Blog

stay secure on a limited budget

The ambition and dedication of small and midsize businesses (SMBs) drive the modern U.S. economy. These businesses face special challenges in the IT space because they don’t have the staffing, institutional knowledge and financial resources that larger enterprises do.

The Threat Landscape for SMBs

99.7% of all U.S. businesses have fewer than 500 employees. That huge footprint makes SMBs a prime target for cyberthreats, cybercrimes, and data breaches and theft – and an attack can have a devastating effect on an SMB’s viability.  The small to midsize business is an increasingly attractive target to malicious actors and cybercriminals because it is often unable to maintain the tools, skills, knowledge, and staff required to adequately defend the business.

According to Barkly, 57% of SMBs reported an increase in cyberattack volume in the last year. However, even though cyberattacks are becoming more sophisticated, only 36% of SMBs expect to be willing or able to increase their cybersecurity budget in FY2019.  These numbers point to a chilling existential risk to the survival of SMBs that rely on access to their data.

The Securities and Exchange Commission (SEC)’s Public Statement plainly states:

Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (“SMBs”) are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.

Why Are SMBs Being Targeted?

The same SEC Public Statement also indicates that many SMBs cannot handle a cyberattack effectively on their own.  A survey in the same report indicated that as many as 27% of SMBs have no cybersecurity protocols at all, and as many as 60% of them did not respond to a cyberattack correctly.  These conditions are exactly what a cybercriminal or malicious actor needs to continue perpetrating their attacks.

The question of “why” SMBs are being targeted at such high rates is easy to define.  It’s much harder to change the characteristics that make SMBs a high-priority target.  However, one thing is certain: money is a primary motivator for cyber adversaries. Cybercriminals are either trying to steal the SMB’s money directly, or they’re looking for data that they can sell for a profit on the black market.

Whether the discussion about how to assist SMBs in their cyber defense is about training, education, tools, skilled employees, around-the-clock monitoring, or using the most up-to-date technology to mitigate threats and vulnerabilities, the sticking point is always about the budget, the financials, and the overall impact on the business plan.

Managed Solutions for SMB Cybersecurity

Some SMBs will attempt to “go it alone.”  According to a report from Trustwave and Osterman Research, in 2014 SMBs spent $156 per user on security solutions (software, hardware, services and other technology), compared to $72 for enterprises.  Of this spend, only about 19% was dedicated to managed or cloud services.

The conclusion of this report indicates that security solutions for SMBs are often too expensive to purchase outright, which is why Managed Service Providers (MSPs) have been a financial relief to them.  Investments in inclusive infrastructure solutions, software solutions, computing solutions, or expert staff are cost-prohibitive for most SMBs.  MSPs provide these solutions at a fraction of the cost.  MSPs have the knowledge to monitor for, assess, analyze, report on, mitigate, and remediate cybersecurity threats and vulnerabilities for many customers at once, without having to undertake the onerous financial burden that an SMB would undoubtedly face on its own.

Some of the solutions a Managed Services Provider can offer include:

  1. Triage – Underskilled and undertrained IT staff face an insurmountable task when looking at the sheer quantity of passive and active attempts to infiltrate a network or device. Every SMB has specific data that is important to its business plan, and has unique and proprietary systems that require protection.  Additionally, there are often industry standards, regulatory compliance requirements and customer data protections that dictate what can or can’t be done.  MSPs can implement prioritization techniques that analyze the severity of attack attempts and appropriately implement policies that thwart them.
  2. Automation – MSPs can purchase more state-of-the-art tools and appliances, allowing them to implement automated tasks and alerting. This gives MSPs an advantage that many SMBs cannot afford to implement.  A streamlined and automated workflow of alerting, reporting, mitigating, or even remediation can result in large financial savings rather than waiting on a human being to perform the same tasks.
  3. Education and Training – Cybersecurity training and education is a never-ending task. MSP security analysts and engineers undergo constant training on tools and appliances, and they continue to accumulate security certifications in quantities that SMBs would likely never be able to afford.  Additionally, MSPs can provide user training to inform their customers of the dangers in the cybersecurity landscape.  Some of these dangers include opening unknown emails, clicking unknown ads, implementing poor passwords, connecting to unsecured WiFi networks, and browsing dangerous websites.
  4. Up-to-Date Technology MSPs have the budget and the business plans to purchase high-quality products from specialized vendors in the cybersecurity space. As a result, MSPs can offer SMBs a top-grade solution that would otherwise be unattainable for them.  Next-generation firewalls, backup and recovery, endpoint detection and reporting are all tools that are now available to SMBs through MSPs at a fraction of the cost of implementation.

