How do you ensure the security of your supply chain?
Over the weekend another major crypto ransomware attack occurred, this time through an enterprise software vendor called Kaseya.
For many CEOs or business owners, that name might not be familiar, since many of the companies that use this software are Managed Service Providers (or MSPs). The MSP uses the Kaseya software to manage their client’s computers. This kind of attack allows the cyber criminals to maximize the damage by attacking not just one or two victims, but instead attacking one company that has connections to hundreds of other companies.
So what should you do if you have been impacted by this criminal attack? I’ve had similar considerations in my time as a security leader—here’s my take.
First, if you have cybersecurity insurance, hopefully you have called your insurance provider and you are working with them to obtain the necessary resources to get back up and running.
Second, once you have a minute to stop and think, review what other vendors you depend on to function as a company.
Do you have a payroll provider? If so, you will want to assess the maturity of their security program— perhaps by examining the results of an independent audit, such as a SOC Type II report, to see how they are protecting your data.
Do you have vendor partners who have access to your company network? If so, you want to review how they protect their networks from cybercriminals so that if they are attacked, you don’t become a victim as well.
Do you use an MSP to help you manage your computers? If so, you also want to understand the measures they take to protect you from cybercriminals. Do they require multi-factor authentication (MFA) to access your network? Do they regularly update their computers and network to prevent attacks by cybercriminals using known vulnerabilities? Are they doing the same types of risk reviews you are with their own third-party service providers and vendors? There’s a lot to consider when assessing the security of your supply chain. If you have questions about cybersecurity insurance, what a “SOC Type 2 audit” is and how to interpret the report, or how to know if your MSP is protecting your data, contact the CBTS Security practice.
John is a veteran technologist, CTO and CISO. He has nearly 30 years of experience building and running enterprise IT and shepherding information security programs towards maturity, based on industry standards like ISO27K and NIST CSF, as well as regulatory compliance requirements from PCI-DSS, HIPAA, FERPA, A133 and GDPR.
John has several GIAC certifications (GSEC, GCIH and GCWN) and has been active in the local information security community, through groups like Infragard and the Higher Education Security Council for EDUCAUSE. He holds BS and MA degrees from Xavier University and has served as an adjunct professor at Xavier and the University of Cincinnati.
Cybersecurity Guidance from the Top
Seems like nowadays, everybody’s got an opinion on how to protect your data and assets from threats like ransomware, supply chain attacks, and good old exploitation of vulnerable Internet-facing services.
That’s not really a bad thing, to be honest. At the heart of any responsible, mature security program is a set of fundamental principles—least privilege access, defense in depth, etc.—as well as basic practices like vulnerability management and security monitoring. The more voices we have urging organizations to adopt them, the better.
One significant voice in the last few months has been the White House. In May, we saw the President issue an executive order directing new security requirements for federal agencies as well as their suppliers. Key among these requirements:
Service providers will have to share information about threats they’ve observed and breaches they’ve experienced, and to store logs and telemetry for use in breach investigations.
Suppliers of software to the federal government will have to adhere to new requirements around secure software development. They will need to use administratively-separate build environments, audit trust relationships, and implement risk-based multifactor authentication (MFA). Additionally, they will need to document and minimize software dependencies in the build process, use encryption, and monitor the environment for threats.
Federal agencies themselves will have to migrate to a zero trust network architecture, roll out endpoint detection and response (EDR) tools, and implement MFA and stronger encryption on data at rest and in transit. Furthermore, they will have to adopt a new framework to share threat and incident information with each other.
The technologies listed here—MFA, EDR, and zero trust—are more than just fancy new industry buzzwords (although they sure are used that way). They represent some of the most effective modern security controls available. It’s encouraging to see the White House push their use.
The Biden administration has been vocal about the recent spate of high-profile ransomware attacks, too. In response, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, published a memo to business leaders—not just federal contractors, but any business operating a computer network—urging them to invest in some of these same technologies.
The guidance lays out a set of valuable practices that can help address ransomware as well as many other potential threats:
Implement MFA, to protect against stolen credentials.
Implement EDR, to identify suspicious activity in your environment and respond quickly.
