The Changing Cyber Landscape

Cyber-attacks have increased by over 800% since the start of the Russia-Ukraine war from suspected Russian bad actors. Attacks have become so much more frequent and unprecedented and their impacts even more devastating. The Colonial Pipeline ransomware attack in 2021 is a recent example and is the largest publicly disclosed attack against critical infrastructure in the United States. The Colonial Pipeline is the largest refined oil product pipeline in the U.S. and can carry 3 million barrels of fuel per day between Texas and New York. Attackers exploited an exposed password for a VPN account, stole data, and asked for a ransom of $4.4M. The attack was felt across the country through shortages of jet fuel, and fear of a gas shortage caused panic-buying, and a spike in gas prices. 

 

Global threats are not only dominating mainstream media headlines but unfortunately our cyber infrastructures as well. 2022 has already seen its fair share of challenges between Covid-19, supply chain issues, natural disasters, and the Russia-Ukraine war. Amidst all these events, cyber incidents were still the top global threat according to the Allianz Risk Barometer 2022 

 

Ransomware attacks cost companies millions each year. The top 5 known ransom payments include: 

 

  1. CWT Global 

AMOUNT PAID: $4.5 MILLION 

RANSOMWARE: RAGNAR LOCKER> 

  1. Colonial Pipeline 

AMOUNT PAID: $4.4 MILLION 

RANSOMWARE: DARKSIDE 

  1. Brenntag 

AMOUNT PAID: $4.4 MILLION 

RANSOMWARE: DARKSIDE 

  1. Travelex 

AMOUNT PAID: $2.3 MILLION 

RANSOMWARE: SODINOKIBI 

  1. University of California San Francisco (UCSF) 

AMOUNT PAID: $1.14 MILLION 

RANSOMWARE: NETWALKER 

 

 

Most of these vulnerabilities were hacked due to weak passwords or not having many defenses in place and only relying on firewalls. Most of these incidents could have been prevented through a proactive cybersecurity solution such as Identity and Access Management Services. 

 

Cyber criminals will often pose as co-workers, friends, or family members for network/password credentials or financial gain-this is called social engineering. The sense of urgency from an authority figure or family member often outwits our sense of realizing this is an out of character request. It often leads to instantly sending money to what seems like a familiar face. The network/password credentials shared provides entry that your typical security hardware and software won’t notice and allows unfettered access to valuable, critical data. 

 

Existential Threats 

As the attacks increase, so do the costs associated with them. The average cost of a data breach is $4.24 million for companies worldwide according to the 2021 Cost of a Data Breach Report. With all the hackers and scammers flooding our cyber infrastructures today, it is more crucial than ever to have the proper defenses in place. The toll on business productivity and financial standing is far too much. 

 

  • Existential Threat: Ransomware 
  • Real World Impact: Average cost of a ransomware attack is $732,520 when the ransom was not paid, but doubles to $1,448,458 if the ransom is paid 
  • Existential Threat: Downtime 
  • Real World Impact: Amazon, Microsoft,
    Delta, Sony, Nvidia—no company is immune from downtime and the brand damage
    it inflicts 
  • Existential Threat: Compliance Fines 
  • Real World Impact: New state compliance requirements are rolling out and the penalties are no slap on the wrist—California Consumer Privacy (CCPA) fines can run up to $7,500 per violation with no cap 
  • Existential Threat: Data Loss 
  • Real World Impact: Whether from a cyberattack or human error, 40%-60% of SMBs won’t reopen after data loss 

In addition to these existential threats, enterprises have faced a slew of IT challenges: 

  1. The average enterprise has 6 different forms of application infrastructure 
  1. …each of which comes with unique management systems and tools 
  1. 80% of time is spent managing risk 
  1. …which leaves little time for IT to create additional value for the business 
  1. Compliance requirements are evolving in real-time including the addition of state privacy laws.  California led the way with CCPA and 38 other states recently implemented privacy laws. 
  1. IT is expected to do more with less year-after-year managing cross-platforms, and security and compliance of different environments 

With the ever-increasing threat landscape affecting more businesses and individuals each year, it is understandable companies are seeking out a reliable partner to protect their cyber infrastructure. Ntirety can help your business build a security and compliance solution that meets today’s needs while strengthening your long-term strategy. For more information watch our recent webinar here and stay tuned for the next blog in this series. 

When SHTF: Dissecting How Cloud Plays A Role In Disaster Recovery

When things go south, we often think of what we could have done to better prepare for the scenario. While many situations are out of our control, there are ways we can be proactive in mitigating cyber threats. This article from Ntirety CEO Emil Sayegh was originally published in Forbes. 

 

When SHTF: Dissecting How Cloud Plays A Role In Disaster Recovery 

 SHTF – It’s a messy mental image, but for those of you that know these scenarios, it fits the chaos of the dystopian moments such as what happened at the Port of Beirut in 2020, or during the Texas Snovid Arctic Front in 2021, or more recently when Russia attacked Ukraine. However, the more you know about how to mitigate these sorts of massive disasters, the better prepared and at ease you will be. If disaster preparedness sounds like something that applies to your business (it does), consider identifying where your company is on the spectrum of data use (static vs. dynamic) and whether or not your IT and technology departments have identified the borders between responsibility and liability. Once this information is collected, you can begin to think about what happens when “it” hits the fan so you’re ready if it does. 

