Why do I need a next generation firewall if my data is securely stored in the cloud?

Why do I need a next generation firewall if my data is securely stored in the cloud?

Many businesses get a false sense of security by thinking that using cloud-based applications and data storage is all the protection they need from cyber-attacks. Keep in mind, however, that when you use “the cloud” you are simply using someone else’s network for your applications and to store your data.  Any protections your cloud-based provider supplies are for what you have and use on their network. They are not protecting your office or your network – your computers, printers, devices – and your connection to the internet and to their or anyone else’s network.

As your company relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. A next generation firewall combines powerful protection for your network and provides the highest levels of internet availability for users and your applications.

The Axiom Sentry is ideal for small to medium-sized businesses looking for a robust next-generation firewall that:

  • Detects and prevents intruders access to your company network
  • Protects your users from going to undesirable or dangerous websites
  • Prevents malicious software (malware) being embedded in your network
  • Blocks attacks on your network that would keep you from accessing the internet (including accessing your cloud-based applications)
  • Hides” your network from being scanned by attackers looking for weaknesses
  • Stops attackers from locking down your computers and demanding payment to release them (ransomware)

In addition to the advanced protection that the Axiom Sentry provides, it is also designed for:

  • Small businesses with no trained cyber-security staff. You’re not in the business of cyber-security. However, we are. So we manage and monitor the Axiom Sentry and quickly notify you of events that you need to be aware of. We also provide you an easily readable monthly analysis of the attempts made to compromise your network and how you have been protected.
  • Easy installation. You don’t have to be a “tech person” to connect it. If you can plug in a telephone, you can install the Axiom Sentry. Once it is connected and powered on it will do the rest.
  • Affordability. There is no equipment to buy and no long-term commitment. For as low as $199/month, it will cost you less in a year for enterprise-level protection than many businesses pay in a week to protect their networks.
  • Peace of mind. In today’s internet connected world, what you don’t know will hurt you. We’ve got your back with Axiom Sentry, protecting you from today’s threats as well as tomorrow’s.

Don’t be lulled into the false sense of security you might get from having your data and applications in the cloud. That kind of protection may be good. But the Axiom Sentry next-generation firewall is your first-line of defense – the one that begins in your office where all of your data originates.

At Axiom, we are passionate about protecting small businesses from the cyber threats that are out there. If you’d like more information or have any questions, please contact me at 800-519-5070, or you can email us at info@axiomcyber.com.

No Firewall & Cheap Routers to Blame for $80 million Bangladesh Bank Heist

No Firewall & Cheap Routers to Blame for $80 million Bangladesh Bank Heist

A typo by hackers resulted in the theft of a mere $80 million instead of $1 billion from the Bangladesh central bank back in February. But what is more worrying is the way that the hackers gained access. Investigators have discovered that the bank had no firewall and were using cheap second-hand routers that cost $10 to connect to global financial networks. The head of the bank resigned and the Finance Minister has called the bank’s approach to cyber security “very incompetent”.

The lack of sophisticated equipment also will make it more difficult for investigators to figure out exactly what happened as there will be a lack of information logging on the devices. And it also means that there would not have been network segmentation, meaning once the hackers had access, they had access to everything instead of just one part of the network. Good network security involves segmenting the network into working areas (think POS, Administration/Management, Guest Network, etc). And of course, good network security also involves the use of a firewall.

FireEye, the security firm helping investigate the theft, believes that malware with keystroke capabilities was covertly installed and in the bank systems for several days before the theft occurred. The thieves were able to gather operational data and steal codes that allowed them to process transactions but a spelling error in one of the transactions lead the theft to be discovered and stopped additional millions from going out the door to the thieves.

It is baffling that a bank that has access to billions of dollars would not invest in the most basic cyber security protections. SWIFT, the secure financial messaging service, whose service was used to transfer the funds but not directly breached, said that in response to the hack that they would be checking with banks to ensure they are implementing recommended security strategies. While SWIFT is able to recommend security practices, there is no organization with regulatory oversight to ensure that financial institutions are securing their computer networks.

While it was reported in late March that the Bangladesh central bank was considering legal action against the Federal Reserve Bank of New York, the new information that has surfaced about the lack of cyber security investment is bound to make that case a lot harder.

Modern banks need to realize that they can’t just invest all their security budgets in physical security. In today’s digitized and connected world, everyone needs to consider network security as well as physical security. Not having a firewall on a network is the physical equivalent of leaving the front door of the business open when no one is around. For a financial institution not to have basic cyber security protection in place is not only dangerous but also egregious.

And I can’t help but close with a great quote from the Head of the Bangladesh Police Forensics Training Institute.

