Author Archives: Marketing

Why Cybersecurity MUST be a Board Issue

In recent years, there’s been an overwhelming number of cyber crime incidents occurring. Boards need to be more proactive in their cybersecurity. The number of cyber attacks over the past few years have forced all C-level executives to become more educated about their cybersecurity. Gone are the days where cybersecurity is passed off to the IT department. While many executives may find it difficult to follow because of a lack of knowledge or simple disinterest, it is essential to take an active role. Otherwise, there may be potential shareholder lawsuits and even the possibility of being removed from the board. If a business fails to explore this, they will be followed by serious consequences. Lawsuits are a guarantee for when there is a cyber breach or data breach.

According to Director & Boards author Tom Horton, “A primary responsibility of every board of directors is to secure the future of the organization. The very survival of the organization depends on the ability of the board and management not only to cope with future events but to anticipate the impact those events will have on both the company and the industry as a whole.”

The Institute of Internal Auditor’s Audit Executive Center did a survey, and boards agree that cyber security preparedness has increased but shared that only 14% of those folks were actually actively involved.

The National Association of Corporate Directors (NACD) published 5 principles that all corporate boards should consider “as they seek to enhance their oversight of cyber risks. These five principles are:

1. Directors need to understand and approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue.
2. Directors should understand the legal implications of cyber risks as they relate to their company’s specific circumstances.
3. Boards should have adequate access to cybersecurity expertise, and discussions about cyber-risk management should be given regular and adequate time on the board meeting agenda.
4. Directors should set the expectation that management will establish an enterprise-wide risk management framework with adequate staffing and budget.
5. Board-management discussion of cyber risk should include identification of which risks to avoid, accept, mitigate, or transfer through insurance, as well as specific plans associated with each approach.

Cybersecurity doesn’t leave one person unaffected, it’s a given that the board be involved with the cybersecurity strategy.

How can we help?

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month.

We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at any time. #FightBackWithAxiom

5 Reasons Why Your Small Business is at Risk for a Cyber Attack

Fact: America’s 28 million small businesses create approximately two out of every three new jobs in the United States each year and more than half of Americans either own or work for a small business.

Fact: Businesses with less than 20 employees make up approx 90% of the workforce according to the U.S. Census Bureau.

Fact: The Small Business Association found that small employers often don’t consider themselves targets for cyberattacks due to their size or the perception that they don’t have anything worth stealing. However, this could not be any more wrong.

Small businesses have incredibly valuable information that cyber criminals want, including both employee and customer data, bank account information, access to the business’s finances, and intellectual property. Many small businesses are in communication with larger businesses, thus, providing access to larger networks to these cyber criminals. These small businesses play an important part of the nation’s supply chain, and rely on their technology to safely store and process their information. No one really wants to spend money on something before it happens but in this day and age, you can’t afford not to protect your business, your livelihood. Look at your alternative, most businesses close within 6 months of a cyber attack. Some things are worth protecting, and your data, your customer’s data, and your network are your priority.

Most small businesses do not have any sort of cybersecurity practices in place because of a lack of resources. That may be a lack in sufficient resources or personnel to dedicate to cybersecurity. Even then, we’ve seen in recent news that larger corporations with plenty of resources at hand such as Target and Sony, are having their own issues with their cybersecurity not keeping them protected. With such an abundance of small businesses who lack cybersecurity, these small employers are an incredibly attractive target for cyber criminals. Let’s go over the 5 reasons why your small business is at risk for a cyber attack.

1. No one thinks it’ll happen to them. According to a report by Symantec, this kind of thought process couldn’t be further from the truth. 60% of all target attacks struck small and medium sized organizations. Oftentimes, these cyber crimes occur before the business owner can even realize their security has been compromised.

2. Most small businesses can’t afford an IT team, let alone cybersecurity so they ignore the issue. Unfortunately, the average cost of a data breach is $36,000 for small businesses. Many small businesses do not realize that they can be fined by the Securities and Exchange Commission (SEC) and Federal Trade Commission (FTC) for not protecting their customer’s data. The reality is, you can’t NOT afford cybersecurity.