Encrypt your data (note that while ransomware attackers also encrypt data, this control prevents them from publishing stolen data, a more common tactic observed by these attackers).
Patch your operating systems and applications.
Back up your systems, test the backups, and use offline backups.
Run tabletop exercises to test your incident response plan.
Use a third-party penetration testing firm to determine if your defenses will withstand an actual attack.
Segment your networks to limit internal access to critical systems and data.
Check Point Harmony: A secure solution for remote users
The business world has comprehensively shifted over the last year into remote work, a way of life that may be permanent for many organizations. Staying connected at a time of widespread change is paramount, as your employees must be able to work from anywhere on any device, and have access to work-related applications at all times.
Of course, additional touch points mean more opportunities for hackers to steal your data. To defend against attacks from increasingly sophisticated threat actors, it’s not enough to simply keep adding individual security products.
Enter Check Point Harmony,the industry’s first unified solution for remote work. Harmony consolidates six security products to provide uncompromised protection, safeguarding devices and Internet connections from attack while ensuring Zero-Trust Access for corporate applications.
Utilizing Harmony gives organizations a suite of services including:
VPN remote access.
Mobile and e-mail security.
Secure Internet browsing.
Combining Harmony with a managed and hosted partnership from CBTS—a Check Point Software Technologies 5-Star Partner—will keep your enterprise network productive and connected.
Let CBTS and Check Point Harmony secure your “work from anywhere” efforts
Check Point Harmonyis simple to manage and capable of securing the your new “work from anywhere” environment. Organizations concerned about fortifying staff endpoints are covered by Harmony, with CBTS acting as a managed provider to relieve the burden on already busy IT staff.
Harmony unifies endpoint, browser, e-mail, and remote access security components to protect user devices and networks against known and unknown threats. Harmony integrates key security capabilities into a single solution to deliver:
Complete web security: As a core component of Harmony, the new Harmony Browse feature offers secure, fast, and private web browsing by inspecting SSL traffic directly without adding latency or re-routing traffic through a secure web service.
Secure remote access from any device, anywhere: Harmony Connect securely links a user or branch to mission-critical resources, supporting clientless Zero-Trust Access from any browser.
Best-in-class e-mail and productivity app protection: Harmony Email & Office secures e-mail clients, giving users complete protection for Microsoft Office 365, Exchange, Google G Suite, and more.
Total endpoint and device security: Harmony Endpoint defends PCs from ransomware, phishing, and malware, minimizing breach impact with autonomous detection and response capability. Meanwhile, Harmony Mobile secures employees’ mobile devices against malicious apps and OS attacks.
Harmony is easy to deploy due to its simple per-user pricing model. With CBTS acting as a managed provider, companies can apply user-centric security policies across all organizational environments.
By harnessing Check Point Harmony, organizations can:
Securely connect users to any resource, anywhere, with cloud-delivered network security powered by 11 SASE services.
Provide clientless Zero-Trust Access to any corporate application from any web browser, web applications, database, remote desktop, SSH remote terminal, and more.
Allow for a secure, fast, and private Internet browsing experience with the industry’s first in-browser protection.
Protect user e-mail and collaboration apps such as Office 365, MS Exchange, Teams, SharePoint, OneDrive, and G-Suite.
Prevent threats on user devices with complete endpoint protection and a mobile threat defense solution.
Look to Check Point Harmony and CBTS for a complete network solution
CBTS, a leading technology provider of communications, cloud, infrastructure, and consulting to clients worldwide, is on the front line of supporting organizations struggling to equip remote workers during the COVID-19 pandemic.
Not only has CBTS developed a suite of networking solutions to connect employees to reliable, secure bandwidth no matter their location, the leading technology provider also works with different partners and is provider-agnostic. For organizations, this means CBTS can deliver the best solutions available from different vendors to a single point of contact.
Through its partnership with Check Point, CBTS can protect the full Check Point Harmonyproduct suite. For example, Harmony Endpoint is a complete security solution built to shield user PCs and laptops from today’s complex threat landscape. Endpoint protection tackles imminent threats and enables enterprises to quickly minimize breach impact with autonomous detection and response.
