2017 will be the year we remember the large number of coordinated network attacks across all sectors of business. Ransomware like Wannacry, NotPetya, and Bad Rabbit led the assault. But there are other infections taking hold as well without detection, and are hiding in plain sight.
Viewing entries tagged
When we walk into a potential client’s office, there are 4 specific things we look at. What is the cost of downtime for the client? How much is this currently costing the organization each month? How many hours is the staff losing due to inefficient IT systems each month? What is your average per hour salary cost? When we look at these items together, we get a true picture of what the company is "bleeding" out in IT dollars. When I ask the question "How much do you currently pay each year in IT costs?", the answer varies but it’s always a much smaller amount than the real number which can be staggering.
The fact is, business owners only see a very small percentage of what they think they are paying in IT "costs", when they are only seeing the tip of what may be a very large iceberg under the water. What is not taken under consideration most often is the cost of "vendor management". For example, in a CPA firm you rely on QuickBooks as your line of business software - and usually one of your accountants is on the phone with support when something goes wrong. The same can be said with a medical practice that relies on electronic medical records database programs. When the database goes haywire and the nurses and providers can't enter in patient data, it's usually the office administrator that's on the phone with support trying to get a technician to remote in and fix the issue. The problem with these scenarios and many others like them, is that these employees are now tied up doing something that is not their primary job. The owner is paying for all of this while nothing they need these employees to be doing gets done. Every moment these employees are detained doing something other than their primary function is money out the window.
Executives, CEO's, Office Managers and office workers all have important tasks to complete during the work day. We have all been there at one point or another. You are trying to get something out the door to your client or your supervisor, but it seems like everything on your computer is crawling at a snail’s pace. Nothing makes you want to rip out all your hair like a slow machine, and that aggravating little blue "spinning doughnut" in Windows. As we all know time is money and when you have 10 machines that are all in that kind of shape, you will lose both.
When we look at the current hardware supporting a business, we look at what software and functions it's supporting. We look at the age of the systems, processors, memory, hard drives, anti-virus programs etc. What we look for is "bottlenecks" in performance, weaknesses in the current infrastructure that lead to down time. Inefficient IT systems, poorly maintained workstations and servers, and malware infections all lead to down time which equals money lost. A business that has a gross revenue of $1,500,000 per year with 9 employees, and an average down time of 3 hours per year can lose over $10,000 in lost productivity. This number is before you add in any outsourced IT support costs. Almost all the lost revenue from down time is preventable by using the type of proactive IT support that Cardinal Technology Solutions (CTS) provides. Proper preventative and proactive measures deployed on a network can almost eliminate down time entirely.
At Cardinal Technology Solutions (CTS, Inc.) we have saved all our clients not only time but most importantly money with our management techniques. A recent study of one of our largest clients revealed an annual savings of over $45,000 per year, and a 99.6% uptime ratio. This is a direct result of how we proactively manage their IT infrastructure. We enhance performance where we see the need, either by making changes to existing hardware and software - or replacing it if need be. We actively manage the environment in real time, and prevent issues from impacting business operations. Put simply - we sell "up time" because that’s the only thing that matters to our client’s bottom line. Your business network powers everything that you do, you rely on it every day to work so that you can grow your business. And we will be there every day to ensure that happens. The support CTS provides our clients empowers them, it doesn’t impact them. The next time you look at the cost of an IT support firm, ask yourself - is it a cost, or a savings?
Another cyber-attack has swept over the world again today, starting in the Ukraine and quickly moved across Europe and into the United States. The virus is like the WannaCry ransom ware that infected more than 300,000 computers worldwide last month. It also displays links and characteristics indicating that it may have been derived again from the "Eternal Blue" program, widely believed to have been stolen from the NSA. It encrypts all the files on your hard drive or overwrites them silently, and renders most computer systems useless once completed. Banks, medical facilities, credit lenders, ATM machines, and point of sales computers are just a few of the early victims that were reporting the attack as of 12 PM EST. Heritage Valley Health System in Pennsylvania reported the attack early today (Tuesday), and according to local media reports in their area was completely shut down. The largest advertising firm in the world WPP was infected, employees were told to shut down their computers and the building and work "is at a standstill".
What Has Changed:
We know now that the virus / ransom ware last month had a weakness that was discovered by a British security researcher. By registering the website that was being used and taking control of it, the attack last month was effectively slowed down. It was hailed as the "kill switch" for the WannaCry attack. The attack that has emerged today (June 27th) does not appear to have a "kill switch". Also, this attack seems to have started from Email with infected PDF and Word file attachments. The WannaCry outbreak largely relied on the Microsoft implementation of the SMB (server message block) protocol, for which a security patch was released in March 2017.
How to Protect Yourself:
First and foremost, ensure that you and your employees do not open any unsolicited or "suspicious" looking email especially ones that contain attachments. If you don't know who it’s from or you are unsure about any part of an email sent to you, contact your IT department or personnel without opening it so that they can review it. Do not open it, forward it, or click on any links or attachments contained in the email.
Make sure that your workstations and servers are completely patched and up to date with the latest security updates from Microsoft, and also third-party vendors like Adobe Flash. Microsoft released an update that effectively blocked the WannaCry virus in March 2017. But because companies are simply not keeping up with security patches (among other things) it went rampant. Keep your systems patched, and if you can't do it on your own then you need to hire a firm that will ensure this happens.
Ensure that you have an industrial firewall with digital defense systems in place. CTS recommends SonicWALL firewalls. If you have a firewall in place that has Intrusion Prevention Systems, Gateway Anti-virus, and Gateway Anti-malware with effective screening rules in place you will save yourself a lot of grief.