3. Many small businesses don’t encrypt their data. Encryption in its simplest terms is a method of protecting data from people you don’t want to see it. According to a survey done by Sophos, there are numerous reasons why organizations do not encrypt their data. 37% of organizations cite lack of budget as to why they do not make extensive use of encryption. 31% point to concerns about encryption’s impact on performance and 28% state they have lack of deployment knowledge, while 20% say lack of legal pressure explains why they don’t use encryption. A small business may not realize why their assets are so valuable but in any organization, data is valuable not only to a small business owner but to the cyber criminals. The damage to your brand, your customers, and your business can be insurmountable.

4. Weak passwords pose as a huge security risk. Does your business use passwords like ‘1234’ or ‘password’? As ridiculous as this password is, it has been the #1 used password for years now. Cyber criminals are banking on this. Do not be lazy and just add numbers to your weak password. For example, instead of ‘123456’, many chose ‘1234567890’. This is a basic extension, which cybercriminals can take full advantage of. You’re not being clever by doing this. Take the few minutes to come up with a unique password. That could very well make the difference in your network security.

5. Not updating their firewalls. By regularly updating and checking your firewalls, you are being proactive towards the security of your business. Manufacturers release updates to their products which usually include fixes to bugs as well as new features that will mitigate new types of threats. It is also important to review your firewall logs and check for any alerts or policy changes.

Be proactive and don’t wait until it’s too late. Read below for how Axiom Cyber Solutions can help your small business manage their cybersecurity.

How can we help?

Axiom Cyber Solutions is offering a Managed Firewall, Cyber-Security Protection for Small Business starting as low as $199 per month.

We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business. And don’t worry, there are no upfront costs for the device and you can cancel at any time.

Owning a Computer Means You’re at Risk for Ransomware

Owning a Computer Means You’re at Risk for Ransomware

On February 8th, 2016, Horry County Public School District, located in South Carolina, realized they had fallen victim to ransomware. Over 100 of their servers and systems were shut down to keep the ransomware virus from spreading. The hackers demanded that Horry County Public Schools pay them approximately $8,500, otherwise the school district would lose their data forever.

What is ransomware? If you are unfamiliar with this term, now is the time to become familiar with it. Ransomware is a form of computer virus that discreetly corrupts files, and, as the name indicates, demands that a target pay for those files to be restored. Ransomware can have different disguises but the two main types of ransomware are locker ransomware (computer locker) and crypto ransomware (data locker).

Locker ransomware denies access to the computer or device. Crypto ransomware prevents access to files or data and does not necessarily have to use encryption to stop users from accessing their data, although the majority of it does. Ransomware is a 445 billion dollar industry and cyber criminals have no plans to stop anytime soon.

The only way the Horry County School District could recover their data was to pay the ransom so they could receive the encryption keys to unlock their data. However, the hackers requested for the ransom to be paid in Bitcoin (BTC). BTC is a decentralized peer-to-peer payment network that is powered by its users with no middlemen. It is very much like cash for the Internet. Since Horry County Schools were not at all familiar with BTC, they they reached out to Troy Wilkinson, current CEO and Co Founder of Axiom Cyber Solutions, for help. Troy stated that,

“Unfortunately, ransomware is only becoming more and more of a problem. These cyber criminals are banking on the fact that most people do not back up their data and are willing to pay dearly for that data back. We at Axiom feel so strongly about ransomware that we currently have patent pending prevention. Our technology empirically detects and stop ransomware once it’s activated on a network.”

Axiom Cyber Solutions was able to get the 22 BTC (approx $8,500) and paid the hackers. Horry County School Systems have had all their data restored and things are back to normal. Unfortunately, all organizations such as schools, universities, hospitals, and more will continue to be hit with ransomware. Even the FBI is encouraging people to pay up, if they want their data back.

Recently, during the 2015 Boston Cyber Security Summit, Joseph Bonavolonta, an assistant special agent in charge of the FBI’s Cyber and Counterintelligence Program in the Boston office stated,

“The easiest thing may be to just pay the ransom. The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

Simply having antivirus protection does not stop ransomware. The FBI recommends the following tips to help avoid ransomware.

1. Make sure you have updated antivirus software on your computer.
2.Enable automated patches for your operating system and web browser.
3. Have strong passwords, and don’t use the same passwords for everything.
4. Use a pop-up blocker.
5. Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
6. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
7. Use the same precautions on your mobile phone as you would on your computer when using the Internet.
8. To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.

