Daily Archives: May 8, 2019

A Changing Threat Landscape: Inside Verizon’s 2019 DBIR

Verizon Enterprise has once again released its annual Data Breach Investigations Report (DBIR). The publication doesn’t disappoint in providing crucial insight into today’s digital threats. On the one hand, Verizon’s 2019 report captures how many forces in the threat landscape have remained the same since its previous report. The study observed how sending data to […]… Read More

The post A Changing Threat Landscape: Inside Verizon’s 2019 DBIR appeared first on The State of Security.

2019 Verizon Data Breach Investigations Report (DBIR) Key Takeaways

The 2019 Verizon Data Breach Investigations Report (DBIR) was released today, and I was lucky enough to be handed a hot off the press physical copy while at the Global Cyber Alliance Cyber Trends 2019 event at Mansion House, London. For me, the DBIR provides the most insightful view on the evolving threat landscape, and is the most valuable annual “state of the nation” report in the security industry.

Global Cyber Alliance Cyber Trends 2019

The DBIR has evolved since its initial release in 2008, when it was payment card data breach and Verizon breach investigations data focused. This year’s DBIR involved the analysis of 41,686 security incidents from 66 global data sources in addition to Verizon. The analysed findings are expertly presented over 77 pages, using simple charts supported by ‘plain English’ astute explanations, reason why then, the DBIR is one of the most quoted reports in presentations and within industry sales collateral.

DBIR 2019 Key Takeaways
      • Financial gain remains the most common motivate behind data breaches (71%)
      • 43% of breaches occurred at small businesses
      • A third (32%) of breaches involved phishing
      • The nation-state threat is increasing, with 23% of breaches by nation-state actors
      • More than half (56%) of data breaches took months or longer to discover
      • Ransomware remains a major threat, and is the second most common type of malware reported
      • Business executives are increasingly targeted with social engineering, attacks such as phishing\BEC
      • Crypto-mining malware accounts for less than 5% of data breaches, despite the publicity it didn’t make the top ten malware listed in the report
      • Espionage is a key motivation behind a quarter of data breaches
      • 60 million records breached due to misconfigured cloud service buckets
      • Continued reduction in payment card point of sale breaches
      • The hacktivist threat remains low, the increase of hacktivist attacks report in DBIR 2012 report appears to be a one-off spike

Avoid a Security Endgame: Learn About the Latest “Avengers” Scam

Marvel Studio’s $2.2 billion box-office hit “Avengers: Endgame” has quickly risen to the second-highest grossing film of all time in its first two weekends. Not surprisingly, cybercriminals have wasted no time in capitalizing on the movie’s success by luring victims with free digital downloads of the film. How? By tempting users with security shortcuts so they can watch the film without worrying about spoilers or sold-out movie tickets.

When a victim goes to download the movie from one of the many scam sites popping up around the web, the streaming appears to begin automatically. What the user doesn’t know is that the footage being streamed is just from the movie’s trailer. Soon after, a message pops up stating that the user needs to create an account to continue with the download. The “free” account prompts the user to create a username and password in advance, which could potentially be useful for cybercriminals due to the common practice of password reuse. Once a victim creates an account, they are asked for billing information and credit card details in order to “verify location” and make sure the service is “licensed to distribute” the movie in the victim’s region. These crooks are then able to scrape the victim’s personal and financial data, potentially leading to online account hacks, stolen funds, identity theft, and more.

Luckily, Marvel fans can protect their online data to avoid a cybersecurity endgame by using the following tips:

  • Look out for potential scam activity. If it seems too good to be true, then it probably is. Be wary of websites promising free movie downloads, especially for movies that are still in theaters.
  • Shield your financial data. Be suspicious of “free downloads” that still require you to fill out billing information. If an unknown website asks for your credit card information or your bank account data, it’s best to avoid the site altogether.
  • Make sure your credentials are unique. With this scam, threat actors could use the login credentials provided by the victim to access their other accounts if they didn’t have a unique login. Avoiding username and password reuse makes it a lot harder for cybercriminals to hack into your other online accounts if they gain access to one.
  • Assemble a team of comprehensive security tools. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links and will warn you in the event that you do accidentally click on something malicious.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Avoid a Security Endgame: Learn About the Latest “Avengers” Scam appeared first on McAfee Blogs.

