Facebook
Shannon Wilkinson, President of Axiom Cyber Solutions, Selected as Top 100 Women of Influence by MYVegas Magazine

Shannon Wilkinson, President of Axiom Cyber Solutions, Selected as Top 100 Women of Influence by MYVegas Magazine

For the second year in a row, President of Axiom Cyber Solutions, Shannon Wilkinson, has been named to the Top 100 Women of Las Vegas by MyVegas Magazine. MYVegas Magazine polls over 100,000 of its readers to find the Top 100 Women in Las Vegas each year.

These women come highly recommended by our readers and our community! There’s no shortage of fabulous females in the Las Vegas Valley, so ranking among the Top 100 Women of the Year is an extraordinary honor and sought-after accolade. – MYVegas Magazine

Shannon Wilkinson stated “I am very honored to have been nominated and selected as one of the Top 100 Women of Las Vegas. To see the outstanding line-up of other women being honored, I am humbled to be included in the list for 2018.”

MYVegas Magazine is available for free around the community or a free copy can be requested from their website www.myvegasmag.com

MYVegas Top 100 Women 2018

Why Threat Intelligence is Not Always Intelligent

Why Threat Intelligence is Not Always Intelligent

The primary purpose of threat intelligence is to help organizations understand what kind of threats they may face, zero-day attacks or exploits. The problem that exists for many organizations about threat intelligence is that there can be so much information coming at them, so much information to act upon, but no time or resources to shift through it, much less apply it to the company’s cybersecurity defense and/or strategy.

Threat intelligence that doesn’t do anything is not that intelligent.

Brent Watkins, FBI Special Agent (Retired), Axiom Cyber Solutions Head of Business Development

There is a real issue with cybersecurity alert fatigue. It is such a problem that TechRepublic ran an article titled “Why notification overload is killing enterprise cybersecurity teams“. Cybersecurity fatigue affects 72% of organizations and part of the problem is the cybersecurity skills gap that only seems to be widening, rather than closing. Basically, the conclusion of a Bitdefender report called CISO’s Hardest Burden is that unless companies have enough personnel to deal with the incoming threat reports, they cannot improve their security.

And if cybersecurity teams, or the lone IT professional tasked with anything & everything within the organization (including cybersecurity, which is not a hobby), are overwhelmed, what does that mean for the cybersecurity defense of the organisation? Troy Wilkinson, CEO of Axiom Cyber Solutions, has frequently discussed that a company’s risk factor exponentially increases from the time that a vulnerability is disclosed to the time that a patch is applied yet still so many organizations are struggling to stay on top of their cybersecurity defense.

The result of the mismatch between the magnitude of threat data and the qualified resources needed to analyze and respond to new threats is increasingly costly and damaging data breaches across all industries from healthcare to financial services to retail and food service.

The problem with threat intelligence data is that it does require that someone in the organization to analyze and apply changes. Changes that may need to go through a strenuous and timely change management approval process which further slows down apply patches to maintain a secure cyber defense. And by the time that a change to the defense may be approved, there are thousands of other possible changes that have come through. So where does it end?

Axiom’s Polymorphic Threat Defense System

Recognizing the need to marry threat intelligence with action, Axiom Cyber Solutions developed its Polymorphic Threat Defense Systems used by both our Axiom SecureAmerica and Axiom Shield products. Axiom has curated over 100 open and closed sources of threat data to bring into our platform which allows us to currently push out over 350,000 threat data points a day to our clients. And to steal a line from “As Seen on TV”…but wait there’s more… one of the beautiful things about connecting with Axiom’s platform is that it requires no action on the part of the customer. All updates from our platform are fully automated and applied without intervention.

Threat actors are constantly evolving their tactics, methods, and connection points. It is important that we also evolve our defenses just as fast, if not faster, to ensure that we are doing our best to protect our businesses.

If you are interested in more information about Axiom’s Polymorphic Threat Defense System, please contact us or call 800-519-5070.

