsultek shines. Our engineers’ consultative approach to security means that every organization gets the custom security solution that is right for them, not some off the shelf bundle of products. If you are ready to learn how you can take your organization’s network security to the next level, give us a call.

 

read more

Harvard Business Review recently published a very insightful piece I highly recommend you read in its entirety called “Cybersecurity’s Human Factor: Lessons from the Pentagon” .

For those of you who just want the highlights, here is a quick synopsis of what I found to be the most fascinating aspects of the article.

From Bumbling Colossus to Nimble Defender

In the not-so-long-ago dark days of network security, the US military struggled to identify and defend against threats.  All that has changed and from September 2014 to June 2015 the military rebuffed 30 million malicious attacks! Still a few got through but only 0.1% compromised systems in any way. An impressive record given the State sponsored adversaries the military must repel day in and day out.

While technical fortifications are important, what has really set the military on its trajectory to invulnerability has been its focus on eliminating human error. If you have read this blog for any length of time you know that we consistently emphasize not only the best technology but also the best in processes for this very reason.

Learning from the Admiral Himself

The US Navy Nuclear program has long been the quintessential example of a well-run, mistake free organization, what is nowadays referred to as an HRO or High Reliability Organization. The fundamental principles of the Navy Nuke program have since been transferred to other industries such as airlines, air traffic control, space flight and others. Admiral Hyman Rickover, the “Father of the Nuclear Navy” demanded excellence and adherence to process and for the span of his career personally interviewed all applying Officer Candidates.

Six Principles Every Organization Should Adopt to Ensure Security

1. Integrity – Never depart from protocols and report errors immediately

2. Depth of Knowledge – Fully understand the system’s you are responsible and their vulnerabilities

3. Procedural Compliance – Follow protocols to the letter

4. Forceful Backup – All critical activities should be closely monitored

5. A questioning Attitude – While unquestioning compliance to procedure is necessary questioning things that appear outside of the norm is equally important

6. Formality in Communication – Familiarity and slang lead to miscommunication, Formality in communication eliminates these misunderstandings.

Examples of Cyber Security Failures and the Policies that Were Violated

What the authors have found is that Cybersecurity breaches caused by human mistakes nearly always involve the violation of one or more of these six principles.  As you read them you will undoubtedly recognize some of the same behaviors in your own organization or at least easily imagine that they might very well be happening without your knowledge.

Here’s a sample of some the Defense Department uncovered during routine testing exercises:

  • A polite headquarters staff officer held the door for another officer, who was really an intruder carrying a fake identification card. Once inside, the intruder could have installed malware on the organization’s network. Principles violated: procedural compliance and a questioning attitude.
  • A system administrator, surfing the web from his elevated account, which had fewer automatic restrictions, downloaded a popular video clip that was “viral” in more ways than one. Principles violated: integrity and procedural compliance.
  • A staff officer clicked on a link in an e-mail promising discounts for online purchases, which was actually an attempt by the testers to plant a phishing back door on her workstation. Principles violated: a questioning attitude, depth of knowledge, and procedural compliance.
  • A new network administrator installed an update without reading the implementation guide and with no supervision. As a result, previous security upgrades were “unpatched.” Principles violated: depth of knowledge, procedural compliance, and forceful backup.
  • A network help desk reset a connection in an office without investigating why the connection had been deactivated in the first place—even though the reason might have been an automated shutdown to prevent the connection of an unauthorized computer or user. Principles violated: procedural compliance and a questioning attitude.

A Holistic Approach

At Konsultek we don’t just slap in “black boxes” and hope that security happens. Sure we build custom technical solutions that utilize the best technology available, but we also work outside the IT department to make sure that the business processes are in place to limit the impact of human error on the security of your information and network. If you are looking to upgrade your security, give us a call and begin a dialogue with us.

 

read more

As discussed repeatedly on this blog through the years there is no “magic” box that can be plugged into your network to guarantee invulnerability to hacking and 100% uptime. If it were that simple Amazon.com would carry the boxes and there would be no need for Konsultek and its technology partners such as Fortinet.

Having a secure network is paramount for business success today. Whether you are an law office, school, university or healthcare provider you need to be able to securely sen and and receive email, transfer funds, manage inventory and access records. In many cases these capabilities must be available 24X7X365 and that means that holistic network security is essential for business continuity.

The Fortinet Fabric

What we really like about Fortinet and the capabilities we can bring to customers via Konsultek’s customized security solutions is how their security solutions “fabric” helps ensure seamless coverage across the complete network.

As they put it on their website:
“Fortinet is the only company with security solutions for network, endpoint, application, data center, cloud, and access designed to work together as an integrated and collaborative security fabric. This also means we are the only company that can truly provide you with a powerful, integrated end-to-end security solution across the entire attack surface along any point along the kill chain.