2019 Verizon DBIR Shows Web Applications and Human Error as Top Sources of Breach

Veracode App Sec Verizon DBIR 2019

According to the 2019 Verizon Data Breach Investigations Report, there was a noticeable shift toward financially motivated crime (80 percent), with 35 percent of all breaches occurring as a result of human error, and approximately one quarter of breaches occurring through web application attacks. These attacks were mostly attributable to the use of stolen credentials used to access cloud-based email.

Another fun fact: social engineering attacks are increasingly more successful, and the primary target is the C-suite. These executives are 12x more likely to be targeted than other members of an organization, and 9x more likely to be the target of these social breaches than previous years. Verizon notes that a successful pretexting attack on a senior executive helps them to hit the jackpot, as 12 percent of all breaches analyzed occurred for financially motivated reasons, and their approval authority and privileged access to critical systems often goes unchallenged.

“Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through,” the Verizon DBIR states. “The increasing success of social attacks such as business email compromises (BECs, which represent 370 incidents or 248 confirmed breaches of those analyzed), can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime.”

Retailers Are Most Vulnerable at the Application Layer

The good news for consumers and retailers alike are that the days of POS compromises or skimmers at the gas-pump appear to be numbered, as these card breaches continue to decline in this report. The not-so-good news is that these attacks are, instead, primarily occurring against e-commerce payment applications and web application attacks. Indeed, the report shows that web applications, privilege misuse, and miscellaneous errors make up 81 percent of breaches for retail organizations.

What’s more, 62 percent of breaches and 39 percent of incidents occur at the web application layer. While it is unclear exactly how the web applications were compromised in some cases, it’s assumed that attackers are scanning for specific web app vulnerabilities, exploiting them to gain access, inserting some kind of malware, and harvesting payment card data to create a profit.

The report notes, “We have seen webshell backdoors involved in between the initial hack and introduction of malware in prior breaches. While that action was not recorded in significant numbers in this data set, it is an additional breadcrumb to look for in detection efforts. In brief, vulnerable internet-facing e-commerce applications provide an avenue for efficient, automated, and scalable attacks. And there are criminal groups that specialize in these types of attacks that feast on low-hanging fruit.”

Overall, Veracode’s State of Software Security Vol. 9 shows that retail organizations are quick to fix their flaws, ranking second in this regard as compared to other industries. With this in mind, it may mean that retail organizations need to keep a closer eye on third-party software and open source code in their own applications to ensure they’re not the next to sign a cyberattacker’s paycheck.

At Veracode, we help our customers to ensure that every web application in their portfolio is secure through each stage of the SDLC. Check out this case study to learn about how Blue Prism implemented Veracode Verified to ensure the strength of its application security program and protect its most sensitive data.

Leaked NSA Hacking Tools

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question.

Now we have learned that the Chinese used the tools fourteen months before the Shadow Brokers released them.

Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way? I don't think anyone has any idea. But this certainly illustrates how dangerous it is for the NSA -- or US Cyber Command -- to hoard zero-day vulnerabilities.

EDITED TO ADD (5/16): Symantec report.

Customers Deserve Transparency to Manage Risk

Our commitment to customers is to be open and transparent, especially as it relates to issues that could negatively impact their business. At Cisco, our leadership made the decision over twenty years ago that we would clearly communicate with customers about technical or other issues that could potentially expose their organizations to risk. It is one of the many ways we act as a trusted partner to our customers. Over those last twenty years, our team and security vulnerability process has evolved to meet customers’ needs. Ultimately, we want our customers to have the information they need to protect their networks.