“CBTS has always taken pride in the organizations we choose to partner with to deliver industry-leading technology solutions for our clients, and this latest partnership with Check Point Technologies is a milestone in that long history,” said Joe Putnick, Chief Innovation Officer with CBTS. “Check Point Harmony represents a new standard in comprehensive, future-forward network security, especially for an age of hybrid workplaces and remote connectivity. We’re proud to work with Check Point Technologies in equipping our customers and stakeholders for success.”
Additionally, CBTS can help enterprises maintain fast and private Internet browsing safe from malware downloads, phishing attacks, and corporate credential reuse. Via Harmony Browse, companies can also block access to inappropriate websites.
Harmony Email & Office secures user mailboxes and productivity apps, while blocking sophisticated phishing attacks and malicious attachments. Finally, Harmony Mobile is a mobile threat defense solution giving organizations comprehensive protection across application, network, OS, and device vulnerabilities.
“Many times over, CBTS has proven to be a reliable and expert facilitator of cutting-edge technology solutions, making them an ideal partner to bring Check Point Harmony to market,” said Marco Garcia, Director of Engineering, Global SI & Telco at Check Point Software Technologies. “Together, we’re confident that our organizations can revolutionize the way enterprises secure their remote workforces for the post-COVID era and beyond.”
With Harmony and CBTS, your users get the same level of protection regardless of location, the applications they access, or devices they use. Whether it’s a phishing attempt, a malicious e-mail attachment, or zero-day ransomware, the comprehensive solution guards them from threats across all attack vectors. Powered by revolutionary AI engines and the industry’s most extensive threat intelligence network, Harmony—with CBTS as a hosted cloud provider—stops attacks before they happen.
I’m finding that as I get older, my memory is starting to slowly fail me. You know that feeling when you walk into a room, and can’t remember what you came in there for? I know it’s not a unique experience, but it’s still pretty frustrating. Writing things down is helping, though. And in that same vein I wanted to write down a list of “do it now!” things that security practitioners shouldn’t forget.
Maybe some of these are already commonplace for you—if so, that’s great! But often in my conversations with customers I discover that their security team has never done one—or any—of these things. So, before you start your next security project, make sure you cross all of these off your list first.
1.Back up your Active Directory servers. Folks, the number of organizations that have to rebuild their AD after a ransomware incident is downright heartbreaking. Don’t assume that “someone’s doing it.” It is likely that your domain controller is one of the most critical machines in your environment. Know that just doing snapshots aren’t sufficient. Microsoft offers guidance on doing a full backup of an AD server. Read up on the process, make a backup, and then test your restore to make sure it works!
2. Run a vulnerability scan. Maybe you trust your patch management solution—most don’t, but maybe you’re lucky! There are good reasons to run a scan anyway—one, because dealing with vulnerabilities in your environment isn’t simply about installing patches. Lots of other issues can be present on your assets that aren’t solved with a software update. Two, you may want to ensure that your patching solution isn’t misreporting failures. There may be breakdowns in your patching process that could come back to bite you. Check out Tenable, Rapid7, and Qualys—all CBTS partners!
3. Roll out multi-factor authentication for your webmail, remote desktop, and VPNsystems. Yes, we know this one isn’t as easy as flipping a switch. But it’s also not as monumental an effort as you might be picturing in your head, either. Plenty of easy-to-deploy MFA solutions—Duo, Okta, Microsoft, NetIQ, and Yubico (all CBTS partners)—are available for organizations of all sizes and technical capabilities, from physical keys (the most secure) to OTP tokencodes delivered by apps or hardware tokens, client certificates, push notifications from MFA apps, and of course, SMS-delivered tokencodes (the least secure but still viable). The absolute easiest way for an attacker to get into your network or data today is to steal credentials from an employee via social engineering, and reuse them, and MFA helps mitigate that risk. It’s worth the work.
4. Perform simulated phishing. This helps work the other angle highlighted in the previous item: human misbehavior. At no point are your employees more attentive to security training than after they realize they’ve failed a phishing simulation. It is a fantastic opportunity to correct their behavior and train them for future attacks, as well gauge your user base’s susceptibility to phishing so that you can improve overall training efforts. Check out Proofpoint, Cofense, and LivingSecurity for some great simulation options—all CBTS partners!
