4 Ways Your Entire Staff Contribute to Cyber Security

4 Ways Your Entire Staff Contribute to Cyber Security

Most companies are aware that cyber security is important, but it doesn’t factor into their primary business model. It’s assumed that the IT or network security staff can simply ‘take care of it’ and somehow ensure that every computer, device, and the online task is secure enough to keep private company data secure from hackers. However, this simply isn’t the case. Good cyber security relies on every single employee with access to the network to maintain security procedures, avoid harmful websites and links, and never accidentally share company data through an insecure channel. This means that while your IT team can create the infrastructure for good security and perform recovery procedures in the event of a breach, integrating cyber security practices into your company culture is the best way to keep company and client data safe. While there are dozens of ways to help your employees maintain security, here are four great methods to start with:

Email and Download Policies

No matter how secure your company network and firewall system are, employees with access can still open up the entire shared network to hackers and harmful malware simply by opening the wrong email, visiting a malicious website, or downloading an unauthorized file. No doubt employees are encouraged to maintain physical security by keeping doors closed behind them, not obstructing security cameras, and maintaining good schedule and equipment logging procedures. It’s just as important that they keep the cyber security doors closed as well. Onboard training and regular security newsletters can help everyone remember to keep their email and download habits on the safe side.

Learning Password Security

It’s admittedly quite difficult for most people to build, remember, and regularly update a truly secure password, but it’s still important that employees do so anyway. In order to help your staff keep their passwords high quality, difficult to hack, and changing frequently enough to satisfy the security standards of your IT team, consider having a ‘password day’ about every six months in which all employees are encouraged to change their passwords based on good security criteria. We suggest making the passwords somehow funny, as humor is a great memory aid.

Recognizing Phishing and Whaling

One of the primary ways hackers can gain access to a company system is by pretending to be an employee or known business contact. They do this through email spoofing, using the name, information, and a very similar domain name as the individual they are impersonating. This is known as phishing and using this technique, they can trick employees into downloading harmful virus-bearing files thinking they are from a trusted source. Whaling, on the other hand, is when a hacker impersonates an executive in your company, and this method is often used to gain access, confidential information, or even financial transfers from employees trying to be helpful to their boss’s boss. You can dodge these tactics by training employees to always double-check a source to ensure the name, data, and domain name match who they think they’re talking to.

Practicing with Security Drills

A fantastic way to not only teach your employees the right methods but also train them to respond correctly and reward vigilance is to run the department and company-wide security drills. Challenge your IT team to the entertaining task of pretending to be hackers and let your staff know that they should be on the lookout for suspicious emails and activities, but not when the drills will be, and give them an avenue for reporting suspected hacking attempts. Every time someone catches one of the tests, reward them and make them a good example for the rest of the company as encouragement to keep everyone on their toes.

Cyber security for your business is no joke, but you can make maintaining that security fun and effective for your entire staff by including them in training, security events, and hacker drills. No one will thank you more than the IT team who gets to play the hacker and deal with fewer breaches as everyone pitches in to secure the company networks. Here at Apollo Consulting, we want your company to be absolutely secure. For more useful tips for maintaining your company’s cyber security, contact us today!

Cyber Security: What You Need to Know About Advanced Persistent Threats

Cyber Security: What You Need to Know About Advanced Persistent Threats

Advanced Persistent Threat (APT) have increased frequency substantially since 2014, and these cyber-attacks are particularly insidious because they are extremely difficult to detect. As the name implies, APT attacks rely upon advanced cyber-attack techniques focused on establishing a covert remote access channel through which attackers can expand their control of victim systems and networks. Recently APT attacks launched by organized cyber-crime gangs such as “Lazarus,” and the widespread Carbanak attack that resulted in over 1 billion dollars in losses across over 100 banks around the world, started targeting internal bank and financial institution information processes rather than focusing on individual financial account which was previously their mode of operation. Since APT is a stealth attack that occurs over a relatively long time period, understanding the phases of an APT attack (which happens to follow the Lockheed Martin “Cyber Kill Chain” framework) is key countermeasure configuration and deployment, blocking APT advances, incident response, and managing internal and external communications during a suspected incident.