We get called out from time to time about vulnerability disclosures we make. Yet… our policy remains unchanged: when security issues arise, we handle them openly and as a matter of top priority, so our customers understand the issue and how to address it. To fulfill this promise we follow a strict process to manage the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco solutions and networks.

With that in mind, we’d like to address some of the most common questions and misconceptions we hear from our customers and the media about our vulnerability disclosure process.

What is a vulnerability and how are they identified?

A security vulnerability is an unintended weakness in a product or service that could allow an attacker to compromise the confidentiality, integrity or availability. Cisco invests significantly to proactively discover vulnerabilities, and as a result, two out of every three vulnerabilities disclosed in a Security Advisory are found internally. However, that leaves one out of three still on the table, which is why we have a Product Security Incident Response Team (or PSIRT), a global team dedicated to investigating and reporting vulnerabilities around the clock. In addition to our own teams, Cisco collaborates with independent researchers, industry organizations, vendors, customers, and other sources related to solution or network security. Regardless of how they are found, all vulnerabilities are investigated and publicly reported per our policies.

How is the severity of a vulnerability classified and reported to the public?

If a vulnerability is found, we follow a well-established, trusted disclosure process for public reporting. There are several ways our customers can receive the latest security vulnerability information from Cisco. To classify vulnerabilities, Cisco uses a vendor neutral, industry standard method to evaluate the potential severity, determine the urgency, and priority for response. With vulnerability types ranging from informational to critical, we take a conservative approach when it comes to disclosing vulnerabilities that may heighten risk for our customers. What may be considered medium to the industry could be business critical to some of our smaller customers in different verticals.

Why does Cisco disclose so many security vulnerabilities?

We recognize security vulnerability publication and remediation is disruptive, and our goal is always focused on reducing the number of vulnerabilities (more on that below). With that acknowledgement, it is vital to remember a few factors that drive the purpose behind our vulnerability disclosures. Most importantly, we have a high bar for transparency. It may appear that we disclose more vulnerabilities than our industry peers…because we do. We publish internally found, medium security vulnerabilities with a goal of helping customers understand and manage their risk. This is different than nearly every peer in the industry because we believe it is in the best interest of our customers.

What does Cisco do after it fixes a vulnerability?

We tag every vulnerability with a Common Weakness Enumeration, a category system for software weaknesses and vulnerabilities. This tagging system helps us spot trends across our broad portfolio of over 600 product lines. We use this information, and root cause analysis, to build specific programs that add either technology, process or policy enhancements to our Cisco Secure Development Lifecycle. This cycle of continuous improvement is central to doing better by our customers.

Over the last twenty years, Cisco has demonstrated that we walk the walk when it comes to the handling and disclosing of vulnerabilities that effect those who use our solutions. We will continue to do our part. We will continue to use a holistic security approach beginning when a solution is conceived, developed, manufactured, and deployed. We will continue to provide the resources necessary, so our customers know what they need to do to safeguard against cyber criminals. Regardless of how the world of cyber threats evolve, our customers can count on our commitment to be transparent. In this manner, we can manage risk together.

Do your part.

  • Ask your technology vendors their policy on vulnerability disclosure. Do they disclose internally found vulnerabilities that might jeopardize your security? Do they have an incident response team that aligns to industry standards?
  • Any person or organization that is experiencing a product security issue should contact the Cisco Product Security Incident Response Team. We highly recommend all our customers be aware of Security Advisories and stay current to protect their networks. For more details on Cisco’s commitment to transparency, be sure to visit the Trust Center.
  • The security landscape is constantly evolving. That is why organizations should have a strategy for cyber resilience in place to regularly safeguard their assets and data from threats.

 

The post Customers Deserve Transparency to Manage Risk appeared first on Cisco Blog.

