2022 was another busy year for our Incident Response team. Whether it was responding to a breach onsite, or remote restoration, there were some consistencies we found as to how threat actors were able to get in. Here are our findings for what we saw most in 2022. 

Matt Pippin, Director of Incident Response, says the top two causes for compromise in 2022 were not patching or updating systems as well as a lack of user education. Let’s break it down.

Patch Management 

Patch Management is an important part of systems management and involves monitoring systems for updates and installing patches that may change features, correct bugs, and most importantly, fix critical security vulnerabilities. 

Pippin says, “We see servers running Server 2008-2016 that are online and not patched.” Some IT teams may hold off on installing patches and test them to ensure they don’t disrupt critical systems within their environment, but as Pippin emphasizes, not patching systems is usually “due to a lack of IT resources.” In our review of 2022, there were three distinct areas of compromise for unpatched systems. 

Areas of Compromise for Unpatched Systems 

Apache Log4j vulnerability, also known as Log4Shell, is a vulnerability on the Apache Log4j 2 Java Library. It is a Remote Code Execution (RCE) vulnerability that’s been given a threat rating of CVSS-10, which is considered the most critical and rarely assigned to a vulnerability. It is also the top compromise Avasek’s Incident Response Team saw in 2022. Does that mean all Log4j compromises were on unpatched systems? Not necessarily. Four patches have been released since the discovery of the Log4j vulnerability, two of which had vulnerabilities of their own. So, what can businesses and IT teams do to protect themselves from this ongoing, critical security vulnerability? 

“For any system that has the Log4j vulnerability, remove its exposure to the internet,” says Pippin. “If that’s not possible then limit traffic to it from only known and verified good sources. Outside of those things, putting MFA for logins on the system as well as isolation from the main production network will help as well. There are other things that can be done depending on what the system is used for but getting an Avasek Security Assessment would help determine other avenues of protection.” 

George Zilahi, Director of Managed Services, adds, “Make sure Remote Desktop Protocol (RDP) is not publicly accessible. It should only be behind a VPN or inside the network. Vulnerability assessments should also be done regularly.” This leads us to the other top two areas of compromise we saw in 2022 for unpatched and updated systems: Exchange servers and firewalls. Even if IT resources are minimal, keeping an eye out for critical system patches and updates, and most importantly installing them, can help reduce your company’s chance of compromise. 

User Error Can Leave Your Organization Vulnerable 

Now let’s turn to the other top cause of compromise we saw in 2022, which is lack of user education. More specifically, lack of security awareness education. Phishing, as defined by NIST, is “A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.” But not all phishing attacks are the same, and from what Avasek’s Incident Response team saw in 2022, spear phishing attacks took the top spot.

You might be asking, “What’s the difference between phishing and spear phishing?” Phishing broadly describes an attack that’s designed to get someone to take action, like clicking a link in a mass spam email. Spear phishing is simply a targeted phishing attack. The cybercriminal, for example, may be looking for specific information that only one or two individuals at an organization have. They then use techniques like social engineering to gain that individual’s trust to get the desired information, which in turn, is used to execute the cyberattack. 

It should come as no surprise to anyone that phishing attacks are not going away anytime soon. In fact, they’re increasing day-by-day. Messaging security company, SlashNext, conducted a study analyzing “billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over six months in 2022 and found more than 255 million attacks – a 61% increase in the rate of phishing attacks compared to 2021.” Additionally, global technology company, Acronis, says that the average cost per data breach could reach more than $5 million in 2023. 

Educating your employees on security awareness and what to watch out for is a vital step in protecting your company from these types of attacks. Training company, KnowB4, notes that, “Old-school awareness training does not work anymore, and email filters have an average 7-10% failure rate.” Regular monthly simulated phishing attacks, in addition to continued education, can help dramatically reduce a company’s phishing risk. 

Final Thoughts

While this is not an all-inclusive list of every top compromise in 2022, we thought it best to share what our team saw most over the past year, along with some insights to help you, your company, and employees stay secure.

Contact us for more information on a security assessment or to learn how Avasek can help protect your organization.

The post The Top Causes of Cyberattacks in 2022— according to Incident Response Professionals appeared first on Avasek.

With this in mind, here’s what you need to know about protecting your organization when it comes to SaaS platforms.

Understanding the Shared Responsibility Model

Perhaps the most important thing to remember when using SaaS tools is that many providers operate on the Shared Responsibility Model (SRM). As the name suggests, SRM puts an onus on both the software provider and the end-user to maintain good security and robust data handling practices.

An example of SRM in action would be Google scanning a file for known vulnerabilities as it is uploaded to a company’s Google Drive folder by a Workplace user. When that file is later downloaded by another user, Google may check it again for malicious code, but it is also the responsibility of a company to run its own security examination, making sure the file is safe to run on its network.

Likewise, a company is responsible for how Microsoft 365 interfaces with other tools it uses. Incompatibility issues that could threaten the integrity of key files or programs should therefore be reported back to the SaaS provider so that those issues may be addressed.

