Charles Wright

Why Do Employees Break Cybersecurity Rules?

Employees Break Cybersecurity RulesRansomware is the number one cybersecurity threat to businesses of all sizes, and the metrics show that ransomware attacks continue to increase quarter after quarter. Cybersecurity has received mainstream headline attention with the Colonial Pipeline ransomware attack last year along with a number of other high-profile attacks on everything from city governments to the world’s largest meat producer. Business leaders are focusing and spending more on cybersecurity, and with the war in Ukraine, the US government is communicating directly with industries that control American infrastructure about cybersecurity.

With all of this new focus on cybersecurity, why do employees continue to break the rules, and open businesses up to attack? A new study by the National Science Foundation digs into this question.

The study followed 330 remote employees in a wide variety of industries and focused on adherence to cybersecurity policies, and stress levels of the employee. The study found that over a two-week work period 67% of employees reported they violated company cybersecurity policies at least once. The percentage averages about once in every 20 job tasks.

When asked why the employee did not follow cybersecurity policies the overwhelming three responses were, “to better accomplish tasks for my job,” “to get something I needed,” and “to help others get their work done.” Only 3% of responses reported malicious or retaliatory intent.

The employees reported they were more likely to knowingly violate cybersecurity protocols when they were stressed. The stresses cited were family, job security, and the stress of the cybersecurity protocol itself.

Cybersecurity training normally assumes the employee is either not aware of a protocol or is not following the protocol because of malicious intent. The study shows there is in fact a middle ground between these assumptions. Employees are more likely to understand the protocol, but purposefully do not follow it for productivity reasons or to help another employee.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

Ransomware Attacking US Companies

Ransomware GroupThe ransomware group Black Basta is quickly gaining traction in a short amount of time. The ransomware-as-a-service (RaaS) group has 50 successful attacks on organizations in Canada, the UK, Australia, and New Zealand, but seems to be focusing most of its attention on the United States. The group is not only encrypting data that the victim has to pay to unlock, they are also stealing the data and threatening to release it on the dark web.

The group is using a spear-phishing email attack vector to infiltrate corporate networks. The emails have an Excel file attached. When an employee opens the Excel file and enables macros, the malware is installed. Black Basta is then able to move laterally across the network to collect and encrypt data.

The new ransomware group has gained attention from the cybersecurity community because of the speed and success of its attacks. Cybersecurity experts believe the group is comprised of a previous Russian hacker group that shut down because of an internal data leak. The Conti group was one of the most aggressive ransomware groups of 2020-21 with a tally of 859 victims including the government of Costa Rica. The current consensus is Black Basta is an evolution of Conti.

The malware used by Black Basta is also unique. The group added a Linux version of malware in early June, so now they are able to infect Windows machines and Linux servers. Additionally, the Windows version of the malware successfully disabled Windows Defender and other anti-virus solutions during the attack.

Like with most ransomware, the infiltration starts with a person. An employee downloads and opens an Excel file. Businesses are being reminded to keep systems patched and updated, and backup to a remote server, but they are also being advised to disable Microsoft Office macros company-wide and remind employees to understand where emails and attachments are coming from before opening.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

What is Zero Trust?

What is Zero TrustZero trust is a security strategy based on the concept “never trust, always verify.” The idea of zero trust was a response to traditional perimeter network security that assumed everything inside the network was safe. A perimeter security network puts all of its defenses at the edge of the network. This means if a criminal gets inside, they are able to move around freely and access any applications or data on the network. Additionally, with remote work and cloud-based data and applications, it’s more difficult to define that perimeter. Zero trust changes the model and requires verification for each user and device accessing each application and element of data.

The zero trust model works generally on three tenets. First, the framework must identify and authorize the user. Users are no longer automatically authorized simply because they are on the office network. Authorization typically includes multi-factor authentication (MFA).

Once a user is authorized, they only have access to the data and applications they need to perform their job. This policy is known as ‘least privilege’ and helps to limit the data accessible to a hacker in the event of a breach. With the least privilege policy, an employee in marketing would not have access to personally identifiable information from human resources. Conversely, human resources would not have access to the latest confidential marketing presentation.

Lastly, the zero trust model sets device requirements that must be met in order to access the data or applications. Device requirements could be as simple as an approved antivirus must be installed, or could be much more complex depending on the business need.

In addition to these three tenets, network segmentation and monitoring are often implemented to further prevent lateral movement and to log unusual activity. Zero trust does not trust any users or applications by default. After a user, application, and device are approved, the zero trust model continues to monitor the criteria and discontinues access if any of the criteria change.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

How War Impacts Cyber Insurance

How War Impacts Cyber InsuranceBusinesses are turning to cyber insurance as ransomware and other cyberattacks continue to increase. Cyber insurance policies typically will help a compromised business contact customers in accordance with state laws, recover data, and repair damaged computers. However, the increase in costly ransomware has forced insurance companies to make policies more difficult to get approved.

A court decision earlier this year on an insurance claim from 2017 is raising questions about what cyber insurance looks like during times of war. A malware attack on Ukraine in 2017 quickly spread and destroyed data from thousands of companies around the world. The pharmaceutical company Merck was one of the businesses impacted by the malware which destroyed data on 40,000 of their computers. Merck estimated the cost of new equipment, personnel, and production downtime was $1.4 billion and submitted a claim against their insurance policy. The insurance company denied the claim citing the malware originally was an attack on Ukraine from Russia and was, therefore, an act of war. Most insurance policies have an “act of war” exclusion clause. The case spent three years in court and was finally decided in Merck’s favor.

Today we have a conflict between Russia and Ukraine where cybercrime is a large concern. Cyber insurance companies have had five years since this incident to understand the risk of the current climate and write policies appropriate for the risk. Attribution is another factor when a company tries to make a claim on an insurance policy. The origin of a cyberattack is purposefully difficult to attribute. With a conflict going on where cyberattacks have been part of the conflict, an “act of war” exclusion could play a large part in an insurance claim today.

There are many factors to consider when shopping for cyber insurance. Click here for our latest cyber insurance update video where we discuss more factors for a business owner to consider when selecting a policy. It’s important to understand what is covered in a policy, and even more importantly, what is not covered. Also, cyber insurance should be used as a last resort. Protecting your data with quality best practices is the best way to reduce risk.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business