It could be difficult to hack if there was a firewall.

Mohammad Shah Alam

Why Do Small Business Owners Need to Worry about Cyber-Security?

Why Do Small Business Owners Need to Worry about Cyber-Security?

Unfortunately, for small business owners, the thought that they are too small to be a target is simply inaccurate.

According to the US House Committee on Small Business, 71% of cyber attacks target businesses with fewer than 100 employees.
~ US House Committee on Small Business 2015

The average total cost of a cyber-security breach is $36,000 for a small business.
~ Better Business Bureau 2015

60% of small businesses that are hacked go out of business within six months due to the loss of reputation, financial repercussions, and the inability to recover from downtime.
~ National Cyber Security Alliance

Cyber criminals took an average $32,000 from small-business accounts.
~ National Small Business Association 2015

Ransomware saw a 165% rise in 2015 netting cyber-criminals a whopping $325 million in ransom.
~ McAfee Labs Threats Report & Cyber Threat Alliance 2015

The Federal Trade Commission now has the power to punish organizations that fail to invest in and deliver robust cyber-security measures.
~ Third U.S. Circuit Court of Appeals 2015

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.
~ John Chambers, CEO of Cisco

Businesses today are going to have to rely on their own resources if they want to protect themselves from cyber attacks. This is because law enforcement is limited due to both a lack of trained staff as well as the inability to prosecute criminals both in and outside of our borders.

So what are small businesses who can’t afford a trained cyber security staff supposed to do?  The keys are education, and effective multiple layers of defense.

More than 40% of cyber attacks are successful because they begin with your employees.  They take advantage of natural human curiosity, and the general desire of most employees to be helpful. A simple click on a link in a suspicious email, holding the door for a stranger to enter a secure area, or giving a login and password to someone pretending to work for the IT department can lead to devastating results to a small business’ data and computer systems.

Therefore, it’s imperative that you make the effort to increase your employees’ awareness of the very serious and growing trend of hackers targeting small businesses. Make sure they are educated about the dangers of social engineering attacks. And in situations where they are concerned about the legitimacy of an authority figure wanting access to a computer or secure area, make sure they are given the freedom to say “No” without fear of repercussion, and have the policies in place to support that.

From a technical standpoint, most small businesses have only a limited budget that they can devote to protecting their computer systems and data.  The key, again, is defense in depth – systems and procedures that provide multiple obstacles for cyber criminals to have to traverse to get to your data.  To do this:

  • Make sure you ALWAYS keep your software and operating systems up-to-date.  It’s annoying to have to wait, to reboot, and deal with changes. But be assured, if a software company sends out an update on Tuesday, you can be sure that Tuesday night cyber criminals are researching the weaknesses those updates are correcting and are attacking on Wednesday. They know many people put off an update because it’s inconvenient. So, like a lion picking off the stragglers in a herd, they search for computers that have not yet been updated.  Hackers like to take advantage of inconvenience.
  • Use a high quality anti-virus software program that is regularly updated. In “the old days” hacking was something bored kids used to do after school for fun. Today, it’s BIG business and new viruses and malware are constantly being created to get your data. An anti-virus product that hasn’t been updated for months is nearly as useless as not having one at all. A relatively small investment in this kind of protection will pay off in unknown ways.
  • Keep your systems and data backed up regularly.  With the proliferation of ransomware, cyber criminals have found a very lucrative way of making money by encrypting your data and holding it “hostage” until you pay them to unlock it. Even the FBI is advising that you just pay the ransom as the time and money to unlock it is outrageous.  Unless you have a technical solution to prevent this from happening in the first place, your only other option is to restore your system from a healthy back-up (one that doesn’t also have ransomware in it).  Without it, you are what you’d be if you were attached to another object by an inclined plane, wrapped helically around an axis (look it up).
  • Find a provider of a managed next generation firewall solution for your business. A Managed Firewall is a firewall that is monitored, managed, and kept  up-to-date by cyber-security experts outside of your company. And a Next Generation Firewall will provide necessary multiple layers of defense to your entire computer network, not just the computer sitting on your desk.

Managed next generation firewalls offer several benefits to small business owners, such as:

  • Reduced resources and expenses
  • Compliance to various security regulations such as HIPAA and PCI DSS
  • No licensing costs
  • Understandable reporting

One such provider of a managed next generation firewall is Axiom Cyber Solutions.  At Axiom Cyber Solutions, we strive to make managed cyber-security affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions provides a fully configured enterprise class next generation firewall to secure your business against today’s threats and those of tomorrow.  If you would like to know more, contact us at info@axiomcyber.com or call me at 1-800-519-5070.

