Summary: We will be going over Cybersecurity today; specifically, the growing threats that come from a lack of it, and how it affects businesses both large and small.
A quick look at our agenda today, again the focus will be on threats to you and your business with an emphasis on preventative measures and keeping your data safe
- Introduction – 01
- Thank you everybody for taking time out of your busy day to join our webinar. I know holidays are coming up, things may be hectic, and everybody has something different on their mind, but today we wanted to briefly talk about something that should always be considered.
Cybersecurity
We will be going over Cybersecurity today; specifically, the growing threats that come from a lack of it, and how it affects businesses both large and small.
- Agenda- 02
- A quick look at our agenda today, again the focus will be on threats to you and your business with an emphasis on preventative measures and keeping your data safe
- Introduction -03
- Before we begin, we want to of course introduce who we are.
- Cinter Technology Services is an all-encompassing IT solutions company; our clients range from local small businesses usually in the vicinity of one of our many office locations in Houston, Dallas, Chicago, or LA, all the way up to our globalized Fortune 500 partners.
- Without going through an exhaustive list, a few things we can help companies with are:
- Cloud migration & virtualization
- Cybersecurity
- Infrastructure standardization
- Datacenters and staff training
- We really do it all. We can create a solution that fits your needs, is in your timeframe, and probably most important to any business, works with your budget
- Risks – 04
- Jump right in to Cybersecurity
- There’s a quote that I’m sure most of us are familiar with, having seen it or in some cases experienced it firsthand: If you’re connected to the internet, you’re at risk. Of course it’s not always as easy as it is here to distinguish what’s fact and what’s fake – particularly as a business, you have to take extra precautions about what you take in as usable information; and we’ll get into why shortly
- Jump right in to Cybersecurity
- Just 3 examples of some major cybersecurity events that made headlines within the last 5 years or so.
- The Equifax data leak affected more than 50% of ALL AMERICANS, where victims had their personal information like name, address, phone number, and even social security numbers breached and downloaded by attackers.
- Almost 150M people were affected, and it has cost Equifax about $1.4 BILLION as of late 2019, in this case the cause was from a vulnerable “dispute ticket” server that the US-CERT (cybersecurity & infrastructure security agency) which of course is a gov’t cybersecurity org. had warned the company to update as it was proven to be vulnerable: (https://www.wabe.org, https://www.cnet.com, https://www.us-cert.cisa.gov)
- Twitter’s breach began several months prior with some social engineering to gain personal info from a few select employees that had control of Twitter admin tools, which could alter confirmation email accounts so that they could change the password and not raise suspicion. This allowed the threat actors to obtain access to high profile twitter accounts such as Obama, Elon Musk, Jeff Bezos, Kanye West, the Apple official account and around 125 more high profile accounts to obtain over $150,000 in bitcoin in the span of a few short hours (https://cnbc.com)
- Originally used to take over rare Twitter names and sell for profit, this was committed by a 17 year old and some friends out of Florida
- Sony’s hack was now known to have been caused by a North Korean hacker group (called Guardians of Peace) after it was revealed that “the interview,” a controversial comedy movie about the assassination of North Korea was being released.
- It was revealed that they were able to obtain 10 years worth of employee emails, including HR emails that included personal identifying information of employees. (https://time.com)
- This caused Sony to cancel ALL screenings in theatres after multiple terror threats to cinemas if the film was released.
- Solarwinds – hackers took control of an internal system called Orion, an IT resource manager, by exploiting a weakness in that Orion system which helped them spy on and even take some data from major companies like Microsoft, Cisco, Intel, California State Hospitals, and some Gov’t. agencies and they were able to monitor activity at will for around 9 months without detection.
- The Equifax data leak affected more than 50% of ALL AMERICANS, where victims had their personal information like name, address, phone number, and even social security numbers breached and downloaded by attackers.
These are just a few more notable examples of events that have transpired in the public eye. There are countless events like this happening daily to businesses all over the world, but it would be impossible to cover them all. We wanted to emphasize how important it is to be vigilant with training and cybersecurity in general as, again, most of these issues can be prevented with someone monitoring and updating your infrastructure as necessary. That is exactly what we here at Cinter have to offer you, and then some.
- Effects on Small and Medium Sized Businesses:
- Like Slaton said, just because cybersecurity news doesn’t make headlines for small and medium businesses, doesn’t mean they’re not a target…it’s actually quite the opposite.
- Small and medium businesses are a high target, due to their ease of access for threat actors, and in 2017, accounted for over 58% of all cybersecurity events.
- Studies have also shown that small businesses have a false sense of security of usually considering the risks but assuming that nobody would want to attack them, we’re too small of a business to be a target, right?
- Wrong. The Ponemon Institute found in its 2017 State of Cybersecurity in Small & Medium-Sized Businesses report that cyberattacks on small businesses have increased in recent years, affecting around 61 percent of small to medium sized bussineses in 2017, up from 55 percent in 2016. (For the Average Hacker, Your Small Business Is an Ideal Target (entrepreneur.com)
- Those numbers have continued to climb and grow despite the also increasing awareness of the risks, and tools to stop that growth.