While SRM is a good practice in the world of SaaS tools, errors will inevitably occur. According to a survey by the Cloud Security Alliance, 43% of organizations have experienced at least one security incident or malfunction linked to SaaS misconfiguration. 

Ransomware attacks are on the rise

Even in the most rigorously maintained SaaS environments, security lapses happen. It only takes one employee to mistakenly click a link from a spoofed email address, and before they realize it, ransomware is spreading like wildfire throughout the company, locking up vital data.

Profit-driven malicious attacks are a big business for the bad guys. As reported by InfoSecurity, ransomware attacks are on track to cost global businesses more than $30 billion in 2022, with some expecting that figure to climb as high as $265 billion by 2031. With more and more SaaS platforms making their way into organizations, the surface area for ransomware attacks is growing exponentially.

Accidental file deletion is a frequent problem

Theft is not the only threat to information hosted on SaaS platforms; user error is also a major risk. Both Google Workspace and Microsoft 365 have data retention settings, allowing administrators a level of control over the time that files are held on cloud-based servers. But should those rules be misaligned, then important data can be scrubbed.

A 2016 questionnaire of over 1,000 IT professionals in the U.S. and the U.K. found inadvertent deletion was the principal cause of data loss on SaaS networks. The study – carried out by EMC’s Spanning –  also found many companies mistakenly believed SaaS providers are primarily responsible for recovering data lost by users. Once again, SRM plays a significant role in data management.

Avasek SaaS Protection provides a 1-click backup solution

The most important aspect of any data recovery planning is to make sure you have adequately backed up your information before anything bad can happen. This is why Avasek has partnered with widely-trusted data backup operator Datto to provide institutions with a backup and recovery solution that works inside of Google Workspace and Microsoft 365.

For a low cost per license, Avasek’s SaaS Protection automatically backs up files three times a day, ensuring you always have a fresh copy of your important data. Avasek’s flexible data retention rules allow you to decide what is kept and for how long. And should the worst happen, our 1-click recovery solution ensures you can get information back, all in a non-destructive manner.

So whether it’s emails to your customers, or spreadsheets from your clients, Avasek’s SaaS Protection is always backing up your information, making sure it’s only a click away should the worst happen. 

The post SaaS Protection with 1-Click Backup: How to Safeguard your Business from Data Loss appeared first on Avasek.

This year’s theme is “It’s easy to stay safe online,” which reminds users that there are plenty of simple ways to protect your personal information and secure private data when using the internet. 

What is cybersecurity, and why is it important?

Cybersecurity is the practice of safeguarding and restoring data from devices, programs, or networks. Cybercriminals can steal all sorts of data, including, but not limited to: health records, personal data, or intellectual property. 

In a digital age, we have significantly increased our use of tech and cloud-based services, which means our data is now at greater risk of being hacked now more than ever. Now more than ever, be aware of what information you share with others and how that information is distributed.

What are the most common cybersecurity threats?

Potential risks to cybersecurity come in a wide variety of forms. If you don’t employ the greatest cybersecurity measures, each of these dangers has the potential to result in a data breach.

Lack of attention to cybersecurity can harm your organization in a variety of ways, such as:

• Ransomware: Is a kind of malware that restricts users’ access to their computer systems or personal files and demands ransom money to allow users to access again.

• Malware: Malware is software created explicitly to interfere with, harm, or gain unauthorized access to a computer system.

• Denial of service: A Denial-of-Service (DoS) attack aims to bring down a computer system or network so its intended users cannot access it. DoS attacks do this by providing information that causes crashes or flooding the target with traffic.

• Phishing:  Hackers employ this method to send phony emails or messages that seem to be from a reliable source. Cybercriminals can create these messages or emails by impersonating individuals you know, such as friends, coworkers, or other reputable businesses. 

How can you defend your business against cybercrime?

You can boost security and lower the danger of cybercrime by implementing the following practices within your organization:

• Educate your staff – Inform your staff members of good cybersecurity practices when creating platforms for work resources, including company emails, computer logins, or data transfers within your organization. 

• Secure your devices – Your company’s information and valuable data might be at risk for possible data breaches if your company devices are left unattended, misplaced, or stolen. 

• Update your devices regularly – Always check to ensure that your devices have the latest software when prompted to make the updates when the updates indicate bugs or security-specific updates. This will significantly lower the chances of your devices being hacked.

• Build up your resource library – To give your team additional resources, we recommend you check out some of our blogs, including: What is Ransomware? What can you do to protect yourself?, 5 Basic Network Security Tips for Small Businesses, and The Life of a Phish.

• Act swiftly in case of a breach – Suppose you sense that your organization may have been hacked, contact Avasek’s Incident Response team for help with mitigating the damage to your organization, your customers, and your reputation.

• Become cyber resilient – Your data’s security is essential, which means that you need to have the right security systems in place to defend your organization against future attacks before they happen. Contact us today to learn more about how Avasek can help make your organization cyber resilient.