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

United States healthcare organizations, from small two-person offices to massive hospitals, need to draw their attention to cybersecurity. While many medical personnel don’t understand or think they need it, a recent report by the U.S. Department of Health & Human Services on cybersecurity disagrees.

The industry must come together to address this growing concern and this blog will give you six solid ways to do so.

 

Why Healthcare Organizations are Targeted

According to the Identity Theft Resource Center, social security numbers have the possibility of being more exposed in healthcare than any other industry.

In addition, because doctors’ offices, hospitals and suppliers are often interconnected with Electronic Health Records, once a cybercriminal breaches one system, it’s much easier to crack into others.

Unlike credit card numbers that are generally used within a few minutes to a few days of being stolen, health records are valuable to a bad actor up to ten years after they capture the data. If the patient information is sensitive in nature, it can be used a blackmail against them.

One other important note, health records are ten to sixty times more valuable on the dark web than credit card information.

 

How Bad Actors Get In

Nurses, doctors and administrators typically don’t understand data breach risks; therefore, cybercriminals access patient records in one or more of the following ways:

  1. While smart devices help diagnose and treat patients, they often have the lowest level of encryption which make them great entry points
  2. Legacy hardware that doesn’t support current operating systems and applications and software that hasn’t been upgraded and updated is another method
  3. Electronic Health Records (EHRs), that are purposefully or accidently given to the wrong individuals
  4. Patient portals that do not have end-to-end encryption

Unfortunately, even today, only 25% of all U.S. hospitals have a designated cybersecurity specialist, according to Healthcare IT News. This makes reporting and monitoring difficult.

Ignoring Cybersecurity is Risky Business

If patient data is stolen or compromised, your organization will be held accountable under HIPPA guidelines and will incur heavy regulatory fines. In addition, if enough records are exposed, your brand reputation will suffer leaving patients to possibly seek other medical options. Last, if your records are held for ransomware, you may have to pay millions of dollars for return of those records.

 

Six Effective Cybersecurity Solutions

  1. Put one individual in charge of cybersecurity.
    Whether you run a small office or a sprawling medical complex, one person needs to oversee cybersecurity. This person will set policy. They will be the conduit to others to report problems and suspected breaches.
  2. Complete a benefit/risk analysis of all connected devices.
    What is the value of each device? Is there an alternative product that offers a better cybersecurity choice? What is your BYOD policy? A complete analysis should be completed before moving to the next step.
  3. Set in place cybersecurity standards and practices.
    Once a thorough analysis of your hardware, software and network solutions is concluded, which should include virtual workers and suppliers that can tie into your network, you are armed with enough information to move forward on an effective policy. Work with outside consultants who can analyze your vulnerabilities effectively.
  4. Subscribe to updates from the Health Care Industry Cybersecurity Task Force.
    This 21-member task force is responsible for researching and making recommendations on healthcare cybersecurity initiatives. They offer best practices, on an ongoing basis, to prepare your organization against an attack.
  1. Implement a strong continuous monitoring solution.
    Effective cybersecurity starts by protecting the data that resides on the network. Failure to have 24/7 monitoring can result in data loss, ransomware and impact your brand integrity.
  2. Outsource cybersecurity.
    The funding required to hire, train and keep cybersecurity talent may simply not be available for small-to-medium medical facilities. Tack on assessment software and monitoring solutions, which can be enough to push your small IT budget over the edge, not allowing you to move forward on other needed equipment upgrades. Outsourcing handles all of the above concerns and more.

Axiom Cyber Solutions Can Protect Your Medical Establishment

We offer the world’s first polymorphic cyber defense platform that can identify the newest threats, vulnerabilities, and automatically dispatch updates in real-time. This included ransomware and DDoS mitigation, as well as, dynamic dark web protection. Contact us today to learn more about how we can protect your data today!

Healthcare Cybersecurity Woes

Healthcare Cybersecurity Woes

2018 has not gotten off to a good start in the healthcare industry cybersecurity. Still the top targeted industry, we have seen hospital groups and one of the electronic medical record companies fall to very preventable SamSam ransomware attacks.