By working with an MSP, your business can reduce the costs of downtime and business interruption, while spending less on salaries and minimizing turnover. You’ll also save on related costs like training, education, and specialized equipment and services which come with the MSP’s extensive in-house teams.

Ready to see how TPx can help you stay protected while cutting costs? Talk to a TPx specialist today.

 

About the Author

Adam Weber leads the development of TPx’s security product offerings. He has more than 15 years of experience in security and cybersecurity, both in the public and private sectors. He is a 12-year U.S. Army veteran in communications and was deployed to two combat zones. He has also worked with U.S. government agencies like U.S. Transcom (U.S. Military Transportation Command), DISA (Defense Information Systems Agency), and NGA (National Geospatial Agency). In his spare time, he is a computer and technology hobbyist who enjoys building his own networks, servers, labs, and security infrastructure. Adam holds an MBA from McKendree University and CISSP, CASP, CEH, and Security+ certifications.

 

How to avoid ransomware

Did you know that ransomware attacks worldwide rose 350 percent in 2017? Ransomware continues to be a scourge for businesses and individuals alike, as cybercriminals cast a wide extortion net in hopes of snagging a lucrative payday.

Made (in)famous around the world by the global Wannacry strike in 2017, the premise is simple: Crooks infect machines with malware that locks up all the files on a computer or business network, and then they demand a ransom (usually in the form of Bitcoin) in exchange for releasing the hostage documents.

The good news is that defenses are improving, giving businesses a host of great options for combatting the threat – which means that keeping current with the latest security tools is critical. Ransomware authors are hardly slinking away in the night: Instead, they’re evolving their tactics, using clever, targeted social-engineering techniques to get malware onto targeted machines and changing up their encryption schemes to make it more difficult for companies to unlock impacted files.

If you’re a victim, the conventional wisdom (which we agree with) is to not pay up – there’s no guarantee that the files will be released after the payment is made, plus it only encourages and funds the threat actors. But ransomware cleanup isn’t easy nor cheap – even after decryption (more and more tools are available to clean the compromised files).  Securing the integrity of the network post-attack is a lengthy process.

The best thing to do is avoid becoming a victim in the first place. Managed security from TPx automatically keeps your defenses up-to-date with the latest state-of-the-art technology to combat the latest threats. That provides real peace of mind, but here are some best practices that every business should always adopt to protect themselves.

1. Educate and Inform Users About Ransomware

Training staff to recognize fake emails and to be wary of unsolicited mails is critical in the fight against ransomware. Malware generally arrives in the form of an email attachment or a malicious link. These scam messages will come in many guises.

Sometimes, the email will purport to be sending an important invoice or information on a shipped package. In other cases, the mail will claim to be sending HR information or other business-critical data. As attacks become more targeted, attackers are even doing reconnaissance on the business before sending the emails, tailoring the message to make it seem legitimate. In all cases, the point is to encourage users to open the attachment or click on a link, after which the ransomware is downloaded and then starts spreading through the organization.

If you think you can easily spot fraudulent emails, think again. The success rate in targeting the average human worker can be almost 20% in some cases, depending on the lure. Also, often the sender’s address will appear to be an internal address; or, the sender may even be someone in a user’s address book. The best course of action is to pick up the phone and verify that an unsolicited message is legitimate before clicking on anything.

2. Use a Good Backup Solution

Back up your systems and data both locally and offsite. Today’s leading hybrid local/cloud backup solutions, such as TPx’s MSx Managed Backups service, can significantly improve the performance and reliability of backing up and restoring important data. They offer the ability to back up systems multiple times per day to minimize the impact of a disaster. Advanced security technology available in some systems can also help you identify and recover from ransomware attacks without having to pay a ransom.