- Wrong. The Ponemon Institute found in its 2017 State of Cybersecurity in Small & Medium-Sized Businesses report that cyberattacks on small businesses have increased in recent years, affecting around 61 percent of small to medium sized bussineses in 2017, up from 55 percent in 2016. (For the Average Hacker, Your Small Business Is an Ideal Target (entrepreneur.com)
- This is important to mention as we’ll move on to show how there is an actual number, an actual cost, to a security event happening, and often times, it is detrimental for small to medium sized businesses.
- Malware, Ransomware, and Spyware
- 66% of malware is installed via email attachment, all it takes is clicking the picture or link
- The most obvious solution is don’t click the link if you don’t know the sender, and verify the email with IT if you have any suspicions at all, but with attachments being a norm in almost every business environment, its overlooked an almost criminal amount of times daily
- Average cost was about $2.4M in 2019 with 31% of all sent phishing emails being opened.
- More than half, around 51%, of small businesses have experienced a cybersecurity event, with over 60% of those affected businesses going out-of-business WITHIN 6 months.
- The sad part is that simple standardization with regular updates, and some basic user training every month or couple of months could have prevented many of the attacks, and as it stands, can prevent so much more damage from being done
- 66% of malware is installed via email attachment, all it takes is clicking the picture or link
- Lack of Training & Awareness
- THE #1 contributor to malicious attacks and events for small businesses is a lack of training and awareness on the side of the users.
- MFA, Strong password requirements like adding a number and character, mandated password changes after an allocated time, biometrics, and many more options all can reduce attacks by 10 fold, and these seemingly small preventative measures really should not be overlooked.
- After everything has been said and done here, these are just the first steps of preventative measures and really, they are the most basic things that we can do almost immediately in a business, with most options not costing a dime.
- At Cinter, we can help streamline this process, and go much further with things like creating Virtual Machines for users via Cloud Architecture so that they can connect securely from almost anywhere at any time. We can configure strict firewall rules between host machines and virtual machines so no information is duplicated onto personal devices, we can standardize your entire operation so that every user has to adhere to whatever guidelines that you have in place, and many others. Every business is different in regard to their needs, but we are all the same when it comes to being connected. There are always threats, and we are here to stop them so that you can continue on.
- Let’s look at these two examples of two phishing scams that were highly successful in the last few years. What we are looking at on the screen are a couple of screenshots that look extremely convincing. The one on the left is actually from my inbox just recently. I have contact info on a public website as I’m sure many of us do, and that opens us up to being easy targets of phishing mailing lists, spam or scam calls, and plenty more
- As we can see, phishing attempts are getting more and more sophisticated, using trademarked images, everything seems in the right place, there are few to no spelling errors or non-native sounding language, etc.
- THE #1 contributor to malicious attacks and events for small businesses is a lack of training and awareness on the side of the users.
- Phishing Email Example
- These are just a couple of examples of commonly received scams that get past the spam or junk filter. The one on the left came out of my personally inbox just last month. Can you spot the tells of a phishing email here?
- At the top there is a spoofed name that makes it look like you received the payment from PayPal, but if you click on the sender name it will show the address it came from. Almost always, there will be the company name as the address, and they send to one person at a time. Not a list of people from a clearly fake email as shown here.
- The one on the right is even harder to check, as it shows it may actually be from Amazon. Aside from knowledge of if you actually purchased a $1,500 machine, if you look closely, you begin to notice small mistakes. Things like the arrival date being 19, 18 instead of 18th-19th, spacing on the “track your package” button is too close to the text above, it shows Amazon LLC instead of their official tag which says “amazon.com, inc. or its affiliates”, and the bottom text left out the ‘A’ so it says “mazon LLC”.
- The track your package button then redirects you to another page that looks real but can be picked apart, and has you confirm all of your payment information again, which then most likely goes to some person in their dimly lit basement to then use as they wish.
- These are just a couple of examples of commonly received scams that get past the spam or junk filter. The one on the left came out of my personally inbox just last month. Can you spot the tells of a phishing email here?
- Demonstration
- How easy could it be?
- This is our contact info, we’d love to get together with each of you to see how we could help your businesses in improving your overall cybersecurity measures, connecting you to the cloud, making your business Covid environment compatible (i.e remote work), and anything else you could dream up for your business.
- Q & A
- Let’s say we go with Cinter, how much is it going to cost to set up a security network from the ground up? If they go with Cisco Anyconnect it could be $8/$12/$20 per user, MFA and password manager are free, cloud connection for redundancy and for disaster recovery (depends on which provider, how much data, so it’s not a number we can pin down but a couple hundred per month assuming 20 users just to give you a figure to think about)
- To answer briefly, we may suggest just making sure that you have a secure server and secure VPN/remote connections with strong password requirements at the minimum, but to go further on that we might just suggest going fully virtual. Getting your business on the cloud and removing the need for full time on site IT, contracting out to us at Cinter could take care of that where we monitor your data 24/7 but work monthly or weekly depending on your needs to take care of user trouble tickets and support.
Interested in learning more about Cinter Technology and how our services can help your business?