SamSam infections are troubling

The recent attacks with SamSam ransomware is particularly concerning because it requires the attacker to be inside the victim’s computer network to manually activate the ransomware. This means that the attacker(s) who held Hancock Health, AllScripts, the Colorado Department of Transportation, and most recently at the time of writing, the City of Atlanta, Georgia ransom had remote access to the computer systems of all those organizations.

Research shows cyberattacks have lethal results

Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, has found that 2,100 deaths can be linked to hospital data breaches and lack of cybersecurity protections. The reason is that breaches “trigger remediation activities, regulatory inquires and litigation in the years following a breach…” and these activities affect the performance of the facility, leading to quality issues.

Thinking to the large-scale ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles in February 2016 that brought their computer systems down for weeks, when the attack was at its worst, the hospital had to divert ambulances and even transfer patients to nearby medical facilities for treatment. When WannaCry ransomware hit 16 hospitals in May 2017, at least one facility had to cancel 10 scheduled operations due to computer system outages.

So what do healthcare organizations need to do?

The first step is identifying what is on your network. It is surprising how many organizations have no idea how many computers or internet-connected devices are on their networks, much less their protection status. How can you protect your systems and data if you don’t even know where they reside?

The questions “Do you have a firewall” and “when was it last updated” seems to catch many organizations off-guard and the all too common answer is that “I think my IT guy put one in and I’m sure he’s keeping it up to date”. But that’s not good enough. As an office manager or administrator, you need to know that you have all the protections in place not only to maintain HIPAA compliance but really because you care about your patient’s data and safety.

Contact Axiom today for a short and complimentary cybersecurity risk assessment to go over your cybersecurity strategy. Contact us or call 800-519-5070 to speak with one of our qualified cybersecurity experts.

How Data Breaches Affect Children

How Data Breaches Affect Children

Believe it or not, data breaches do affect children, even as young as infants. The worrisome aspect of recent massive data breaches is that many adults have grown immune to data breach notifications; so much so that nearly half of Americans haven’t even checked their credit following the Equifax breach. If they are not checking their own credit, you can pretty much bet that they haven’t looked into their children’s credit either.

One family of five decided to plug in their entire family’s information into the Equifax data breach checker and were surprised to see that their 7-year-old son’s information was potential stolen.

The theft of a child’s identity is lucrative to a cyber-criminal because it can remain undetected for years, if not decades. Without regular monitoring, a child’s identity that has been stolen may not be discovered until they are preparing to go to college and start applying for student loans or get their first credit card. By then, the damage is done and the now young adult will need to go through the pain of proving that their identity was indeed stolen.

It may be surprising to many but a 2011 report found that children are 51% more likely to be the victim of identity theft than an adult. It was found that one of the victims was only five months old and another teenager had over $700,000 in debt in their name.

And this tax season, cybercriminals on the DarkWeb have been caught selling the social security numbers of infants for just $300 per social to be used on fraudulent tax returns. While data on children has been on sale for many years, this is the first believed case where hackers are specifically targeting newborns and “fresh” social security numbers.

So, what can parents do to protect their children and their credit?

The first step would be to treat your children’s social security numbers just as carefully as you would treat your own. Do not provide it to anyone unless absolutely necessary (doctor, school, accountant). And if you have a teenager, teach them how to be responsible with their social security number as well.

Secondly, if you have reason to believe that your child’s information may have been stolen, you as a parent are allowed to request to see if your child has a credit report and secondly, if they do, by request you can also put a credit freeze on their report.

Image Credit – Freepik

Beware Tax Season Scams

Beware Tax Season Scams

Tax season is upon us again and the hackers have been busy with a slew of old and new tricks to try to steal tax refunds. Here are some of the new and old tricks that hackers are employing this tax season and some tips on how you can avoid being taken advantage of by cyber-criminals.

A New Twist to an Old Game

Who wouldn’t be happy to get a bunch of money deposited in their bank account by surprise from the IRS?! Unfortunately for us, the IRS is not just giving us all money and it is a new elaborate scam by hackers to try to swindle you and the IRS out of money. Hackers are using your personal information to file a fraudulent tax return on your behalf but also having it deposited in your bank account. Then they fall back to their old scam of calling or emailing you, claiming to be the IRS and demanding that you send the money back.