Slow and Costly 

In the world of IT, traditional disaster recovery is well-established in its redundancies and recovery times. It also includes a variety of concepts and practices that are simply obtuse in today’s dynamic data environments. These approaches often came with limitations on flexibility and scalability. There is also the matter of investment: in order to take advantage of these benefits, there is a high initial investment in terms of hardware and configuration which can be costly for businesses, especially if they’re located across multiple sites. Companies that use traditional disaster recovery host servers at either local or remote locations that require maintenance, licensing, and parallel monitoring. The task of preserving valuable business resources is exponentially more difficult, time consuming, and costly than more modern solutions – especially when it is not unheard of for recovery to take hours or even days to failover under conditions where local services are lost. 

Enter Cloud Technologies 

With the advent of cloud technologies, cloud disaster recovery has changed everything by eliminating the need for traditional infrastructure for data recovery purposes. This has significantly reduced downtime in IT departments that use this service as they are able to harness power of the cloud at immediate spin up or fail over time after an incident occurs. At its most basic level, disaster recovery in cloud computing is performed by replicating data from a primary site to a cloud service. In case of a disaster, the data can be failed over to a different environment and resources with minimal downtime. 

Many cloud computing services are provided on a pay-as-you-go basis and can be accessed from anywhere at any time. Other cloud resources can be reserved through longer commitments to help reduce costs. Perhaps the most important feature of cloud backup and disaster recovery systems is that these environments can be programmatically automated, requiring minimum input. With the right configuration in place, cloud-based disaster recovery will be able to restore your entire environment in just minutes or less. 

Cloud-based disaster recovery provides a powerful way for businesses of all sizes, whether they’re large corporations or startups without the resources on hand themselves, to protect against outage risks while continuing normal operations during emergencies. With the right approach, organizations can satisfy their recovery point objective (RPO) and recovery time objective (RTO) needs with cloud data recovery. It is important for organizations to evaluate each potential offering for factors such as reliability or recurring costs before committing any long-term investments into this area of business continuity planning. 

Prepping for Disasters 

The lessons for C-Levels are that disaster recovery, backup systems, and business continuity planning can no longer be regarded as luxuries, in today’s uncertain environment. Our duty as IT professionals is to build redundancy and disaster recovery to recover from such events. Redundancy is a critical IT principle, but when components begin to sequentially fail, returning to operation is an equally great critical business priority. The IT community must put value into routine risk assessments. Technology departments and the executives that drive organizations cannot wait to react if something goes wrong. Risk assessment and corresponding actions are top priorities that cannot be left to lower-level IT executives or staff. From beginning to end, CEOs, the entire C-suite, and the board must keep complete visibility and priority. 

The hyper-scale availability of cloud services in disaster recovery is one of the greatest innovations available to business today. Advanced computing and networking power is both simpler and more powerful than ever before and exponentially scalable when needed during emergencies and “SHTF” scenarios. Many companies will not need anything else but this one service: continuous remote deployment capabilities backed up seamlessly through off site storage facilities. With the power of a cloud that is everywhere when needed, a disaster mess is something that becomes much simpler and faster to navigate. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.

Building An Industry Response To Ransomware

While your business may have a disaster recovery plan in place, it is equally if not more important to proactively put security measures in place to defend your cyber infrastructure from ransomware and similar threats. The following piece is by Ntirety CEO Emil Sayegh originally published in Forbes. 

 

Building An Industry Response To Ransomware 

The term ransomware will often trigger a detectable response in even the most hardened security professional, especially as the industry sees an 800% increase in cyberattacks in the early days of the Russia-Ukraine war. This well-known digital blight carries so much impact that the appropriate response to the word itself is justified. Year after year, we can see that the rate and scale of ransomware attacks are skyrocketing, and recent attacks on Samsung and Nvidia illustrate an even more rapid acceleration —thankfully, the response to ransomware is also on the way up. One of the actionable ways that the threat is being addressed is through proposed legislative acts. 

A First Try: Ransomware Disclosure Act 

Among the most significant legislative measures proposed in the last few months is the Ransom Disclosure Act. On the surface, this governmental initiative, like many other initiatives, seems like a great idea, until you dig into it. The provisions in the act create a 48-hour window in which a company that has paid a cyber ransom must report various details about that payment. The disclosure mandate includes information on the amount paid, the date of the occurrence(s), the type of currency used, and any available data about the parties that made the ransom demand. This information is then sanitized by the U.S. Department of Homeland Security (DHS) and published on a public website. Still unquantified are the prospective penalties of non-compliance with the Act. 

From an enforcement perspective, it cannot be denied that there is a deficiency of active data that could assist in criminal implications and recovery. Rapid, detailed information can make a big difference in the ability for governmental agencies to step in, tracking funds and potentially being able to seize ill-gotten proceeds. 

For example, there was a partial but significant ransom recovery that occurred after the ransom payment in the case of the Colonial Oil Pipeline event. The Colonial incident was a major attack that had considerable national impact and publicity. Due to the publicity, federal agencies were involved in the response, and the partial financial recovery speaks for itself. Should similar actions be the response framework for all attack incidents? There are many practical points to debate in the matter, starting with whether the governmental authorities have the mandate, resources and capability to pursue these cases adequately and in a fulsome way. 

