Archive for the ‘Security’ Category

7 Technology Predictions for 2018

Posted on: January 18th, 2018 by Jessica Diehl No Comments

This blog is misnamed.  Instead of '7 Technology Predictions for 2018,' it should really be “what are the technology trends between now and the end of the 2nd decade of the 20th century.

As I view the last third of the decade, I see that there are political drivers outside that will impact our IT focus.

1.  Political and Technology Gap will Widen

More than ever, the gap between political power and knowledge of the current state of IT widens.  The average age of a House member is 57 and a Senator is 62.  This demographic embraces technology at a marginal rate compared to groups only 10 years younger.  They will not see the importance of standards for cybersecurity, Internet of Things, and crypto currency until others have already made decisions.  To complicate matters, those providing them what they deem to be knowledge of the issues (Warren Buffet, et al) have no conviction that they need to be overly concerned with these matters.  This has nothing to do with the political party in control.  It has to do with the disconnect in values placed on technology.  Heck, I got an email from a Congressional assistant that I have repeatedly worked with earlier this week, and it was obviously a phishing attack that used information from their account to target me.  If they aren’t safe, they won’t get overly concerned whether or not we are safe.  I was hoping the Hillary Clinton email fiasco would draw a positive light to the issues associated with cybersecurity, but they didn’t.  Shame on me for thinking otherwise.

2.  Increase in IoT Devices

Human propensity to take the easy way will lead to the creation of more IoT devices, controlled by mobile devices that aren’t secure. On my cell phone (Samsung Galaxy), I have apps that control light switches, fans, a thermostat, and my garage door opener.  These apps aren’t getting updated when my operating system is, and I can only imagine that exploits are already out there/under way to make it possible for people to get into my house.  As part of this technology prediction, privacy concerns may be the only item that drives government to really get serious about creating standards and regulating communications between devices created with GoFundMe capital and my safety.

3.  Shift in Passwords

Passwords, as we know them, will go away. An ever-growing industry exists to manage the overt password management issues that we all face.  Tools that allow you to get back to a single password to get into everything are nearly as commonplace as the devices that they operate on.  In essence, we are migrating back to a world of negligible security, once you get through the front door.  As facial recognition/fingerprinting technology becomes commonplace, we will see an end of Pass@words as part of the use of technology.

4.  Shift in Medicinal use of IoT

Medicinal use of IoT will be the catalyst behind the medical industry’s drive to address HiPPA concerns and the need to keep down costs. Health insurance costs will not decrease without the ability of providers to offer more services via automation than they currently do with office visits and procedures.  IoT is the Obi-wan Kenobi of that movement.  Expect some take-your-breath-away applications of IoT in the medical devices that we use.

5.  Networking Migration will Continue

Networking will continue on its migration away from the wired world to the wireless world. I anticipate that 5G will be immediately adopted, and many individuals will go to work and bypass the company’s network altogether as the access cloud based apps that they use to do their jobs.  Why use a 1 GB network that is being shared when you can have your own 1.2GB network that doesn’t have any restrictions?  It will demand that companies offer services to the users that are better than 5G or give up on offering anything at all.  Bring your own lunch will be as common as bring your own cloud connection.  Bank on this one happening beneath the sheets, when none of the executive management are watching.

6.  Cyber Jobs will Increase

Jobs in cyber will grow at record-setting rates, and attract far more than the stereotypical tecno-geek types portrayed in movies and on TV. Cyber and counter cyber represents a way to add another venue for social equality that folks on the edge of society living 20 years ago couldn’t dream of.

7.  Technology Services will Shift

Technology services are on a path not much different than automobile maintenance. Early on, everyone learned how to change their own oil, brake pads and alternator.  Now, with computers knowing more about what is going on under the hood than even the designers, it makes nearly no sense to learn how to diagnose issues and fix a car.  This is coming from a former motorcycle mechanic.  People will have technology services companies like mine take care of everything possible, so they can focus on business.  No more “who is going to change the oil on the network” conversations.  Folks like us will do it, every time.

Cybersecurity Skills Shortage Increasing Companies’ Security Threat Risk

Posted on: December 15th, 2017 by Jessica Diehl No Comments

There’s a decent chance your IT team is woefully lacking in the skills needed to protect your organization from the growing cyber security threats.  New research reveals organizations are understaffed with employees lacking in skills to protect networks.

According to new research

  • 54% of organizations surveyed do not have cyber security skill levels appropriate for organizations of their size
  • 57% of organizations surveyed do not have enough security operations for organizations of their size.

This cyber threat skills shortage directly affects an organizations ability to detect, prevent, and respond to security incidents.

The professionals surveyed highlighted these particular weaknesses stemming from the skills and staffing shortages.