Axiom Cyber Solutions offers the Axiom Sentinel, an enterprise firewall and security appliance, to help with ransomware by making sure that criminals have no way to call home. Sentinel makes malware and ransomware communication out of your network impossible, rendering these applications ineffective and unable to encrypt your data. We have identified key transactions in the TCP/IP stack that must occur when a ransomware is executed. This allows us to block ransomware communication in real time.

Ransomware infections will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network.

Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Hackers are Stealing Your Tax Returns

Hackers are Stealing Your Tax Returns

It’s tax season and cyber criminals are out in full force to steal your tax returns. This time last year, hackers stole $50 million from the Internal Revenue Service (IRS) through fradulent tax refunds, affecting 330,000 people. It’s no surprise that this January, the IRS was targeted by an automated cyber attack. Cyber criminals used stolen personal data from data breaches to create fake logins through the IRS Electronic Filing PINs. The IRS stated that they found unauthorized attemps to obtain Electronic Filing PINs for 464,000 Social Security numbers. The attackers tried to use malware to generate these fake identification numbers. Thankfully, the IRS was able to stop this attack before it affected anyone, however, it’s likely this won’t be the last attack.

“No personal taxpayer data was compromised or disclosed by IRS systems,” the IRS said in a statement. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application. The IRS is also protecting their accounts by marking them to protect against tax-related identity theft.”

The numerous data breaches that have occurred in the past few years have given these cyber criminals plenty of data to use for identity theft. In 2015, health insurers like Excellus, Anthem, and CareFirst, were victims of huge data breaches. These data breaches affected tens of millions of people. Even the Office of Personnel Management was attacked, exposing 21.5 million U.S. government employees. From the sheer amount of data that is out there, it’s no surprise that hackers are using this data to file people’s taxes.

As reported in Forbes: “The trend is clear. Each year, the IRS publishes a list of its ‘Dirty Dozen’ tax scams. In 2011, just one involved some form of identity theft. This year no less than one-third were (identity theft-related) scams.”

For a cyber criminal, it takes very little work to secure a big payoff. All it takes is a name and Social Security number, stolen from one of the many data breaches that have occurred. These thieves file for taxes under the stolen identity and provide a fake address to send the refund to. By using their automated programs, they can scam easily and quickly.

How can you protect yourself? The best thing you can do is to file your taxes as early as possible! The more you delay, the more time you are allowing cyber criminals to steal your identity.

Consumers need to be alert to possible tax-related identity theft, especially if you’ve received a letter from the IRS stating you have been breached. The IRS has published 5 warning signs that everyone should be aware of.

1. More than one tax return was filed for you;
2. You owe additional tax, have a refund offset or have had collection actions taken against you for a year you did not file a tax return;
3. IRS records indicate you received more wages than you actually earned or
4. Your state or federal benefits were reduced or cancelled because the agency received information reporting an income change.

Financial Services are Under Attack!

Hackers are consistently targeting the financial sector and our personal information is at risk more than ever before. Cyber crime is the number one threat we face according to the U.S. Intelligence Service and 39% of all cyber attacks affected financial institutions (PwC). Hackers target these financial service firms 300% more than businesses in other industries. (CDW Finance) These financial institutions include banks, mortgage lenders, insurance companies, investment firms, and wealth managers. Most people assume that their finances and data are kept safe. However, as we have seen over the past few years, this is no longer true. Hackers are becoming more and more sophisticated and sneaky, infiltrating themselves into even our most secure networks.

Many asset and wealth managers do not believe they are a target because they assume hackers are after higher profile organizations. However, this is not the case. Financial instituions are incredibly attractive to hackers and cyber criminals. According to Kroll’s Cyber Threat forecast these financial firms are an “attractive target as they typically hold volumes of valuable data which are often stored in an organized manner with little protection.”

Recently, the Securities and Exchange Commission (SEC) has listed cybersecurity as a top priority for 2016. At least 88% of broker-dealers and 74% of advisers have been the target of cyber attacks, the SEC stated earlier this February. The majority of these cyber attacks were done through fraudulent emails, some of which led to brokers losing more than $5,000, the report said. In one case, an adviser reported a loss of more than $75,000.

SEC Commissioner Luis Aguilar, stated that “cybersecurity is a persistent and growing threat, and that firms must take their cybersecurity duties seriously.”

