“Hope for the best, plan for the worst.” – Anonymous English Proverb and Jack Reacher’s outlook in every Lee Child book.
All companies want the data in their environment to be 100% secure. This may be possible if all threats were known, static and we had unlimited budgets. Unfortunately, none of those factors exist.
Moreover, the biggest variable in securing data is the fallible nature of people. Employees make mistakes. Innocent ones – like mistyping a web address. And that can have major consequences that we will discuss later.
In writing this month’s blog about our new security offerings, I found myself looking for themes and metaphors to underscore the nature and importance of planning for unforeseen threats in a lawless environment.
For most of us, work is not life and death. But from a business perspective, protecting one’s identity and company data doesn’t get much more dynamic and dangerous than the public internet and private corporate networks. Criminals constantly create new ways to steal, to threaten our livelihood, and hold us for ransom. They operate in a target rich environment with more sophisticated tools every day. They even have their own cyber-underworld marketplace – the dark web.
In the business world, it is very common to draw analogies between military strategy and strategic business planning. As a veteran owned company developing new strategic security product releases, I think one of the best is by Graham Kenny for the Harvard Business Review written in 2016.
Kenny mentions several notable quotes. Most famous is probably that of Helmuth Karl Bernhard Graf von Moltke, also known as Moltke the Elder, lived between 1800 and 1891. He was a German Field Marshal and is credited with creating a new approach to directing armies in the field. This entailed developing a series of options rather than simply a single plan. Moltke the Elder held the view that only the commencement of any military operation was plannable. He famously stated that “no plan of operations extends with certainty beyond the first encounter with the enemy’s main strength.” This has also been popularly interpreted as “no plan survives contact with the enemy.”
Much later Winston Churchill said: “Plans are of little importance, but planning is essential.”
General Dwight D. Eisenhower had a similar take: “plans are worthless, but planning is everything.”
The great strategist Mike Tyson summed it up best: “everyone has plan until he gets punched in the mouth”. This happens to be Reacher’s condensed version too.
The common theme here is that planning is helpful, but action is vital. The ability to adapt to first contact with the enemy is crucial to success (or preventing the spread of the enemy attack). We have spent the last couple years looking for enhanced security solutions that fit this definition, are supportable and affordable. We are done planning. Time to act.
Domain Name System (DNS) What is it and why does it need protection? Ask yourself a question, “How good is your spelling and typing?” Have you ever considered the fact that there are criminals who anticipate spelling mistakes typing in web addresses?
Ever heard of typosquatting? In this article by NBC News, it discuss how “easy to create a domain name that resembles a legitimate one, but is just one letter or digit off, such as Gmal instead of Gmail”. Simple errors like this can lead to major fraud scams for the keystroke challenged.
Before we talk about DNS security, you need to understand the DNS. The domain name system (DNS) works like a phone book for the internet. When a user enters text into a browser, DNS servers take that input and translate it into the unique internet protocol (IP) addresses that let the browser open the desired site. But DNS protocols were never designed with security in mind, and are highly vulnerable to cyberattacks, such as cache poisoning, DDoS, DNS hijacking, botnets, C&C, man-in-the-middle, and more.
By redirecting users’ web traffic through a cloud-based, DNS security solution, businesses and MSPs can finely tune and enforce web access policies, ensure regulatory compliance, and stop 88% of threats at the network’s edge—before they ever hit the network or endpoints.
Why businesses need DNS protection?
Uncontrolled internet access is a high-risk activity for any business, regardless of size. Faced with today’s sophisticated attacks, endpoint security alone is no longer enough to stay safe from modern cybercrime. In fact, a recent report from EfficientIP found that 77% of businesses around the world suffered at least one DNS cyberattack in 2018. What’s even more worrying: on average, businesses got hit with as many as seven attacks throughout the year.
Per the report, the average cost of a single attack was $715,000 USD. When you do the math, it’s clear how DNS Protection for servers, endpoints, and other networked devices could make all the difference to a business’ success (and survival).
Modo Networks new offerings:
DNS Filtering – Utilize Webroot DNS filtering, by redirecting users’ web traffic through a cloud-based, DNS security solution. Provides the ability to finely tune and enforce web access policies, ensure regulatory compliance, and stop most threats at the network’s edge—before they ever hit the network or endpoints reducing impact to users.
Security Awareness Training - Utilize Webroot® Security Awareness Training to provide the continuous, relevant, and measurable cybersecurity education needed to minimize user error and resulting security breaches and losses.