Reconnaissance

During the reconnaissance phase, APT attackers focus their efforts on gathering information about the targeted victim. They often employ common tools such as Internet search to learn about the inner workings of the targeted organization, and specialized tools such as the Shodan search engine provide details about the system configurations on the targeted victim’s networks. Other tools that map the victim’s network, and identify and log system attributes are also employed. Social engineering techniques may also be used to gather information about the target organization’s internal business processes, organizational structure, contact names and contact information such as email addresses and phone numbers.

Weaponization

During “weaponization,” APT attack groups process information captured during reconnaissance by identifying vulnerabilities and mis-configurations for exploitation that may provide them with remote access. APT attack groups often use online databases of known vulnerabilities by cross-referencing system and software version numbers obtained during reconnaissance to pinpoint exploitable vulnerabilities are not patched. In addition, APT attack groups usually have teams that work to identify new “zero-day” vulnerabilities within the target system for which there is no known security fix.

Exploitation

Tools designed to exploit vulnerabilities uncovered during the “weaponization” phase are then developed that include capabilities aligned with the APT attack group’s carefully constructed plan. For example, the Carbanak attack included keystroke logger tools and malicious video capture applications that the APT attack group installed on financial organization workstations, then captured authentication credentials along with video and pictures of bank operations, and uploaded the captured information to APT attack group servers on the Internet in preparation for the Command and Control attack phase.

Command and Control

APT attacks focus on gaining remote “command and control” anytime access of systems internal to the target victim’s network. Remote control is usually established through a covert channel using network traffic that is very difficult to detect. Attackers use remote command and control access to repeat attack phases from inside the target network and gain control over additional systems required to attain their goal (such as capturing customer confidential information).

APT attacks are carefully planned and precisely executed, often taking months for attackers to achieve the purpose of the attack. A layered information security strategy that includes measures for prevention, detection, and response is essential for financial institution readiness. Preventative measures include a well planned and maintained best practices based information security program for managing defense countermeasures, employee security training (which includes social engineering education and response, for example), auditing, administration, and intrusion prevention systems. An incident response program must also include a well-managed crisis communications program that ensures all stakeholders are accurately informed about the organization’s strategy for preventing incidents from occurring and that accurately communicates status and manages public relations when a suspected incident occurs. Contact us today for more information on cybersecurity planning and crisis communications management.

Cyber Security Planning and Incident Response Essentials

Cyber Security Planning and Incident Response Essentials

New cybersecurity threats to the financial industry, which includes automated threats such as malware, are now produced and actively deployed at an exponential rate. Newly introduced technologies that increase organizational efficiency, employee productivity, and profitability, also introduce new “zero-day” vulnerabilities (security flaws discovered by cyber-criminals before the release of a security patch), resulting in cyber-attacks targeting vulnerabilities that security updates cannot fix. For this reason, best practice cyber security defense planning and implementation are essential to ensure your organization is not an easy target, also enabling the organization to detect cyber-attacks trigger a pre-planned security incident response to thwart attacks and prevent compromise of organization and customer confidential information.

Cybersecurity Planning

Cybersecurity planning starts with leadership support. Once leadership announces support for an organizational cyber security planning initiative, they appoint a cyber security planning leader and grant authority necessary to meet the organization’s cyber security objectives (which should include securing critical and sensitive information systems and assets, developing a cybersecurity incident response plan, and regulatory compliance).

Determine Current Cybersecurity Status

Identifying current and critical system and information assets is an essential step to understanding and prioritizing what the organization must protect. Assessing the value of each asset to the organization, potential for loss due to identified threats, and impact of asset compromise to the organization enables the organization to prioritize assets and determine appropriate cost and justification for protecting each asset.

Define Future Cybersecurity Status

Establish organization specific objectives for the developing cyber security plan by identifying what the organization must accomplish with the plan. Areas to address include regulatory compliance, cyber security system administration and maintenance objectives (such as centralized management and system status visibility for management), employee training, change management, and security incident response and business continuity planning objectives.

Develop Cybersecurity Plan Objectives

Formulation of the cyber security plan framework occurs through the development of policies and procedures that dictate how the organization will configure and maintain a secure environment. Responsibility and accountability assignment ensure policy implementation, status monitoring, and maintenance. Written procedures define vulnerability countermeasure assignments and deployment specifics. Cybersecurity and incident response teams (which could be in-house or outsourced) are also established during this step.