3. Keep Systems Patched and Updated

A critical method for preventing ransomware attacks is to make sure to keep operating system and software updates current. Installing a system or security update doesn’t have to be a hassle or an annoyance and take you offline for a few minutes if you leverage an automated patching software.  And, it’s far better than the alternative: being open to a host of security threats, including ransomware.

That’s because attackers often deliver ransomware by exploiting unpatched security holes on a victim’s machine. When a visitor lands on a compromised website or opens a certain kind of file, the malicious code launches in the background to find these holes and infiltrate the system.

It’s also critical to note that Windows XP devices are no longer supported by Microsoft with security updates, so migrating off this platform to a more current form of Windows should be a priority.

4. Use a Good Antivirus/Anti-Malware Solution

Business-grade antivirus programs have the ability to scan files to see if they might contain ransomware or other threats. It’s critical to make use of them before downloading files or programs.

5. Consider Managed Security and Backup

While implementing user awareness training is up to you, you can implement other best practices with managed services.

The TPx managed security suite is designed to keep up with the latest protections. Gateway AV thwarts downloads of viruses, worms or other malicious content by checking all content for malicious code embedded within the payload and by blocking access to infected sites. The gateway security service also includes web content filtering and application control as well as intrusion detection/prevention (IDS/IPS), which uses SSL deep packet inspection to analyze even encrypted traffic which attackers now use in an attempt to circumvent firewalls. Two 24/7/365 Security Operations Centers staffed by A-list experts are always working to anticipate, prevent and respond to any attack.

TPx’s managed backup service, meanwhile, allows companies to back up complete systems locally and to the cloud on a continuous basis. That means you can resolve a ransomware attack by simply rolling back the affected systems to an earlier timestamp, to make it as if it never happened. This point in time rollback makes file restoration a breeze, and we’ll even work with you to get your backups restored.

We also offer help with system updates and patching with a managed endpoint service.  Our automated patching service ensures that key servers and workstations stay up-to-date with recommended security patches available for the Windows OS and supported third-party applications.

These tips are a good place to start, but of course it’s not an exhaustive list of precautions your business should take. Reach out to your TPx representative today to see how we can deliver peace of mind when it comes to ransomware and other threats.

 

About the Author

Jared Martin has been in the Information Technology world for more than 20 years. He co-founded a managed services voice and Internet service provider in 2001 and grew the business to significant revenue. In 2008, that company was sold to Tel West Communications, which in turn was acquired by TPx in 2012. Jared has been a technology leader in driving change and adoption of new technologies, such as Software-Defined Wide Area Networking. He is always looking for new ways to use technologies that are outside of the box and to influence TPx to innovate and to be on the cutting edge. In 2016, Jared took charge of TPx’s new MSx line of business, formed as a result of the merger of TelePacific and DSCI. This brought Jared back to his roots of providing managed services and a consultative sales approach to customers.

off-the-shelf security devices

When it comes to cybersecurity options for businesses today, the range of “off-the-shelf” options can be dizzying – and exciting – for those looking to cut administrative costs. A nice, new shiny router with what claims to be “business-class” firewalling and maybe even some DDoS protection for under 200 bucks? For many business owners the answer is “Yes please!” when the answer really needs to be “No way,” or maybe even “No freaking way!”

The consequences of going with one of the many routers (or other quick-fix security products) for sale at a big-box store can be devastating. These solutions may claim to offer business-class security, like firewall options, but the reality is that their features are limited and require frequent updates to make sure they’re ready to handle the latest threats. They also offer a false sense of security, given their narrow focus. Throwing a router with a firewall into the network and calling it a day is not a solid defense against the troublemakers out there targeting businesses every minute.  To be fully protected, businesses need to think bigger and broader – which is where managed services come in.

A good managed security product keeps you automatically up-to-date with a comprehensive set of the most powerful defenses against ever-evolving threats, while eliminating overhead. By way of comparison, to really do any good, that off-the-shelf router needs to be paired with additional security layers, including intrusion detection, traffic monitoring, antivirus and anti-malware software, plus work on the network/LAN side, like properly configuring user permissions to determine who has access to what data on the network. There’s also disaster recovery and backups to consider. Putting all of that together takes time and expertise—something that’s in short supply for most businesses except the largest enterprises.

