Breach

What is Zero Trust?

What is Zero TrustZero trust is a security strategy based on the concept “never trust, always verify.” The idea of zero trust was a response to traditional perimeter network security that assumed everything inside the network was safe. A perimeter security network puts all of its defenses at the edge of the network. This means if a criminal gets inside, they are able to move around freely and access any applications or data on the network. Additionally, with remote work and cloud-based data and applications, it’s more difficult to define that perimeter. Zero trust changes the model and requires verification for each user and device accessing each application and element of data.

The zero trust model works generally on three tenets. First, the framework must identify and authorize the user. Users are no longer automatically authorized simply because they are on the office network. Authorization typically includes multi-factor authentication (MFA).

Once a user is authorized, they only have access to the data and applications they need to perform their job. This policy is known as ‘least privilege’ and helps to limit the data accessible to a hacker in the event of a breach. With the least privilege policy, an employee in marketing would not have access to personally identifiable information from human resources. Conversely, human resources would not have access to the latest confidential marketing presentation.

Lastly, the zero trust model sets device requirements that must be met in order to access the data or applications. Device requirements could be as simple as an approved antivirus must be installed, or could be much more complex depending on the business need.

In addition to these three tenets, network segmentation and monitoring are often implemented to further prevent lateral movement and to log unusual activity. Zero trust does not trust any users or applications by default. After a user, application, and device are approved, the zero trust model continues to monitor the criteria and discontinues access if any of the criteria change.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

CISA Outlines Three Critical IT Failures

CISA Outlines Three Critical IT FailuresThe deputy associate director at the Cybersecurity and Infrastructure Security Agency (CISA), Donald Benack, gave a presentation along with Joshua Corman at the RSA convention last week where they outlined three critical cybersecurity failures, they are seeing exploited in the wild.

The pair called out the healthcare industry specifically as a sector with limited IT knowledge and skill focused on security. The nature of patient records, personally identifiable information (PII) including SSN, and financial information, make the healthcare sector a particularly desirable target for ransomware and phishing attacks. These factors are paired with limited budgets or a lack of cybersecurity priority in the sector.

The presentation was titled, “Bad Practices” to highlight a contradiction to ‘best practices.’ “The uncomfortable truth is that we can’t just say do best practices,” Corman said.

Benack outlined three “terrible tactics” in an attempt to change the language of cybersecurity. If ‘best practices’ are too much for some businesses, CISA is thinking about other ways they can have a positive influence on cybersecurity.

The three terrible tactics:

Use of unsupported or stop-of-existence software program

A business should not use unsupported or end-of-life software. When software is not being patched and updated consistently, it becomes an easy target for attack. Hackers follow end-of-life software, find vulnerabilities, and then search the web for systems using the easily hacked software.

Use of recognized/preset/default credentials

Many industry-specific hardware comes with default credentials for easy setup. If the credentials are not changed, the devices can be easily accessed remotely. Some credentials are so easy to find, they are printed in the product manual. Hackers can use the credentials and search the web for devices still using the default credentials.

Use of single-variable authentication for remote or administrative access

Remote and admin privileges are the most sensitive login credentials. No user should use admin privileges as their normal login. Additionally, this higher-level access should never use only a password, they should always have some form of multi-factor authentication (MFA).

“All of these procedures are not dependent on theory, they are dependent on evaluation of all the incident experiences and accessibility to info CISA has all-around what’s being exploited in the wild,” Benack stated.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

Cybercriminals Target US Colleges

Cybercriminals Target US CollegesThe FBI released a Private Industry Notification informing US colleges and universities that login credentials are publicly available for sale on criminal marketplaces and online forums. The notification cites an evolution of attacks against universities starting in 2017. Criminals cloned university home pages and used them in phishing campaigns for credential harvesting. Instead of using the credentials themselves, the criminals put them up for sale on the web. The FBI says criminals use the bought credentials to create new phishing campaigns with a trusted email address, log into other online services if the password is recycled and leverage the accounts for credit card numbers or other personally identifiable information.

Colleges and universities are a desirable target because of the combination of personally identifiable information, financial information, and cutting-edge research data which can all be exploited by attackers. Cyberattacks on colleges and universities increased during the pandemic but are still going strong as the sector is a popular victim among criminals. The average higher education ransomware payout is $112,000, but the actual cost to recover from the incident is $2.7 million to recover data and get students and employees working again.

The cost is so high it put one 157-year-old college out of business this year. Lincoln College in Illinois was already facing enrollment issues from the pandemic, but a ransomware attack in December pushed them over the edge. The attackers blocked access to data, which stopped the college’s ability to recruit, fundraise, and register students for classes. Even though they paid the ransom, the total cost of recovery was too much for them to continue to stay open.

The FBI notification urges higher education institutions to “…establish and maintain strong liaison relationships with the FBI Field Office in their region. Through these partnerships, the FBI can assist with identifying vulnerabilities to academia and mitigating potential threat activity.”

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts

Small Business Not Prioritizing Cybersecurity

Small Business Cybersecurity PriorityA recent small business survey showed only 5% of small business owners viewed cybersecurity as the biggest risk to their business. This is the first survey since the Russian invasion of Ukraine, and the cybersecurity risks and warnings that came from the conflict. The warnings that came from numerous government agencies seem to have no impact on the small business community. The same 5% level of concern was found in the previous survey from the first quarter of 2022, before the conflict began.

Less than half of the small business owners say they use an antivirus, complex passwords, or external backups which affirms the statistic that cybersecurity is not a priority. The number falls even lower when we get into software updates and multi-factor authentication.

The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on Weak Security Controls Exploited for Initial Access. The advisory, in part, highlights many of the security controls small business owners admit to not using. Multi-factor authentication, software updates, and strong passwords are among the weak controls highlighted by the NSA advisory.

Customers disagree with small business owners regarding cybersecurity. About 75% of customers think businesses they use, will suffer a cybersecurity incident over the next 12 months, and 55% say they would be less likely to continue doing business with a company after a security breach.

Even if a company can recover data from a cybersecurity incident like ransomware, there is the added cost of paying the ransom, company downtime and loss of productivity, and the loss of public trust in the business. The most recent data available shows about 31% of US businesses that suffered a cyber-attack ultimately went out of business as a result of the incident.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business