3 investments Microsoft is making to improve identity management

As a large enterprise with global reach, Microsoft has the same security risks as its customers. We have a distributed, mobile workforce who access corporate resources from external networks. Many individuals struggle to remember complex passwords or reuse one password across many accounts, which makes them vulnerable to attackers. As Microsoft has embraced digital transformation for our own business, we shifted to a security strategy that places strong employee identities at the center. Many of our customers are on a similar journey and may find value in our current identity management approach.

Our goal is to reduce the risk of compromised identity and empower people to be efficient and agile whether they’re on our network or not.

Our identity management solutions focus on three key areas:

Read on for more details for each of these investment areas, advice on scaling your investment to meet your budget, and a wrap-up of some key insights that can help you smoothly implement new policies.

Securing administrator accounts

Our administrators have access to Microsoft’s most sensitive data and systems, which makes them a target of attackers. To improve protection of our organization, it’s important to limit the number of people who have privileged access and implement elevated controls for when, how, and where administrator accounts can be used. This helps reduce the odds that a malicious actor will gain access.

There are three practices that we advise:

  • Secure devices—Establish a separate device for administrative tasks that is updated and patched with the most recent software and operating system. Set the security controls at high levels and prevent administrative tasks from being executed remotely.
  • Isolated identity—Issue an administrator identity from a separate namespace or forest that cannot access the internet and is different from the user’s information worker identity. Our administrators are required to use a smartcard to access this account.
  • Non-persistent access—Provide zero rights by default to administration accounts. Require that they request just-in-time (JIT) privileges that gives them access for a finite amount of time and logs it in a system.

Budget allocations may limit the amount that you can invest in these three areas; however, we still recommend that you do all three at the level that makes sense for your organization. Calibrate the level of security controls on the secure device to meet your risk profile.

Eliminating passwords

The security community has recognized for several years that passwords are not safe. Users struggle to create and remember dozens of complex passwords, and attackers excel at acquiring passwords through methods like password spray attacks and phishing. When Microsoft first explored the use of Multi-Factor Authentication (MFA) for our workforce, we issued smartcards to each employee. This was a very secure authentication method; however, it was cumbersome for employees. They found workarounds, such as forwarding work email to a personal account, that made us less safe.

Eventually we realized that eliminating passwords was a much better solution. This drove home an important lesson: as you institute policies to improve security, always remember that a great user experience is critical for adoption.

Here are steps you can take to prepare for a password-less world:

  • Enforce MFA—Conform to the fast identity online (FIDO) 2.0 standard, so you can require a PIN and a biometric for authentication rather than a password. Windows Hello is one good example, but choose the MFA method that works for your organization.
  • Reduce legacy authentication workflows—Place apps that require passwords into a separate user access portal and migrate users to modern authentication flows most of the time. At Microsoft only 10 percent of our users enter a password on a given day.
  • Remove passwords—Create consistency across Active Directory and Azure Active Directory (Azure AD) to enable administrators to remove passwords from identity directory.

Simplifying identity provisioning

We believe the most underrated identity management step you can take is to simplify identity provisioning. Set up your identities with access to exactly the right systems and tools. If you provide too much access, you put the organization at risk if the identity becomes compromised. However, under-provisioning may encourage people to request access for more than they need in order to avoid requesting permission again.

We take these two approaches:

  • Set up role-based access—Identify the systems, tools, and resources that each role needs to do their job. Establish access rules that make it easy to give a new user the right permissions when you set up their account or they change roles.
  • Establish an identity governance process—Make sure that as people move roles they don’t carry forward access they no longer need.

Establishing the right access for each role is so important that if you are only able to follow one of our recommendations focus on identity provisioning and lifecycle management.