Sure, many companies think they’re too small or their data’s too generic to find themselves in the sights of cybercriminals. The reality, however, is that 58 percent of all breach victims are categorized as small businesses.

It’s also worth noting that you never know when an on-premises device like a router can become a conduit for bad actors. The FBI, for instance, recently advised that the VPNFilter malware has infiltrated 1 million routers and counting – noting that everyone should reset their network boxes to help thwart the malicious code. “The FBI recommends any owner of small office and home office routers power cycle (reboot) the devices,” the Bureau said in a statement. “VPNFilter is able to render small office and home office routers inoperable. The malware can potentially also collect information passing through the router.”

The TPx managed services suite includes affordable device monitoring and management, network intrusion detection and prevention, antivirus, web content and spam filtering, plus disaster recovery options – all backed with our round-the clock Security Operations Center and highly experienced cybersecurity analysts.

Contact your TPx representative today to find out how managed services can help you avoid the consequences of hasty decisions in your security spend and keep your business safe and stable.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Managed Endpoint, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.

cryptomining

You thought ransomware was bad? Cybercriminals are embracing a new scourge, in the form of cryptomining. The latest bug, dubbed the FacexWorm, is an example of just how dangerous it can be.

Cryptomining is a type of malware that hijacks the CPU system resources of victim machines, slowing down performance and stealing power. It uses these resources to mine for virtual currency, especially Monero, which takes fewer resources to uncover than the more well-known Bitcoin.

It can be delivered as a standalone malware, but there are also drive-by versions, where online mining of Monero cryptocurrency starts when a user visits a web page. A product called Coinhive is offered as a legitimate service for webmasters looking for a monetization alternative to advertising, but criminals often embed it into websites without the site knowing, and unscrupulous websites use it without letting site visitors know.

Unlike ransomware, which usually results in only a small percentage of infected users actually paying the ransom and requires time and effort to interact with the victims, cryptomining is a “set it and forget it” proposition for attackers. It also tends to fly under the radar, and it can take weeks before a victim uncovers the infection. In other words, it requires minimal effort, but maximum reward. Perfect.

It’s lucrative too, with cryptocurrencies now reaching dizzying heights of valuation. To put the financial gains for the bad guys into perspective, an average system would likely generate about $0.25 of Monero per day, meaning that an adversary who has enlisted 2,000 victims could generate $500 per day or $182,500 per year.

Thus, it’s no wonder that it’s spreading rapidly. More than 4,000 government agencies in the US and the UK alone were recently found to be infected with it – and that’s just one section of one vertical. Various industry estimates postulate that as much as a quarter of all desktops are compromised.

A good example of the danger is that the FacexWorm is spreading via Facebook. Once it infiltrates a user’s account, it sends out faked Messenger video links to the victim’s contacts which, when clicked, replicate the malware onto those contacts’ machines. It has an impressive set of capabilities: It steals Google, MyMonero and Coinhive credentials when a victim logs in, injects a cryptocurrency miner that exploits the victim’s CPU, hijacks the user’s cryptocurrency-related transactions, detects when a user’s accessed a cryptocurrency trading platform, and thwarts removal and detection. It also communicates with a remote command-and-control server, from which it can download additional malware.

Further, FacexWorm has created the potential for building a large-scale malicious botnet. Facebook has an estimated 2.2 billion active users, so putting together a botnet consisting of hundreds of millions of devices would not be a difficult task. That botnet could be used for different kinds of attacks, including distributed denial of service.

So, FacexWorm presents a danger in and of itself, but it also acts as just the latest example of why organizations should be proactively protecting themselves from DDoS attacks.

The cyber landscape is a wild and wooly place, where financially motivated bad actors are always looking for the next big attack vector. Ransomware was the “it” malware last year. This year, cryptomining is catching fire. And there’s sure to be something else coming along the pike before not too long.

That’s why it’s important for companies to adopt comprehensive, real-time unified threat management (UTM), which can keep systems protected from malware, DDoS attacks and other concerns. A UTM appliance consolidates network security – including firewalls with anti-virus and anti-spyware protection, intrusion detection, web filtering and more – into a comprehensive and dynamic threat prevention solution.

