Become SD-WAN secure: your top considerations

Your organisation is ready to begin its migration to SD-WAN. You have determined what kind of solution best fits your current situation. But how do you know that what you’ve chosen doesn’t compromise the cybersecurity environment of your business?

We’ve shortlisted the top security considerations to be aware of when evaluating this last and critical part of your decision-making process.

  1. You’re exposed – do you know where?

It’s not uncommon for organisations to have slim budgets and stretched resources. Undertaking an audit of your network will illustrate clearly where your vulnerabilities lie. You can effectively prioritise them reducing the overall risk to your organisation as you embark on new initiatives.

  1. What are the in-built security features of your solution?

Out-of-the-box solutions are perfect for quick and easy deployment but don’t assume that the built-in security features fully cover you. A multi-layered approach is recommended. And again, being aware of the gaps in the solution’s security will ensure you effectively select supporting technologies to fill them.

  1. Configure your pre-configured zero touch solution

Building on the theme of assumptions, it would be foolish to simply deploy a zero-touch solution. Consider running a proof of concept or a lab with your vendor or service provider to ensure that the pre-configurations are in line with your network, security policies and controls. This both reduces risk and interrupting business operations.

  1. Ensure you speak the same language

User data is the crown jewel we are all working to protect. It’s crucial to think about the controls you put in place around data plane security (the user traffic on your network, which needs to be encrypted).

Again, vendors include their ideal encryption methods but that might not be enough. Encryption is in a constant state of change, so you need to diversify your approach; don’t simply check a box. Not to mention, if you are switching from one vendor to another, ensure the coded language of your policies and controls are the same. If it isn’t, you need to factor in a step in your migration plan that both translates and tests the new tech.

There is no silver bullet solution, but a considered risk-first approach transforms your cybersecurity posture into a business transformation enabler, and sets your network up for improved performance, increased visibility, and seamless scalability. Watch your business grow with peace of mind.

So you’ve been breached: how to avoid the same security mistakes

Suffering a data breach has almost become a rite of passage for many organisations. With such a complex and dynamic array of threats across the digital landscape, it has become nearly impossible to prevent 100 per cent of security incidents and data breaches from occurring. 

For those organisations who have suffered a data breach, the first question is normally: how did this happen? Finding the answer to that question helps to answer an even more important one: how do we prevent this from happening again? 

Unfortunately, the sheer variety of security threats means that protection from one doesn’t necessarily mean protection from another. There are some steps, however, that can help you emerge from a security incident with a more robust and mature security posture. 

Step 1 – Finding out what happened 

Beyond helping you to prevent a similar data breach, your organisation is likely required to report the details of a data breach to regulators. For organisations that hold data on EU citizens, the EU’s General Data Protection Regulations (GDPR) require a breached entity to provide full details of the breach within 72 hours. While New Zealand currently has voluntary notification, the government is pushing forward with legislation that resembles Australia’s Notifiable Data Breaches scheme. 

Of course, this easier said than done when Ponemon research reveals that it takes an average of 197 days to discover a data breach in the first place. In the event of a data breach, your incident response team should set out to understand: 

  • Which datasets were breached? 
  • Who is affected? 
  • Who has access to those datasets? 
  • What protection is in place currently? 

Step 2 – Measuring your current security posture 

Before you can begin implementing new security measures, you need to understand exactly what needs protection. By conducting thorough data discovery and classification processes, you can establish exactly where and how your most sensitive data is being stored. 

From this point, you can begin assessing your current security tools in relation to the level of risk that each data set carries. Some lower risk data won’t require the same level of protection as sensitive customer data for example. 

Step 3  Create an incident response team 

Your ability to recover and respond to a data breach or security incident is almost as important as your ability to prevent a breach. Creating an incident response team will allow you to assign roles and establish a careful process for limiting the damage of future breaches. 

Part of the will involve assessing the necessary skill sets of your current team and identifying skill gaps for recruitment, or for engaging with a managed security services provider. Once assembled, your incident response team can routinely test your incident response plans for a variety of scenarios, enabling you to greatly reduce the fallout from a breach or attack. 

