Shadow IT and Shadow Data: How Organizations Can Protect Against the Use of Unsanctioned Applications

When we think of cybercrimes we often think of criminals hacking into a network to retrieve sensitive corporate information.  But cyberattacks and the leaking of information can also occur from within an organization in the form of Shadow IT and Shadow Data.

What is the Dark Web and Why Should Organizations Care: DiamondIT Announces New Services to Detect Compromised Credentials on Dark Web

The virtual world of the World Wide Web is a vast space that, like the real world, contains both good and bad.  While Google, Facebook, Amazon and all other online services have brought so many enhancements and innovation to our lives, there is also a place called “the Dark Web.”

Equifax Security Breach Affects Over 143 Million People – Half of the US Population: How Can Your Credit Score Be Safe?

Over the past few years, many enterprise-level companies such as Target have been hard-hit by cyber criminals who have accessed customer credit card information.  Now Equifax is now among the largest companies hit by a cybersecurity breach – but this time it is on a scale that is stunning IT and security experts. According to the Wall Street Journal, the breach was a result of a well-known security hole in Cisco firewalls which was identified as a fix and distributed back in March. According to the article, Equifax’s IT experts deployed the fix, but in July “found the same security flaw still existed in some areas.”

While this breach was announced in September 2017, Equifax believes consumer information may have been accessed in an unauthorized manner between May and July, according to Fortune.

Given that Equifax is a credit reporting agency, the company holds a myriad of private consumer information.  Last week, Equifax reported that over 143 million people – about half the size of the U.S. according to the Los Angeles Times – could be affected.

DDoS Attacks on Schools – Why Schools are an Easy Target for Cyber Crime

Recently, DDoS or “distributed denial of service” attacks have been launched against schools, preventing faculty and students from accessing important educational materials online.

DDoS attacks have long targeted industries like finance and banking where cybercriminals can gain access to important financial data. But now, even non-profit organizations such as healthcare and educational institutions are being victimized.

According to one report, by THE Journal, education is now the most targeted sector for malicious attacks beating out healthcare.

Part Two – IT Saves Lives: Three Steps to A Successful Disaster Recovery Drill

Do you have a data disaster recovery (DR) plan?

Have you conducted a disaster recovery drill to make sure your DR plan is effective?

Whether it is a natural disaster that shuts down all the power and your computer systems with it, or even a cybercrime such as ransomware that can lock you out of your hard drive and computer files, being prepared for the inevitable emergency or crisis is of paramount importance.

Disaster Recovery Plans and Drills Help Restore IT Systems in Times of Emergency: Part One

Do you have a data disaster recovery (DR) plan?

Have you conducted a disaster recovery drill to make sure your DR plan is effective?

Whether it’s sophisticated cybercrime, such as ransomware attempting to steal data, or natural disasters that halt emergency management systems – it’s more urgent than ever for municipalities to protect their IT infrastructures and data.

Cyber Risk Awareness Event Los Angeles

Ransomware Targets Government Sector and Ravages Industries Worldwide: Part 2

In a previous blog post entitled, Ransomware Targets Government Sector and Ravages Industries Worldwide, we discussed how enormous ransomware cyberattacks have rippled across the world targeting many industry sectors – including city governments.  These attacks include the recent Petya (aka GoldenEye), reported in late June 2017, as well as WannaCry May 2017.

While ransomware can target any industry, business or individual, Government Computer News reports that the government sector is seeing a larger proportion of ransomware attacks than ever before.   Therefore, municipal organizations must be on high alert and learn how to protect their networks against increasingly sophisticated cyberattacks.

However, protecting against malware, ransomware, and other cyberattacks, is a multi-tiered process that involves everyone at every level of an organization.  Here are some key tips to keep in mind:

Invest in the latest Hardware/Software:

  • Having the most updated operating systems (OS) such as Windows 10 is a good prevention measure as newer OS tend to have fewer security vulnerabilities. If you have a less current OS, experts warn to “apply the latest Microsoft security patches for this particular flaw.”
  • Ensure your anti-virus programs are conducting regular scans with the latest virus signature files.
  • Update or invest in new systems that offer more protection such as Next Generation Firewalls (NGFW).  NGFW have many advantages including deep-packet inspection, application-level inspection, intrusion prevention, and intelligence from outside the firewall.

 

Employee Training:

  • Ensure employees at all levels of an organization are trained and understand what malware is and how to spot rogue emails.  Employees need to know that they should never open attachments sent by an unknown sender.  CXO Today reports that “…cybercriminals often distribute fake email messages mimicking email notifications from an online store or a bank, luring a user to click on a malicious link and distribute malware.”  As such, organizations also need to update antispam settings.

 Have a Security Plan/Incident Response Team in Place:

  • Having a security or incident plan in place for when an attack occurs is a proactive strategy for dealing with a cyberattack. CXO Today writes, “Internal confusion within the teams often delays the response to the cyberattack causing potential loss to the organization. Therefore, it is essential to establish an incident response team, with clearly defined roles and responsibilities.”
  • A security plan also can include a concise inventory of assets, users, applications, and traffic flows.  Without knowing what you have, data can be stolen quickly and may not be detected for months.

 

City governments must ensure their data is properly protected. Ransomware and other cyber threats are very real, and happening with rapidly increasing frequency all over the globe. For more information on protecting your network, contact DiamondIT.

 

Ransomware Targets Government Sector and Ravages Industries Worldwide: Part One

In the past two months, enormous ransomware cyberattacks have rippled across the world targeting many industry sectors – including city governments.  These attacks include the recent Petya (aka GoldenEye), reported in late June 2017, as well as WannaCry May 2017.

The fact is ransomware has become the cybercrime “du jour” and according to NBC News, is now a billion dollar industry.

How C-Suite Executives Misinterpret the Need for More Cybersecurity Budget

Recent studies on cyber attacks in the U.S. outline staggering consequences.  For instance,  Datacenter Dynamics recently reported that cyber incidents in 2016 cost 500,000 jobs and over a $100 billion in financial loss to American companies.

But despite what might seem like an intuitive strategy, “fear” of an attack may not incite C-suite executives to invest more in cybersecurity. The problem is that it is “…very difficult to know the probability of any given attack succeeding — or how big the potential losses might be. Even the known costs, such as penalties for data breaches in highly regulated industries …are a small piece of the ROI calculation,” according to a recent article in the Harvard Business Review (HBR).