Axiom Admin – Page 2 – Axiom Cyber Solutions

Tax Season is Also Phishing Season

As tax season is upon us, it is important to remind ourselves of whaling campaigns, which essentially are phishing scams but on a much larger scale. Whaling scams typically target large amounts of sensitive employee data (tax season = W2’s) or wire transfers for fake invoices. During tax season in 2016, cyber criminals successfully targeted 41 organizations for employee W-2 information. One particularly bad W-2 whaling scam led to the University of Kansas employee paychecks being diverted from their accounts after they received fake emails asking them to update payroll information.

Whaling scams catch people by surprise because they believe that they are receiving a legitimate request from inside their own organization (CEO, CFO, HR). The emails play on emotions with orders for urgent actions to pay invoices, update payroll information, or the need to file tax statements.

Phishing for W-2’s

During tax season, whaling campaigns are particularly lucrative for cyber criminals because with the W-2 information, they can file false tax returns and divert refunds from the actual person. Prior to last year, the IRS would not alert a person if they detected fraudulent tax filings but with the recent spate of data breaches and the number of false filings, the IRS will now does analyse on the filings to check consistency against previous years and will alert the taxpayer if they notice inconsistencies.

Even with all the checks in place, there were still around 275,000 claims of taxpayer identify theft reported to the IRS in 2016 and Experian’s Data Breach group handled more than 70 cases each week tied to W-2 schemes.

Whaling for Big Paydays

In April 2015, Mattel fell to a massive whaling scheme that saw $3 million diverted to Chinese cyber criminals. Luckily for Mattel, the money was wired over a Chinese holiday and they were able to work wiht the Chinese authorities to recover most of the funds.

In May 2016, the CEO and CFO of an Austrian plane manufacturing company both lost their jobs after falling for a whaling scheme that cost the company nearly US$57 million. The company managed to recover some of the money but most of it disappeared into foreign bank accounts.

And in January 2016, a Belgium bank lost US$75 million dollars after an email was sent requesting a money transfer to finalize an urgent business transaction.

So That’s the Bad News, Now How Can Organizations Combat Phishing?

Empowerment, verification, and employee education are key in combating whaling schemes. Anti-virus and anti-malware solutions will not stop phishing emails from being delivered or the links being clicked on or sensitive data being sent to the wrong person. It’s only when an employee is empowered to ask for verification and taught to question unusual circumstances that organizations will be able to defeat phishing scams.

The news of failure is constant but there are success stories everyday due to vigilant and aware employees. One such success story happened with week to a company that Axiom works with in Southern California. The “CEO” emailed his executive assistant and told her to wire money to someone right away. She thought it was odd as he typically did not send those type of emails and asked for verbal confirmation. The answer was “what are you talking about?” and Axiom was called for advice.

‘Tis the Season – The Season for Phishing

Christmas is coming early for phishing scam artists. The day after Halloween, my Inbox started filling up with alerts that I had won a $50 Amazon/Walmart/Costco Gift Card, packages I didn’t order began arriving from UPS/FedEx, LinkedIn change requests, and an assortment of other fanciful clickbait just begging to be clicked on.

Phishing Email from LinkedIn. Look at the From Email Address, Look at the Link (Linked-lower-case L-n), Hovering over the link shows a completely different website address too

Many of us are smart enough not to be fooled into clicking on phishing emails but a recent survey found that those of us who know the dangers of phishing still can’t properly identify 50% of phishing emails that are sent.

Even though surrounded by cyber-security day-in and day-out, one of our employees recently fell for a phishing scam for iTunes credentials. It wasn’t until their credentials failed to log them into the “iTunes” site and someone connected to their iCloud account that it dawned on them that they had been taken by a scam. Scammers are good and the reason why we continue to get emails from Nigerian princes and Nelson Mandela’s wife is that people still fall for the scams and cyber-criminals continue to make a profit.