Disclosure Flaws 

While we all want actionable intelligence to maintain a level of awareness, the public aspects of this Act are cause for some legitimate concerns. Over the course of events, as they are publicly disclosed, it is possible that the proposed DHS site could amount to a ransomware leaderboard. This could add the unintended effects of increased ransoms, increased ransomware cybercriminal participants, increased volume of attacks and increased severity of successful attacks across the board. Here are some key flaws in this proposed reporting requirements by DHS: 

  • Public disclosure could result in the creation of successful ransom intelligence that cybercriminals can use by correlating data. It is possible to unintentionally disclose industry information, date, and time information, ransom amounts, and preferred payment methods. Even with the company names redacted from this base of information, cybercriminals can glean the identity of the biggest “scores” from public news, service information, and countless methods of dark web underground chatter.
  • The collection of information proposed in the act only focuses on the impact of the attack upon targeted companies. Once published, an incident could serve as a reference point for unknown public and financial repercussions.
  • Compliance and the roll out of a reporting program could lengthen the duration of disruption, extending the time needed to return to operations.
  • There doesn’t appear to be a history of successful piloting of such a system, including the impact on an industry.
  • Rival global cyber-gangs could derive intelligence from successful attacks, and fine tune their strategies.

What About False Security? 

Starting with Cyber-liability insurance, beware of a false sense of security. Ransom payments should be exceedingly rare and even nonexistent. This should never be part of a response plan even if you have cyber liability insurance, but these principles somehow persist. Publication of these flawed decisions serve to highlight the prevalence of unfortunate planning and a perceived lack of available ransomware responses. 

Numerous industry reports show that there is a false sense of security in ransom payment. Close to half of the companies that pay ransoms discover that their recovered data is corrupted. As we saw in the case of Ukraine, suspected Russian hackers used wiper code to completely destroy key data in banks and key governmental organizations. If, during the course of the attack, data made its way outside the company, that data is now “out in the wild” and there are no ransom-backed guarantees about what happens to that data. Further insult to injury, reports show that most organizations that are hit once with ransomware and pay a ransom will experience a second, likely-related ransomware attack. 

Bad Ideas and Good Ideas 

On the frontlines, organizations must continue to break free of the mentality and false sense of security that relies on outdated security such as cybersecurity insurance, vulnerability scanning, signature detection, and VPN systems. Instead, companies that are prepared to prevent ransomware threats must implement security measures that are comprehensive and full spectrum across the data center, cloud, endpoint, and applications. 

Actions against ransomware gangs such as the arrest of the REvil gang by Russia, and the extradition of the alleged REvil Ukrainian Hacker from Poland are a good thing, but insufficient if done as one-time events, as more sophisticated gangs will quickly pop up. Reporting programs such as what is proposed in the Ransom Disclosure Act have the potential to provide great advantages for a new breed of cybercriminals. This information should be privileged as the public focus carries too many unknown implications. Public information should instead be focused on identifying information about the attackers when available and figuring out their apprehension and prosecution. More detailed information should be passed on only to a group of private companies that are entrusted to fight cyber-criminals, while protecting the privacy of the victims. 

This First Step is Critical 

Time will tell what becomes of this proposed measure and how much traction it will gain. It is an indication of an important first step into these matters. With some tweaking and industry partnership, it could possibly be the right step in the right direction. 

In any case, the industry will continue to drive towards improvements in the defense and prevention of ransomware incidents but needs proper Governmental leadership. This type of partnership between industry and government is the best path for prevention of incidents in the first place. 

As we build up these improvements, organizations will be looking at both next level and first level steps to address these novel and continued threats including threat model strategy, multiple-layer security, advanced anti-ransomware technology suites, and behavior-based incident detection. While many of these disciplines are needed now, the cybersecurity talent drought persists driving a need for outsourcing and security partnerships. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.

Biden’s Missing State Of The Cybersecurity Union

The State of the Union is presented to the American people each year to address current issues and initiatives. While there was quite a bit to unpack for Biden’s 2022 State of the Union, cybersecurity did not make the cut. The following piece from Ntirety CEO Emil Sayegh was originally published in Forbes. 

 

 Biden’s Missing State Of The Cybersecurity Union 

 While I am certain that there were priorities that needed to be covered in the President Biden’s first State of the Union address, it was disappointing that something as critical as cybersecurity was not mentioned even once. In the last few months, the administration has repeatedly labeled cybersecurity as a core national security challenge. Just one day before, the US Cybersecurity & Infrastructure Security Agency (CISA) issued a “Shields Up” alert, making the omission all the stranger. Perhaps this article might serve as a substitute for the State of the Cybersecurity Union. 

Protecting the Homeland 

If it isn’t clear by now, we are on the front lines of a modern hybrid war, one that is largely digital. Critical systems, resources, and our very way of life hangs in the balance of a multi-faceted, global cyber front that is gaining power while we collectively prepare to defend. 

Since war in Ukraine emerged early in 2022, alerts have spread throughout the industry. Base threat activities have skyrocketed since the beginning of hostilities to a sustained increase in volume of at least 700%. Many of us have received both confidential and industry-wide threat information from major government agencies such as Homeland Security, the FBI, state agencies and more. Much of this information has been extremely valuable in our responses and readiness in the face of escalated threats. 

The dire impact of strong economic sanctions against Russia will increase in time. It is reasonable to assume that retaliatory activities against digital targets will also rise. The more the screws are turned, the more the pressure of sustained attacks. The more the pressure, the more the likelihood of success. We must be prepared for significant disruption to things that we count on every day. Everything from food supply to water services, to banking, to streetlights might be impacted – there are too many targets to count. 