Final Approval and Strategic Implementation

Since a best practice, cyber security plan addresses security for the entire organization, plan presentation to the management team must occur before deployment. The final schedule for implementation is also presented and resources assigned according to the schedule and authority granted to the cyber security team to move forward with the cyber security initiative.

Maintenance

The cyber security, incident response, and change control board teams are responsible for maintaining cyber security within the organization and providing the leadership team with continuous visibility into the organization’s cyber security status. The cyber security team ensures that technical implementation meets the new cyber security policy standards through regularly scheduled audits and monitoring and maintenance of all cyber security systems (such as firewalls and intrusion detection systems) and documentation. The incident response team meets regularly to rehearse incident response procedures and crisis management communications so that response to a detected cyber-attack will be quick and communications effective. The change control board will work with both the cyber security team and incident response team, along with IT staff, to ensure that all maintenance activities are well planned, avoiding business system disruptions.

Organizations within the financial sector are a primary target for cyber-attacks. Incident prevention starts with a best practice cyber security plan designed to protect all company assets according to their priority and importance within the organization. Since some attacks, such as Denial of Service, cannot always be prevented, establishing detection systems and an incident response team ensures quick reaction to protect company assets, system up-time, and avoid/minimize loss of productivity during business hours. Contact us to learn more about cyber security planning, incident response, and crisis management communications.

The Importance of Cyber Security for The Financial Industry

The Importance of Cyber Security for The Financial Industry

In a world where our technological capabilities are rapidly advancing and creating new and exciting opportunities, there is also an element of security that needs to be strongly considered and given the appropriate resources. An ever-expanding Internet of things is making it virtually impossible to secure every route and door to the Internet and your information. The latest cyber attack to make big headlines the WannaCRY incident has shown a lot of people just how vulnerable they really are. Big organizations like Target, Sony, FedEx, and the Uk’s NHS have been attacked successfully. Now it is more important than ever, especially for individuals and organizations that work in the financial industry to be dedicating enough time and energy to protecting their systems and information.

The WannaCRY Incident 

Last month, over 200,000 computers in 150 different countries were affected by a cyber attack. The WannaCRY attacks focused on a weakness in the Microsoft Windows operating system and locked people’s information and computers. The virus demanded a ransom payment in BitCoin in order to unlock the computer and the information stored on it. Fedex, Telefonica, and the UK’s NHS are just a few of the big name organizations to be hit by this attack. Payment of the ransom did not result in the release of the lock on the computer and information.

Systems attacks like the WannaCRY incident are all too common. However, professionals working in the financial sector cannot afford to lose their or their clients information to cyber attackers so easily. It is very important that cyber security is given the utmost importance in all fields, but especially in the financial industry.

What You Can Do About It

  • Make sure all of your computers and connected devices are up to date with the latest software and security programs. It is imperative to ensure that all computers and devices being used on your network are vetted and approved. It can be hard to do this since so many people have their own personal devices that they bring to work, but it is essential to make sure any and all access points to your network and information are secure.
  • Spend more time and resources on creating a fast-response plan rather than trying to create a security plan that focuses solely on total prevention. Total prevention of cyber attacks on today’s Internet is just not realistic. A number of different devices that can potentially access the Internet is overwhelming. Instead, security should be mainly focused on detecting and reacting to different cyber attacks as quickly as possible.
  • Share your data. The financial industry like all industries is very competitive, but it is in everyone’s best interests to share the data they have on cyber attacks that have been attempted on their networks, servers, and computers. The proliferation of data is a great way to stop cyber attackers from gaining the upper hand. Institutions need to be able to share cyber attack data freely so that they can recognize and react quickly to all incoming attacks. If a financial institution were to lose control of its information or its systems, it would be devastating.

There are still a lot of companies that do not take cyber security that seriously. The world of technology is evolving at a very rapid pace and most if not all of our information is being digitized and uploaded to the Internet. If you can gain control for even a few minutes of someone’s network and information, you could wreck serious havoc. Financial institutions do not have the luxury of taking cyber security lightly. Please contact us to learn more about the services we offer the financial industry.