5. Find your risk inventory. Your security leaders should have one. If you’re the security leader, and you don’t, well, it’s time to write one! No need to be fancy—simply fire up your favorite text editor and start listing the things that keep you up at night! Then, arrange them in order of priority, and start building a list of countermeasures. This rudimentary effort can birth a formal risk management practice, in which you gather input from stakeholders, establish more granular prioritization, and document current and future efforts to mitigate the risks. For a more approachable, step-by-step guide, check out NIST’s Risk Management Framework.
If that list seems daunting, feel free to enlist us to help! CBTS’ security team can assist with objective solution selection and design, consulting, assessment, and managed security services.
F5 announced new vulnerabilities and fixes for both BIG-IP and BIG-IQ, including four critical CVEs. These vulnerabilities affect all BIG-IP and BIG-IQ customers, and F5 is strongly recommending all BIG-IP and BIG-IQ systems be updated to fixed versions as soon as possible.
We understand vulnerability remediation can be disruptive to your business. We’re working with F5 to ensure you can efficiently update your BIG-IP and BIG-IQ systems to the latest, most secure, and best-performing versions. There are resources available about the vulnerabilities and how to update or upgrade your BIG-IP and BIG-IQ systems on the F5 vulnerability response site:
F5 will be hosting a series of support “open office hours” with BIG-IP platform and security experts to provide additional information and answer questions you may have about the vulnerabilities, remediations and best practices in updating BIG-IP and BIG-IQ systems. These sessions are designed to allow you to drop in at any time during a session to listen to the discussion or ask a question. Times and links to attend are below:
CUSTOMER SUPPORT OPEN OFFICE HOURS
JUST ADDED: Thursday, March 11, 12:00 – 1:30 PM PST: Register
If you have any questions, please don’t hesitate to contact F5 support directly.
Critical MS Exchange Server Vulnerabilities – What you need to know
While the last few years have seen most of our customers move their enterprise messaging from a local Exchange cluster to Microsoft 365, plenty still have some on-premises Exchange infrastructure. If this describes your organization, hopefully you have already heard about the critical updates that were released to address vulnerabilities in Exchange 2010, 2013, 2016, and 2019.
It is absolutely essential that these updates are applied to your servers immediately. Bring them down in the middle of the day if need be—whatever it takes to get them applied. Why is this so serious? Because the vulnerability is currently being widely exploited by attackers, many of whom are believed to be nation-state actors. The exploit allows the attackers to gain access to the Exchange server, its data, and can also provide a launchpad for further attacks against the victim’s computing environment.
If you’ve patched already, great—but understand that this does not protect you if you were compromised before the patch was installed. Microsoft has released guidance on what to look for on your Exchange servers to ensure no attacker successfully gained a presence on them. This guidance, and links to the updates, are all available at https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/, which is being regularly updated with new information. Get patching!
Cybersecurity outsourcing: how to keep flat budgets from adversely affecting your organization
2021 is expected to bring flat—if not decreased budgeting—for businesses. The security of your network and data cannot afford to be compromised by those cuts. One way to ensure the security of your most valuable asset is to outsource. This article takes a look at cybersecurity outsourcing considerations using the NIST Cybersecurity Framework.
Developing and managing a successful security program is both expensive and time consuming. Because of this, cybersecurity outsourcing has become mainstream for companies of every size across all industries. Companies can choose from outsourcing a small portion, or all of their IT security to a managed security provider. Following the NIST Cybersecurity Framework, we’ll take a look at available outsourcing security services to help safeguard your business.
Identify. The first step to understanding how to best mitigate your risk requires a comprehensive view of your organizations business drivers and security considerations specific to its use of data, systems, assets and capabilities. A Security Assessment will unlock this information, align it to your gaps versus your goals, and provide a roadmap for success.