For that reason, a big part of readiness is a readiness to fail – and recover in the event of a cybersecurity incident. Planning, validation, and execution routines are likely to be tried in times of great duress. This is the frank reality of what could be coming soon. 

 

The Front Lines Have Moved To Our Backyards 

The 2022 State of the Union has come and passed but hopefully, in the weeks ahead, the President and his administration will have opportunities to share critical cybersecurity information with the general public. Remember the front lines are in your schools, hospitals, meat processing plants, and water distribution systems. They are on your smartphones. They are in apps and point-of-sale systems. They are on your tablets and smart TVs. These are, and many more, all targets, and this is a message that should be shared with everyone. 

There are few greater threats today to our way of life than the urgent, real-time threat of cybersecurity threats. In terms of investment and execution, cyber warfare requires very little tangible commitment and since cyber warfare started, adversaries have reduced the traditional need for jets, missiles, battleships, cruisers, or infantry in their capability to target an adversary. 

It’s Time for a Cybersecurity Reset 

Cybersecurity is a preeminent threat to these United States at this moment in history of equal if not of more importance that some of the items mentioned in Biden’s first address to the nation. We can all agree on the things that we don’t want to lose. Our country needs this administration specifically to help us protect the homeland. Regrettably, despite the rapid alerts that emerged in the wake of the Ukrainian war, our national response feels far too reactive in a world where attacks are all around us and threats are planned weeks, months, and years in advance. 

We are one year into the Biden Administration and we still do not have the improvement in posture that many of us in the industry had hoped for and called for vigorously this last year. I suggest the following urgent developments: 

  • We need to immediately establish a specialized cybersecurity defense taskforce that is both bipartisan and composed of members from the public and private sectors. In order to be effective, this taskforce must be distinct and clearly define itself as the source of defensive cybersecurity for the industry. 
  • Further, we must instill a rich climate of collaboration when it comes to cybersecurity, and that starts from the top. Organizations should be encouraged to work side by side with government resources to address their cybersecurity systems and this climate should inspire organizations to partner with services, capabilities, and technologies that are not readily available to these companies alone. 
  • Upskilling all branches of government, media and industry on cybersecurity risks and threats. Many in power still don’t understand the potential crippling effects of a cyber-attack. 
  • While the “Shields Up” alert from CISA is meaningful, a targeted alert systems needs to be created to help not only governmental agencies and enterprises but also hospitals, schools, small and medium businesses understand what their risks are, and what they can tangibly do in this battle. 

Keep Asking Questions 

My hope is that those in leadership roles begin to assert those roles in the form of clear and substantive policies, an architecture of interindustry collaboration, and establishing clear leadership towards leading us on a path to cyber threat mitigation. 

As a nation, we must continue to grow, and we must continue to evolve. We must prioritize the security of our nation, however, and make sense of the universe of threats that surround us. We have not been afforded adequate forums and voices, and so in continuing articles, I will continue to raise questions about what we can do collectively to defend our resources. We need to keep making the world aware about the cybersecurity risks. Every one of us should, including President Biden. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.

Preventing the Number One Source of Breaches

Identity and Access Management (IAM) is a key component of an effective, comprehensive security solution. Weak authentication methods and passwords continue to be the number one source for data breaches, and with costs soaring over $4 million per breach, the impact is catastrophic to most businesses. Even if your business does survive a breach, there are serious and lasting consequences.  

What is Identity and Access Management? 

IAM is not a single product but a comprehensive set of technologies, company-wide policies, and processes for granting, controlling, and accounting for identities throughout their lifecycle. IAM is comprised of Multi-Factor authentication (MFA) and Single Sign On (SSO) services implemented as part of a complete security program. MFA validates that users are who they say they are. Users must prove their identity by using at least two verification factors from different categories. This includes something they know, something they have and something they are. It ensures that users get the right access for the right reasons at the right time. For example, A bank may allow a customer to log into their online account with just a username and password but requires a second authentication factor before transactions can be approved. SSO allows users to sign into many services, accounts, or applications using one set of secure credentials. It simultaneously reduces the number of attack surfaces and offers a positive user experience.  

IAM can mitigate many of today’s leading threats by controlling user access and ensuring that additional privileges are only given under strict monitoring. It’s a key component of Zero Trust.  

Here’s a few reasons why implementing an IAM solution as part of a comprehensive security solution is a must:  

  • With an estimated 2,200 attacks per day or the equivalent of one attack every 39 seconds, it’s only a matter of time before your business is the target. Proactively protect yourself from cyber-attacks, breaches, and insider threats caused by unauthorized access.  
  • Preserve your company’s reputation and good standing in the market; any exposure of customer data or sensitive, classified, and private information ruins the trust you’ve worked hard to establish with customers and prospects. 
  • Your career may be on the line. These days it’s everyone’s job to prevent data loss, meet regulations, and ensure uptime, but if you’re a business or IT leader, you’re especially on the hook. Neglecting to put in the proper safeguards in place can put your career at stake due to the financial implications and business impact of a potential incident.  

What’s Causing These Beaches?  

According to the Verizon Data Breach Investigations Report, 61% of all data breaches in 2021 occurred as a result of weak authentication and stolen passwords. Another recent report found that 42% of data breaches were caused by insider threats, where employees attempted to steal trade secrets. With threats coming from internal and external sources, let’s consider how we got to this point.  

