Ransomeware Attacks Hit Home

Coronavirus (COVID-19) has proven to be challenging. For most of the US, this epidemic has been ongoing for near 9 months with a new wave overtaking the country once again. Businesses have shuttered, jobs have been lost, and financial insecurity has become an obstacle for many to deal with.  

As one of the ongoing complexities, COVID-19 has shuttered in-school learning for many US students. Several US school districts including Baltimore County, MD announced that online learning had been impacted for 115,000 students due to an apparent Ransomware attack. As parents struggle to maintain a somewhat normal learning experience for their children studying from home, lacking information security practices within the information infrastructures are paramount in these disruptions. 

So what is ransomeware and how does this impact a compromised organization? Ransomeware is malicious software designed to deny access to an organizations information assets, files and or services. The perpetrator having compromised the target organization demands a ransom payment prior to restoring access to the locked data. In the case of Baltimore County, it has been reported that access to online learning tools and grading systems have been disrupted. 

Cyber insurance policies are available to facilitate ransom payments should such an attack occur within an insured’s environment. Many organizations choose to pay the ransom through insurance or directly if not insured. The cost of ransom payments have risen with many payments now being 6 figures or larger. Other organizations that choose not to pay a ransom spend millions trying to restore systems.  Atlanta Georgia in the spring of 2018 chose not to pay a ransom of $52,000 and instead paid a reported $2.6M to recover. 

While an insurance policy payment may reduce the recovery cost of an outage it does not account for the lost time of a disruption and only encourages further ransomware attacks. Ransomware attacks accounted for 41% of policyholder claims, insurer Coalition stated in its 2020 “Cyber Insurance Claims Report,” released in September of 2020. In some instances insurance companies have denied claims with excessive damage as in the case of NotPetya.

According to a Dark Reading article Maryland State auditors found a variety of vulnerabilities that could have lead to the incident in Baltimore County. While there is not clarity yet in the Baltimore County incident, it should be noted that ransomeware attacks have been ongoing for many years and most propagate due to unpatched systems. Typically, exploited systems are Windows based. Impacted systems in the case of Baltimore County have been reported to be Windows based.

At what point do we demand that organizations who maintain our personal information and upon which we rely on make certain that vulnerabilities are minimized? Individuals that are placed in technical roles must be held accountable in some manner as well as their management teams should they choose not to appropriately address ongoing maintenance of the systems and applications for which they are responsible. 

The most formidable defense against most cyber attacks beyond a properly designed infrastructure, is to establish reliable ongoing patch management and update processes for the entire infrastructure. While some may have you believe that this is a complex endeavor and perhaps it is in a very large scale environment, once established the organization’s ability to withstand cyber attacks is significantly improved. Choosing not to establish the proper protocols either through in-house staff or consulting resources is a dire mistake.

Network Management Solutions has been assisting organizations to properly design, implement, monitor and manage information technology infrastructure since 1996. We are available to assist your company in navigating the technical complexities associated with your business infrastructure. Call us today at 908-232-0100 for a free, confidential discussion on how we can assist your business and support your ongoing information security and technology goals.

Business Continuity Planning – Lessons Learned

The COVID-19 pandemic has created strife across the globe. Many families have suffered from illness, the loss of a loved one, loss of employment, and in some cases maybe a loss of hope in a way forward back to normal. While many businesses have been shuttered others deemed critical or those that operate virtually may be thriving. Assuming your business is operating, have you been able to operate effectively and efficiently? 

Some businesses are benefitting from their consumers being shut in, leading to increased online video and music consumption, people using at home time to learn a new skill, hobbyist expanding their knowledge base. All that aside, in order to operate virtually a business must have at a minimum an appropriate technology infrastructure and a business continuity plan that considers workflows.

Maybe you moved your business operations to the cloud so that all you applications are hosted in some remote data center and not your office space. Maybe you had a plan in place. Providence Regional Medical Center in Everett, WA treated patient number one in the US. They had a pandemic plan, had recently tested it, felt confident but when the pandemic hit they realized they didn’t have enough critical supplies and were scrambling for personal protective equipment, PPE. Additionally, defective test kits provided by the CDC were also a major problem. This story played out throughout Washington State, the country and world.