Hackers are gaining easy access to money, user credentials, and healthcare data through a variety of different phishing scams. And they are sending out an estimated 8 million emails a week. The City of El Paso had $3.2 million diverted through a whaling scam that sent legitimate vendor funds to the incorrect accounts. Bayside Healthcare potentially revealed the health records of 13,000 patients by having one of its employees fall for a phishing scheme.

There is one simple step that everyone can take to defend themselves against phishing attempts: Hover over links in emails to see what site you are being directed to. Or even better yet, go directly to the vendor (Amazon, FedEx, banks, etc) to see if the offer or information is legit.

Podesta Phishing — The phishing email link that got John Podesta

Clicking on links directly from emails, even if they appear to be legit, carries risk. The email that lead to the hack of John Podesta’s email came from a site that had an address that looked like it was part of the Google Domain but really was not.

Often I see emails that appear to be from banks with an odd misspelling (bankfoamerica.com or welllsfargo.com– Did you catch the problem?). Scammers have also been getting better at using proper English and grammar by hiring copywriters to make their emails more difficult to detect.

For business owners, implement a system of checks-and-balances for sending funds to vendors or distributing sensitive employee information. Encourage your employees to question unusual and urgent requests for wiring money, even it comes from the highest levels of the company because fraudsters are posing as the CEO, CFO, or HR Director to try to trick your employees.

Scammers take advantage of the whatever season it may be for soliciting for information. During tax season, they pretend to be the CEO or HR Director looking for employee W-2s. During the Christmas season, they send great sounding offers for gift cards and surprises from some of our favorite online stores to elicit information. So as the holiday shopping season is upon us, buyer beware… and buyer be wary. Scammers are out to get you and they are getting cleverer every day.

Employees: The biggest risk and defense in cyber crime

The news is full of stories about how computer networks are being infected by malware, trojans, viruses, and that nasty malware variant known as ransomware. Starting off as an innocent looking email with an attachment or link sent to someone in HR or Finance, an independent consultant, even the business owner, and ending with the encryption of the business’ networks or a data breach. The news loves to harp on the fact that the human factor is the biggest risk in cyber security but they often do not talk about how humans are also the best defenders against cyber crime.

You can’t just rely on one person in a 10-person company; everyone needs to have a good understanding of cybersecurity and what the risks are for the organization.

Patricia (Pat) Toth

Supervisory Computer Scientist, NIST

Employee education is one of the best ways to defend against malicious activity. Letting your staff know what a phishing email looks like, why they should not enable macros on files they receive by email, and just overall being smart about how they use the internet are all steps in a positive direction for businesses who take cyber security seriously. Firewalls, endpoint protection, SIEM, that’s all great but unless you also pay attention to the inside of the business, the threats and damage will continue to occur.

Four in ten organisations had experienced insider damage at least quarterly in 2015.

Information Age, 2016

Start with Employee Orientation: Incorporating data protection and cyber security best practices into new employee orientation and annual training is a great place for businesses to start hardening their inside defenses. Nearly all companies handle sensitive data, whether from employees to customers, so outlining safe data practices in the employee handbook and giving employees guidelines on how to safely handle data could be the difference between a W-2 phishing scheme that reveals sensitive data about your employees to a hacker and keeping that data secure.

Passwords: Seems like a no-brainer but organizations continue to struggle with password expiry, complexity, and even forcing their IT professionals/admins to change their passwords on a regular basis. A survey during the RSA security conference found that 55% of admins make users change their passwords more regularly than they change their administrative credentials. And believe it or not, 123456 and password still top the list as the most popular passwords still in use.

Safe Data Handling: Employees need to be aware of ways to safely handle data. Whether it’s encrypting sensitive data sent by email or shredding sensitive data on paper, employees need to be told how to handle data. Employees also need to know the process for assisting people who call for assistance. Kevin Roose from Fusion learned the hard way how easy it was to con a customer support representative into letting a hacker into his mobile phone account with the help of the recording of a crying baby and the hacker pretending to be his stressed-out wife.