TPx offers a managed UTM solution that’s always up-to-date on the latest threats, backed by the constant vigilance afforded by our Security Operations Center (SOC). With our SOC, you have access to dedicated certified security analysts with deep security expertise. They include ex-military, defense, and cyber security specialists with over 50 years of combined cyber security experience. We proactively monitor and manage the threats – before they hit you.

Contact your TPx representative today for details on how TPx can protect your valuable infrastructure, safeguarding your employees and business from ransomware, cryptomining and whatever the next major threat will be.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Managed Endpoint, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.

When it comes to meeting business objectives, keeping up with the frenetic pace of innovation and competition – no matter what vertical or industry segment you happen to dwell in – is a top challenge for organizations. It’s the impetus behind digital transformation, DevOps and convergence – and it’s driving the implementation of critical collaboration tools like unified communications. But it’s creating trade-offs: Amidst this rapid growth and advancement of core business goals, cybersecurity measures are taking a backseat, with a significant shortage in workforce skills hampering efforts to protect the very networks supporting business transformation.

Given the rapidly expanding threat landscape, this is clearly a risky state of affairs for any business. Fortunately, security need not be an impediment to fast growth, thanks to managed IT services.

When Security Falls by the Wayside…

Despite an ever-growing crowd of cybercriminals and attackers lurking in the wings, many companies are finding themselves unable to match their security efforts to the speed at which they do business.

At the heart of the problem is an ongoing and oft-discussed issue: the workforce skills gap. DevOps and security teams are not routinely integrated, largely because it’s challenging to develop in-house competencies. All too often, developers are not trained in secure coding, and operations staff are not trained in basic security practices; meanwhile, security specialists are too few and far between in both areas.

Further, a lack of training and finding talent within existing employee pools is hampering the quest to close the gap, according to (ISC)². In its study, “IT Professionals are a Critically Underutilized Resource for Cybersecurity,” the group found that many organizations are not fully maximizing the opportunity to empower and equip their IT staff—the very individuals most often tasked with implementing security policy and technologies—with the education and authority they need to effectively bolster their cybersecurity.

The research, based on responses from more than 3,300 IT professionals worldwide who participated in the 2017 Global Information Security Workforce Study, revealed that 43 percent of organizations don’t provide adequate resources for security training; and more than half (55 percent) don’t require IT staff to earn a security certification.

These stats bolster many studies finding companies unprepared for today’s threat landscape. Most small and medium businesses (SMBs), which are the targets of most cyberattacks, are unprepared even for front-line cyberthreats like ransomware, DDoS, malware and phishing attacks.

Managed Services Put IT Back on Track

Faced with a lack of skills in-house, and a need to stay up-to-date with the latest threats and mitigations, businesses have an option to rely on managed security to meet their needs – while allowing the business to move forward unhampered.

By turning to managed services, which combine the necessary people, process and technology for world-class security operations, businesses gain a turnkey solution that requires little installation and provisioning time.

For instance, TPx offers 24/7/365 protection and mitigation against ransomware, DDoS attacks and an increasingly sophisticated panoply of threats to business information and security. Managed security is always up to date, which means that the latest threats and security incidents can be quickly identified and receive an immediate response.

These capabilities are backed up by state-of-the-art security operations centers (SOC) in St. Louis, MO and Portland, ME. Our SOCs are supported by a nationwide team of security analysts with deep military and intelligence backgrounds, which lets us take full responsibility for keeping an eagle eye on all the activity traversing TPx’s customer networks.

This approach is more cost-effective too: Outsourcing SOC capabilities costs a fraction of what it would require to build an in-house equivalent, with little to no lead time.

Contact your TPx representative today for details on how we can help you protect your company’s network against the latest threats and attacks – so you don’t have to sacrifice security for speed.

About the Author

Matt Mair is a Senior Product Marketing Manager for Managed Services. His role includes marketing and communications for TPx’s suite of managed IT offerings including Managed SD-WAN, LAN Monitoring, Office 365, Managed Endpoint, Colocation and Server Backup solutions. Matt holds an MBA from Michigan State University’s Broad School of Business and resides in Los Angeles.