Thanks, Equifax…

Due to the massive Equifax data breach, the IRS is expecting a huge uptick in the number of fraudulent filings. To try to help combat some of the fall-out, each employer has been assigned a special Employer Code that is found on the W-2 form to try to make sure that fake W-2s are not used to file claims.

The IRS also has encouraged everyone to try to file their claims as quickly as possible as to not allow hackers a chance to put in a fake claim before you do. If two (or more) claims are filed with your social security number, the IRS will notify you by snail mail (The IRS does not email or call).

If you try to eFile and a claim has already been filed, your claim may be rejected and you will need to contact the IRS (also because of the Equifax data breach, contact the FTC).

Even Children are Affected…

A worrisome discovery this tax season has been the sale of infant and child personal information on the Dark Web. Hackers even are eliciting sale of the information by advertising that it is tax season and buyers should get the information before it is used. The troublesome aspect of having children’s personal information for sale on the Dark Web is that very few parents actually monitor the credit of their youngsters and they may not discover a fake identity for years or even 16-17 years down the road when the child is grown and starts applying for college or credit.

The ol’ W-2 Phishing Scam

Despite IRS warnings and tons of news the past couple of years, hackers are still tricking businesses into sending their employee records. A few years ago, the IRS warned companies of falling for the W-2 scams but despite the continued warnings, businesses (and even government offices like the City of Keokuk,Iowa and Batavia, Illinois) are still falling for phishing scams posing as the company CEO or executives asking for employee summaries and W-2’s.

Employees may be your business’ greatest weakness but they also can be your greatest defender if you take the time to educate them. Inform your employees who have access to sensitive employee data about these types of scams. Don’t just assume that they know.

Teach your employees how to identify phishing scams and when it comes to sharing sensitive data, you can encourage them to seek verbal approval from the requestor. Even though scammers state there is extreme urgency in receiving the response, getting a verbal confirmation from the sender is the best way to protect sensitive information (the same goes for urgent requests for wire transfers to the Finance Department!)

Lastly, sensitive employee data should never be transmitted unencrypted (even if it’s thought to be internal).

What is Cryptojacking and Why Should I Care?

What is Cryptojacking and Why Should I Care?

If you pay attention to the latest cybersecurity news, you may have heard that something called cryptojacking is quickly taking the hacker world by storm as the newest cyber threat, possibly becoming even more popular than ransomware.

So what on the earth is cryptojacking?

Cryptojacking is a method of hijacking computers to mine cryptocurrency without the victim’s knowledge or permission.

If you are not familiar with the world of cryptocurrencies, the act of mining simply means performing complex calculations to add them to the blockchain (Another term?! The blockchain is the distributed ledger of recorded transactions for the cryptocurrency).  For instance, the popular Bitcoin cryptocurrency says that there will only ever be 21 million Bitcoins in existence but not all of them have been created yet. Bitcoin mining essentially is creating new Bitcoins and bringing them to light.

But back to cryptojacking…hackers are essentially stealing the processing power of victim’s computers to run the complex calculations to be awarded with new cryptocurrency. They do this by infecting website plugins and stealing your processing power while you visit legitimate websites, they do it while you are connected to the Wifi at your coffee shop, and they also get you through malware that steals your processing power all the time.

So why should I care about cryptocurrency mining malware?

More often than not, you may not even realize that you have been infected with cryptocurrency mining malware. You may experience a slow-down of your computers or lag while using the internet. The same goes with your mobile devices as cryptojacking has started exploiting the processing power of Android phones through malicious websites. There even was a nasty version of Android cryptojacking malware called Loapi that could cause the phone to use so much processing power that the phone would physically melt.