Some business may have segments or divisions that were able to operate just fine while other segments were shutdown. Content providers such as Netflix or Disney have had no problem providing streaming services and supporting end users watching TV shows, movies and documentaries. However, their content creation businesses that produce new movies and shows have been shuttered. Even with the best planning and infrastructure in place, market dynamics have had a huge impact on business operations.

Assuming you have been able to provide your service virtually or were deemed critical and allowed to remain open, having employees isolated at home has had its problems. I personally needed equipment and what normally would take no more than 2 days took over 2 weeks to connect, get advice and place an order. The company was operating virtually and demand was at all time highs and their technology infrastructure did not support their business process remotely as it did when employees worked onsite.

So what have we learned? For me the biggest difficulty was to have imagined the scenario we all faced. This event was beyond many organization’s planning. Perhaps many of the behemoths got it right, or scrambled to make things work. The largest obstacle perhaps was getting the business processes right when forced to operate remotely with employees in isolation. Difficulties collaborating with colleagues, maintaining business workflows, and operating efficiently are among the largest hurdles that virtually operating businesses have had to deal with. This pandemic will certainly impact business continuity planning for many years to come.

So what can we do to be better prepared for other unanticipated disruptions? A framework is important to getting things right for all business continuity planning. Below is a simplified 5 step approach.

  1. Develop a plan – Assemble a team, identify outage scenarios and goals. List what services must function as soon as possible, and what other functions can wait.
  2. Establish business operations workflows – Define how various departments and staff function both independently and cross functionally. Identify how the business operates with staff in isolation or at remote locations. Identify logistical moves of personnel that could be made today which would support business recovery plans in the future. Some firms such as Facebook are already defining work from home positions. Establishing work from home positions could potentially boost employee productivity and reduce company costs.
  3. Define the technology – Identify the services and infrastructure necessary to support the plan, as well as what other technologies could improve efficiencies or resilience. Identify potential logistical technology moves that might better protect the company, i.e. cloud computing and services.
  4. Brainstorm potential pitfalls – Ask what are we missing, identify the what ifs….
  5. Test the plan – Testing can help identify gaps in planning. After testing assess what worked well, and where expectations fell short. Identify the necessary changes and retest.

Network Management Solutions has been assisting companies since 1996 to design, implement, monitor and mange IT infrastructure. We have helped companies recover from failed projects, security breaches and outages. Contact NMS for a free, confidential, consultation to understand how we may contribute to your business ongoing businesses success.

Is your business at risk from a trusted employee?

All businesses depend on their employees regardless of their size. Trust is foundational in ensuring the business operates as required, customer needs are met, and intellectual property or regulated data is protected. While many companies are focused on protecting the business from external exploitation the thought of exploitation from insiders is many times missed.

Both Twitter and Trend Micro reported in November to have fallen prey to malicious insiders with legitimate access to sensitive company information. In both cases it appears that the companies did not discover the misuses by their own measures but became aware through 3rd party sources, long after the unwanted activity was initiated. Alarmingly, Trend Micro is a cyber security company which goes to show that even the best can get taken advantage of. Insider incidents are not new and are thought to account for one-fifth of all data breaches.

In the  case of Trend Micro the company indicated that 68,000 customer data records were provided to a 3rd party source who used the information in attempt to scam Trend Micro customers. In the Twitter leak, information was being provided to the Saudi government and Royal family pertaining to individuals who were hostile to the current regime. In both cases motivated employees provided the privileged information.

So what impact could a data breach have on your business? According to IBM the cost of a data breach in a small to medium business (SMB) with fewer than 500 employees averages $2.5M or 5% of annual revenue to remediate the issue. Regulated data such as in the case of Healthcare, averages $429/record, so the overall cost could be significantly higher to remediate the issue. Beyond cleanup costs a data breach can be devastating to a company’s reputation and the resultant loss of business can overcome many companies.