Cybersecurity Lunch & Learn

Cybersecurity Lunch & Learn

Last month we hosted a Cybersecurity Lunch and Learn for Small Business Owners with some of our local partners, Orbis Solutions Inc, ViaWest, and Alpine Insurance.

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.

John Chambers, CEO of Cisco

We have seen a dramatic increase in the number of small and medium sized businesses falling victim to ransomware, phishing, malware and a variety of other nasty cybercrimes.

71 percent of cyber-attacks occur at businesses with fewer than 100 employees.

US House Small Business Committee, 2015

 

Besides giving small business owners an awareness that they are a target, getting protected is not an impossible task. There are easy ways for small businesses to get the same type of cybersecurity protection that large enterprises have.

 

If you are a business owner or executive that wants to know how to get cybersecurity protection, join us for our next lunch & learn scheduled for May 18th. Call our offices at 800-519-5070, Ext 1000 and RSVP today. Space is limited.

The Lowdown on the Panama Papers

The Lowdown on the Panama Papers

Law firms pride themselves on being the ultimate safe haven, where men and women alike can count on discretion and privacy when it comes to their most personal affairs. With the recent release of the ‘Panama Papers’, law firms are coming under fire for their cybersecurity or lack thereof. Unfortunately, these data breaches are becoming more and more common for law firms.

On April 3, 2016, 11.5 million confidential documents that provide detailed information on more than 214,000 offshore companies listed by a Panamanian law firm Mossack Fonseca, including the identities of shareholders and directors of said offshore companies. Mossack Fonseca is the fourth largest offshore law firm in the world with more than 40 offices worldwide. Ironically enough, before the Panama Papers leak, Mossack Fonseca was described by the Economist in 2012 as a “tight-lipped” industry leader in offshore finance. In fact, Las Vegas-based subsidiary of Mossack Fonseca is listed as the registered agent for 1,026 firms incorporated over the past decade and a half, many of which have since been dissolved or are no longer active.

These leaked Panama Papers have revealed the hidden wealth from some of the most high-ranking political officials, billionaires, celebrities and star athletes. This is important because the leak shows how the rich and famous can exploit tax shelters and also reveals an unprecedented pattern of corruption worldwide for 40 years. While shell companies inherently are not illegal, they are often used as a method to commit fraud.

The Panama Papers were leaked by an anonymous source who communicated with journalists that Mossack Fonseca was behaving unethically, thus deserving to be shut down. Below is a list of the most important information gleaned from the Panama Papers leak according to the Guardian News.

-Twelve national leaders are among 143 politicians, their families and close associates from around the world known to have been using offshore tax havens.

-A $2bn trail leads all the way to Vladimir Putin. The Russian president’s best friend – a cellist called Sergei Roldugin – is at the centre of a scheme in which money from Russian state banks is hidden offshore. Some of it ends up in a ski resort where in 2013 Putin’s daughter Katerina got married.

-Among national leaders with offshore wealth are Nawaz Sharif, Pakistan’s prime minister; Ayad Allawi, ex-interim prime minister and former vice-president of Iraq; Petro Poroshenko, president of Ukraine; Alaa Mubarak, son of Egypt’s former president; and the prime minister of Iceland, Sigmundur Davíð Gunnlaugsson.

-In the UK, six members of the House of Lords, three former Conservative MPs and dozens of donors to British political parties have had offshore assets.

-The families of at least eight current and former members of China’s supreme ruling body, the politburo, have been found to have hidden wealth offshore.

-Twenty-three individuals who have had sanctions imposed on them for supporting the regimes in North Korea, Zimbabwe, Russia, Iran and Syria have been clients of Mossack Fonseca. Their companies were harboured by the Seychelles, the British Virgin Islands, Panama and other jurisdictions.

-A key member of Fifa’s powerful ethics committee, which is supposed to be spearheading reform at world football’s scandal-hit governing body, acted as a lawyer for individuals and companies recently charged with bribery and corruption.

-One leaked memorandum from a partner of Mossack Fonseca said: “Ninety-five per cent of our work coincidentally consists in selling vehicles to avoid taxes.”

For further information on data breaches and law firms, please refer to one of our earlier articles: https://axiomcyber.com/blog/hacking/law-firms-beware-of-cyber-criminals/

Worried about cybersecurity? Axiom Cyber Solutions can help!

Our cybersecurity experts will secure your business against today’s threats and those of tomorrow. Axiom Cyber Solutions offers vulnerability and penetration assessments, managed firewall services, and cybersecurity & disaster recovery strategic planning services.