The Financial Industry Regulatory Authority (FINRA), also issued their annual Regulatory and Examiniation Priorities Letter earlier this February which identified hacking as a major threat facing brokerages. These regulatory agencies are taking note of how financial institutions supervise their cybersecurity.

FINRA states that they “will review firms’ approaches to cybersecurity risk management, and depending on a firm’s business and risk profile, we will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training.”

There are many ways these cyber criminals attempt to steal money and data. One way is by contacting a wealth manager and pretending to be a client. They will claim they have been robbed and need a wire transfer immediately. Another popular scam is called social engineering. This type of scam is so popular that even the Director of the CIA fell for this last year. In this situation, the teenage hacker posed as a Verizon employee to gain sensitive information which allowed him access into the Director’s AOL account.

Social engineering refers to the concept of psychologically manipulating people in order to trick a person into revealing critical information. For example, tricking an employee into giving them accessibility whether it is a password or crucial banking information is very common. Human nature and trust feeds into this concept and cyber criminals are counting on this. There have even been reports of attractive women befriending IT security professionals, thereby gaining entry and infecting networks with malware.

By employing cybersecurity professionals, you as a business are making real steps toward protecting your business, your clients, your data, and more. Save yourself from being hit with fines and audits, otherwise the FTC will fine a company that has not sufficiently protected their data against a breach. The FTC will require a company to undergo 20 years of security audits if they are found negligent. Having firewalls and intrusion detection mechanisms in place to prohibit cyber criminals from gaining access to your network is key to avoiding the potential fallout you’ll have to deal with. Cybersecurity is a necessity and it is incredibly important for all businesses to take it seriously.

How can we help?

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for businesses starting as low as $199 per month. We realize that many organizations do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Cyber Criminals Are Now Targeting Your Kids

In today’s world, most parents are aware of the various predators that are out to harm their children. Now, parents can add cyber criminals to that list of concerns. While these criminals won’t physically harm your children, they can ruin your children’s credit and finances before they’ve even had a chance.

In 2015, 17.6 million Americans in the United States were victims of identity theft according to the Bureau of Justice Statistics. A majority of identity theft is due to data breaches committed by cyber criminals. The FBI ranks cybercrime as one of its top law enforcement priorities, and President Obama has recently proposed a $14 billion cybersecurity budget.

A data breach in November involving children’s toymaker, VTech, exposed 6.5 million children’s data. Approximately 3 million of those children were in the United States. The cost of VTech’s breach has reached approximately $116,000,000. Children are just as vulnerable to identity theft as adults. The fallout from data breaches affect so many individuals. Not only are the customers victim to having their personal information stolen, they also have to worry about their children’s personal information being compromised.

This past week, Wi-Fi-enabled toys from the Fisher Price line named ‘Smart Toy’, have been diagnosed with a security vulnerability, as well. Hackers had the ability to access children’s names, birthdays, gender, and more personal information. Fisher Price has since announced that this vulnerability has been remediated and no longer poses a problem. However, with the IoT (Internet of Things) well on it’s way and being implemeted into children’s toys, these security risks will only become more and more of an issue.

Can you imagine your child having an expensive utility bill in another state, or a drivers license, or even a foreclosed home in another state? It begs the question, when’s the last time you checked your children’s credit reports? It’s no surprise that these cyber criminals are interesed in stealing your children’s identity. You couldn’t ask for a better setup. What could possibly be better than a sparkling clean credit report for those criminals who want to start over financially?

Even worse, it can take years and years before you get any inkling of wrongdoing. More often than not, these cyber criminals are never caught. And the risk doesn’t decline after a few years because this is not something that just goes away. Social security numbers last a lifetime and identity theft for both adults and children is something that needs to be constantly monitored.

The youngest victim in identity theft was only five months old. A report done by Carnegie Mellon’s Cyber Lab, reported that out of the 40,000 children caught up in a data breach, 10.2% of those children had their Social Security numbers compromised. This statistic is 51x higher than the 0.2% of adults who were affected.

What can you do to help your child? The Federal Trade Commission (FTC) recommends looking out for the following scenarios.

1. Be turned down for government benefits because the benefits are being paid to another account using your child’s Social Security number.
2. Get a notice from the IRS saying the child didn’t pay income taxes, or that the child’s Social Security number was used on another tax return.
3. Get collection calls or bills for products or services you didn’t receive.
The majority of data breaches occur from cyber criminals who are hacking and phishing for data. Once that data is sold, you and your family are at risk for identity theft.