There is tremendous focus on the right tool set being the answer in solving complex information security issues. While investments in software, hardware, personnel, and training are all pieces in a complex puzzle, detailed processes and procedures are as critical as all of the other investments and without such, all investments are rendered ineffective. To many technical staffs the tools are exciting, but the process and procedures that insure the tools are generating manageable alerts for support staff may be viewed as ominous and are never fully implemented.

Without a proper implementation, many times events are generated and logged to some database server and alerts to supporting staff are never generated, or there are so many alerts that a support staff becomes overwhelmed and the response is to silence or ignore the alerts. When a third party source such as law enforcement contacts the compromised company and an incident response team is hired to investigate the breach, logs of malicious activity is often found tucked away on some database server that was never configured to alert support staff. Many times the malicious events have been ongoing for months to years.

Ask yourself or your employees:

How does the company monitor security alerts?

Is privileged user access to sensitive data audited on an ongoing basis?

Does the company use an internal audit function that is outside of the information technology group or use 3rd party resources to review security?

Are processes and procedures reviewed on an ongoing basis by an independent audit function?

Are the processes and procedures updated on an ongoing basis as the business and technology changes?

Does the organization perform regular incident response testing for data loss, systems outages, component failures, or other potential business disrupting compromises?

In the case of Twitter and Trend Micro a simple ongoing audit of privileged user access may have identified the malicious activity at its commencement saving time, reducing reputational risk, and significantly improving the company’s security profile.

Network Management Solutions has been helping organization since 1996 to establish sound information technology networks, systems, processes and procedures. Please call us at 908-232-0100 for a confidential consultation on how we can assist your business in managing the security of its information assets in a continuously changing world.

Investing in Your Business Infrastructure

Your business provides products or services that are important to its customers. As a viable entity the business provides investors, owners, management and employees an income and is vital to the financial well being of those involved. Every business is part of a commercial ecosystem and a micro economy in itself. In an effort to compete and stay viable why do so many business owners ignore the need for good information technology and security practices?

Admittedly for most it’s not a great topic of discussion. Information security and information technology in general is considered by most individuals too complex, too foreign, and best left to computer geeks to sort out. Well if you are in a position of responsibility within your organization you might agree, but it would be a dereliction of your duties not to be involved in defining overall technology objectives while reviewing outcomes ongoing.

Why? The operation of business today depends on information technology and information security. There may be some companies out there that still get by with pens and paper but they are very few. Most business relies on email, the web, databases, online banking, and perhaps some computer automation. A breakdown or breach of IT systems can be very disruptive and costly.  Ever contacted a business to order something when their systems were down?  How well did they meet your needs?

Most small business owners ignore the importance of information technology in their business planning.  This leaves the company prone to inevitable breaches, outages, and data losses. Too often simple maintenance and upgrades are ignored for extended periods of time and ultimately the lack of oversight backfires. We have seen businesses shut down by outages.

By the time a crisis occurs all the perceived money saved is long spent in lost productivity and potential reputational harm to the business. You might think you can hide the weaknesses from your customers but they know through their ongoing service experience. Many times your employees will tell your customers of recurring problems before they tell you.

Building and maintaining pragmatic IT solutions is the most cost effective and efficient way to operate. That’s not always easy to do as the latest technology is like a drug to some staff, and the vendor supplying it wants to move as much of the latest greatest as possible. Your involvement and the use of outside consulting are critical in developing, and maintaining your best interests.

Business objectives should be clearly defined with an IT plan supporting each objective in plain English.  There is no need for all the tech jargon. A simple question like how do we ensure data security should drive clearly defined objectives and an information technology roadmap that meets each point, which any layperson can understand.  Keep it simple, stay involved, your business depends on it.

About Network Management Solutions

Since 1996 Network Management Solutions (NMS) has been helping companies best meet their business objectives with pragmatic solutions.  Please contact us with your concerns we are here to help.  Network Management Solutions can be reached at 908-232-0100 or by email at info@nmscorp.com.  Further information can be found at our website, www.nmscorp.com

Facing The Realities Of A Data Breach

Most small to mid-sized business don’t consider themselves to be a data breach target and therefore never develop an incident response plan.  Having to respond to a data breach in real time without a plan can be challenging at best.  Some would call it a nightmare.