Protect. Your customers and employees depend on the delivery of critical infrastructure services and on your ability to safeguard their data. Protecting these services and data in a way that is consistent with your roadmap will give you the ability to limit or contain the impact of a potential cybersecurity event. These include control of access to digital and physical assets; defined processes for data security; network configuration updates; and deploying the appropriate security technologies.
Detect: The constant changes in both IT practices and the threat landscape place an exorbitant amount of pressure on IT staff. 24×7 monitoring solutions that detect threat activity and provide operational continuity are effective ways to analyze and quickly detect a cyber event without requiring the buildout of an SOC or security monitoring team.
By outsourcing cybersecurity, you’ll help your organization with:
Respond: As corporations move toward digital transformation to create a future-forward business, a comprehensive security plan must also be in place to protect your business. When a cybersecurity event is detected, the action taken to contain the impact of the incident must be a pre-planned, documented process in order to minimize impact to the organization. Cybersecurity outsourcing for risk and management governance brings expertise and objectivity that are paramount to creating a sound plan, testing your capabilities, and lining up expert help for incident response.
Recover: Documented activities, communication, and processes are required to restore affected services during and following a cybersecurity event. The implementation of improvements based off lessons learned and reviews of existing strategies will ensure your security posture is up to date.
If you have limited on-site expertise, we recommend partnering with a trusted incident response provider to assist in creating a plan. A strong plan will guide you to:
Properly and effectively prepare for an attack.
Detect and analyze an intruder.
Contain the attacker, eradicate their presence on your network, and recover the impacted assets.
5 questions you’ll need to answer for an improved security posture in 2021
Are you a security practitioner that was blindsided by 2020? You’re obviously not alone.
As we noted earlier in the year (man, I wrote that nine months ago? Feels like nine years), it’s unlikely that a global pandemic was on your risk radar. With the year drawing to a close, it’s a good time to reflect on how things have changed for your business’ risk priorities and what you’ll need to do next to keep pace with those changes. Here are a few questions you can pose to your security team:
Question 1: How are you reevaluating your risk priorities?
Let’s first think about why a pandemic wasn’t high on your list of risk priorities. If you don’t have a list of risk priorities, that’s a good reason, and the absolute first thing you should address. Document your business’ risk—including “cyber” risk that affects your data and assets— and stack-rank them in terms of priority. As you’re doing so, consider where your list came from. What were the sources of the risk you documented? Did it just come from your own imagination?
Comprehensive risk management looks at a wide range of factors. Certainly other stakeholders in the business need to weigh in. You also want to look at the output of security and risk assessments which are designed to highlight gaps that need to be addressed. Most of all, look at the assets that are most valuable—your customer database, your IP, your reputation, your third-party relationships—and determine what actions could damage those. Don’t just focus on current events, either—do some research. Examine what historically has affected others in your industry or region. Those may bring some risk ideas to light that you hadn’t previously considered.
Question 2: How are you protecting your remote workforce?
Did your users take their company workstations home during the pandemic? Who knows what kind of coffee stains are on them now? On top of that, it’s likely that their home Internet connections do not have the same network defenses you might have on your company network. That might mean malware has found itself on that machine. It also might mean your company’s sensitive data has found itself places it doesn’t belong—a home printer, a recycle bin on the curb, or your employees’ personal iPad.
Many security teams build their controls with the assumption that sensitive data, or company assets, won’t be far from the office for very long, Have you reconsidered that strategy since the pandemic? If there is a breach or incident, how will you approach the incident response process if the device in question is remote?
Question 3: What is your ransomware strategy?
One of the most pervasive threats to the enterprise network today is ransomware. Cyber criminals continue to develop more effective ransomware kits, with more sophisticated features. Their methodology is changing, too—many human attackers are stealing sensitive data before encrypting it, and threatening to expose that data publicly, doubling the incentive for a victim to pay up.
Cyber criminals are also using “pay the ransom” tactics in threatening distributed denial-of-service attacks—using botnets they create or rent to point a massive amount of bandwidth at a target server or network to knock it offline.
It’s helpful to decide ahead of time the decision tree you will follow if this happens, and prepare a response. It’s also helpful to establish a set of controls to prevent this from happening in the first place!
Question 4: Are your users trained to spot social engineering?
