Cake, Lasagna, Security...it is all about layers.

Cake, Lasagna, Security… it is all about layers.

Layers can be delicious, but sometimes they cost you. You can protect yourself, train your employees, and have good policies and procedures, but over time, if you don't adjust them to match the risks you are dealing with, they can become obsolete.

As you know from our previous posts, if you are unsure of an email, you hit reply and look at the email address to determine if it is from a legitimate known entity. An example would be receiving an invoice from a vendor, and you can easily verify by hitting reply and determining if the email originates from their email address domain). Unfortunately, as we deal with security issues, we now see more structured attacks. These sometimes come from trusted sources with additional access to your systems. 

So instead of attacking you now, they are attacking your trusted sources to gain access to their mail system so that they can create an email account from that domain OR give themselves access to an already existing account. From there, they can go through the target's email to determine whom to contact at your office to send fake invoices. The Threat Actor (TA) has now evolved to target you directly through your customers and vendors. How can you help to protect yourself? 

 Here are some of the basics:

• For Office 365 – all users need to be utilizing Multi-Factor Authentication (MFA)
• Global Admins MUST use MFA
• Always call to verify any unusual requests from your customers and vendors, such as new bank accounts for ACH or a new mailing address
• Educate your employees through training
• Immutable Backups
• Enforcement of "Trust but verify."
• Use Sender Policy Framework (SPF), Domain-based Message Authentication, Reporting & Conformance (DMARC), Domain Keys Identified Mail (DKIM)

The security landscape constantly evolves and meeting current and future threats have become more challenging. You must prepare your employees for the common incidents they may come up against, such as via email or even actual voice calls. They are your first line of defense, but that may not be enough. As many companies have already discovered, sometimes people click. This causes risks to increase, and their cyber insurance policies have to adjust so that they can mitigate the costs. As a result, you are asked numerous questions about your environment to ensure adequate security and recoverability. 

• Do you use MFA(Multi-Factor Authentication)? 
• Do you have an EDR (Endpoint Detection and Response) or MDR (Managed Detection and Response)? 
• Is it monitored by a SOC (Security Operation Center)? 
• Are you patching your IT Systems regularly? 

Answering no to any of the above questions can/will result in a fee adjustment for insurance coverage or no coverage being offered. Additionally, as an MSP hired to manage and maintain your environment, we are limited by the level of protection you allow us to provide. For example, if we provide protection but an employee clicks on a potential threat email, we have to rely on the Antivirus, EDR (Endpoint Detection & Response), and DNS filters to provide the layers of defense. If these fail, we must have a good backup…if you have none of these items, then we are severely limited, and your business, employees, and customers will ultimately be paying a heavy price. 

The average cost we see these days to buy a decryptor from a Threat Actor is roughly 50k. If you involve insurance, they will assign a company to try and recover your data from the Threat Actor. They will charge hourly for their services, and I have yet to see a group that I would hire myself as they make mistakes. One group we assisted negotiated 45k for two decryptors…there were three separate encryption viruses in total, meaning they did not recover 100% of their data. This group argued that you could only encrypt data once…WRONG! Ultimately it was the infected company that must pay the price. This is a real case affecting a real Small Business. This was handled so poorly that they later received information from the threat actor that they would contact their customers with the stolen system data to see if they wanted to purchase it. The risk here is that the small business is now open to possible lawsuits from customers or vendors. 

What can you do? As always, contact a trusted source such as Modo Networks. Even if you have your own IT Staff, having an MSP knowledgeable in prevention and recovery can help prevent and resolve such issues. Modo Networks has an Assisted IT Plan that is less expensive and gives a small business a NOC with over 500 Engineers and a SOC that watches your environment 24x7 to help prevent a catastrophe. Contact Us today.