Your obligations and approach can vary widely depending on your business and the type of information you maintain.  Has data been destroyed or deleted, have passwords and accounts been compromised, have financial accounts been accessed and funds diverted, or has a database containing credit card or other sensitive information been inappropriately accessed?  How do you know?  A plan helps you to sort out the questions and set a direction to meet your business obligations and move systematically towards recovery.

How did you become aware?  Did an external source notify you such as your bank or law enforcement?  Do you believe that the incident was triggered by an internal or external event, was it intentional?  Often errors by internal staff can create an exposure of sensitive information that is then utilized by an outside source or it can be a calculated collaborative effort between the two.  An external hack may be the result of a targeted effort or weakness that is exploited through non-solicited emails, or a web or application interface.  Regardless of what has happened and how it happened still requires action.

So what are the steps to recovery and whom do you notify? A general approach might be as follows:

Build A Team: Form a team that will be tasked with specific events addressing legal, information security, management, public relations and other concerns.

Discuss Events and Develop Approach: Identifying timelines and events leading up to the incident can be key in establishing a direction and approach for remediating and investigating the breach.

Discuss Legal and Public Relations Requirements: Understanding your business obligations is critical as this will determine what steps you must take to address any legal or regulatory concerns.  Effective public relations will help preserve your business name.

Engage Appropriate Resources: This may include your financial institution, law enforcement, incident response resources, legal counsel, among others.

Commence Data Collection and Analysis:  Collection of computer data, log records and other digital forensic evidence is key to any investigation.  Professionals are required to ensure proper protocol and preservation of evidence. Many untrained computer personnel destroy evidence or miss the breach source so the compromise continues.

Address Legal and Regulatory Requirements: Based on your analysis you may be legally obligated to notify regulatory bodies and affected entities.  Timely response is of great importance. Your business partners may need to be engaged.

Notify Affected Parties: Those affected by the breach may need to be notified by law and the protocol may vary state to state.  This includes individuals that may have had credit card information, or personal and private information exposed.  Others such as business partners may need to know to ensure that they too are not affected.

Assuming that law enforcement will investigate is highly unlikely.  Unless your compromise a matter of national concern or has a multi million-dollar impact or you can pinpoint insiders there is little aw enforcement will do.  You will need to manage the investigation largely on your own.

Maintaining a robust information security program will greatly reduce the likelihood and severity of a data breach.  Having an incident response plan will provide the roadmap to address a data breach in a timely and concise manner protecting both your business and its reputation.

Please contact Network Management Solutions for more information.  We can be reached at 908-232-0100 or info@nmscorp.com.  Our website can be reached at www.nmscorp.com.

Superstorm Sandy Tested Business Continuity Plans

Superstorm Sandy ripped through the Northeast at the end of October creating significant damage throughout New York and New Jersey.  Many residents and businesses were without power for days and in many instances weeks. The storm damaged coastal homes and properties and in certain cases devastated entire towns.

How did your business fare during and after the storm? If you were not seriously impacted was it due to being prepared or were you lucky? Were you prepared in that you had a Business Continuity Plan (BCP) in place to call on, or were you lucky that you were able to scramble for alternatives, or were there no significant service disruptions experienced? Did your prior planning ensure that redundancy was available and alternate measures in place to sustain business operations and that those who could not get to work had designees in place to take over in the interim?

Now is the time to take stock of your preparedness and assess what went well and how you might have done better. Many times an outage will expose weaknesses in a company’s BCP and Disaster Recovery Planning.  We heard from numerous businesses that felt the effects of Sandy and realized they were not prepared.  Equipment damage, data losses and long standing service outages and an inability to rapidly provide alternate resources hurt those businesses.

Companies that prepared plans and tested their viability ongoing did remarkably well.  Critical services were available and key business activities continued. The effort to develop, execute and manage the plan was well worth it to those who prepared.

Network Management Solutions provides Business Continuity and Disaster Recovery Planning.  For more information please contact us.