Step 4 – Adopt a zero-trust security posture 

If a breach is inevitable, a zero-trust security posture allows you to assume that no one with data access is 100% trustworthy. Although it may sound draconian, this approach ensures you have security solutions that segment and monitor use access and protect data itself. 

Part of a zero-trust security approach is the need to focus on endpoint security so that every device connecting to your network and applications is protected. While user awareness training is vital for limiting social engineering attacks such as phishing, having inbuilt security features on each device is the only way to stay completely secure. 

For organisations who want to ensure their end users are always secure, particularly with a large remote workforce, HP EliteBooks, powered by Intel® processors, are equipped with the most advanced device security on the market.  

  • HP Sure Sense – Harnesses the power of deep-learning AI to identify and quarantine never-before-seen attacks
  • HP Sure Click – Protect from websites and attachments with malware, with hardware-enforced security
  • HP Sure Start Gen5 – Firmware attacks can completely devastate your PC – stay protected with this self-healing BIOS. 

To understand the full cost of a data breach, download our infographic which is designed to quickly and easily guide you through the key facts and figures around the implications of a breach.

The 5 w’s of phishing

It’s known as one of the oldest and still one of the most prevalent forms of cyberattack. This is because phishing largely relies on a vulnerability we can never completely get rid of: human error.

It deploys the same basic tactic that scammers have been using for decades – faking the identity of an individual or business to get victims to divulge sensitive information, or to send money. Phishing has evolved since the early days of the internet and is now a catch-all term for a variety of attacks.

For you to understand these attacks in all their forms, here is the ‘who, what, where, why and when’ of phishing to help you protect your business.

Who is usually targeted in a phishing attack?

The targets of phishing attacks vary, but the traditional model was to spam as many people with the same scam email and see who took the bait. This has become less effective over the years as we’ve all grown accustomed to spotting scam emails when they appear.

Spear phishing involves targeting individuals with specific content related to them, such as an unrequested ‘forgotten password’ email from their favourite online retailer. Attackers may work for weeks in advance to learn as much as they can about their targets before then sending personalised scam emails to trick the individual into revealing confidential information. The most famous spear phishing attack was the targeting of Hillary Clinton’s campaign officials during the 2016 US presidential election.

Whaling takes the fishing puns to its logical conclusion. The ‘whales’ in a phishing context are senior executives and even CEOs. However, the difference here is that the scam emails appear to come from the CEO. This is an effective form of social engineering as employees are incredibly unlikely to deny a request for information from their boss.

What do attackers want?

In the majority of cases, attackers are after financial gains, either directly or indirectly. They may just head straight for credit card details, or they might use access to servers and mail to gather information that can be sold. According to Verizon’s 2019 Data Breach Investigation Report, 88 per cent of phishing attacks are financially motivated and 10 per cent are espionage efforts.

Where do phishing attacks come from?

This is difficult to say definitively. In the early days of phishing emails, they were easy to spot due to their relatively poor use of grammar. Phishing attacks these days are much more sophisticated, and when we consider the enormous budgets behind state-based espionage, an attack can come from literally anywhere in the world. The introduction of phishing kits has also lowered the skill barrier for attackers to spoof website domains for capturing credentials.

Why are phishing attacks still so effective?

Phishing attacks are the most common form of what are broadly known as social engineering attacks. All of these attacks use our own psychology against us, as is the case with baiting, which involves tempting us to click on malware infected media, or scareware, which bombards users with fake threats and alerts until they hand over their credentials. Each scenario is difficult to prevent because people aren’t robots and we’ll always respond to stimuli in very human ways.

When will we ever learn to spot phishing attacks?

The good news is that our awareness is far better than it was in the early days of the internet, when mysterious foreign princes could fool us into handing over our life savings for a lucrative diamond investment opportunity. But there is still a long way to go, particularly when we consider phishing attacks are still the first-choice method of cyber attackers.