For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

DDoS Attacks Against Universities Are on the Rise

DDoS Attacks Against Universities Are on the Rise

In our blog last week, we discussed how colleges and universities are the third most attacked sector, beating out financial, government, and insurance sectors for numbers of cybersecurity attacks. This week, we will discuss how these hackers commonly utilize DDoS (Distributed Denial of Service) attacks to shut down a university’s network.

What is a DDoS attack?
A Denial of Service attack occurs when a malicious entity sends more traffic to your network than it can handle in order to overload it. When this occurs, your network equipment can become overloaded and fail into a state known as “hub mode” in an effort to maintain communication across the network. When this “hub mode” is enabled, all of the traffic on your network is blasted to every port, allowing an attacker to gather meta and packet data in an effort to map topology of your equipment.

Having a map of your network makes it easier for attackers to push forward with deeper penetration into your infrastructure, allowing them to breach data systems and steal information about your business and clients. The reasoning behind DDoS attacks can vary from revenge to anti-competitive businesses. Whatever the intent behind the cyber attack is, the goal is to be a huge headache for that organization by bringing down their network.

This past year, a number of colleges and universities were hit with DDoS attacks. The University of Virginia, Pennsylvania State, University of Connecticut, Washington State, Johns Hopkins, University of Maryland, University of Southern California, were all victims of DDoS attacks. We aren’t just talking about the big names in the academia world. Community colleges are also being targeted for DDoS attacks.

Earlier this January, Rutgers University suffered from their 6th successful DDoS attack. This came even after Rutgers spent approximately $3 million dollars on improving their cybersecurity which the hacker was sure to mention on Twitter.

Academic institutions in the U.S. are not the only ones falling victim to these DDoS attacks. On December, 7, 2015, the United Kingdom was hit with a cyber attack on their Janet computer network which operates on behalf of the UK’s higher education.

Andrew Smith, a senior lecturer at The Open University, one of the biggest universities in the UK for undergraduate education, described a DDoS attack as “probably one of the oldest tools in the arsenal of attacks that come from cyber criminals”.

“In straightforward terms, attackers have lined up an army of malware compromised computers and have primed them to attack Janet,” he said. “Janet is used by many universities and colleges in the UK. While our security is good, having thousands of computers around the world all sending useless data to one system will flood it and will slow it down.

“Each compromised computer will send a small amount of data, nothing that you would notice and normally in keeping with the typical internet traffic behaviour expected by your broadband provider. However, when this is multiplied by tens, hundreds and thousands of computers – the deluge becomes unmanageable as this restricts our ability to receive internet traffic which would also come in via the same connection.”

With the decreasing price of hacking tools, this increase in attacks will continue to become the new norm. Businesses of all sizes need to adapt to these new threats now in order to continue operating in the coming storm. The number of distributed denial of service attacks in the second quarter of 2015 has hit record highs according to the latest State of the Internet report from Akamai.

DDoS attacks grew seven percent since the last quarter and a staggering 132 percent compared to this time last year. In the quarter there were also 12 attacks that were categorized as “mega attacks,” peaking at more than 1,000 gigabits per second (Gbps) and 50 million packets per second (Mpps). These attacks will not slow down in 2016 and will only increase. All colleges and universities must think about how to mitigate through the murky waters of cybersecurity and reach out to cybersecurity experts.

How can Axiom Cyber Solutions help you?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Enterprise Class Businesses Organizations with advanced DDoS capabilities, starting as low as $199 per month. Let us take over and provide you with peace of mind. Axiom will provide your organization a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your organization.

From response time to an attack, to mitigative capacity, to packets inspected per second, the Axiom Sentinel wins in every category against the competition. Our patent pending algorithm coupled with the latest nanotechnology allows us to inspect 120 million packets per second, respond within 10 milliseconds to an attack and mitigate up to 100GB of traffic with a single appliance.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Cyber Criminals Are Targeting Universities

Cyber Criminals Are Targeting Universities

Universities are getting barraged by cyber attacks. Organized crime and state sponsored attacks by foreign governments are going after universities and their data. According to the 2015 Cost of Data Breach study by IBM, 1.5 million annual cyber attacks occur which breaks down to over 4,000 cyber attacks every day. It’s no surprise that many of those attacks are done specifically against universities.