See Something, Say Something: Employees should not be punished for asking for verification of requests emailed to them. Too often phishing schemes are successful as they appear to be coming from the highest levels of management and are labeled urgent. Employees should know the normal procedure for making such requests and management should put check-and-balances in place to ensure sensitive data and money do not leave the organization without some form of verification. Those in Accounting should be told that the CEO, COO, etc will not email and tell them to wire money to a vendor without a verbal confirmation (and if that is not the procedure, the business should consider it or else be at risk for failing victim to a common phishing scheme!) And HR departments need to know that they won’t receive email requests for sensitive employee information either.

No Firewall & Cheap Routers to Blame for $80 million Bangladesh Bank Heist

A typo by hackers resulted in the theft of a mere $80 million instead of $1 billion from the Bangladesh central bank back in February. But what is more worrying is the way that the hackers gained access. Investigators have discovered that the bank had no firewall and were using cheap second-hand routers that cost $10 to connect to global financial networks. The head of the bank resigned and the Finance Minister has called the bank’s approach to cyber security “very incompetent”.

The lack of sophisticated equipment also will make it more difficult for investigators to figure out exactly what happened as there will be a lack of information logging on the devices. And it also means that there would not have been network segmentation, meaning once the hackers had access, they had access to everything instead of just one part of the network. Good network security involves segmenting the network into working areas (think POS, Administration/Management, Guest Network, etc). And of course, good network security also involves the use of a firewall.

FireEye, the security firm helping investigate the theft, believes that malware with keystroke capabilities was covertly installed and in the bank systems for several days before the theft occurred. The thieves were able to gather operational data and steal codes that allowed them to process transactions but a spelling error in one of the transactions lead the theft to be discovered and stopped additional millions from going out the door to the thieves.

It is baffling that a bank that has access to billions of dollars would not invest in the most basic cyber security protections. SWIFT, the secure financial messaging service, whose service was used to transfer the funds but not directly breached, said that in response to the hack that they would be checking with banks to ensure they are implementing recommended security strategies. While SWIFT is able to recommend security practices, there is no organization with regulatory oversight to ensure that financial institutions are securing their computer networks.

While it was reported in late March that the Bangladesh central bank was considering legal action against the Federal Reserve Bank of New York, the new information that has surfaced about the lack of cyber security investment is bound to make that case a lot harder.

Modern banks need to realize that they can’t just invest all their security budgets in physical security. In today’s digitized and connected world, everyone needs to consider network security as well as physical security. Not having a firewall on a network is the physical equivalent of leaving the front door of the business open when no one is around. For a financial institution not to have basic cyber security protection in place is not only dangerous but also egregious.

And I can’t help but close with a great quote from the Head of the Bangladesh Police Forensics Training Institute.

It could be difficult to hack if there was a firewall.

Mohammad Shah Alam

Cybersecurity Lunch & Learn

Last month we hosted a Cybersecurity Lunch and Learn for Small Business Owners with some of our local partners, Orbis Solutions Inc, ViaWest, and Alpine Insurance.

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.

John Chambers, CEO of Cisco

We have seen a dramatic increase in the number of small and medium sized businesses falling victim to ransomware, phishing, malware and a variety of other nasty cybercrimes.

71 percent of cyber-attacks occur at businesses with fewer than 100 employees.

US House Small Business Committee, 2015

Besides giving small business owners an awareness that they are a target, getting protected is not an impossible task. There are easy ways for small businesses to get the same type of cybersecurity protection that large enterprises have.

If you are a business owner or executive that wants to know how to get cybersecurity protection, join us for our next lunch & learn scheduled for May 18th. Call our offices at 800-519-5070, Ext 1000 and RSVP today. Space is limited.