All of this demonstrates that cybersecurity awareness training is more essential than ever if we want to keep our organisation’s sensitive data secure, especially our customer data. If our employees don’t have the knowledge or awareness on how to prevent phishing attacks, then no amount of money spent on enterprise security software will change how vulnerable businesses remain.

Datacom can partner with you to help you avoid the potentially catastrophic costs of a phishing attack. Our experienced team is here to help you evolve your people and processes through both targeted and organisation-wide cybersecurity awareness training modules. Speak to us today to discuss how we can help you become more resilient against a growing array of threats.

The A to Z of cybersecurity

New Zealand businesses recorded over four thousand cybersecurity incidents last year, including 53 per cent more scams and fraud reports compared to 2018. This resulted in businesses losing NZ$16.7m.

Cybersecurity is more important than ever. With new forms of attacks appearing every year, and so many security solutions on the market, it can be difficult to keep up with all of the different terms in play.

If you need to know your malware from your ransomware, we’ve put together a glossary of essential terms you need to understand in order to protect your organisation.

Antivirus – A good introduction to both our glossary and the world of cybersecurity. Antivirus software is designed to prevent, detect and remove malware. If your computers aren’t running reputable antivirus software already, then you’ve got real problems.

Botnet – A group of computers or internet-connected devices that are collectively compromised and used to perpetuate DDoS attacks (see below), or to steal data and generally wreak havoc.

Cybersecurity awareness – These are vital training modules that ensure your employees are aware of the many cyber threats to your business, including phishing (see below) and other social engineering attacks.

DDoS (Distributed Denial of Service) – In a DDoS attack, a botnet inundates an application, system, or website with internet traffic, making it impossible to stop the attack simply by blocking a single source. These devastating attacks can bring down even the most well-protected banking and government services.

Encryption key – An assortment of letters, number and symbols that is purposefully created by algorithms to disarrange and rearrange data, so that each key is random and distinctive.

Firewall – A firewall acts as a defence for your device. Depending on your security settings, firewalls manage and assess what information your device receives, and filters and blocks suspicious attempts from other users through apps to access your device.

Hacktivist – These are attackers who hack or force their way into computers and networks, often for political or disruptive reasons. ‘Anonymous’ is the most well-known hacktivist group for their DDoS attacks on governments and other large organisations.

Insider threats – Whether your employees intend to be or not, from the CEO all the way down, each member of staff can be considered an insider threat to your organisation’s security. Cybersecurity awareness and user monitoring are essential to maintain your company’s safety.

Keylogger – A malicious tool that records what is typed (a keystroke) on a keyboard. Keyloggers are used to capture passwords, secret question responses, and any other sensitive information.

Logic bomb – This is a nasty piece of code in a virus or piece of malware that will set off a malicious function in software when certain conditions are met, such as beginning to delete important files.

Malware – A catch-all term for any type of code that has been designed specifically to cause harm in a system. This includes viruses, spyware, trojan horses, logic bombs and ransomware, among many others.

NIST framework – The US Government’s National Institute of Standards and Technology. The NIST framework is considered cybersecurity best-practice, including its model which promotes the need to ‘identify, detect, protect, respond and recover’.

Phishing – One of the oldest tricks in the cybersecurity handbook. Phishing involves fraudulently claiming to be an individual or business in order to gain sensitive information or financial gain. These attacks are a common form of social engineering and are usually carried out via phishing emails.

Quarantine – A function of your antivirus software that involves storing files that may contain malware in isolation for either further examination or deletion.

Ransomware – An increasingly popular form of malware that holds data or applications hostage on computers through advanced encryption. A demand for payment is then sent before attackers will release control of the captured data.

SIEM (Security Information and Event Management) – A group of systems, software and managed services that provide real-time analysis of security alerts generated by applications and network hardware, while automatically identifying systems that are out of compliance with security policies.

Trojan horse – A common form of malware where a malicious payload is imbedded inside a seemingly normal file. When this file is opened, the malicious threat is automatically unleashed into the system.