Other than melting your phone, there are other cases when cryptocurrency mining malware could cause real havoc. In a race to find more processing power, hackers have looked to utilities and have successfully infiltrated a water utility in the United Kingdom to mine cryptocurrency. If the cryptocurrency mining operation would have consumed enough processing power, it could have caused system failures and truly impacted the operations of the utility. Perhaps even more stunning is that a handful of scientists in Russia have been arrested when they attempted to connect a supercomputer at a nuclear facility to the internet so they could use the computer’s processor power to mine cryptocurrency.

How to prevent cryptojacking?

There are a couple of steps that you can take to prevent cryptocurrency malware infections.

  • Install an anti-cryptocurrency browser extension like NoCoin or MinerBlock
  • Use a pop-up/ad blocker (some even have cryptocurrency blocking built in)
Are you PCI Compliant?

Are you PCI Compliant?

Does your business process credit cards? Would you be able to continue operating if you lost the ability to process cards?

If your business relies on credit cards to conduct business, there are certain cybersecurity measures you must implement to comply with the Payment Card Industry Data Security Standard (PCI-DSS). A common misperception of PCI-DSS is that if you don’t store credit card information, you don’t have to be PCI compliant but that simply is not true. The PCI standards also apply to handling of data while it is processed or transmitted over the computer network, phone lines, and even fax. So unless you are using point-to-point encryption AND tokenization, you will need to comply with PCI-DSS.

Another misconception is that payment card processors do not fine small companies when they have a breach and while fines are typically levied with merchants that process more than a million transactions a year, if you suffer a breach of cardholder data you will be liable for chargeback amounts, credit monitoring costs, and could be on the hook for compliance auditing costs as well as lose your ability to process credit cards.

The PCI-DSS requirements mirror data security best practices and a few of key requirements are:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 1 requires that businesses that process or transmit credit card data to have a firewall to protect the cardholder data. It further dictates that the firewall configuration needs to be reviewed every six months and that you must block bogus IP addresses (Bogons) from accessing the network from outside.

Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs

Requirement 5 requires that the business implement anti-virus software on all computers that could be compromised (5.1) and also that the anti-virus is able to detect, block, and remove known malicious software (5.1.2). While there are free anti-virus options available, many are limited in their capabilities and also do not provide the same level of protection as paid anti-virus. Additionally, anti-virus programs are not expensive (as low as $2.50 per computer per month from Axiom) so why would you take the risk that your computers could be infected by credit card stealing malware or locked up by ransomware?

Requirement 5 also states that you must ensure that the anti-virus programs are kept up-to-date, perform regular scans, and that you maintain an audit log (5.2) And anti-virus programs also cannot be disabled by users (5.3) unless justified and approved by management.

Requirement 6: Develop and maintain secure systems and applications

Requirement 6 guides companies to establish a method of conducting security assessments (6.1) to identify vulnerabilities and assign a risk rating (low, medium, high, critical) to found vulnerabilities. The requirement also requires that companies install security patches for known vulnerabilities within one month of the patch being released (6.2).

How Axiom can help with PCI Compliance

Axiom is able to assist with fulfilling all of the PCI-DSS requirements listed above through our combination of hardware and software services. If any of the requirements give you pause, contact us today for a free consultation at (800) 519-5070 Ext. 7

For more information on PCI-DSS, you may find the official PCI DSS Quick Reference Guide helpful.

Why Hackers Target SMEs and Why You Need to Take Threats to Your Business Seriously

Why Hackers Target SMEs and Why You Need to Take Threats to Your Business Seriously

Between tight budgets and simply having too many other things to worry about, SME owners often overlook cybersecurity. The thought is that because the company is so small, no hacker would waste his or her time trying to gain access to the information you possess.

This logic is simply wrong. Around half of the cyber attacks that occur each year are on small businesses, and this number is expected to grow in the future. Ignoring cybersecurity is taking on an unnecessary risk for your business that could cost you big time down the road.

But why do hackers target SMEs? It is true they have a lot less information, and hacking into a large corporation stands to be a lot more lucrative. Well, the simple answer is that they are just easier targets. They know that a lot of small businesses don’t consider themselves worthy of hackers’ attention, and they know they have a better chance of stealing information and getting away with it. To hack into a larger company, hackers would need to bypass much more advanced security measures. They are often unsuccessful in doing this, so going after SMEs ends up being the better move.

