Menu

Monthly Archives2017 January

Home / Blog
The Truth About Cyber Bullying

The Truth About Cyber Bullying

The Internet has given bullies, who once harassed their peers on the playground, the anonymity and confidence to threaten and intimidate anyone from anywhere. Harassment of any kind through electronic communication is what is known as cyber bullying, and this phenomenon originated with cell phones and the Internet and, unfortunately, it continues to thrive today. While we often hear about cyber bullying in the news, it can be hard to grasp just how big of an issue this modern form of abuse can be– because of this, education and action need to become major areas of focus in combating this problem.

Cyber Bullying Statistics

  • 43% of kids have been cyber bullied — 1 in 4 have experienced it more than once.
  • 34% of students surveyed in 2016 have been harassed online at some point in their lives, which is almost double the amount reported by students of similar ages in 2007.
  • 68% of teens agree that cyber bullying is a serious problem.
  • 80% of cyber bullying occurs via smartphone in the form of texting or social media.
  • The most common types of bullying online are hurtful comments (14.3%) followed by rumors being spread (13.3%).
  • Young girls are twice as likely to partake in cyber bullying, both as the bully and the victim, than their male peers.

By taking a look at the figures above, it is obvious that cyber bullying is a huge issue. It’s such an issue that it has become the main focus of the First Lady’s platform.

Melania Trump’s Fight Against Cyber Bullying

Just as Former First Lady, Michelle Obama, used her platform to help children fight childhood obesity through her program, Let’s Move: America’s Move to Raise a Healthier Generation of Kids, new First Lady, Melania Trump, has chosen an issue that impacts children across the country for her platform as well: cyber bullying. In a speech leading up to the election, she said,

“We have to find a better way to talk to each other, to disagree with each other, to respect each other. We must find better ways to honor and support the basic goodness of our children, especially in social media. It will be one of the main focuses of my work, if I’m privileged enough to become your First Lady.”

-Melania Trump

Mrs. Trump has experienced bullying online herself, and some have even gone as far as to ridicule her ten year old son, Barron Trump. While the majority of people across party lines find this behavior reprehensible, it continues to happen–adults speak ill of a child, simply because of their views on his father. This alone could be the reason she has decided to take a stance against online bullies. While many believe her husband to be a social media cyber bully on Twitter, having the issue of cyber bullying at the top of the First Lady’s mind will hopefully impact the situation in a positive way by bringing to light this all-too-common problem.

Education & Action: Our Best Chance of Beating Cyber Bullying

Being aware of cyber bullying as an issue is the first step in stopping the abuse, and though some of the statistics above might seem staggering and hard to beat, there are some things we can do as a community to discourage people from cyber bullying and encourage people to be the good by supporting one another.

1. Limit children’s time in front of screens
2. Teach your children how to handle issues with others without bullying– Many students who said they experienced bullying also admitted to being bullies themselves, by teaching children to handle their issues in ways besides physical or cyber bullying, future generations might not have to experience the same conflicts.
3. Talk to your kids about their activity online– Though it can be a hard conversation to have, talk to your children about which sites you believe are/aren’t appropriate to visit.
4. Teach them to report any bullying they see online to you– Seventy percent of students report seeing frequent bullying online, but only one in ten will actually report it to an adult; this is why adults, including parents, teachers, and family friends, should encourage open communication between them and their children about any cyber bullying they experience or witness while online.

Hailey R. Carlson | Axiom Cyber Solutions | January 27, 2017

~Below, these facts, figures, and possible solutions are summarized in an infographic, brought to you by Axiom~

Power Grid Cybersecurity– Keeping America’s Lights On

Power Grid Cybersecurity– Keeping America’s Lights On

The Energy Department’s Warning

The U.S. Energy Department has released its Quadrennial Energy Review, in which it warned of U.S. electrical power grids being in ‘imminent danger’ of cyber attack. The Department also stated that a widespread power outage caused by a cyber attack could mean the undermining of “critical defense infrastructure” and much of the economy, as well as place the health and safety of millions of citizens in jeopardy. As attacks of this nature are becoming more frequent and sophisticated, The U.S. Department of Homeland Security has gone as far as to say that an attack on a U.S. power grid by a foreign enemy is one of their top concerns because such an attack could be one of the quickest ways to destroy the U.S. economy.