Simply deploying security end to end is not enough. These solutions must work together to form a cooperative fabric, spanning the entire network, linking different security sensors and tools together to collect, coordinate, and respond to any potential threat. And it must do this wherever it occurs, in real time, with no network slowdowns.”

When deployed in existing networks Fortinet overlays on your existing patchwork quilt of security solutions and turns them into a high performance security fabric. This enhances network visibility and security by effectively securing the gaps and seams that previously existed between your specific network security measures.

Meet Fortinet at Texas Holdem

The Fortinet team will be attending our Annual Texas Holdem event on Thursday, Oct 20th at the Abbington Banquets in Glen Ellyn. Doors open at 3:30.
Please sign up here.

texasholdem2016.eventbrite.com

We look forward to seeing you there!

read more

It is always heartening to see a respected organization such as Gartner espousing the same security philosophies as we have here at Konsultek. In a recent blog post, Gartner’s Oliver Rochford points out that the most robust security solutions combine both prevention AND detect and respond approaches.

If you’ve been following this blog for any length of time you’ll know that this is exactly how we approach all of our information and network security engagements.

An Ounce of Prevention – Still Worth a Pound of Cure

Despite what some might say, prevention is far from being a dying or dead approach. A properly executed prevention strategy that utilizes advanced firewall and access control technologies can help mitigate the impact of old school hacking. When outsiders who don’t have proper credentials attempt to access your network with a variety of tools and tricks they are simply shut out.

But what if they pierce the protective veil of your prevention strategies? Password theft, cracking weak passwords and social engineering are just 3 ways ne’er do wells can compromise the best developed prevention strategies. And when that happens you better hope that your security provider has also included that latest in detect and respond technologies or your system and your information will be instantly at risk.

Detect and Respond

As the name implies, detect and respond approaches can sense when things in your network are not quite right and take action to contain the unusual activity before significant damage can occur. For example, when the credentials of your summer intern suddenly are used to access the network and attempt to explore portions that he or she has no business even thinking about let alone accessing.

The Konsultek Approach

At Konsultek we approach every client’s security engagement as an opportunity to develop a best fit approach. You’ll never find us espousing one-size-fits-all, cookie cutter approaches to information security. When you call, we’ll listen and when our engineering team develops your security solution you can bet it will be based upon delivering the most security value for the money. So give us a call today. We look forward to hearing from you.

read more

A veritable bombshell was dropped yesterday on Google Project Zero when Tavis Ormandy posted that the Google team had discovered vulnerabilities in virtually all Symantec and Norton security products that are ”as bad as it gets.”

The Project Zero post is quite detailed in its description of the multiple flaws and vulnerabilities located in the products and if you are interested in the nitty gritty you should definitely check it out.

If, however, you are more interested in the big picture synopsis, here is what we know.

  1. Symantec Endpoint Protection and:
  • Norton Security, Norton 360, and other legacy Norton products (All Platforms)
  • Symantec Endpoint Protection (All Versions, All Platforms)
  • Symantec Email Security (All Platforms)
  • Symantec Protection Engine (All Platforms)
  • Symantec Protection for SharePoint Servers
  • And so on…

Are all impacted since they share the same core engine.

Image source: Tavis Ormandy, Google Project Zero

2. “These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

3.   Symantec has publicly released its own advisory that lists 17 different affected products.

What Does This Mean To You?

Most of the updates underway from Symantec will automatically install using a pathway similar to how the products receive virus definition updates. However, to be sure that all the vulnerabilities have indeed been fixed, Network administrators should review the advisory issued by Symantec as manual updates may be required.

How Can Konsultek Help?

At Konsultek we build custom security solutions from the ground up that use a holistic combination of prevention, detection and access management to ensure that your network is secure and stays that way. Give us a call to learn more about how our custom developed approach, including managed services, is far and away superior to plug and play software and boxes.

 

 

read more

The Ponemon Institute with sponsorship from IBM recently released their 2016 Cost of Data Breach Study: Global Analysis.

Last week we took a look at what countries had the highest average data breach costs. We learned from the study that the top 3 countries in descending order were:

  1. United States
  2. Germany
  3. Canada.

Which Industries Have the Highest Average Data Breach Costs?

In this post we’ll take a slightly different look at the data and examine which industries have, on average, the highest breach costs.

As you look at the graphic below you probably won’t see anything that surprises you. Especially if you are a frequent reader of this blog since the industries that top the list are also the very same industries that are discussed here most often.

Source: Ponemon Institute

All three of these industries are among the most highly regulated and deal with the most sensitive information so it stands to reason that regulatory costs of a breach will be higher than in a less sensitive industry.

We Know These Industries

Konsultek has clients in each of these “big 3” industries so we now what it takes to develop solutions that deliver the protection your organization needs.

What is YOUR plan for data breach prevention? If you don’t have one or think you’d like a second opinion from an organization that lives and breathes security, just give us a call!

 

 

read more