We’ve seen an uptick in phishing, social networking, phone, text, and other social engineering campaigns using the U.S. elections, the pandemic, racial tension, and other issues as fuel. When your employees’ e-mail boxes are blasted with convincing-looking messages that promise details of a problem with vaccines, do you trust them to avoid the scams? To report the attempts to the security team?
The key practice that addresses these issues is awareness training, and in that vein, we need to be made aware of current threats more often than once a year, as the threat landscape changes, and attacker tactics mimic the fears and concerns of the victims they target.
Question 5: Are your security operations running smoothly?
In our experience, most security teams aren’t blessed with a ton of margin. They run lean and frenetic, tasked with keeping security controls healthy, monitoring their output, and putting out fires with the assistance of other IT operations teams. Isolating those teams, amping up the pressure, adding distractions at home—times are tough, and we are finding customers looking to managed security services to take over some core practices. Security monitoring, vulnerability management, incident response, BC/DR and backups are some of these core functions that are ripe for outsourcing, to achieve more cost-effective, scalable, and operationally rigorous and sound security practice.
This year has been painful and memorable, but if we’re honest, intentional, and we muster our courage, it can present a tremendous opportunity to improve our security posture and the essential practices on which our business will depend. Our mission to protect data and assets isn’t going away, it simply continues to mutate. Our “what” and “why” stay the same, our “how” shifts continually—and this won’t be the last time! We continue to look for ways to help our partners stay current and grow their security programs.
Contact us today to learn more about how we can help your security teams prepare for the future.
How to move your network security strategy forward with automation
Network security remains a vital issue for CEOs, especially considering that 32% of organizations have experienced major cyber attacks in the past two years, according to the 2019 Harvey Nash/KPMG CIO survey.
The cost of security breaches continues to grow as well. According to data from IBM Security, the average cost of a data breach rose to $3.92 million in 2019, a figure that should concern anyone keeping a close eye on today’s rapidly evolving IT landscape. To keep ahead of malicious digital threats that seem to grow more sophisticated every day, a truly modern cyber security strategy is called for.
As speed, time, and security are watchwords for any unified automation platform, CBTS is simplifying security environments for modern enterprises by leveraging the Red Hat Ansible Automation Platform. This technology provides role-based access control, security, auditing, and delegation, utilizing both the REST API and the traditional command line interface (CLI).
The platform oversees a wide array of functions, including security, networking, line of business, operations, and development.
Read our infosheet on the automation potential of Red Hat Ansible
And, discover more about the Advanced Automation Platform and the advantages it can bring your organization.
While there are many automation solutions available, not all have the capabilities needed for effective security automation, which involves automating the manual tasks associated with enterprise security. Organizations looking to modernize their cybersecurity strategy should seek out automation platforms offering:
A universal automation language that allows simple documentation of information between security team members
Integration with your security infrastructure and vendor ecosystem
A modular and extensible design for trouble-free deployment, which will help you accommodate new security tools in the future
How Red Hat Ansible enables network security
The Red Hat Ansible Automation Platform from CBTS delivers features necessary for security automation, combining easy-to-digest automation language with a composable execution environment alongside security-focused communication and collaboration capabilities.
The platform’s open foundation also allows for seamless connection to your security applications and IT infrastructure, creating a common platform for participation and sharing across an entire organization. A supported set of security-focused Ansible collections—modules, roles, playbooks, and more—is included with the platform. These assets coordinate a unified cybersecurity strategy to counter a variety of threats by providing:
Chain workflows and playbooks for modular reusability.
Consolidated and centralized logs.
Support of local directory services and access controls.
Integration of external apps using RESTful application programming interfaces (APIs).
Additionally, the Red Hat Ansible Automation Platform includes tools to help optimize automation:
Automation Analytics offers insights into how your organization processes automation.
Automation Hub lets team members access certified automation content via a centralized repository.
Content Collections streamline the management, distribution, and consumption of automation assets.
Modernize your security approach with the right automation platform
With CBTS as your trusted partner, the Red Hat Ansible Automation Platform can help bring your IT teams together to respondto growing security threats faster and at scale. Our certified Red Hat Ansible experts will consult with you to understand your current environment and work with your team to customize the platform to meet your automation business objectives.