The issue of power grid security has become a concern for the Energy Department after allegations of Russian hacking on the U.S. election last year, as well as a supposed Russian attack on a Vermont electric utility at the start of the new year; However, whether or not these alleged Russian hacker scares are true, attacks of this nature have actually happened in the past quite frequently, and it is important to learn from these previous attacks on grids across the globe in order to properly secure these sources of energy from further attack.

Cyber Attacks on Energy Systems Across the Globe

Idaho, United States

In 2007, researchers for the Department of Energy conducted a vulnerability test on the power plant system at their Idaho lab. The staged attack, dubbed ‘Aurora,’ was launched by researchers to see where vulnerabilities might be hiding which ultimately resulted in the self-destruction of a generator. experimental cyber attack caused a generator to self-destruct. Though these were not malicious actors hacking into the system, this experimental cyber attack highlighted just how easy it would have been for a hacker to break in and cause harm. This was a bit of a wake up call for the federal government and electrical industry, as it made them think about what might happen if such an attack were carried out on a larger scale and by someone looking to cause harm to the American people.

Thankfully, by researching the vulnerabilities of the power grid in Idaho, the Energy Department has learned how to strengthen the cybersecurity defenses on these devices more so than ever before; though this is good news, acting undersecretary of DHS’s National Protection and Programs Directorate, Robert Jamison, said that vulnerabilities of this type cannot be easily eliminated, rather they need constant monitoring and updates that tests like these can aid in.

Kiev, Ukraine

Though the cyber attack on the Idaho power plant was a staged event and not malicious in its nature, some grid attacks do not pan out so nicely. Just last month, an alleged Russian cyber attack was launched on a Ukrainian power grid in the country’s capital. This was the second year in a row where a holiday-timed cyber attack hit the Kiev grid. Vsevolod Kovalchuk, acting chief director of Ukrenergo, stated that a power distribution station near Kiev unexpectedly switched off early on a Sunday morning, leaving the northern part of the capital without electricity, adding that the outage amounted to 200 megawatts of capacity, which is equivalent to about a fifth of the capital’s energy consumption at night. He said there were only two possible explanations for the accident: a hardware failure or external interference; either way, regardless of which of these was the actual cause, it comes down to an inherent cybersecurity flaw.

Grid Vulnerabilities in the Modern Age

In the continental United States, there isn’t a single national grid; instead there are three major grids, (1) the Eastern Interconnect, (2) the Western Interconnect, and (3) the Texas Interconnect (in addition to the grids covering Alaska and Hawaii). As these electric grids comes into the 21st Century through things like Smart grids, which automate operations and ensure that components of the grid can communicate with each other as needed, cybersecurity needs to be even stronger in order to properly protect these grids. There are four major vulnerability areas in 21st Century electric grids (detailed below), and it is important for the U.S. to take note in order to properly prepare for future cyber attacks on power grids.

  1. Platform Configuration– This vulnerability comes from improper OS and application security patches maintenance, inadequate access controls, and unenforced password policies.
  2. Platform Software– This security flaw is similar to what businesses and individuals face daily, with cyber attacks such as DDoS, lack of intrusion detection and prevention, and malware/ransomware threats as well.
  3. Network Configuration– A grid experiences Network Configuration Vulnerability if network configurations or connections are not protected by something, specifically a hardware firewall. If there is nothing between the hackers and the network to protect it, it falls into this category. Also under this category are Network Perimeter Vulnerabilities which include any network leaks or insecure Internet connections.
  4. Network Communication– This vulnerability occurs when communication between people via devices connected on the network are compromised. This, like Network Configuration Vulnerabilities, is primarily caused by a leak in network security.

In their Quadrennial Energy Review, the Energy Department also stressed the importance of incorporating cybersecurity in these grids because of their impact on the Internet of Things.