As a result of the pandemic, teams became more distributed, leaned further into using tools and technology in order to remain connected and productive. People created weak passwords and reused them across accounts and systems to make sign-on easier. They also shared passwords with their colleagues via chat and unprotected channels. Cybercriminals and malicious actors quickly caught on to this pattern and exploited vulnerabilities.  

The remediation for this problem includes implementing best practices for your people, processes, and technology. By developing a strategy for authenticating, authorizing, and managing access through Identity and Access Management, you’ll mitigate external risks and eliminate the potential for human error.  

Who is Most Affected and What’s the Real-world Impact?  

For 11 consecutive years, the healthcare industry has paid the highest costs when it comes to data breaches. FinTech, Retail, and Insurance are also common targets.  

Here’s a few examples of companies who failed to put IAM solution in place and suffered the consequences:   

  1. The Colonial Pipeline, the largest oil pipeline in the United States, was hacked in May 2021 due to an inactive VPN account with a leaked password on the Dark Web. The VPN account didn’t use multifactor authentication. The ransomware attack caused Colonial to shut down its 5,500-mile natural gas pipeline for five days, resulting in more than 10,000 gas stations across the Southeastern United States being out of fuel. 
  2. More than 30,000 organizations in the U.S. were impacted by the cyber-attack on Microsoft in March 2021, including local governments and federal agencies. The hackers accessed their network and gained remote control through an undisclosed Microsoft Exchange vulnerability and stolen passwords. 
  3. Using an employee’s stolen password, The New York City Law Department saw their personal records accessed by a hacker. The Law Department was required by the city to have multifactor authentication but had not implemented this safeguard yet. The intrusion interrupted city lawyers, disrupted court proceedings, and thrust some of the department’s legal affairs into disarray. 

Balancing Security with Productivity 

Workforce productivity is an essential part of IAM solutions as well. You need to provide your employees, customers, and partners with the right access and resources whenever and from wherever they need it. IAM increases user productivity at scale by standardizing and automating parts of the authentication and authorization process. As with any enterprise IT initiative, you may not have the resources or expertise to develop a comprehensive model that scales easily with evolving needs.  

Next Steps – Leverage our Expertise  

Ntirety can help you build an effective strategy and use the right configurations from the get-go, ensuring that the IAM solution is customized to your needs and strengthens your comprehensive security posture. IAM customers can expect these benefits and more:  

  • Protects data while maximizing the performance of your network 
  • Reduces security risks and meets or exceeds requirements for regulations 
  • Improves user productivity while simplifying IT management 
  • Controls access to a range of business applications and platforms, including email and collaboration software  
  • Enables collaboration between employees, partners, and customers 

Reach out to our team of experts for guidance on how you can address your compliance and security needs with our Comprehensive Compliant Security solutions. 

The Cybersecurity Implications Of The Russia-Ukraine Conflict

The Russia-Ukraine conflict has undeniably created heartache within and outside of these countries’ borders. In addition to the invasion of Ukraine, cyber spaces have seen a higher number of invasions – cyberattacks have increased by over 800% when the conflict began. The following article from Ntirety CEO Emil Sayegh was originally published in Forbes. 

The Cybersecurity Implications Of The Russia-Ukraine Conflict 

 At this hour, the world is hurting in ways that people did not expect. The Ukrainian crisis has erupted into a significant conflict and whatever the ultimate outcome, the world will never be the same. As a company, we have employees, contractors and families that live in both the Ukraine and Russia. We are worried for their safety above all, as most are unable to leave. With the financial complications and sanctions, we now may not even be able to pay them. I know there are other companies and organizations trying to figure out what to do about their employees, partners, and the grave threats that they face. There is no doubt that the human cost will endure longer than the effects of artillery and we hope that cooler heads ultimately and quickly prevail, especially with the specter of a nuclear war now looming large. 

Massive Surge in Attacks 

Immediately after the conflict broke out, suspected Russian-sourced cyber-attacks were observed over a 48-hour period at an increase of over 800%. U.S. cybersecurity agencies, the FBI, and the Department of Homeland Security have all shared high alerts covering threat levels, preparedness, and response. This is as critical as it can possibly get. Hostile cyber warfare is one of the primary tools of the modern global military today, and there is little doubt that this series of global events have been planned for some time. Historically speaking, nefarious state-sponsored cyber-activities have escalated when geo-political tensions are high.  

We do not know the form of attacks that will emerge, or those that may emerge successfully, but with a history of previous international attacks, we must have our eyes open for: 

  •        Advanced Persistent Threats (APTs)
  •        Malware
  •        Ransomware
  •        DDoS
  •        Network attacks
  •        Zero-Day vulnerabilities
  •        Code flaw vulnerabilities
  •        Privilege escalation
  •        Data anomalies
  •        Network anomalies
  •        Or – some combination of any of the above. 

Internationally, governments have shared the following general outlines for cyber security preparations: 

1. Patch Internet-Facing and Business Critical Software: Patch for all software and all vulnerabilities, even the old ones. Take no shortcuts because if you only patch against known attacks in the wild, you may get caught. If it’s on the internet anywhere, in any way, or handles your traffic, communications, or remote business operations – patch it. 

2. Prepare for Ransomware and/or Data Destruction: Ransomware is bad enough, but many have become accustomed to the behavior of demanding a ransom. Those same methodologies and vulnerabilities can also destroy data with a simple disposal of the decryption key or a simple rewrite. Recovering from attacks is much more than nullifying the threat – it means coming back from a disaster. Test your backups, validate your recovery plans, and continuity plans as well. Take the path of scenario planning on every component of your systems. 