The Lowdown on the Panama Papers

Law firms pride themselves on being the ultimate safe haven, where men and women alike can count on discretion and privacy when it comes to their most personal affairs. With the recent release of the ‘Panama Papers’, law firms are coming under fire for their cybersecurity or lack thereof. Unfortunately, these data breaches are becoming more and more common for law firms.

On April 3, 2016, 11.5 million confidential documents that provide detailed information on more than 214,000 offshore companies listed by a Panamanian law firm Mossack Fonseca, including the identities of shareholders and directors of said offshore companies. Mossack Fonseca is the fourth largest offshore law firm in the world with more than 40 offices worldwide. Ironically enough, before the Panama Papers leak, Mossack Fonseca was described by the Economist in 2012 as a “tight-lipped” industry leader in offshore finance. In fact, Las Vegas-based subsidiary of Mossack Fonseca is listed as the registered agent for 1,026 firms incorporated over the past decade and a half, many of which have since been dissolved or are no longer active.

These leaked Panama Papers have revealed the hidden wealth from some of the most high-ranking political officials, billionaires, celebrities and star athletes. This is important because the leak shows how the rich and famous can exploit tax shelters and also reveals an unprecedented pattern of corruption worldwide for 40 years. While shell companies inherently are not illegal, they are often used as a method to commit fraud.

The Panama Papers were leaked by an anonymous source who communicated with journalists that Mossack Fonseca was behaving unethically, thus deserving to be shut down. Below is a list of the most important information gleaned from the Panama Papers leak according to the Guardian News.

-Twelve national leaders are among 143 politicians, their families and close associates from around the world known to have been using offshore tax havens.

-A $2bn trail leads all the way to Vladimir Putin. The Russian president’s best friend – a cellist called Sergei Roldugin – is at the centre of a scheme in which money from Russian state banks is hidden offshore. Some of it ends up in a ski resort where in 2013 Putin’s daughter Katerina got married.

-Among national leaders with offshore wealth are Nawaz Sharif, Pakistan’s prime minister; Ayad Allawi, ex-interim prime minister and former vice-president of Iraq; Petro Poroshenko, president of Ukraine; Alaa Mubarak, son of Egypt’s former president; and the prime minister of Iceland, Sigmundur Davíð Gunnlaugsson.

-In the UK, six members of the House of Lords, three former Conservative MPs and dozens of donors to British political parties have had offshore assets.

-The families of at least eight current and former members of China’s supreme ruling body, the politburo, have been found to have hidden wealth offshore.

-Twenty-three individuals who have had sanctions imposed on them for supporting the regimes in North Korea, Zimbabwe, Russia, Iran and Syria have been clients of Mossack Fonseca. Their companies were harboured by the Seychelles, the British Virgin Islands, Panama and other jurisdictions.

-A key member of Fifa’s powerful ethics committee, which is supposed to be spearheading reform at world football’s scandal-hit governing body, acted as a lawyer for individuals and companies recently charged with bribery and corruption.

-One leaked memorandum from a partner of Mossack Fonseca said: “Ninety-five per cent of our work coincidentally consists in selling vehicles to avoid taxes.”

For further information on data breaches and law firms, please refer to one of our earlier articles: https://axiomcyber.com/blog/hacking/law-firms-beware-of-cyber-criminals/

Worried about cybersecurity? Axiom Cyber Solutions can help!

Our cybersecurity experts will secure your business against today’s threats and those of tomorrow. Axiom Cyber Solutions offers vulnerability and penetration assessments, managed firewall services, and cybersecurity & disaster recovery strategic planning services.

Axiom Cyber Solutions strives to make cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions has developed a managed cybersecurity program to give small businesses the same protection as large enterprises. We provide a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online.

Panama Papers – The World’s Largest Data Leak

On Sunday, the International Consortium of Investigative Journalists announced the world’s largest data leak to the public. Kept secret since late 2014, the data leak from the Mossack Fonseca law firm is said to be 2000 times larger than 2010 Wikileaks Cablegate release of US State Department documents. A massive 2.7 terabytes (TB) of emails, database files, and PDFs which equals almost 40 years of documents was collected from the anonymous whistle-blower. In comparison again to Wikileaks, Cablegate was a mere 1.7 gigabytes (GB) of data.