Contact us for more information on how the Red Hat Ansible Automation Platform can modernize your cybersecurity strategy.
How to upgrade and modernize your e-mail security strategy
Amid all the talk these days about malware, spyware, ransomware, and all the other malicious activity targeting the enterprise, one crucial fact tends to get overlooked: the vast majority of these threats enter protected data environments not by breaching the firewall but by invitation through an e-mail scam.
According to Verizon, virtually all (94 percent) of malware is delivered via e-mail, with phishing scams accounting for 80 percent of the total. While most professionals have grown wise to the standard come-ons from Nigerian princes and time-share sales pitches, more recent attacks are showing greater degrees of deception, such as cleverly disguised missives from “accounting” or “the CEO.” As data mining and social engineering techniques become more sophisticated, expect to see increasingly personalized e-mails that will be even harder to detect as frauds.
Perhaps this is why the Ponemon Institute reports that nearly one in four people who receive phishing e-mails open them, and 10 percent of those will click on the link or attachment that launches the attack. This gives the cyber attacker a 90 percent chance of success after sending only 10 messages.
Help is on the way
The good news is that steps are being taken on national and international levels to thwart phishing scams and a wide range of other threats. Recently, Microsoft, Symantec and a host of industry partners dealt a body blow to Trickbot, a Trojan-horse botnet that has infected more than 1 million devices since 2016. Following a lengthy investigation into the net’s worldwide array of hosted servers, Microsoft was able to institute legal action that allowed it to quickly disable nearly all of its initial servers plus the replacements that Trickbot tried to spin up once it realized it was under attack. While the botnet is not down completely at this time, it is on life-support.
Undoubtedly, new threats continue to emerge even as others are neutralized, which makes it imperative for enterprises to ensure their own e-mail security strategy are as thorough as they can be. Training employees to spot fake e-mails will likely continue to be one of the best protective measures against intrusions, but there are also many ways in which technology can be leveraged to weed out the phishing attempts.
Perhaps one of the most crucial areas to shore up within the enterprise data environment is Microsoft 365. As the main repository of e-mail and other sensitive data, 365 should be deployed with an eye toward enhanced threat protection, data security, and other tools.
In complex office environments, however, this is a lot more difficult than it sounds. For one thing, Microsoft is continually updating its e-mail security features to keep up with the evolving threats from the outside. Ensuring that these tools are deployed thoroughly and are providing the needed protection for each enterprise’s unique data ecosystem is a full-time job, one that can significantly add to an organization’s IT budget if not handled in an appropriate manner.
This is why CBTS has teamed up with many of the foremost leading experts in the field of e-mail security and provides their expertise as a service. Using a combination of people-centric measures and cross-channel security platforms, these collaborations have shown that it is possible to e-mail security strategy and maintain a highly secure data environment even as the user base becomes increasingly reliant on mobile technology, social media, data sharing, and other technologies that tend to push data beyond the firewall.
CBTS has bundled several cutting-edge security capabilities into the Advanced E-Mail Security Services platform, providing a one-stop shop for all emerging threats to e-mail architectures. By including the latest in spam filtering, continuous monitoring for fake e-mails and targeted attacks, and business continuity measures in the event of system failure, our cloud-based program maintains the highest availability for critical e-mail communications.
Our three-tiered approach also allows clients to choose the right level of security for their needs. These include:
Business features – designed as a turnkey service for the foundational functions to protect users at the lowest cost;
Advanced features – for organizations that require tools such as Attachment Defense, E-Mail Encryption, and Social Media Account Protection;
Security Pro features – a fully managed service that extends protection to e-mail archives and e-discovery, plus up to 10 years of secure data retention.
In an uncertain and often hostile world, enterprises must remain vigilant against any threats to services that can erode the trust of the user community. By partnering with CBTS, you can ensure that the highest levels of security are being maintained without driving costs to unsustainable levels.
Read our recent infosheet for more information and contact CBTS to learn how our managed services can improve your e-mail security strategy.