What we learned

As you take steps to improve your identity management, keep in mind the following lessons Microsoft has learned along the way:

  • Enterprise-level cultural shifts—Getting the technology and hardware resources for a more secure enterprise can be difficult. Getting people to modify their behavior is even harder. To successfully roll out a new initiative, plan for enterprise-level cultural shifts.
  • Beyond the device—Strong identity management works hand-in-hand with healthy devices.
  • Security starts at provisioning—Don’t put governance off until later. Identity governance is crucial to ensure that companies of all sizes can audit the access privileges of all accounts. Invest early in capabilities that give the right people access to the right things at the right time.
  • User experience—We found that if you combine user experience factors with security best practices, you get the best outcome.

Learn more

For more details on how identity management fits within the overall Microsoft security framework and our roadmap forward, watch the Speaking of security: Identity management webinar.

The post 3 investments Microsoft is making to improve identity management appeared first on Microsoft Security.

U.S. Energy Grid Experiences Possible Cyberattack

An apparent denial of service attack caused a disruption in a segment of the U.S. energy grid affecting Utah, Wyoming, and Southern California.

Little is currently known about the incident. It occurred March 5th, disabling several security devices. An unnamed utility company reported the incident to the Department of Energy.

“There was a denial-of-service attack…and that basically led operators to not be able to see what was going on in the grid,” said journalist Blake Sobczak, who initially reported the story. “As long as nothing crazy happens, you should be fine, but it certainly constitutes a disruption and a reportable event here to the Department of Energy.”

While the potential cyberattack did not lead to any known outages or interruptions in service and used a relatively unsophisticated method, it is noteworthy for being the first known incident to successfully target the nation’s energy infrastructure. Hackers targeting the U.S. energy grid have been theoretical up to this point, but security experts have long maintained that the infrastructure is poorly secured and that many utility companies are unprepared when it comes to cyber defense.

Fears of an attack on utilities have increased in the wake of Russian infiltration of U.S. critical infrastructure announced in 2018 by the Department of Homeland Security.

The post U.S. Energy Grid Experiences Possible Cyberattack appeared first on Adam Levin.

Quantifying Measurable Security


With Google I/O this week you are going to hear about a lot of new features in Android that are coming in Q. One thing that you will also hear about is how every new Android release comes with dozens of security and privacy enhancements. We have been continually investing in our layered security approach which is also referred to as“ defense-in-depth”. These defenses start with hardware-based security, moving up the stack to the Linux kernel with app sandboxing. On top of that, we provide built-in security services designed to protect against malware and phishing.
However layered security doesn’t just apply to the technology. It also applies to the people and the process. Both Android and Chrome OS have dedicated security teams who are tasked with continually enhancing the security of these operating systems through new features and anti-exploitation techniques. In addition, each team leverages a mature and comprehensive security development lifecycle process to ensure that security is always part of the process and not an afterthought.
Secure by design is not the only thing that Android and Chrome OS have in common. Both operating systems also share numerous key security concepts, including:
  • Heavily relying on hardware based security for things like rollback prevention and verified boot
  • Continued investment in anti-exploitation techniques so that a bug or vulnerability does not become exploitable
  • Implementing two copies of the OS in order to support seamless updates that run in the background and notify the user when the device is ready to boot the new version
  • Splitting up feature and security updates and providing a frequent cadence of security updates
  • Providing built-in anti-malware and anti-phishing solutions through Google Play Protect and Google Safe Browsing
On the Android Security & Privacy team we’re always trying to find ways to assess our ongoing security investments; we often refer to this as measurable security. One way we measure our ongoing investments is through third party analyst research such as Gartner’s May 2019 Mobile OSs and Device Security: A Comparison of Platforms report (subscription required). For those not familiar with this report, it’s a comprehensive comparison between “the core OS security features that are built into various mobile device platforms, as well as enterprise management capabilities.” In this year’s report, Gartner provides “a comparison of the out-of-the-box controls under the category “Built-In Security”. In the second part, called “Corporate-Managed Security, [Gartner] compares the enterprise management controls available for the latest versions of the major mobile device platforms”. Here is how our operating systems and devices ranked:
  • Android 9 (Pie) scored “strong” in 26 out of 30 categories
  • Pixel 3 with Titan M received “strong” ratings in 27 of the 30 categories, and had the most “strong” ratings in the built-in security section out of all devices evaluated (15 out of 17)
  • Chrome OS was added in this year's report and received strong ratings in 27 of the 30 categories.
Check out the video of Patrick Hevesi, who was the lead analyst on the report, introducing the 2019 report, the methodology and what went into this year's criteria.