In 2015, numerous colleges were attacked. The University of Virginia and Pennsylvania State University blamed their data breaches on Chinese hackers. At the University of Connecticut, their students Social Security numbers and credit card information was stolen. Washington State University, Johns Hopkins University, and Rutgers University were also attacked by cyber criminals.

“The landscape of who the attackers are has changed significantly,” says Mark Nardone, director of IT security for Northeastern University in Massachusetts. “We’re not in the ’80s, where it’s hobbyists coming after systems for a kind of self-gratification or bragging rights. Now we have people coming after resources that have tangible financial worth attached to them.”

10% of reported security breaches in 2014 involved the education sector, according to Symantec’s Internet Security Threat Report

.graph

Bill Mellon from the University of Wisconsin recently did an overhaul of the school’s network security and shared,

“We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” said Mr. Mellon, the associate dean for research policy. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

College and university networks are appealing to cyber criminals for three main reasons according to Lawrence White, the Association of Governing Boards of Universities and Colleges.

1. Servers found in universities are full of intellectual data that is worth quite a bit to cyber criminals. as a university. Richard Pérez-Peña, a New York Times journalist who reports on higher education, stated that,

“Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical device,”
Not only do universities have this data, they also have the thousands and thousands of applications from hopeful students containing even more critical information enticing cyber criminals.

2. Unlike most for profit businesses, college and universities try to operate under an easily accessible system. Computer systems are managed in a decentralized way and are difficult to secure. Since these computer systems are difficult to secure, they become prime targets for cyber attacks.

3. The costs associated with cybersecurity is high and many IT departments lack the resources to keep the systems up to date. IT departments in universities may have hundreds or thousands of third party software programs that need to be updated constantly as new viruses are found. A few seconds or minutes of a delay in downloading and installing the new patch can create serious vulnerability issues. Those few seconds could be just the amount of time a cyber criminal needs to get into the universities’ network.

Universities are getting attacked by cyber criminals so often, that the FBI has stepped in and created programs in an effort to assist universities with their cyber security. The College and University Security Effort (CAUSE) is a partnership effort between the FBI and academia that seeks to protect research, products, and personnel from foreign intelligence threats. It falls under the FBI’s Academic Alliance Program. The FBI states they will even send an agent to the university to discuss cybersecurity and will train students, researchers and administrators.

If a university fails to safeguard their data, a data breach will cost them millions of dollars. Repairs, remediation costs, consultancy fees, and preventative help are just a few things a university needs to consider. Consider Rutgers University, who spent approximately three million dollars this past year to clean up the mess that hackers made after their network was knocked offline four times.

How can Axiom Cyber Solutions help your University?

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Law Firms : Beware of Cyber Criminals

Law Firms : Beware of Cyber Criminals

“There are two types of law firms: those that know they’ve been hacked and those that do not”, according to Vincent Polley, attorney for the American Bar Association.

What an incredibly powerful statement considering the fallout of cyber attacks amongst businesses these days. The numbers of cyber crimes have only increased for those working in the healthcare and financial field, but due to reluctance from many law firms to report cyber crimes, we do not know if the same can be said for law firms.

1 in 4 law firms are victims of a data breach according to a 2015 study done by the American Bar Association.

law

Many law firms view cyber breaches as something to be ashamed of and many lawyers are hesitant to openly admit to their clients that they have become victims of a data breach. As hard as it may be to report these things, law firms need to report cyber breaches when they happen. A 2015 study by Citigroup’s cyberintelligence unit reported that,

“Due to the reluctance of most law firms to publicly discuss cyber intrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise.” The report when on to say that law firms are very appealing to cyber criminals, considering the incredibly confidential data on corporate deals and business strategies. These days, data = money, so it comes as no surprise that cyber criminals are after this data.

Earlier this year, there were reports of fraud related to law firms in where a hacker intercepted important instructions between the closing attorney and the buyer’s agent. The hacker sent out entirely different instructions on the wiring of the money. Unbeknownst to the victims, they then wired their money straight into the hacker’s account. These types of scams are only continuing.