3. Be Prepared to Respond Quickly: Have your response organization finely tuned. Consider what might happen if emails are out. Consider who will be the incident manager and that all non-email contacts are up to date. Walk through and reinforce how information for teams, customers, and employees will be shared in the event of a crisis. 

4. Lock Down Your Network: Batten down the hatches. It may seem inconvenient to run through every aspect of your network, especially when you are used to sending links to team members and clients or using a convenient chat application. However, it may be time to modify policies and affect the convenient experiences until some point in the future. Basically, if you can figure out a way to function without and you can eliminate a potential risk point, you should do it. 

An Urgent Call to Go Beyond the Basics 

Those are the basics above, but there is a present and imminent danger facing US companies. The basics are not enough. Every organization, without exception, must act with extreme urgency to secure its information technology infrastructures.  President Biden shared a warning about cyber-attacks leading to a “real shooting war” in a recent speech. No matter how small the company, a breach can lead to a national security emergency as we clearly saw with the SolarWind breach.  The best possible approach is to leverage the methodology of security, recovery, and assurance into a comprehensive security mission. They must keep watch 24x7x365 and there is no room for exception. If an organization or company cannot do this level of security themselves, they are vulnerable. Know that the sphere of business is all about collaboration and the best way to get through this is to work together. If you don’t have a competent security team to help (and most don’t), you absolutely must find a reputable security partner immediately. 

We Must Work as a Community 

We have arrived at this moment of truth: This kinetic war in Ukraine combined with the global cyber war is the test of our times, a trial of our resolve, and a reckoning for our cyber secure abilities. All the while, as rogue nations are built on cyber offensive attacks, our postures need to be built on the foundations of security because our assets are significant and prized targets. All information technology personnel must be vigilant on duty, keeping watch, and prepared to work diligently to protect customers, businesses, and systems.  

The Soft Underbelly 

As real as any military, political, and economic threats are, cyber threats are an unfortunate reality. All organizations, especially sensitive and critical industries can expect heightened threats of the scale and variety never seen specially as sanctions start to take a toll. Smaller organizations will most certainly be a target as they are considered the soft underbelly of this war.  

Financial institutions, critical infrastructure, government contractors, even providers of the internet itself must be prepared for what is happening and will continue to happen for some time to come. This is not just about one country – there are other global adversaries out there right now, executing their own opportunistic attacks. We can expect that as financial sanctions increase, retaliatory tensions from all nation-state operations will also rise. There is much, much more to come, and much more to fear for the unprepared.  

Unprecedented Times  

Make no mistake, we are witnessing unprecedented times. We have never faced the aspects of war that we do today – where attacks can be executed at lightning speed from anywhere in the world. As I have said before, packets can cause bullets and none of us want to be the weak link against the global cybercrime syndicates. Whether brazen or anonymous, attacks against our financial systems and our core infrastructure systems such as power, water, health, and the very internet itself should be expected, and can be rendered unusable through cyber-attacks. In the face of these threats, cybersecurity is no longer some afterthought. Cybersecurity is basic survival, and it has never been more important, especially in light of the escalating Russia-Ukraine conflict. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Cloud, Data And PET Adoption

Furry, fluffy pets bring us comfort in our homes, and similarly, Privacy Enhancing Technologies (PETs) provide comfort by keeping your data safe. The following piece, Cloud, Data and PET Adoption, From Ntirety CEO Emil Sayegh was originally published in Forbes. 

 

Cloud, Data And PET Adoption

Let’s face it— the world we live in is not a very private place. Try as we might, we can never really be left alone. We are always under the watchful eye of big data and in a state of constant connection. Before you think too long of how your fluffy cat, or a watchful dog will fit in a cloud privacy discussion, let’s break this down. Privacy Enhancing Technologies (PETs) are a suite of privacy technologies that protect data and minimize exposure of unintended personal data, placing variable control of data in the hands of the user. An increase in PET adoption could change all that in the data world. This is about new and comprehensive integrations of privacy and security technologies, largely based on cloud tools and APIs that will evolve the nature of data itself. 

Faster. Cheaper. Easier.  

There is no denying that technologies have evolved along these lines over time. In the big picture, computer, storage, and cloud infrastructures have similarly become more of a commodity than ever before. Metric barriers will continue to be broken through innovations that lead on those three characteristics. The direction for data, however, is more sophisticated than that because we continually find new use cases for data. The future of cloud technologies is interwoven with the application of data science as they head forward on a course together that is rife with the implications of privacy and security. We are only at the beginning.  

Cloud meets Privacy Enhancing Technologies (PETs) 

With roots that go back to early computing, you can find traces of PET technology and practices among everyday internet behaviors and tools. There are soft privacy technologies which are software-based, such as tunnel encryption (SSL/encryption), access controls, and data anonymity systems. There are also hard privacy technologies which include hardware VPNs, anonymous routing, and devices that leverage cryptography. Communication anonymizers hiding the real online identity (email address, IP address, etc.), Enhanced Privacy ID (EPID) , Homomorphic encryption, Non-Interactive Zero-Knowledge Proof (NIZKs), Format-Preserving encryption (FPE), Differential Privacy, and Pseudonymization are other evolving forms of PETs.  