  1. Hunting for Security Threats IT: Staffers are often too busy responding to incidents to be proactively looking for security threats. And if they do have the time to look for threats, many have not taken the time to grow the advanced skills necessary to spot the increasingly sophisticated attacks.
  2. Prioritizing Security Alerts: The increasing number of tools that can alert security professionals about incidents has created a lot of noise. Many IT staffers don’t have the skills to assess and prioritize the growing number of alerts.
  3. Securing the Root Cause of the Incident: Security team members often respond to security events by putting out the obvious fires. Again, because of a shortage of staffers, and increasing demands, the security team can forget to take the vital step of discovering the cause of the incident, and working to prevent it from happening again.
  4. Thoroughly Tracking Security Incidents: Many organizations lack documented processes to track security incidents from discover, to investigation to remediation.

The Network Team has worked with dozens of small and medium sized businesses with similar concerns.  You’re not in the cyber security business.  Your IT department should be focusing on ways to further your business goals with technology.  TNT has a staff of highly trained and certified engineers, backed by world-class cyber security tools and solutions. Let us take the stress off of your employees, and handle your security.

Mecklenburg County Server Hack: What You Need to Know

Posted on: December 6th, 2017 by Jessica Diehl No Comments

Residents in Mecklenburg County hoping to get a marriage certificate, or vendors hoping to get paid for work done for the county, may be out of luck, and could be for several days.  Hackers attacked the county servers Monday, locking access to files, and demanding 2 Bitcoins (about $25,000) to decrypt them.

County officials say no resident’s personal information has been exposed, but instead, the hackers encrypted information county employees need to do business.

Like nearly all ransomware attacks, the hackers gained access to the county servers because an employee clicked on an infected attachment in an email.  The county is considering paying the ransom, as well as looking into attempting to decrypt the files themselves.

The Rising Cost of Ransom

TNT has written extensively about the tactics of hackers, and dangers of Ransomware.  And the FBI itself discourages victims from paying the ransom.  But because it is easier for many victims, they do end up paying.  There are many reasons that is a bad idea, and here is just one:

Mecklenburg County Servers

Bitcoin became the standard for ransom in Ransomware attacks in 2016.  In just the past year, its value has gone up more than 1500%, and it continues to rise every day.  That means that on Monday, when the hackers made the demand, the 2 Bitcoins were worth $23,000.  But the value has already increased, and as of the writing of this blog, it’s $25,600.

Criminals Who Can’t Get Caught

These hackers are incredibly smart.  Their use of Bitcoin as a means of ransom is ingenious.  Because it is not considered money, there is often little law enforcement can do, even if they are able to catch the hackers.  Since the hackers are most often located outside of the reach of US law, figuring out who is responsible is a pretty tough task.

Law enforcement – even if they figure out what happened, it may not be considered a crime – reference FBI speaker and chamber presentation – he shared that it is often the case law enforcement can do nothing since bitcoin is not considered ransom or extortion as it is currently not considered legal currency.

 

Not if, but when

Regardless of which route the county takes (paying or not), they simply must come up with a plan to keep this from happening again.  However, the fact is that Ransomware is becoming an increasingly simple and profitable crime for hackers.  Just like there is no 100% sure-fire way to prevent yourself from catching a cold, there is no 100% sure-fire way to ensure you never get hacked.  While you can’t completely avoid catching a cold, you do have a contingency plan in place – you take medicine, you rest.  In the same manner, businesses need to have a business continuity plan in place before they fall victim to hackers.

TNT’s Business Continuity solution would mean a hack like this would have zero impact on business, as everything would have failed over in real time to one of 2 disaster recovery solutions.  Employees would have continued access to the files, applications and servers needed to do business, and the organization would not need to pay the ransom.

Learn more about Business Continuity below, and contact us today to learn more about protecting your data.

How Hackers Will Get You to Do Their Dirty Work For Them

Posted on: November 29th, 2017 by Jessica Diehl No Comments

Hackers are now angling to get you to do their dirty work for them.  Security researchers have discovered a new kind of malware offering victims a ‘nasty’ way to unlock their files. Instead of paying a ransom with bitcoin, victims need only send the ransomware to another unsuspecting victim.  If two or more others are infected by your personalized link, the hackers will release your encrypted files.

This new malware, called Popcorn Time, may also delete the victim’s files if you enter an incorrect decryption code too many times.  Malware Hunter Team found the new tactic, which is still in development, and hasn’t been released yet. But security experts are keeping their eyes on it.

Ransomware is becoming the number one malware used by hackers who’ve already encrypted information from small businesses to major health care organizations.

Protect your information from hackers and ransomware

  1. First and foremost, regular backups of your most important files could help take some of the ‘bite’ out of a potential attack.  With regular, offsite backups, you could be less at the mercy of the hackers.
  2. We cannot say this enough: education, education, education. Train your employees about the latest tactics used by hackers, and encourage them to never open an attachment or click on a link that looks suspicious – even if it appears to come from someone inside your organization. Cyber criminals are getting increasingly sophisticated, and better at spoofing email addresses.
  3. Patch your operating system, anti-virus, browsers, etc. and keep them all up to date.
  4. Consider setting up additional firewall protection to enhance security.

The Network Team has solutions and training to help with all of these. Reach out today to find out how we can help protect you.

The Network Team