“This is pretty much every document from this firm over a 40-year period,” ICIJ director Gerard Ryle told WIRED in a phone call, arguing that at “about 2,000 times larger than the WikiLeaks state department cables,” it’s indeed the biggest leak in history.

What are the Panama Papers?

The Panama Papers allegedly contain information on 143 politicians, their family members and friends who have been creating offshore companies as tax havens. Fallout has begun with protests in Iceland calling for the resignation of the Prime Minister whose name has been linked to an offshore company in the British Virgin Islands. The Russian government has dismissed claims of wrongdoing and describe it as a “series of fibs” created to discredit Putin ahead of elections. However several countries including the US, Mexico, and Britain have vowed to investigate the possibility of tax evasion.

Why target a law firm?

Axiom has been tweeting lately about how law firms are an attractive target for hackers and that large elite law firms in the US have recently been directly targeted by hackers. And remember our blog post a few months ago about how law firms are being targeted?

Panama Papers proves just how lucrative the data breach of a law firm can be for hackers. Think about all the data that a law firm has: health, financial, intellectual property, and business trade secrets. In the wrong hands, that data would be a virtual treasure trove of information to be sold in the Dark Web.

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.

Cisco CEO – John Chambers

Law firms cannot take the head in the sand approach to cybersecurity anymore. It’s time for law firms to start assessing their vulnerabilities and planning for a sound cybersecurity infrastructure.

How was the data leaked?

In late 2014, an anonymous whistle-blower contacted the German newspaper Suddeutsche Zeitung stating that they had “more data than you have ever seen” in relation to crimes that the person wanted to make public. At this time, it is not publicly known how the whistle-blower was able to send so much data undetected over such a period of time however Bastian Obermayer, the reporter for Suddeutsche Zeitung who was contacted by the whistle-blower, stated that he “learned a lot about making the safe transfer of big files”.

Obermayer indicated that he communicated through various encrypted channels with the whistle-blower who sent the data in chunks until the 2.7 TB were amassed. Suddeutsche Zeitung contacted the ICIJ and the ICIJ created a secure portal where journalists could research the data. Over 400 journalists kept the information a secret until Sunday when over 100 news outlets published the first articles about the data leak.

Earlier in the day, the Mossack Fonseca website told its customers that their email server suffered an unauthorized breach. The company denies any wrongdoing and has published a lengthy rebuttal to the media reports. A spokesperson has stated that the company may pursue legal action against the news agencies for using the information that was obtained illegally.

It appears that you have had unauthorized access to proprietary documents and information taken from our company and have presented and interpreted them out of context. We trust that you are fully aware that using information/documentation unlawfully obtained is a crime, and we will not hesitate to pursue all available criminal and civil remedies.

Carlos Sousa – Public Relations Director, Mossack Fonseca & Co. (Panama)

The one thing that has not been mentioned yet is the data protection liability suit that the 4^th largest offshore law firm in the world may have coming in the near future. Target settled its data breach for $100 million… this one is going to be much larger.

Doom and gloom?

While the Cisco CEO says that there are two types of companies, ones that have been hacked and ones that know they’ve been hacked; the cybersecurity future is not completely doom and gloom for businesses. There are some basic things that businesses can do to better protect themselves.

Use endpoint (anti-virus and anti-malware) software on all devices and keep it up-to-date
Protect the business with a firewall that inspects traffic both in and out of the business
Get a vulnerability and penetration assessment

Worried about cybersecurity? Axiom Cyber Solutions can help!

Let our cybersecurity experts secure your business against today’s threats and those of tomorrow. Axiom Cyber Solutions offers vulnerability and penetration assessments, managed firewall services, and cybersecurity & disaster recovery strategic planning services.