It is an accepted fact that smartphones and apps are continually sharing location, usage data, and untold valuable information about that phone’s owner. From stores to street corners, highways, neighborhoods, and everything in between, video cameras are everywhere we can reasonably go. I haven’t even gotten to the invisible satellites that continually race around us in the heavens above and often cluttering our ability to star gaze.  

The point is that the proliferation of technology, especially those of cloud and data technologies ricocheted past what would have been more favorable in terms of privacy by design. Privacy regulations have tried and had some effect, but the industry still endures painful and devastating breaches of sensitive data. Privacy regulations have always and will always lag behind technology and hackers. Building around this and scaling up securely is clearly a task that is too difficult for many enterprises to deploy on their own. PETs can bridge that gap, and maintain privacy even as the underlying computer technology evolves and morphs. 

Collaboration: Trusting Zero Trust 

As the proposition of PET grows, what is developing is a new horizon coined as collaborative computing. Its proposition is simple. Collectively, PETs are advancing into technology stacks with the aim of creating a continuously verified plane of data privacy, advanced processing, and ultimately, a complete shift in principles of how platform-based data communicate towards an ecosystem of data collaboration. In essence, through ensuring security and privacy, sharing data becomes a more inviting focus.  

A New World of Data Enabled by Comprehensive Security 

It is clear that the drive for greater data acceleration and global availability balanced with the increasing focus on security and privacy are on track for a significant breakthrough that can unlock dynamic data markets and economies of scale. For example, marketplaces will feature the ability to federate queries and share tranches of non-specific data instantly. Whether that outside party is a partner, supplier, consumer or supply chain, regardless of country, information can be shared instantly across the world.  

The journey of cloud technologies and the data that comes with it have long counted on the tenets of security, privacy and integrity. The continuing evolution and adoption of PET, followed by the establishing field of collaborative computing are leading the way to a redefined global economy where opportunities are both unleashed and balanced by the characteristics of secure, private, and available data systems with its linchpin being a comprehensive security approach. 

 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

Michigan Mutual Gains Uptime through Ntirety Managed Services

Michigan Mutual is a mortgage broker founded in 1992 by brothers Mark and Hale Walker. Over the past few decades, the business has expanded across 35 states and now has a total of 100 Mortgage Loan Advisors. As a company that handles financial information, being able to quickly communicate with customers while keeping personal data secure is a top priority and core to their value proposition. The challenge is having all the right tools and technology in place to compete with big players and some nimble smaller ones. 

Michigan Mutual had to move their back-office IT servers from their office suite to a data center that they owned and operated. Over time their server, storage, and network set-up became outdated.  A decision had to be made on how to make sure data management was as efficient as possible in the spring of 2017. 

To free up their time, and increase availability and security, Michigan Mutual turned to Ntirety for a virtual desktop services solution (VDI) and moved everything from their own data center to be on Ntirety’s VDI and DR infrastructure. The VDI and on-prem DR Solution moved to Ntirety in August 2017. In June 2018 their applications and back-office were also moved to be fully handled by Ntirety. 

With Ntirety onboard, the mortgage company now has more uptime and availability to focus on other business operations. The migration to Ntirety’s data center gives the Michigan Mutual team more servers and desktops that are available all the time and running at peak performance. 

Centralized administration and cloud desktop means that regardless of what happens in any individual area, employees can just go somewhere that has internet, and they’re back up and running. 

“We have been fortunate in the fact that the Ntirety team has been able to focus and to get attention to things quickly to help us get results,” Michigan Mutual EVP and CIO Bruce Clarke said. 

The reliability, communication and support from Ntirety has helped Michigan Mutual to feel valued as a customer and feel confident in the Ntirety solution. That confidence allows the Michigan Mutual team to stay focused on being competitive in the market rather than worrying about managing their infrastructure. 

Read the full case study here for more details about how the Ntirety solution helped Michigan Mutual gain uptime. 

The Combined Peskiness Of Inflation And Cybercriminals

Inflation has been a (not so) hot topic over the past year. As prices rise on grocery store shelves, unfortunately so do ransom costs because cybercriminals have bills to pay too. The following piece by Ntirety CEO Emil Sayegh was originally published in Forbes. 

The Combined Peskiness Of Inflation and Cybercriminals  

Not a day goes by where hackers are not making American lives worse. From fraud to ransomware, from data leaks to compromised passwords, it’s another serious problem for all of us to deal with. Lately, both business leaders and the public have become concerned with hyperinflation. Nobody likes it, but it is here— and as it is with most changes, a bit of upheaval will follow. Beyond the personal economic impact, there are serious cyber implications as well and it all leads to an uncertain future.  

Paying More for Cyber Crime 

I hate to tell you this, but hackers pay bills, too. Inflation is a factor of our national economy and when it surges as it has in the last several months, it carries a significant impact to everyday life and can cause significant disruptions. Prices increase across the board and in time, they will affect just about everything around us. That goes for the cost of cloud computing, software, support, and yes, hackers.  

Hackers, while arguably the lowest forms of life, live with the rest of us. They are not tucked away on a secret island somewhere with an independent economy. I am not attempting to incur sympathy for the increased financial burden for hackers and cybercriminal groups, however we must consider what is surely about to happen in terms of their cost of operations, cost of living and continuation of their raw activity returns. 