Have an effective Anti-virus in place system wide that is updated and running. Anti-virus alone will not protect you. Only 4 in 61 antivirus systems detected the attack on systems today, and by detected I mean it was too late. Anti-virus is meant to be part of your layered defense system, not an impervious shield against everything.
Use web filtering systems as part of your defense. A good web filter will stop users from unintentionally going to malware or malicious sites. And it can be used to block a host of other threats including phishing websites that may also be spreading the latest outbreak.
If you have these layered systems in place, and you know that your workstations and servers are patched with the latest updates you have a good chance of getting through this unscathed. If you have questions or concerns about the status of your network, please call us today. We will come onsite and do a free evaluation and consultation with you of your network
How secure is your company's network? Protecting your information assets is one of the most important steps you can take toward long-term stability. Smart companies take a multifaceted approach to IT security, building layers of defense between themselves and hackers.
Here are four steps you can take to safeguard your company's most important assets.
The most basic line of defense against network intruders is the firewall. Consumer-grade routers use Network Address Translation (NAT) to address the problem of limited IPv4 routable addresses. Companies have several options for implementing firewalls.
DMZs (demilitarized zones) are a popular choice these days. In this setup, Internet-facing servers are placed within the DMZ so that they are encumbered by fewer restrictions and less monitoring than the internal corporate network.
At a minimum, an effective firewall should offer packet filter technology, which allows or denies data packets based on established rules that relate to the type of data packet and its source and destination address. CTS recommends using SonicWALL an industrial grade firewall for all small businesses, as these provide a multitude of digital defense systems needed to help prevent attacks like the WannaCry outbreak.
The next line of defense to check off your list should be a solid program for malware detection. Performing a malware scan on client devices relies on the processing capabilities of individual devices to check for threats. But, business-centric versions feature some form of central management used to push out new definition updates and implement security policies.
Most malware problems result from user action, so the typical anti-malware package has evolved into comprehensive suites that offer protection against multiple threat vectors. These packages may include a component to scrutinize a URL link prior to launching it, or a browser plug-in that checks file attachments prior to opening them.
Virtual Private Network
In today's mobile world, employees need to access company resources from remote locations that may not be secure (for example, public Wi-Fi hotspots). These workers can benefit from a virtual private network (VPN) connection to protect their network access. VPNs channel all network traffic through an encrypted tunnel back to the safe corporate network.
However, a VPN can be complex to deploy, and it is costly to support due to the overheads of processing and bandwidth. And, stolen or lost company laptops with preconfigured VPN settings can serve as potential gateways for intruders.
IDS and IPS
Finally, a thorough security strategy requires both an intrusion detection system (IDS) and an intrusion prevention system (IPS). An IDS involves monitoring traffic for suspicious activities that show that the company network has been compromised. For example, an IDS may detect port scans originating from within the network of multiple failed attempts to log into a server.
An IPS is typically deployed in-line to actively prevent or block intrusions as they are detected. For example, a specific IP address can be automatically blocked, with an alarm sent to the administrator when an attempt is made. Again a SonicWALL firewall is capable and designed to do this and is recommended as part of your overall defense strategy.
These are just some of the steps you can take to safeguard your company's network. Other security options for businesses exist including 24/7 monitoring and safety checks for workstations and servers, but the previous four measures are a good starting point for keeping your network secure.
As the largest Internet attack recorded in history unfolded last week, I was left with the same question I keep asking myself every time this happens. Why haven't business leaders learned anything? As of May 18th, more than 200,000 computers were affected in 150 counties and another 800,000 attacks were tracked and intercepted according to SonicWALL. The how and why this attack was even possible is long, and deep rooted in years of flawed security practices and procedures. It is speculated that part of the exploit can be attributed to a large cache of NSA documents leaked onto the Internet from a group called the "Shadow Brokers", a hacking group that somehow obtained the NSA documents and programs like Eternalblue and used them as part of the WannaCry outbreak of last week. What followed was a blood bath for any business, large or small that had any systems that were un-patched. Many thousands of business machines were rendered useless, their data encrypted, servers, workstations, databases, all destroyed in hours. Hospitals around the globe were infected as well, rendering X-RAY machines, MRI systems, and EMR systems useless.
I have been in the IT industry for over 20 years, and every time this happens I am just at a loss for why business leaders continue to bury their collective heads in the sand. This is not the usual wake up call, its a slap in the face. Wake up. Your business is a target, and a valuable one at that. This attack was only successful for 5 reasons, and they are the same 5 preventable reasons that have been around for years now.
Your Windows systems were not patched on a regular basis
You don't have monitored and tested backup systems
You use older Windows systems and technology (like XP of VISTA)
You don't have a firewall with proper IPS (intrusion prevention system) and rules / filters set up
You do not have proper anti-virus that is installed updated and active
This is the case over and over again, yet not many SMB's seem to learn. Your business network powers everything that you do, and some of those systems not running literally can mean life and death in the case of hospitals that were affected - not to mention the death of your company. An IT network is a complex system not unlike a clock, that needs constant oversight and maintenance to run well. You need managed IT and proactive IT services, to ensure that your business network is well maintained and protected. This is a call to arms, and maybe if you made it through unscathed - your last chance. Don't think because you made it through without having done anything proactively to defend yourself beforehand that you are safe, you were just lucky. As a good friend of mine said the other day, the time will come when luck will only go so far. Having proper oversight, maintenance and patching of your Windows systems and networks is not an option, it's a must and may now be a legal responsibility for you as well. You have to know beyond a shadow of a doubt that you have done everything in your power to protect yourself, your employees, and most importantly your clients. I'm including a link to our document on defending yourself from Internet threats. Download it - read it - and take action now. It may just save you from the next wave of attacks, which I assure you is coming and with greater destruction.
To learn more about Cardinal Technology Solutions, Inc. visit us online at WWW.CARDINALTEK.COM or call us at 540-431-4161