UEBA – User and entity behaviour analytics is a growing field of software that monitors user activity data and analyses using threat intelligence to identify behaviours that could be malicious. These applications are implemented to lower the risk of insider threats.

Virus – A well-known form of malware that attaches itself to a host file as a parasite. When this file is accessed, the virus is activated and it begins to infect other objects. The majority are engineered to infect the Windows operating system (OS), and some viruses are also designed to ensure they are impossible to detect 

Worm – Similar to viruses in that they’re a form of malware that focuses on replication and distribution, however worms are different as they’re a self-contained malicious program. While not necessarily malicious themselves, a worm can be designed to spread other types of malware.

Zero-day vulnerability – These are previously unknown bugs or flaws in software that provide a potential backdoor entrance for attackers. By targeting these flaws, attackers can release devastating malware before the flaw can be patched.

With so much to learn about cybersecurity, you need a partner to help you stay one step ahead of the threats your organisation faces. Datacom can help you create a robust cybersecurity strategy that includes security management (via SIEM), phishing solutions, cybersecurity awareness training, and vulnerability assessments. Contact us today to learn how we can help you evolve your people, processes and technology to become more resilient.

Protecting Your Workforce from Social Media Threats Part I: Perfecting Policy

The “Global Survey on Social Media Risks” report released by the Ponemon Institute in September 2011 revealed more than half of 4,640 respondents across 12 countries said social media users have increased malware in the office. Only 29 per cent of these participants said they had the right security essentials to prevent these cyber threats, however. These statistics prove anti-virus alone is no longer arming organisations against cyber threats introduced by social media users.

To guard social media users from the latest cyber threats, organisations should develop security essentials from both a policy level and a technical protection level. In this post, we’ll focus on the common cyber threats and the security essentials to incorporate into your policy to protect social media users at your organisation.

Knowing the cyber threats

In a tactic known as click jacking, cyber criminals are embedding malicious code in what seems to be ordinary social media content and gaining access to social media users’ information or engaging in phishing attacks. The proliferation of these cyber threats not only compromises social media users’ accounts and devices, but likely their followers’ — some of whom are undoubtedly co-workers. You can just imagine the Pandora’s Box of cyber threats swept into your organisation if 50 social media users click on the same infected link.

As with any web site or application, there’s always the risk social media users may log on from corporate devices or devices with corporate information on them through an unencrypted Wi-Fi connection. That means your company data has been released into a sea of strangers sitting at a random café. Without the right security essentials, your data is left open to cyber threats.

Security essentials for social media users

When customers approach Datacom about implementing new technologies or access to different applications or services, we first advise them to come up with a user policy before discussing technology to manage or secure devices. It’s once a business has outlined its security essentials in these terms, including both its risks and strategic goals, that we get into the different technologies and approaches that can protect data and devices. It’s no different when protecting social media users from the latest cyber threats: outlining security essentials in a policy is vital.

When considering security essentials for social media users, organisations should first determine whether Twitter or Facebook is necessary for an employee’s role. Consider enacting a step-by-step process requiring employees or departments to request access to become social media users. As part of the process, organisations might require employees to use their personal address, not their work email, in their contact details to guard against cyber threats. The policy can also dictate security essentials around how social media users consume and use information on these sites. For instance, organisations might allow some departments to read information on social media, but not post on it, to prevent cyber threats.

Those employees who are allowed to post on social media should have clear guidelines on what’s appropriate to write and what’s not. You could also prevent social media users from downloading any content from these sites as part of your security essentials. If you know employees will be accessing social media sites in public through Wi-Fi, specify what can and cannot be shared or accessed while they are connected to prevent cyber threats.

Make sure social media users are educated about the cyber threats and security essentials, on social media sites and elsewhere, and don’t forget the final piece that many organisations neglect — actually enforce the policy across the organisation. All social media users should know the security essentials and what will happen if they ignore them.

Stay tuned for Part II, where we’ll discuss the technical security essentials of protecting social media users from cyber threats.