You can see a breakdown of all of the categories in the table below:


Take a look at all of the great security and privacy enhancements that came in Pie by reading Android Pie à la mode: Security & Privacy. Also be sure to live stream our Android Q security update at Google IO titled: Security on Android: What's Next on Thursday at 8:30am Pacific Time.

Episode 488 – A Word Of Caution Around Selling Old IT Equipment

If you decide to sell or even participate in a recycling program it’s important to make sure you properly delete all your data first. This epsiode goes into the details on the proper way to erase your harddrives and show you the way you are doing it nowe isn’t enough. Be aware, be safe. *** […]

The post Episode 488 – A Word Of Caution Around Selling Old IT Equipment appeared first on Security In Five.

On Abusing Email Validation Protocols for Distributed Reflective Denial of Service

Veracode Research Email Validation Protocols DrDoS

Denial of Service (DoS) attacks are still very much in vogue with cybercriminals. They are used for extortion attempts, to attack competitors or detractors, as an ideological statement, as a service for hire, or simply “for teh lulz.” As anti-DoS methods become more sophisticated so do the DoS techniques, becoming harder to stop or take down by turning into distributed (DDoS) among stolen or hacked end-points. Some DDoS methods even use distributed, public systems that aren’t hacked or stolen, but still offer a means for a reflected attack (DrDoS) such as the widespread Network Time Protocol (NTP) DrDoS attacks seen over the past several years.

In the spirit of discovering and exposing potential future cybercrime methods, this research focuses on determining the viability of DrDoS attacks using public-facing email validation protocols. With knowledge of attack anatomy white hats can better understand the threat landscape while building their unique threat models, and if need be, build and configure defenses against such potential protocol abuses. Fortunately, or unfortunately, depending on your reference point, the findings of this research conclude that these types of attacks are likely not to be a widespread threat given the current sets of in-the-wild email server configurations; though this may change in the future as more systems come online and configuration habits shift.

We know what sort of returns we can get for DDoS leveraging SPF in large part through the work of Douglas Otis. However, given other DDoS vectors available (DNS, NTP, etc.) using SPF alone doesn’t have much of a bite. The idea here was to try and also leverage other email validation protocols that may be configured for a mail server also employing SPF, a stacked attack. Following a review of the DomainKeys Identified Mail (DKIM) protocol RFC it was discovered that there are instances where the specification suggests using reply codes: 4xx, 451/4.7.5, and 550/5.7.x specifically. This suggests mail server configurations that may reply to messages that meet, or fail, certain criteria.

However, of the 20 in-the-wild sample servers (located in the United States, France, Germany, Hungary, and Taiwan), zero responded to invalid DKIM headers. As with the DKIM RFC, the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol RFC has a configuration suggestion for issuing a 5xy reply code for failed messages as well as a security discussion for External Reporting features of DMARC. Both of these vectors seemed promising for possible exploitation. Of the 20 in-the-wild servers tested, (located in the United States, the United Kingdom, France, Canada, and Switzerland) only four replied with a failure code and zero offered External Reporting services.

While subject to future change, these findings suggest that the current, real-world landscape does not lend itself to leveraging these validation protocols for any serious volume of DrDoS.

Malicious MS Office Macro Creator

Evil Clippy is a tool for creating malicious Microsoft Office macros:

At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows.