As we’ve mentioned, the weakest link in the chain is us. Humans, employees. We get busy, we mistype stuff, we click on things we shouldn’t, we walk away from our desk and don’t lock our computers – especially at home. How do we train our most valuable asset to be better? The best way is to simulate malicious emails, send them to your employees and see who clicks on them. Victims go to training.
What is security awareness training?
Security awareness training is ongoing education that provides employees relevant information and tests of their cyber-awareness by covering all aspects of data security and regulatory compliance. It is a proven way of changing risky employee IT behaviors that can lead to security compromises—including financial, intellectual property, customer trust and other major data losses—and increases businesses’ resilience against attacks.
These may include how to avoid phishing and other types of social engineering cyberattacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices, and adhere to any applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.)
Why businesses need security awareness training
Although businesses think their employees will not be fooled by a phishing scam, cybercriminals use this attack method because it continues to be successful. In fact, the 2018 Verizon Data Breach Investigations report revealed that 93% of successful security breaches start with phishing.
With regular training for employees that includes phishing simulations, courses on IT and security best practices, and data protection and compliance training, businesses can significantly reduce risk, decrease infections and related help desk costs, protect their reputation by experiencing fewer breaches, and secure their overall cybersecurity investment.
Dark Web Monitoring, Establish a monitor for any mail enabled domain and report on the exposure of the domain and public email IDs associated with it that can be found on the Dark Web. This monitoring allows us to generate a report and then monitor the domain for any new email accounts that are added. The reporting includes unique email IDs and passwords noting which are for sale, the date the information was first found on the Dark Web and the source of the breach if known as a specific website breach.
Cyber criminals organize themselves on the Dark Web, planning and exchanging tools and information that enable and propel attacks against businesses of all sizes. But you can get the upper hand and understand if there are activities being plotted against your business by getting informed about the leading indicators of an impending attack: leaked credentials.
By leveraging dark web reporting your business will know which accounts and credentials are at risk of being used in an actual attack on your business email, website, internal network, desktops and laptop devices. Don’t become the next victim to cyber attackers. Know what your dark web risks are today!
As we’ve mentioned several times - The weakest link in the chain is people.
Is your business looking for threat protection, remediation, incident response and the benefits of a security operations center (SOC)? Fortify for Endpoint Security monitors your IT environment, detecting malicious threats and quickly remediates the attack with 24/7 support from our experienced SOC.
Endpoint Security – Through Fortify for Endpoint Security, SentinelOne is leveraged as an additional layer of protection for an endpoint. This enables several options for threat detection, hunting, and response and leverages Volume Shadow Copy Service (VSS) to assist in limiting the impact and recovery response for malicious software. This product can help in ensuring compliance requirements with the additional management and reporting capabilities of the SentinelOne Console.
With coverage from multivariant ransomware attacks to the latest cryptomining infiltrations, advanced endpoint threat management coupled with SOC monitoring and remediation services that stops active threats and minimizes harm. And, it’s all backed by a $1m ransomware warranty.
Protection Bundle – Through Fortify for Protection, enable security profiles that are used to define and monitor controls for endpoint and user account security. Includes both DNS Filtering, Security Awareness Training and O-365 Security policy configuration.
Before deploying random security tools, you need to understand what your business needs. Fortify for Protection scans your IT environment to identify security gaps and provide information to help determine the most efficient security strategy specifically for your business.
The solution combines intelligent profiling and alerting technology with support from our Security Operations Center (SOC), which empowers us to build and enforce end-to-end security policies.
With advanced profiling, risk scoring and identification of gaps in coverage, we can quickly shine a light on defining security policies.
Address security gaps based on best practices
Build out a security program to meet your business’ needs should be based on known, proven best practices that can scale to meet your specific needs. Our solution compiles massive amounts of field data and experience to tailor a strategy specifically for you.
Alert ready vs alert fatigued
The right security solution is always on, filters out noise and informs us only on alerts that need to be actioned. This allows us to focus more energy on providing you optimal service instead of chasing ghosts in the machine.
Security and compliance as a growth driver
Compliance has moved beyond a checkbox and is now a business driver. When implemented properly, you can achieve compliance that is not a burden, but an opportunity.
If any environment needs Jack Reacher, it’s today’s wild west frontier of the internet and dark web. But Reacher’s not coming anytime soon. So, give us a call to learn more. Remember, “hope for the best and plan for the worst”. And if you don’t believe me, take it from Malcolm Gladwell of The New Yorker.