Axiom Cyber Solutions strives to make cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions has developed a managed cybersecurity program to give small businesses the same protection as large enterprises. We provide a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online.

Why a Managed Firewall Is Good For Small Businesses

Do you have a firewall at your business? Did you know that your firewall was obsolete the day you installed it? A startling statement to many… but unless you have an expert managing your security updates on a daily basis, your business is not protected against today’s threats. Think of your firewall like your antivirus. If you install it and just leave it running without updating the definitions, you are vulnerable to any new threats.

Cyber-criminals are constantly evolving and finding new ways to exploit vulnerabilities such as default username/password combinations, known security holes, and outdated security definitions. And when a new security hole is announced to the world, the bad guys race to exploit the vulnerability before organizations install updates and unfortunately, major vendors keep discovering and patching serious vulnerabilities.

Cisco patches six critical vulnerabilities – March 2016
Cisco Patches Serious ASA firewall vulnerability – February 2016
Cisco advised firewall users to patch critical vulnerability – January 2016
Bad actors race to exploit Juniper firewall vulnerability – December 2015

Firewall management is time-intensive and requires security expertise. Firewall patches are not easy to install and require a backup in case the patch fails. Plus most firewalls require a reboot of the devices which means the business is taken offline during the update. Given these difficulties, many businesses schedule quarterly or less updates for their firewalls which leave the business open to attack through known vulnerabilities for long periods of time.

The absence of a firewall or an improperly configured firewall is a major factor in many data breaches. A robust firewall is the imperative first line of defense against intrusions and other threats for all business network. So how does a small business without an IT department much less a cyber-security expert get protected? The answer: A Managed Firewall.

A Managed Firewall is a firewall that is monitored, managed, and kept up-to-date by cybersecurity experts.

Managed firewalls offer several benefits such as:

Reduce resource costs -The average salary for a cybersecurity expert is $80-120,000 per year
Security compliance – The business will have the protection requirements to ensure PCI DSS, FFIEC/GLBA, SOX, HIPAA, etc regulations
No licensing costs – The cost is fixed month to month so you can budget accordingly and not get hit with license renewal fees after a year
Reporting – Unless you log into your firewall, you probably don’t know what it is doing. Managed firewall services typically offer some type of threat analysis reporting

How Can We Help?

Axiom Cyber Solutions strives to make managed cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions provides a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online. Let our cybersecurity experts secure your business against today’s threats and those of tomorrow.

Ransomware – The Cyber Bully on the Block

While ransomware is the new buzz word in cybersecurity, would you believe it that ransomware has been in existence since the 1980’s? The first known ransomware occurred when a man named Dr. Popp sent Trojan-infected diskettes to attendees of the World Health Organization conference and demanded the payment of $189 be sent to a PO Box in Panama. Of course, Dr. Popp was caught and brought to trial…later being declared unfit to stand trial due to the cardboard box he wore to protect himself from radiation.

Ransomware became more mainstream through the years as cyber-criminals realized that it’s easy to monetize and spread ransomware by sending infected email attachments that would encrypt the victims files. But it wasn’t until Q1 of 2015 that cyber-criminals went really big more than quadrupling the amount of ransomware from the previous quarter in 2014. 2016 has been declared the Year of Ransomware by numerous security vendors and as we near the end of Q1 2016, there are no signs that cyber-criminals are going to slow down the attacks.

Now-a-days, it’s hard to read the news without seeing a story about a business, schools, or hospitals being hit with ransomware. One of the more notable recent stories is Hollywood Presbyterian Medical Center that had to pay $17,000 in ransom in February 2016 to gain access to their computer systems. But just earlier this week, another three hospitals were hit in a new string of ransomware attacks that thankfully did not disrupt the operations of those hospitals, most likely due to a good backup strategy.

But for organizations that don’t have good backups, once ransomware is activated even the FBI does not have much hope that the encryption can be cracked.