Axiom Cyber Solutions strives to make cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions has developed a managed cybersecurity program to give small businesses the same protection as large enterprises. We provide a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online.

Panama Papers – The World’s Largest Data Leak

Panama Papers – The World’s Largest Data Leak

On Sunday, the International Consortium of Investigative Journalists announced the world’s largest data leak to the public. Kept secret since late 2014, the data leak from the Mossack Fonseca law firm is said to be 2000 times larger than 2010 Wikileaks Cablegate release of US State Department documents. A massive 2.7 terabytes (TB) of emails, database files, and PDFs which equals almost 40 years of documents was collected from the anonymous whistle-blower. In comparison again to Wikileaks, Cablegate was a mere 1.7 gigabytes (GB) of data.

“This is pretty much every document from this firm over a 40-year period,” ICIJ director Gerard Ryle told WIRED in a phone call, arguing that at “about 2,000 times larger than the WikiLeaks state department cables,” it’s indeed the biggest leak in history.

What are the Panama Papers?

The Panama Papers allegedly contain information on 143 politicians, their family members and friends who have been creating offshore companies as tax havens. Fallout has begun with protests in Iceland calling for the resignation of the Prime Minister whose name has been linked to an offshore company in the British Virgin Islands. The Russian government has dismissed claims of wrongdoing and describe it as a “series of fibs” created to discredit Putin ahead of elections. However several countries including the US, Mexico, and Britain have vowed to investigate the possibility of tax evasion.

Why target a law firm?

Axiom has been tweeting lately about how law firms are an attractive target for hackers and that large elite law firms in the US have recently been directly targeted by hackers. And remember our blog post a few months ago about how law firms are being targeted?

Panama Papers proves just how lucrative the data breach of a law firm can be for hackers. Think about all the data that a law firm has: health, financial, intellectual property, and business trade secrets. In the wrong hands, that data would be a virtual treasure trove of information to be sold in the Dark Web.

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.

Cisco CEO – John Chambers

Law firms cannot take the head in the sand approach to cybersecurity anymore. It’s time for law firms to start assessing their vulnerabilities and planning for a sound cybersecurity infrastructure.

How was the data leaked?

In late 2014, an anonymous whistle-blower contacted the German newspaper Suddeutsche Zeitung stating that they had “more data than you have ever seen” in relation to crimes that the person wanted to make public. At this time, it is not publicly known how the whistle-blower was able to send so much data undetected over such a period of time however Bastian Obermayer, the reporter for Suddeutsche Zeitung who was contacted by the whistle-blower, stated that he “learned a lot about making the safe transfer of big files”.

Obermayer indicated that he communicated through various encrypted channels with the whistle-blower who sent the data in chunks until the 2.7 TB were amassed. Suddeutsche Zeitung contacted the ICIJ and the ICIJ created a secure portal where journalists could research the data. Over 400 journalists kept the information a secret until Sunday when over 100 news outlets published the first articles about the data leak.

Earlier in the day, the Mossack Fonseca website told its customers that their email server suffered an unauthorized breach. The company denies any wrongdoing and has published a lengthy rebuttal to the media reports. A spokesperson has stated that the company may pursue legal action against the news agencies for using the information that was obtained illegally.

It appears that you have had unauthorized access to proprietary documents and information taken from our company and have presented and interpreted them out of context. We trust that you are fully aware that using information/documentation unlawfully obtained is a crime, and we will not hesitate to pursue all available criminal and civil remedies.

Carlos Sousa – Public Relations Director, Mossack Fonseca & Co. (Panama)

The one thing that has not been mentioned yet is the data protection liability suit that the 4th largest offshore law firm in the world may have coming in the near future. Target settled its data breach for $100 million… this one is going to be much larger.

Doom and gloom?

While the Cisco CEO says that there are two types of companies, ones that have been hacked and ones that know they’ve been hacked; the cybersecurity future is not completely doom and gloom for businesses. There are some basic things that businesses can do to better protect themselves.

  • Use endpoint (anti-virus and anti-malware) software on all devices and keep it up-to-date
  • Protect the business with a firewall that inspects traffic both in and out of the business
  • Get a vulnerability and penetration assessment

 

Worried about cybersecurity? Axiom Cyber Solutions can help!

Let our cybersecurity experts secure your business against today’s threats and those of tomorrow. Axiom Cyber Solutions offers vulnerability and penetration assessments, managed firewall services, and cybersecurity & disaster recovery strategic planning services.

Axiom Cyber Solutions strives to make cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions has developed a managed cybersecurity program to give small businesses the same protection as large enterprises. We provide a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online.