The fallout from a data breach for a law firm can be huge. Not only does it become a huge legal liability, a law firm may even be sued depending on what kind of data was released. If a law firm ignores their cybersecurity issues and refuses to take proactive measures, they can be subject to fines by the FTC.

A law firm could also lose their reputation, as well as the trust their customers and clients have given them. The amount of confidential information that people entrust their lawyers with is insurmountable. Class action lawsuits will follow. The time and money dealing with a cyber security data breach is a huge headache of inconvenience and there’s no guarantee that a law firm will even be able to continue to stay open.

Law firms, no matter the size, must take their cyber security seriously. By getting into the mind of a hacker and mapping out vulnerabilities in your network, you will be taking the necessary proactive steps to protect yourself and your business from cyber criminals. Taking steps to protect your business will make the difference in whether or not a law firms is successfully attacked.

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

The Top 5 Cyber Hacks of 2015

The Top 5 Cyber Hacks of 2015

2015 was a busy year for cyber criminals. As the year comes to a close, we are reviewing the top 5 cyber attacks. Unfortunately, by the looks of it, this seems to be just the beginning.

office-of-personnel

1. Office of Personal Management (OPM)
The United States Office of Personal Management announced that they were victims of a data breach in June, 2015. The breach began in March, 2014 and remained undetected until April, 2015. This is one of the largest data breaches to occur in the federal sector, affecting approximately 18 million government employees. Information such as Social Security numbers, names, birth dates, addresses, military records, pension information, and more was leaked. 5.6 million sets of fingerprints were also stolen, putting secret federal agents in harms way. The Wall Street Journal reported that US government officials suspected Chinese hackers were responsible for the data breach. Since this hack, China and the US have had numerous discussions on this issue and are currently their discussing cybersecurity issues.

2. Vtech
Hong Kong toy manufacturer VTech was hit with a very serious data breach in November 2015. VTech is known as a children’s toys manufacturer. Their items include tablets, phones, and baby monitors. This hack was reported by the hacker himself. who gave his findings to Motherboard. Approximately 10 million VTech customers were affected by the data breach. According to VTech’s website, a total of 4,854,209 customer (parent) accounts and 6,368,509 children’s profiles were affected. Customers around the world were affected but the USA saw the highest number of parent accounts, approximately 2 million. The hacker was able to collect photos of children and their parents, including audio recordings, by breaking into VTech’s servers through a SQL injection. VTech immediately began a thorough investigation for this cyber crime. As of December 16th, the authorities in the UK arrested a 21 year old man in connection with the VTech data breach. The investigation is still ongoing.

ashley-madison

3. Ashley Madison
Perhaps the juiciest data breach of 2015, the Ashley Madison website was hacked by a group named the Impact Team. More than 32 million users had their personal e-mail addresses leaked. Ashley Madison, a website that encourages extramarital affairs, found itself in the middle of a huge headache. According to the hackers, the reasoning behind the breach was simple: to prove that Ashley Madison was corrupt and lied to their users for money. Ashley Madison charged their customers a $20 fee for those who wanted to have their profile deleted fully. The hackers were able to prove that the $20 fee did nothing to protect customers and was just a scam for more revenue. This specific hack raises many ethical questions on user data and how companies are handling the user data. Currently, as of December 2015, Ashley Madison hack victims are starting to receive blackmail letters and people are still being affected.

4. T Mobile
This past October, T-Mobile announced that they fell victim to hackers by way of Experian, a credit reporting service. 15 million applicants applied for credit at TMobile and ended up having critical data such as social security numbers, license information, passport info, and more stolen. While no banking or credit card information was leaked, the information that was released can easily allow for identity theft. Although TMobile is offering two years of free credit monitoring to those affected, any cyber criminal could simply wait for the those two years to pass before attempting to do anything.

5. Hacking Team
In July 2015, the Hacking Team, a company who sells surveillance software to law enforcement agencies, had over 400 gigabytes of crucial information stolen. Surveillance data, contracts, emails, and invoices were leaked. Revealed in the leaked data showed the Hacking Team used poor passwords which only assisted the hackers to gain access into the Hacking Team’s servers. Much worse however, was the data that showed the Hacking Team was not afraid to sell their surveillance software to any government worldwide, creating lasting effects by giving cyber criminals better tools to commit their crimes.

How can Axiom Cyber Solutions help your business?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own.

Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom