Time is money. Downtime is loss of money.

The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist. Shouldn't all this technology stop attackers from gaining access to our most sensitive data? Stuxnet and WannaCry are examples of weaknesses in the flesh-and-bone portion of a security plan. These attacks could have been prevented had it not been for human mistakes.
Stuxnet is the infamous worm (allegedly) authored by a joint U.S.-Israeli coalition, designed to slow the enrichment of uranium by Iran's nuclear program. The worm exploited multiple zero-day flaws in industrial control systems, damaging enrichment centrifuges. So, how did this happen?
  • The Natanz nuclear facility, where Stuxnet infiltrated, was air-gapped.
  • Somebody had to physically plant the worm. This requires extensive coordination, but personnel in Natanz should have been more alert.
  • Stuxnet was discovered on systems outside of Natanz, and outside of Iran. Somebody likely connected a personal device to the network, then connected their device to the public Internet.
  • While Stuxnet went from inside to outside, the inverse could easily have happened by connecting devices to internal and external networks.
If human beings had updated their systems, we may never have added "WannaCry" to our security lexicon. WannaCry and its variants are recent larger-scale examples. Microsoft had issued patches for the SMBv1 vulnerability, eventually removing the protocol version from Windows. Still, some 200,000 computer systems were infected in over 150 countries worldwide to the tune of an estimated $4 billion in ransoms and damages.
The lesson here? We care too much about gadgets and logical control systems, and not enough about the skilled staff needed to operate this technology. Gartner estimates that 40 percent of mid-size enterprises don't have a cybersecurity expert in their organization. A labor shortage for security professionals will prevent you from filling this talent gap for at least three years. A logical solution is to assess which security functions can be effectively delivered as a service to minimize internal staffing requirements.

Services (such as SIEMphonic) solve popular use cases including:
  • Operational tasks such as log monitoring, vulnerability scanning, and firewall management
  • Delivering 24/7 security monitoring when there is not enough staff to accomplish this internally (a minimum of eight to 12 dedicated security analysts are required for 24/7 monitoring)
  • Security monitoring for public cloud environments to ensure users are not placing sensitive data in the cloud in ways that are insecure or non-compliant
  • Building out advanced attack detection capabilities by employing advanced analytics to identify threats through statistical or behavioral anomalies in security events, IT logs, network behavior, network forensics, payload analysis, endpoint behavior, and endpoint forensics
Time is money; downtime is loss of money. The cost of doing nothing is significant.

Cybersecurity is an Investment, Not a Cost Center

The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity. Unfortunately, many companies are not keeping pace with their increasing risk, nor could they ever be expected to if their leadership views cybersecurity as a cost center while still viewing other innovations, such as digital transformation, as an investment.

For any digital transformation project to be successful and return the anticipated value, cybersecurity must be considered foundational.

Just as that new $500 suit is an investment to help you get that new job, the cost to have it tailored is part of that investment. The same goes for digital transformation and cybersecurity. But for many companies, the digital transformation is long underway, and cybersecurity desperately needs to catch up. That new suit needs to be tailored quickly before another person sees you in that poor-fitting getup.

A successful cybersecurity strategy is without much hope if executive leadership does not champion the proper investment and prioritize the efforts. The result is too often organizations piecemealing pointed IT security solutions one-at-a-time, failing to prioritize wholistic cybersecurity projects. This only exacerbates the risks to the business, but also hampers the efficiency in accomplishing other technology projects deemed as competitive differentiators.

So, where do you start to improve your cybersecurity posture ASAP?
  1. Get executive support immediately so you don’t spin your wheels on half-baked inefficient IT security practices.
  2. Change the mindset by showing cybersecurity is an investment in the company’s future.
  3. Keep in mind the cybersecurity triad of “platform, people and process”, and seek complete solutions that can ensure long-term success.
Here are some tools to help you along your journey…

Cybersecurity Maturity Model

It’s important to take a step back and understand where you are today, where you should be, and where you want to go next. By considering all four key aspects of a complete security architecture – prevent, detect, respond, and predict – a good Cybersecurity Maturity Model provides a practical stair-step approach toward the appropriate level for your organization.

SIEM Total Cost of Ownership Calculator

Security Information and Event Management (SIEM) is the foundation of any well-grounded IT security strategy. However, depending on your organization’s unique requirements, staffing, and deployment situation, the total cost of SIEM can vary widely. Use our SIEM TCO calculator to compare 1-year and 3-year costs of self-managed and Co-Managed SIEM solutions.

Calculate your TCO now


How to Protect Your Network from Ransomware Tips from the FBI

The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.” Individuals don’t need to possess a certain skill set, but rather, malware developers advertise their ransomware on the dark web to be distributed by less sophisticated attackers. This allows developers/advertisers to take their cut from the ransom amount paid.
The cyber criminals behind these attacks aren’t necessarily picky; they target big companies, small businesses, government entities, and individuals. But the damage they cause to small- and medium-size businesses (SMBs) is particularly alarming. A recent report by a security firm last year noted that 22% of SMBs affected by ransomware had to cease operations immediately. One-third had suffered a ransomware attack in the previous year.
“If you haven’t been a victim of ransomware or any other type of computer attack, you have to operate as if it’s just a matter of time before you are – and take the steps to protect yourself and mitigate the resulting damage or loss,” says Sheraun Howard, supervisory special agent with the FBI’s Cyber Division in Washington, D.C.
How it Works
While the names, details, and entry points of each attack vary, the concept remains the same. First, the bad actors deliver the ransomware. This is often done by spearphishing emails – targeted phishing emails aimed at specific employees that contain personal details to perpetuate the fraud. These emails or email attachments will contain an exploit for a particular software application vulnerability that provides the attacker access to your computer. After the attacker has access to your computer, they typically use additional malware to propagate throughout your network and drop their ransomware onto your environment. Once the ransomware has been delivered in one way or another, it prevents the targeted user from accessing their data or systems by encrypting their files. The targets receive an email, text file, or screen message demanding that they pay a ransom in order to regain that access.
How to Defend Yourself
The FBI recommends that all businesses take the following steps to reduce their risk of a ransomware attack:
  1. Educate your employees about the risks
  2. Create a security incident response plan
  3. Update and patch software and firmware
  4. Manage privileged accounts
  5. Audit user access to your systems
  6. Use firewalls, spam filters, and anti-virus programs
These six recommendations are a solid start for individuals and companies, but at some point, advanced threat protection with Co-Managed SIEM will need to be evaluated and adopted to truly stay ahead of attacks.