  • 2021 saw a 17% increase in publicly disclosed ransomware attacks, while certain sectors such as retail saw a 100% increase in attacks.
  • Ransom amounts increased tremendously in 2021 with the largest ransomware payout being made by an insurance company at a whopping $40 million, setting a world record.
  • Faced with mounting power, computing, and living costs, ransomware event frequency will increase, while the target size of companies will continue to decrease.
  • Attack selection will focus on time and location where targets are the most vulnerable.
  • Based on dire financial situations in certain areas of the world, a new, much younger generation of hackers will arrive and join the cause.
  • Attacks will continue to become easier to implement. 
  • New attack vectors will be discovered, most likely after a major attack.
  • The number of weakened organizations will increase. Faced with financial pressures and mounting costs, organizations may cut corners or delay security preparedness.
  • Virtual currency, the preferred payment channel of cybercriminals, will swing wildly as incidents play out.

To put it simply, the market for cyber attacks is exceedingly lucrative for those that ply within that trade. And a climate of financial pressures and supply chain issues are nothing more than an opportunity for cyber criminals to turn up the heat. It is a perfect storm that pays favor to cybercrime.  

As a matter of definition, cyber attacks seek vulnerability. Optimal timing is a major factor found in the aftermath of an attack incident. In many cases, intrusions occur on some vestigial digital component— such as an environment that was slated to retire but never quite made it, an unpatched, lightly-managed server, or those couple of dozen users who refused or were unable to migrate their workstations.  

Cyber Attack Targeting is Limitless and Without Morals 

Technical deficiencies aside, the industry position of a target could also be what makes it a target in the first place. These are crimes of opportunity that seek to maximize their potential leverage in burdened industries. For example, at the moment people are feeling the inflationary impact at the gas pump, at the grocery store, at their favorite restaurants and in many retail situations. Cybercriminals are actively selecting their targets on the greatest potential to exploit legacy security systems and to maximize their potential returns. In general, not all industries are as ready as others for modern cybercrime threats.  

Cybersecurity into the Boardrooms 

More than ever, security is a critical facet of company success— and survival. It has become an existential threat with 40% of hacked companies not being around a year after a data breach. Chief Information Security Officers at major companies are now invited to the boardroom. They must because most expect to be the target of ransomware attacks in the coming year. Actions are becoming more proactive, to get ahead of potential attacks. More importantly, risk concerns are serving as the catalyst that is fueling cyber-attack response capabilities including  funding  the implementation of new technologies, security missions, and supplemental services and partnerships. While slowly, priorities are generally building in the right direction and that’s a good thing.  

Weathering the Surge 

Not every company however is as big or in a position to respond alone to the incoming surge. Talent and vision can be rare throughout the industry, but the framework of where threat readiness is readily available. 

Technical controls and practices for vulnerabilities are available throughout the front lines of cloud, email, endpoints, and on-premise environments. These components will ideally feature behavior detection, centralized reporting, and some level of automation. Defense strategies should be built around the detection and notification of lateral movements and must always expose the leakage of data across all possible exit points.  

One of the most valuable tools available in the preparedness arsenal is backups. Organizations should have a comprehensive security strategy that includes recovery.  A disaster recovery solution, as well as a regular test of backup  data ensures that backups can be accessed in case of emergencies. Further, we can prioritize around key systems and keep sensitive records isolated whenever possible.  

Finally, consider increasing focus on more comprehensive and holistic security practices. Consider threat modeling, gap identification, and risk analysis in the overall security plan. Implement services and consultation with qualified, experienced parties that truly live and breathe these cyber threats. Focus on the training and education of your administrators and users. Investments in security today, under any financial situation, will pay dividends when things turn rough.
 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn. 

ARG and Ntirety Secure AbsoluteCare’s IT Infrastructure

AbsoluteCare is a leading healthcare provider that focuses on providing comprehensive and preventative care to the most vulnerable populations in the United States. ARG is a technology consultancy dedicated to helping companies find the right match for their technological needs and is a trusted partner of Ntirety.  

With a large amount of Protected Health Information (PHI) in their data warehouse, it was essential for AbsoluteCare to guard against potential threats. AbsoluteCare works with insurance providers to find specific individuals in need of their services and in order to safely store data and properly process information they needed the right partner.  

As a growing company, in 2016 AbsoluteCare decided it would be best to reduce reliance on some of its own dated technology stacks and start with a clean slate. 

AbsoluteCare’s previous vendors did not have the database management and database architecture expertise that was needed to manage the large amount of information that the healthcare provider was responsible for. Cybersecurity was handled by multiple partners, increasing cost, risk, and complexity. 

AbsoluteCare turned to ARG to help them find a good match for their infrastructure and security needs. ARG Senior Technology Advisor Cassie Diehl surveyed the marketplace to find a provider that met AbsoluteCare National IT Director Chris Becker’s specific qualifications for a comprehensive multi-faceted secure solution. Ntirety formulated a solution that met all their security needs, including — VDI, XDR, Disaster Recovery, SOCaaS, and CaaS. 

Thanks to Diehl and Becker’s hard work, AbsoluteCare was able to get connected with the Ntirety team. Ntirety was able to meet all of AbsoluteCare’s requirements from primary infrastructure to robust backup, to Disaster Recovery (DR). 

“Ntirety’s comprehensive security suite has been an impressive security shield for our business,” said Becker. “Additionally, we don’t have the budget to stand up our own internal infrastructure or internally hire the expertise required to protect against today’s artful criminals.” 

Read more details in the full case study here to learn more about how the Ntirety solution transformed AbsoluteCare’s IT infrastructure.