Skip to content

Do you need a fresh perspective?

Is your IT staff overworked? Do they get projects completed on time and under budget?

What is the true value of knowing your Cybersecurity risks and threats?

Does your IT staff have the experience to give you a proper report of your Cybersecurity compliance reports?

CISA certified means Certified Information Systems Auditor. Which means you will get a proper report after a thorough review.

We know that 25% of companies do not patch their computers within any reasonable time period, this is a very large amount of companies. We also know that 22% of companies do not backup their files.

So there is a large amount of entities not doing what they should to protect themselves and us as well.

since the problem is if they get infected, now their machines may have your email address in their address list.

And then you wonder, why is this person sending me an email?  Well, their machine was compromised and is now sending spam malware to everyone.

And guess what, the badly configured machines will get attacked again and again.

This is not like lightning - Cybersecurity strikes again and again until you fix the processes for good. although there are no guarantees at least you can make the risk minimal.

Contact Us to discuss how to check your IT staff and make sure you will stay in business even after an attack. Or to get your ship in shape before something happens.

If you want to use the Internet then you must know now you are within arms length of all people with a computer in this world, which is more than 3Billion people.

internetusersimage from website¹

Can you imagine being within a block of 3 Billion people (good and bad).

You must understand that whenever you use the Internet you are connected to 3 Billion people which means what?

It means that if 2% of the people are criminals in the seediest parts of the world then you are connected to 60 million criminals and some of these are _very_ sophisticated criminals. So everyone that connects to the Internet must have a sophisticated operation or it is a matter of time before disaster approaches.

 

As I have explained on my blog oversitesentry.com² - it is as if you are loading a X barrel gun (the X is dependent on how serious you are in your defense).

1000gunbarrelsis it a 500 barrel gun? or 1000barrels?

If you are loading a 500 barrel gun then every time you connect you are playing Cybersecurity roulette. Boom - missed today. whew...

But tomorrow is another day - will you have a vulnerability? Or go on a bad(infected) website?

The more computers you have the more risk you have.  the more you use the Internet the more risk you bear.

What have the criminals done? They are putting resources into areas which make them more money:

ransomware3500percent

Above image from DarkReading.com³

So this is a problem - we need the Internet in 2016 and beyond, but we are also connecting to many bad elements.  A business needs to be sophisticated as well. You need a high degree of defense to keep up with the attackers, there is no way around it.

riskmanagmentmatrix

It has to do with risk analysis, next gen firewall, patching your systems on a timely basis, anti-virus, vulnerability analysis, testing your systems and more.

Contact Us to discuss all these details.

 

  1. http://www.internetlivestats.com/internet-users/
  2. http://oversitesentry.com/do-you-have-a-500barrel-riskgun-or-a-1000barrel-riskgun/
  3. http://www.darkreading.com/cloud/ransomware-domains-up-by-3500--in-q1-/d/d-id/1325748?_mc=RSS_DR_EDT

 

As Robert Graham says in his blog Errata¹ It is Human nature to do a number of Cybersecurity No No including fall for Phishing scams (even the experts fall for them). A well crafted email will look like it is coming from a trusted source not from a stranger.  So to avoid phishing scams one needs to look for more than just "is this email from someone I know?"

  1. A phishing Scam is where an unsuspecting email user clicks on a fake email and on it's attachment. The attachment then infects the computer due to the malicious software(malware) actually hiding within the attachment.
  2. Password reuse - due to laziness and bad practices employees use the same passwords on several sites. When a weak security site is hacked the hacker has your password and now can guess where else you might use it (banks, email account, and more)
  3. SQL injection (for programmers).   This is a computer programmer topic.

Consistently reusing passwords across many sites is human nature (laziness). But doing so in your hobby site and using the same password in your email account and facebook is a recipe for disaster.

Once a hacker has your email account they can change everything.

For the programmer it requires more work to sanitize data input and to make sure that an attacker won't use an ingenious method to insert some malicious code

Is Robert right? Are people really 'stupid' regarding these 3 items?

I would not be so harsh as to call everyone Stupid.

 

As a society we will be hacked in one form or another, but the reason is not stupidity, as most people understand the basics that hacking means to use ingenious ways to get around the standard.

Another thought that is wrong in general is the false belief that  we could design something that is foolproof, or at least it does not have to be worked on constantly.

I think we need to assume that we will need to consistently patch and fix our computers. we also need to see that the computer is a tool written by humans and used by humans.

Unless one has the mindset of the attacker and the tools and setup of sophisticated attacks one cannot really see the potential dangers under every rock. The IT people in every company are busy trying to connect and work on every system in your network. They do not spend every day researching new attack methods. Attacking test computers

You have to have a separate group of people with a separate pair of eyes to review your network defense, computer system setup and more.

Let me explain it for you if you still have questions.

Tony Zafiropoulos - 314-504-3974

systemengineeringassecurity

  1. http://blog.erratasec.com/