The VBA stomping is the most powerful feature, because it gets around antivirus programs:

VBA stomping abuses a feature which is not officially documented: the undocumented PerformanceCache part of each module stream contains compiled pseudo-code (p-code) for the VBA engine. If the MS Office version specified in the _VBA_PROJECT stream matches the MS Office version of the host program (Word or Excel) then the VBA source code in the module stream is ignored and the p-code is executed instead.

In summary: if we know the version of MS Office of a target system (e.g. Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled.

National Small Business Week 2019: Cybersecurity Survival Tips for Small Businesses

This year, National Small Business Week is being held between May 5th and 11th and is celebrated to recognize small business growth and its contribution to the U.S. economy which now makes up 44% of the national GDP.

Running a small business is tough. Depending on the type of industry you’re in, you may be tasked with raising funds (if you’re a startup), registering licenses and permits, figuring out your finances for R&D, or bringing your services to the digital space.

But what is one common thing that ALL small businesses need in order to survive in tough markets? Cybersecurity.

All of the hard work entrepreneurs have dedicated to grow their small business may be for nothing in the wake of a cyberattack.

Small businesses and even medium-sized businesses may not think cybersecurity should be a top priority, but it should.

Let’s take a look at the facts:

  • 43% of cyber attacks are targeted at small businesses.
  • 60% small companies go out of business within six months of a cyber attack.
  • Small businesses are most concerned about protecting their customers’ data

Some of the major challenges that small business face in implementing a cyber defense plan is lack of cyber education, lack of resources, and lack of time.

But even as a small business, there is a lot you can do to jump start your cybersecurity plan if you haven’t already. 

Get your employees informed about cybersecurity

Even if you lack trained IT professionals in your organization, it’s no excuse to not educate your employees about general cybersecurity practices. Human error is the weakest link in cybersecurity. Remind employees to:

  • Keep software up-to-date
  • Create strong and unique passwords for all accounts
  • Avoid clicking links in suspicious emails

Also, remind employees what’s at stake in the event of hacking episode.

Take advantage of free small business cybersecurity resources

There are tons of free cyber courses out there that can educate your employees about the importance of cybersecurity. Some online courses even offer free certifications!

As one of the supporting cosponsors of the week, the National Cyber Security Alliance (NCSA) has made available several free cybersecurity resources for small businesses to use freely, which you can check out here.

Other organizations offer free antivirus software, password managers, and malware scanners that do the job. 

Cloudbric also currently offers free cybersecurity tools. One of the tools lets you explore blacklisted IPs and known phishing URLs to ultimately improve website and web server security. 

Know what firewalls your small business needs

Whether it’s protecting your network, your employees’ devices, or your company website, know which kind of firewalls need to be in place in your organization. For example, an IPS, network firewall, and web application firewall are all different.

This also means being educated about new types of cyberattacks that exist so that you and your business are better armed to combat them.

Cybersecurity doesn’t need to come with the high price tag. Many cybersecurity vendors offer discounted prices for small businesses so that they can continue serving their customers without the worry of cyberattacks.

It’s also important to find a solution that minimizes the resources needed to manage the security in the first place. Cloudbric for example offers a virtually hands off approach to our cloud-based WAF that fits perfectly into the budget of smaller businesses.

For more small business cybersecurity tips, check out the FTC’s guide


Make sure to follow us on our social media platforms (LinkedInTwitter, and Facebook) and our recently opened Telegram Announcement Channel for the latest updates!

The post National Small Business Week 2019: Cybersecurity Survival Tips for Small Businesses appeared first on Cloudbric.

Highlights from the Verizon DBIR 2019

Every year, the Verizon Data Breach Investigations Report comes out, and there’s a mad scramble to inspect and interpret the data. The report is data-rich, as always, and already contains a bunch of analysis, so there are really only a few options for adding value to the conversation. Industry commentators can choose to disagree with […]… Read More

The post Highlights from the Verizon DBIR 2019 appeared first on The State of Security.