Plus, just because your business is small doesn’t mean that it doesn’t have valuable information. Credit card data, identification numbers, mobile phone numbers, etc. are all worth something, and if a hacker can steal this information from enough companies, they can sell it and make a fair bit of money. So perhaps the real question is why wouldn’t hackers target SMEs?

If this isn’t enough to convince you to take cybersecurity seriously, consider the consequences that this decision can have on your business.

Reputation damage

Often times, one of the things that helps a small business stand out from the competition is its reputation and relationship with customers. People are more likely to trust small companies, and are usually more loyal to them because of this.

However, if you lose people’s data and expose them to unnecessary cybersecurity threats, this trust will be gone in no time, and you may not be able to convince them to come back to you. This damage to your reputation could be the eventual downfall of your entire business.

Recovery is expensive

Beyond just the damage a cyber attack would do to your reputation, you will also be facing a steep financial hill. You may need to pay retributions to customers for lost data, and there is a chance you will face lawsuits, which are always expensive.

This alone could be enough to send your business under, and that is not even counting all the time and resources you’ll have to dedicate to cleaning up from an attack. Diverting energy away from core business functions can run you into the ground quickly. It is no wonder 60 percent of all small businesses fail within six months of a cyber attack.

Lost value

There may come a day when you decide to sell your business. And when determining the value of your company, investors will look at how well you account for and mitigate risks. If you’ve been the victim of a cyber attack, or if you do not have a good plan in place for them, this will reflect negatively on the value of your business, causing investors to give you a much lower valuation, or perhaps even walk away without making an offer.

It just makes good business sense

It really comes down to this. You wouldn’t leave the front door of your home or office unlocked so that anyone who wants to steal from you can just walk in whenever they want. So why would you leave your business unprotected from cyber threats? It may require some extra time and a little investment, but this is well worth it considering the alternative may mean going out of business and losing everything.

About the author: Jock is an entrepreneur who has built and sold several online businesses throughout his career, including a website dedicated to home and business internet security. Connect with Jock on LinkedIn here.

Three Cyber-Security Challenges of the Internet of Things (IoT)

Three Cyber-Security Challenges of the Internet of Things (IoT)

The Internet of Things (IoT) is in every facet of our everyday existence, and they’re not going away anytime soon. It has become a revolutionary concept but also a security minefield. It is estimated that by 2020 there will be more than 50 billion web-connected devices all of which represent a portal to the network which can be hacked or compromised giving access to our most intimate moments and information. Many connected devices in any one system grants access to many points of entry for nefarious purposes. IoT comes with many benefits offering one integrated information system aimed at improving the quality of life and driving new business models. However, along with those benefits are also security challenges that IoT faces.

Here are three cybersecurity challenges of IoT.

Updates & Patches

Devices need to be updated regularly to remain up to date with cyber-threats. When the device is left unpatched the risk of a cyber-attack increase. Only 49% of companies offer remote updates for their smart “things.” Many of the people who develop low-end devices do not have the funds to give continuous device support. Leaving the consumer vulnerable to an unsupported device that is only as secure as the day purchased, containing security defects, and left fending for themselves against cyber threats. At the same time, the IoT vendors may not be technically savvy enough to develop such security updates.

Lack of Experience

Devices are more than often created by consumer goods manufacturers not PC hardware or software businesses. Many lack the experience of knowing how to properly secure devices and keep them safe from prying hackers. The main hindrance to designing secure IoT products is the fact that there is a shortage of experienced security experts who specialize in IoT.

Device Awareness

Being aware of all the IoT devices on the network especially a corporate network is the first step in applying the necessary cyber security measures. Many of these devices remain unmonitored within enterprise environments not seen as a threat to the network but the reality is that this opens a gateway for cyber-attacks. This leaves a hole in the network that needs to be secured becoming a vulnerability that can easily be exploited because these devices are the weakest link and are not secured.