Grid control systems now handle, sense, and control endpoints numbered in the thousands. Widespread DER/DR penetration implies that future grid control systems may have to coordinate millions of end point control devices to support grid functions. These devices vary in type, from digital sensors and smart boards built into transformers, to mobile devices used by field operators and grid control managers… Grid control systems must evolve from being centralized to a hybrid of central and distributed control platforms… grid security and reliability assurance concerns mean that Federal authorities must be included in designing 21st-century grid control systems.

Hailey R. Carlson | Axiom Cyber Solutions | 01/25/2016

Image Source

Are you Vulnerable When it comes to Cybersecurity?

In the cyber world, we often hear about how everyone today is vulnerable to attack–Be it businesses, individuals, or even nations, no one is safe from the cyber threats that run rampant today. Though we know generally what the term means, it is important for us to define what it means to be vulnerable in the context of cybersecurity.

So, what is cybersecurity vulnerability? Vulnerability is a term that refers to a flaw in a company’s system which leaves it exposed to and defenseless against the attacks of cyber criminals. A company is considered vulnerable when there are little-to-no protections between its data and malicious actors who want to steal that information. It’s like protecting your car from being broken into–if you leave it unlocked, it is much easier for criminals to get inside; by locking the vehicle, however, you make it that much harder for people to break in, and they will likely skip over your car to get into one that is easier to attack. Hackers often do the same thing when it comes to secure and vulnerable entities.

There are numerous flaws within a company that can leave it vulnerable, and among some of the most dangerous of these cybersecurity vulnerabilities are access control issues, buffer overflows, and social engineering.

Access Control Issues

Access controls are a major factor for any business’ operations in that they determine who is allowed to do what. This authorization is referred to as privileges (or permissions) which are access rights granted by the operating system. This can mean figuring out who is allowed into a company’s server room or determining who has access to private files that include sensitive client data.

If used properly, access controls can keep your business safe by not allowing certain information or locations to be easily accessed by everyone, even some employees within the company who simply do not need access to that information. If these controls are misused or not used at all, however, it can put your company data at risk by having control out of your hands.

Buffer Overflows

Buffer overflow is a very common cybersecurity vulnerability that is, unfortunately, also very hard to detect. A buffer is a reserved memory space; in a buffer overflow attack, an application, one that stores data in more space than its buffer, is exploited into manipulating other buffer addresses and using them for the criminal’s vicious plans. The manipulation of other buffer addresses includes overwriting the data, damaging that data, and sometimes deleting the data as well. Thankfully this vulnerability is as hard for the hackers to carry out as it is for systems to detect.

Social Engineering

Social engineering is a focused attack which tries to trick users into divulging confidential information, such as organization secrets, or granting them access to private company computers without the victim’s knowledge. It is easier for cyber criminals to trick humans than to hack into your company through intricate code, so this is a common attack method for these malicious actors. There are multiple scams included in social engineering, but the most prevalent of this type of vulnerability appears in the form of phishing emails.

The best way to protect against a phishing email is to educate your employees on what to look for, including (1) an urgent request/deadline, (2) an embedded link within the email, (3) poor grammar or spelling throughout, and (4) the email appears to be coming from an unknown sender. Social engineering is different from other cybersecurity vulnerabilities in that it preys on the weaknesses and lack of knowledge in the human operators of computers, rather than entering the business through a flaw in the technology itself.

How to Reduce Your Company’s Vulnerabilities

Vulnerabilities are what cybersecurity companies like Axiom seek to reduce in businesses everywhere. As with anything in the cyber world, there is no silver bullet solution to keeping your company safe from its own network flaws; however, there are a few things you can do in order to reduce your company’s vulnerabilities:

  1. Educate your Employees– Employees can be your weakest link in regards to cybersecurity if they are not knowledgeable about looming threats and vulnerabilities–educate these employees, however, and you’ve got your greatest asset in the fight to stay secure. Not only should IT employees be well-versed in current cybersecurity vulnerabilities, but for all employees, from the highest level executives to the newest interns, cybersecurity education needs to be a company-wide mission. If an employee authorizes something that they are not aware is malicious, no firewall can say that it is not allowed; employees are the first line of defense in protecting your data.
  2. Run a vulnerability analysis– By running such an assessment, you can spot security holes and flaws that leave you vulnerable to attack. Generally this process first defines flaws, identifies them if they are present, and then classifies them into their proper categories. Once these existing threats are known to your company, you can take the necessary steps to secure your business in these areas. Knowing where you stand currently in regards to cybersecurity vulnerability can give you an idea as to whether or not your security defenses are where they need to be to give you the peace of mind that you are properly protected.
  3. Keep software security patches updated– These patches can remedy flaws or security holes that were found in your vulnerability analysis. For those who can be forgetful in keeping anti-virus and anti-malware software up-to-date, you can set up automatic updates to stay ahead of this security flaw.
  4. Back up and encrypt your sensitive data– Locate where your important data, such as names, social security numbers, bank account information, passwords, and other personally identifiable information (PII), is stored and make it as secure as you possibly can. By having backed-up copies of this sensitive information and then encrypting these files, hackers won’t even be able to use this data if they are sneaky enough to steal it.
  5. Talk to a professional– Taking on the task of securing your business can be a challenge, but you don’t have to go it alone. Many companies, particularly smaller businesses who lack an in-depth IT department, reach out to professionals to manage their cybersecurity defenses. Axiom Cyber Solutions is proud to be helping businesses of all sizes across the country to get and stay secure from those flaws that leave them vulnerable with our SecureAmerica Automated Threat Defense Platform.

All companies are vulnerable to attack–in fact IT professionals say it’s not a matter of if an entity will experience a data breach, but rather when. That being said, by implementing these steps above, you can make it harder for hackers to get to your private information and make yourself and your company less vulnerable to attack.

Hailey R. Carlson | Axiom Cyber Solutions | 1/17/2017

Tax Season is Also Phishing Season

Tax Season is Also Phishing Season

As tax season is upon us, it is important to remind ourselves of whaling campaigns, which essentially are phishing scams but on a much larger scale. Whaling scams typically target large amounts of sensitive employee data (tax season = W2’s) or wire transfers for fake invoices. During tax season in 2016, cyber criminals successfully targeted 41 organizations for employee W-2 information. One particularly bad W-2 whaling scam led to the University of Kansas employee paychecks being diverted from their accounts after they received fake emails asking them to update payroll information.

Whaling scams catch people by surprise because they believe that they are receiving a legitimate request from inside their own organization (CEO, CFO, HR). The emails play on emotions with orders for urgent actions to pay invoices, update payroll information, or the need to file tax statements.

Phishing for W-2’s

During tax season, whaling campaigns are particularly lucrative for cyber criminals because with the W-2 information, they can file false tax returns and divert refunds from the actual person. Prior to last year, the IRS would not alert a person if they detected fraudulent tax filings but with the recent spate of data breaches and the number of false filings, the IRS will now does analyse on the filings to check consistency against previous years and will alert the taxpayer if they notice inconsistencies.

Even with all the checks in place, there were still around 275,000 claims of taxpayer identify theft reported to the IRS in 2016 and Experian’s Data Breach group handled more than 70 cases each week tied to W-2 schemes.

Whaling for Big Paydays

In April 2015, Mattel fell to a massive whaling scheme that saw $3 million diverted to Chinese cyber criminals. Luckily for Mattel, the money was wired over a Chinese holiday and they were able to work wiht the Chinese authorities to recover most of the funds.

In May 2016, the CEO and CFO of an Austrian plane manufacturing company both lost their jobs after falling for a whaling scheme that cost the company nearly US$57 million. The company managed to recover some of the money but most of it disappeared into foreign bank accounts.

And in January 2016, a Belgium bank lost US$75 million dollars after an email was sent requesting a money transfer to finalize an urgent business transaction.

So That’s the Bad News, Now How Can Organizations Combat Phishing?

Empowerment, verification, and employee education are key in combating whaling schemes. Anti-virus and anti-malware solutions will not stop phishing emails from being delivered or the links being clicked on or sensitive data being sent to the wrong person. It’s only when an employee is empowered to ask for verification and taught to question unusual circumstances that organizations will be able to defeat phishing scams.

The news of failure is constant but there are success stories everyday due to vigilant and aware employees. One such success story happened with week to a company that Axiom works with in Southern California. The “CEO” emailed his executive assistant and told her to wire money to someone right away. She thought it was odd as he typically did not send those type of emails and asked for verbal confirmation. The answer was “what are you talking about?” and Axiom was called for advice.

4 IoT Trend Predictions for 2017

4 IoT Trend Predictions for 2017

The Internet of Things (IoT) allows for every day devices to be connected to each other via the Internet. With each passing year, it appears as though we grow closer and closer to a world that is inherently connected– and 2017 is no exception. Experts have many predictions and expectations for what the new year will bring to the IoT world; here are four of the most hotly discussed of these predictions:

Government Acceptance and Regulations

Business and consumers are expected to be the largest areas of growth when it comes to IoT adoption and implementation; However, it is predicted that governments will be the second-largest sector to adopt IoT ecosystems during 2017. With the changing of presidential power in the United States later this month, and President-elect Trump’s planfor tackling cybersecurity threats, it is likely that at least within the next four years, some approach on the government end will be made to try and protect against the intrinsic security flaws of IoT devices. Many cyber security professionals are urging these government officials to require higher levels of strong security built into these vulnerable devices.

Virtual Reality

Virtual reality (VR) was made widely popular among consumers in 2016 with wearable headsets that allowed you to become semi-immersed in a virtual world, just by looking around with a pair of goggles on your head. This area of IoT is expected to have a shift from growth that focuses on these wearable hardware devices to developing more software–primarily in regards to content creation.

2017 is said to be the year that top-level content creators will try and make this semi-immersive experience even more captivating and realistic than ever before. While primarily seen in the gaming industry thus far, the tourism industry is expected incorporate VR technology into their marketing strategies–allowing customers added benefits to their experiences while on their trips and in previewing future trips as well. This is just one of the advancements of digital marketing, another area of IoT that is expected to grow greatly in 2017.

It is expected that consumer use of these wearable devices, especially those with a connected smartphone adaptability component, will skyrocket alongside these expected software advancements.

Artificial Intelligence

While, to most of us, Artificial Intelligence (AI) sounds like something far off into the future, it is a component of the technological world that is already impacting our lives today. Smart cars, GPS, Virtual Personal Assistants like Siri and Alexa, and almost any other household smart devices fall under the broad category that is modern AI. Because these devices are connected through the Internet, experts have some predictions for Artificial Intelligence that are likely to affect the IoT world. These predictions are best stated by Code42 chief security officer and chief privacy officer, Rick Orloff:

“There is a big distinction between artificial intelligence (AI) and artificial general intelligence (AGI). The former is akin to your GPS finding the best route to the airport, with the latter being associated with actual intelligent thought, which ties into robotics. As we rely on artificial intelligence to handle more tasks and both these categories evolve, we’re going to see a huge demand in 2017 for security skills applied to AGI, AI, and robotics, even more so when you combine AGI and robotics. The need for better real-time data correlation to improve the service stack as well as the security stack will become a critical skill set.”

-Rick Orloff, CSO/CPO, Code42

Smart Cities

Smart cities are those cities that integrate technology, specifically IoT, solutions into the overall management of their assets–including schools, hospitals, power plants, and many more integral players in the community. According to the Internet of Things Institute, Singapore is currently the smartest city in the world for its use of IoT technology to run its operations. Along with other IoT related phenomena, smart cities are expected to be on the rise across the globe in 2017. There is predicted to be a special focus on investment models to support the implementation of city-wide energy efficient systems, according to Analysys Mason.

These smart cities are excellent in using technology to allow their citizens to collaborate, but it is not a challenge-less process. Ruthbea Yesner Clarke, global director, Smart Cities Strategies at IDC, had this to say in regards to the growing popularity of these IoT-run towns:

“The awareness of the potential of Smart Cities has grown exponentially over the past year. States, provinces, counties, cities, and national governments realize they can positively alter the lives of millions of urban residents with the technology and data-driven opportunities digital transformation provides. This transformation is not without challenges, as a broad ecosystems of partners must work together to implement complex initiatives, and this will affect the entire program life cycle from policies and regulation to worker training and process improvements.”

-Ruthbea Yesner Clarke, global director, Smart Cities Strategies at IDC.

exhibition

While all of these advancements in the IoT realm of the technology world are exciting, one major flaw that is expected to continue is the hacking of IoT smart devices. This will bring about infinite new approaches, solutions, and business models in the fight to keep these devices protected. Among many other ways which will develop alongside their growing threat counterparts, here are a few ways in which you can protect your home against IoT threats.

  1. Turn off remote access to your devices when not in use–When at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use, you are leaving it extremely vulnerable to use in a cyber attack, such as DDoS or even ransomware.
  2. Change all device login credentials from their default settings– Change your usernames and passwords to something hard to guess rather than leaving them vulnerable by using the same, basic credentials that came installed on your devices when you bought them. This is likely the same password used on similar devices, and using such passwords make them even more vulnerable to attack–once hackers figure out the password to one default device, they’ll be able to infect and take hostage any other device left in its default settings.
  3. Update your systems early and often– Stay on top of your system updates so that your network is well-protected. Activate fully automatic updates if it is hard for you to remember to update frequently, as it is for many of us. By doing this, you will never be behind in securing your devices with the most up-to-date protections.
  4. Research. Research. Research. Before you bring any connected devices into your home, you need to do your research to learn about the devices’ security features. As more and more consumers become cognizant of the security flaws that come installed in smart devices, such as vulnerable backdoors, manufacturers will need to begin taking note and creating these devices with security in mind. Until that time, protect yourself by doing a simple Google search to find out if your desired device is right for you.

Hailey R. Carlson | Axiom Cyber Solutions | 01/05/2017

The Real Costs of Cyber Attacks

The Real Costs of Cyber Attacks

Cyber attacks constantly top the news headlines–be it yet another massive data breach for Yahoo! or the findings that ransomware can now infect Smart TVs running Android OS, our world seems to always be threatened by some sort of cyber phenomenon or another. These cyber attacks threaten companies with their various costs, both measurable and immeasurable, and some of the most common costly cyber attacks are DDoS attacks, ransomware attacks, and data breaches.

Distributed Denial-of-Service (DDoS) Attacks

A distributed denial-of-service, or DDoS, attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. This is done by malicious actors to prevent legitimate users from accessing a website. When this type of attack occurs, it can either be meant to flood the company’s network infrastructure to block connections to the entirety of its site or more targeted at specific applications to block company use–and sometimes it can be both. When a company experiences a DDoS attack, it is important for them to know the costs involved.

The biggest costs surrounding a DDoS attack are related to getting the business’ domain operational again–meaning lots of money and time must be dedicated to fixing the issue. As of 2014, the average hourly cost to a company to try and mediate a DDoS attack was $40,000 an hour; as the the number of occurrences and the strength of DDoS attacks has increased since then, it is likely that this cost has risen as well. With two-thirds of attacks lasting 6 hours or more (16% of which lasted 1 to 7+ days), it is obvious that this can be a hefty price for a company to pay.

DDoS attacks are fairly preventable compared to other cyber attacks, and one of the best ways to prevent an attack is through early detection. Costs surrounding a DDoS attack can be reduced significantly with early detection, and there are simple steps a company can take in order to fight an attack once one has been detected. Companies can run a script on their servers that sends a message periodically with the recent traffic count. Monitoring and managing traffic is essential in preventing a DDoS attack. Once a pattern has been recognized, it is important for the bad traffic to be blocked without blocking those legitimate users who wish to access the site. It is important to be ready with strong incident response and DDoS mitigation plans in order to prevent the costs incurred by your company from getting out of hand.

Ransomware Attacks

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money, or ransom, is paid. Though now primarily known by this definition as a cyber crime, ransomware has been around since before the internet gained its popularity. Since then, the threat has grown drastically with the flourishing of the Internet, not only in its complexity but in its reach as well. 2016 experienced record amounts of complex ransomware attacks–with attacks totaling over $1 billion as of September 2016 for the year and an average of 4,000 attacks each day in the United States alone. While it is known that one of the costs surrounding ransomware is the actual ransom paid to the criminals in order to regain access to a company’s precious files, there are other hidden costs that are important for organizations to know about as well.

According to a survey conducted by the market research firm Vanson Bourne on behalf of SentinelOne, it takes an average of 33 man hours for an organization to recover from a ransomware attack. Researchers who conducted this survey make the assumption that the average employee makes around $20 per hour, meaning that this cost alone is more than $6,000 for each attack, and this varies based upon the company’s size and the employees’ actual rate of pay. Ransoms are commonly collected in the form of Bitcoin, a digital currency that uses encryption, created and held solely online. The average ransom is worth around 1-2 Bitcoin, and the current exchange rates show that the currency is worth over 1,000 USD per coin–but some especially malicious hackers charge their victims even more to regain access to their important and private files.

Similar to handling a DDoS attack, prevention is preferable to reaction when it comes to combating ransomware. By setting up a plan that includes the use of an antivirus and malware software, keeping all of your operating systems and computers up-to-date, enabling automatic updates, the use of a pop-up or ad-blocker, use of strong and unique passwords, and avoiding suspicious links and emails, you can prevent ransomware from infiltrating your company to begin with. The greatest defense you can have is a strong, managed firewall, as well as cyber-aware employees.

Data Breaches

The cold, hard truth about data breaches is that most IT professionals adhere to the belief that it is not a matter of if a company will be affected by a data breach, but rather when–and 2016 was not exempt from this belief either.

According to the 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute, the average cost of a data breach in 2016 was $4 million, with the average cost per record stolen in a data breach for this time being $158 (an increase of $4 per record from last year’s average); this cost was even greater for the healthcare and retail fields, at $355/record and $172/record respectfully. Costs associated with data breaches continue to climb yearly, so this Ponemon Institute Study took a look at why exactly this is occurring.

Researchers found three major causes for this hike in costs surrounding data breaches:

  1.  Nearly half of all data breaches are malicious attacks— Forty-eight percent of data breaches for 2016 were criminal and malicious attacks. This type of breach takes the most time to detect and contain, and this extra time devoted to remedying the situation results in a higher cost per record stolen. Since professionals believe it is only a matter of time before your company is hit with a data breach, it is important to prepare for the inevitable attack. By accepting that a breach will occur and creating a plan of action for when it does, you can protect your business from getting hit as hard as it might have been without proper preventative measures put in place.
  2. Costs surrounding lost business have increased As with other attacks, when a company faces a data breach, some of their customers will see this as a major fundamental flaw with the company itself and consequently, these enterprises will experience lost business. This is the biggest financial consequence to organizations that have experienced a data breach. Because of this cost being as significant as it is, after a company experiences a data breach, it is essential that they take steps to help retain customers’ trust in order to reduce the long-term financial impact.
  3. The cost of quality threat detection is growing rapidly— When a data breach is threatening an organization, the company needs to handle the situation as though it is a First 48 investigation–the more time that passes without a solution to the issue, the harder and more costly it becomes to resolve. According to the Ponemon Institute Study, detection and escalation costs have increased each year they have conducted this study, which suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a breach. Companies who feel as though quality threat detection and escalation are out of reach for them financially can find an external cybersecurity management partner to help protect the organization from attack.

These threats, as well as others, torment businesses year after year, costing them millions upon millions of dollars as well as significant chunks of their time. It is important for businesses to be prepared to prevent each attack as much as they possibly can in order to keep their customers’ trust and reduce the costs surrounding such a devastating event as a cyber attack.

Hailey R. Carlson | Axiom Cyber Solutions | 01/02/2017