“The ransomware is that good…

To be honest, we often advise people to just pay the ransom.”

Joseph Bonavolonta

Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, Boston office

While it has been recommended that the payment of ransomware should be illegal, that does not offer much help to businesses that are suffering downtime due to a successful attack. Even the FBI does not explicitly tell companies what they should do but rather tells them what options are available and lets the individual businesses decide what is the best way to proceed. So if a business is ransomed, what are the options?

Restore a backup of the computer or server – Perfect solution if you actively backup but statistically, only 25% of organizations/people actually do
Pay the ransom – Not ideal because it funds cyber-criminals
Start over from scratch – Go Gone with the Wind, say “Frankly My Dear…” and start rebuilding your computer/server which is time-consuming and you won’t have any historical data

But before it gets to that point of doom & gloom for the business, there are certain things that business can do to minimize the risk and/or impact of ransomware. And it’s always better to be safe, than sorry!

Tips on how to protect your business from ransomware

Educate your employees on how to deal with suspicious emails and procedures for opening email attachments
Don’t open unsolicited emails, don’t click on the links, and don’t open the attachments
Don’t enable macros on attachments received by email or downloaded
Use anti-virus & malware protection – and keep them up-to-date!
Keep your operating systems and browsers up-to-date
Use a pop-up blocker
Download only from trusted websites
Click the Window Close Button – don’t click the big, convenient close button in the pop-up window
Get Firewall Protection

How Can We Help?

If you’ve been the victim of a ransomware attack, Axiom Cyber Solutions is here to help. Call us at 1-800-519-5070 for expert advice and assistance.

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month. Our firewalls contain proprietary ransomware protection to stop ransomware from activating on your network. Call us for more information. #FightBackWithAxiom

Cyber-criminals Increasingly Target Small Businesses

Small businesses historically have had the mindset that they are not a target for hackers due to their size, but never have they been so wrong.

Sarah Green, a cyber security expert and business manager for Cyber Security at Training 2000, says that one of the most dangerous phrases used by small businesses is: “It’ll never happen to us.”

“Small businesses may feel that they aren’t likely to be a target due to their size and that hackers couldn’t possibly be interested in what they do – but in reality the exact opposite is true,” Green adds.

– Source: The Guardian

Hackers are targeting small businesses on a much higher frequency than large businesses. In fact, according to the US House Committee on Small Business, 71% of cyber attacks are aimed at businesses with less than 100 employees.

Hackers know that small businesses are less inclined to invest in cyber-security so it makes them a much more attractive target. Think of it like this, as a burglar presented with two houses, would you pick the house that has the front door left open (no firewall) or the house that has an iron gate (firewall) on the front door?

In the UK, the latest Government Security Breaches Survey found that 74% of small organizations reported a security breach in 2015 and SMEs are being directly targeted by hackers.

In fact, Symantec reports that over half of spear phishing attacks are carried out against small businesses. And the ransomware trend is increasing with many small businesses suffering the consequences. Intermedia reports that 40% of ransomware attacks in 2015 targeted small businesses.

It seemed like just another ordinary day for staff at vehicle hire company MNH Platinum. Little did they know that the simple click of an email link was about to threaten their entire business.

It was early last year when the Blackburn-based firm was the victim of a virus which encrypted over 12,000 files on its company network. A ransom demand followed – the criminals would decrypt the company’s files in exchange for more than £3,000.

With the virus proving impossible to remove without the loss of crucial company data, the firm had no choice but to pay up.

“We were completely unprepared for a cyber breach simply due to a lack of awareness of the magnitude an attack of this type could have through mistakenly clicking a link in an email,” says managing director Mark Hindle. “I am thankful that we had a lucky escape, in that I was able to retrieve the documents that are crucial to the running of the business, albeit at a price.”

– Source: The Guardian

How can we help?

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month.

We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at any time. #FightBackWithAxiom

Blog ArchivesAxiom Admin

Blog Archives
Axiom Admin