The post Is your organization’s data protected from potential cybersecurity threats? appeared first on Avasek.

Join Avasek at the event, and enjoy a full day of in-person learning, networking, and business discussion.

For more information, please visit 2022 Cyber Risk Insights Conference – New York.

WHEN: October 25, 2022 | New York Marriott Marquis

The post 2022 Cyber Risk Insights Conference – New York appeared first on Avasek.

For more information, please visit: https://www.crowdstrike.com/events/fal-con/

WHEN: September 19 – 21, 2022 | Aria Resort & Casino, Las Vegas

The post Fal.Con 2022 appeared first on Avasek.

As Avasek has seen all too often, company systems and networks are constantly being targeted by malicious actors, determined to get access to valuable internal data so it can be exploited in a myriad of ways. From trade secrets to client contact books, hackers have developed a broad array of technical skills to pry information right out of a firm’s hands. With this in mind, we’ve compiled a list of 10 breach statistics so you can better understand the risks your business faces.

1. The average cost of a U.S. company data breach is roughly $9.5 million.

According to a recent IBM study, data hacks cost firms in the United States an average of 9.44 million. In fact, U.S. businesses spend the most recovering from such breaches.

2. Data breaches impacted almost 300 million individuals in the U.S. last year.

Data compiled by Statista shows data records for over 298 million U.S. residents were illicitly accessed last year. Healthcare, financial services, and manufacturing were the most targeted industries.

3. Criminal organizations were behind 55% of cyber breaches in 2020.

A report from Verizon states more than half of data breaches in 2020 were orchestrated by criminal gangs, who were mostly driven by the potential financial gains. However, the study also notes secondary motivations were also a prominent factor, concluding many hacks were part of bigger, more complex schemes.

4. In 2020, misconfiguration errors played a role in over 40% of data breaches.

Verizon found an increasing number of malicious actors exploited misconfiguration errors in 2020. The report notes misconfiguration can include systems administrators forgetting to set cloud storage bins to private.

5. U.S. organizations lost about $50 million in ransomware attacks in 2021.

The FBI says it heard from over 3,700 businesses last year whose data was locked up by malicious attackers. The agency notes cybercriminals strong-arm companies into paying ransoms by threatening to make proprietary information public or even destroy it all together.

 6. 48% of malicious email attachments are presented as Microsoft Office files.

As this statistic from a Symantec study shows, it’s important for all staff to remain vigilant about what they download and open. And of course, with Microsoft tools being such a huge part of company culture for four decades, it’s no surprise hackers rely on this trick to get into networks.

7. On average, hackers attack every 39 seconds.

Researchers at the University of Maryland have demonstrated just how relentless malicious actors can be. As the study shows, many networks have to be robust enough to fend off over 2,200 hack attempts every single day.

8. 83% of breached companies experience additional attacks.

As IBM’s data suggests, a company that suffers a data breach is highly likely to be targeted again. The study notes a majority of hacked firms had to increase prices to help recover costs.

9. 96% of businesses have been targeted by phishing emails.

A 2022 study by Mimecast shows a vast majority of companies received phishing emails over the preceding 12 months. The report also notes 80% of firms expect to have to deal with the fallout from a breach originating via email.

As the statistics show, for companies, data breach threats are not only persistent, they are extremely costly. Fortunately, Avasek is an experienced leader in helping businesses both defend and recover from such devastating attacks. Find out more about how Avasek can assist your operation today so that you’re not picking up the pieces tomorrow.

The post 9 Data Breach Statistics Your Business Needs to Know appeared first on Avasek.

For more information, please visit: https://netdiligence.com/conferences/cyber-risk-summit-bermuda-2022

WHEN: November 16th-17th, 2022 | Bermuda

The post NetDiligence Cyber Risk Summit (Bermuda) appeared first on Avasek.

For more information please visit: https://netdiligence.com/conferences/cyber-risk-summit-santa-monica-2022

WHEN: October 10th-12th, 2022 | Santa Monica

The post NetDiligence Cyber Risk Summit (Santa Monica) appeared first on Avasek.

For more information, please visit: https://www.dattocon.com/

WHEN: September 13th, 2022 | Washington, D.C

The post DattoCon appeared first on Avasek.

The NetDiligence® Cyber Risk Summit in Philadelphia is attended by cyber insurance, legal/regulatory, and technology leaders from all over the globe. A premier education and networking event, this conference features three days of workshops and panel discussions by leading cyber experts who share their insights on hot topics, trends, and cybersecurity concerns. Connect with leaders in cyber risk and privacy liability and learn from their experiences on current and emerging concerns in the ever-changing cyber landscape.

For more information, please visit: https://netdiligence.com/conferences/cyber-risk-summit-philadelphia-2022

WHEN: June 1-3, 2022

The post NetDiligence Cyber Risk Summit (Philadelphia) appeared first on Avasek.