Recent Posts

What is Zero Trust?

What is Zero TrustZero trust is a security strategy based on the concept “never trust, always verify.” The idea of zero trust was a response to traditional perimeter network security that assumed everything inside the network was safe. A perimeter security network puts all of its defenses at the edge of the network. This means if a criminal gets inside, they are able to move around freely and access any applications or data on the network. Additionally, with remote work and cloud-based data and applications, it’s more difficult to define that perimeter. Zero trust changes the model and requires verification for each user and device accessing each application and element of data.

The zero trust model works generally on three tenets. First, the framework must identify and authorize the user. Users are no longer automatically authorized simply because they are on the office network. Authorization typically includes multi-factor authentication (MFA).

Once a user is authorized, they only have access to the data and applications they need to perform their job. This policy is known as ‘least privilege’ and helps to limit the data accessible to a hacker in the event of a breach. With the least privilege policy, an employee in marketing would not have access to personally identifiable information from human resources. Conversely, human resources would not have access to the latest confidential marketing presentation.

Lastly, the zero trust model sets device requirements that must be met in order to access the data or applications. Device requirements could be as simple as an approved antivirus must be installed, or could be much more complex depending on the business need.

In addition to these three tenets, network segmentation and monitoring are often implemented to further prevent lateral movement and to log unusual activity. Zero trust does not trust any users or applications by default. After a user, application, and device are approved, the zero trust model continues to monitor the criteria and discontinues access if any of the criteria change.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

How War Impacts Cyber Insurance

How War Impacts Cyber InsuranceBusinesses are turning to cyber insurance as ransomware and other cyberattacks continue to increase. Cyber insurance policies typically will help a compromised business contact customers in accordance with state laws, recover data, and repair damaged computers. However, the increase in costly ransomware has forced insurance companies to make policies more difficult to get approved.

A court decision earlier this year on an insurance claim from 2017 is raising questions about what cyber insurance looks like during times of war. A malware attack on Ukraine in 2017 quickly spread and destroyed data from thousands of companies around the world. The pharmaceutical company Merck was one of the businesses impacted by the malware which destroyed data on 40,000 of their computers. Merck estimated the cost of new equipment, personnel, and production downtime was $1.4 billion and submitted a claim against their insurance policy. The insurance company denied the claim citing the malware originally was an attack on Ukraine from Russia and was, therefore, an act of war. Most insurance policies have an “act of war” exclusion clause. The case spent three years in court and was finally decided in Merck’s favor.

Today we have a conflict between Russia and Ukraine where cybercrime is a large concern. Cyber insurance companies have had five years since this incident to understand the risk of the current climate and write policies appropriate for the risk. Attribution is another factor when a company tries to make a claim on an insurance policy. The origin of a cyberattack is purposefully difficult to attribute. With a conflict going on where cyberattacks have been part of the conflict, an “act of war” exclusion could play a large part in an insurance claim today.

There are many factors to consider when shopping for cyber insurance. Click here for our latest cyber insurance update video where we discuss more factors for a business owner to consider when selecting a policy. It’s important to understand what is covered in a policy, and even more importantly, what is not covered. Also, cyber insurance should be used as a last resort. Protecting your data with quality best practices is the best way to reduce risk.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Hackers are Getting Around MFA

Hackers are Getting Around MFAMulti-factor authentication is an extra layer of security beyond a password that requires an authenticator or often a one-time password sent via text message. Any form of two-factor authentication (2FA) or multi-factor authentication is better than only relying on a password, but hackers are finding ways to get around MFA, and users should be aware of the signs of those attack vectors.

Hackers are bombarding users with MFA push notifications or phone calls, and it’s working. Attackers shared how they used the technique commenting, “No limit is placed on the amount of calls that can be made. Call the employee 100 times at 1 am while he is trying to sleep, and he will more than likely accept it. Once the employee accepts the initial call, you can access the MFA enrollment portal and enroll another device.” Criminals reportedly used this technique to breach Microsoft and Nvidia recently. In the case of Microsoft, hackers were able to log into the company’s VPN from Germany and the US at the same time.

The bombardment technique works best in disruptive MFA requests like phone calls or push notifications. Criminals can continually push requests making users’ phones unusable until they accept. Attackers can also intercept SMS notifications, we covered SIM swapping on a previous blog post you can read here.

In all of these cases, the user’s password has been compromised. In order to make MFA requests, the hacker must already have the user’s password. Employees should be educated on this new hacking tactic to get around MFA, and also understand their password has been compromised and needs to be changed.

A new authentication technology called FIDO would fix this problem because the login requires a physical device. Most web services are not there yet, but a future without passwords is coming. Click here to read our blog post on A Future Without Passwords.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Cybercriminals Target US Colleges

Cybercriminals Target US CollegesThe FBI released a Private Industry Notification informing US colleges and universities that login credentials are publicly available for sale on criminal marketplaces and online forums. The notification cites an evolution of attacks against universities starting in 2017. Criminals cloned university home pages and used them in phishing campaigns for credential harvesting. Instead of using the credentials themselves, the criminals put them up for sale on the web. The FBI says criminals use the bought credentials to create new phishing campaigns with a trusted email address, log into other online services if the password is recycled and leverage the accounts for credit card numbers or other personally identifiable information.

Colleges and universities are a desirable target because of the combination of personally identifiable information, financial information, and cutting-edge research data which can all be exploited by attackers. Cyberattacks on colleges and universities increased during the pandemic but are still going strong as the sector is a popular victim among criminals. The average higher education ransomware payout is $112,000, but the actual cost to recover from the incident is $2.7 million to recover data and get students and employees working again.

The cost is so high it put one 157-year-old college out of business this year. Lincoln College in Illinois was already facing enrollment issues from the pandemic, but a ransomware attack in December pushed them over the edge. The attackers blocked access to data, which stopped the college’s ability to recruit, fundraise, and register students for classes. Even though they paid the ransom, the total cost of recovery was too much for them to continue to stay open.

The FBI notification urges higher education institutions to “…establish and maintain strong liaison relationships with the FBI Field Office in their region. Through these partnerships, the FBI can assist with identifying vulnerabilities to academia and mitigating potential threat activity.”

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts