ActiSoft Technology - Blog #Social Engineering

7 Reasons Why You Need a Password Manager

Sun, 02 Jun 2024 12:42:22 +0000

Researchers attribute 80% of all breaches to weak passwords. These seemingly innocuous combinations—birthdays, pet names, or “12345”—become gateways for cybercriminals. They exploit lists of commonly used passwords and employ simple hacking tools to guess their way into accounts. Imagine someone getting rich by cracking passwords and draining bank accounts.

Monitoring your employees' password habits can be a daunting task without a password management solution in place. A business password manager grants organisations full control and oversight of their employees' password behaviours. The process of onboarding and offboarding employees is also streamlined. Continue reading to discover the functions of a password manager and how it can advantage your organisation.

What Is a Business Password Manager?

A business password manager is a tool that enables you and your employees to track, store, share, protect, and manage all passwords. Passwords are kept in a secure, cloud-based digital vault, accessible only with a master password. This vault can also store more than passwords, including documents, identity cards, and SSH keys, thus streamlining the security of your employees' files and passwords. Additionally, a password manager facilitates the creation of strong, unique passwords for each account, securely storing them.

Password managers play a vital role in maintaining the security of your organisation and simplifying the management of your employees' passwords. They also negate the need for employees to submit help desk tickets for password resets.

Benefits of Having a Password Manager For Your Organisation

Unsure of how a password manager can benefit your organisation? Consider these six advantages of deploying a business password management solution.

1. Enforce Organisation Password Policies Efficiently

Centralising password management within a single platform enables organisations to standardise and implement password security policies throughout the organisation. This includes setting a minimum password length and mandating the use of Multi-Factor Authentication (MFA) for every compatible site.

Employing a password manager permits IT administrators to verify compliance with organisational password policies among all employees.

2. Visibility Into Password Practices

Without centralised password management, IT administrators lack insight into employees' password habits. This issue of visibility is increasingly critical with the rise of remote work. It will prevent your employees reusing the same password across various sites and applications. Password managers offer a centralised console that grants administrators full visibility into employees' password practices, regardless of whether they are working in the office, remotely, or using a hybrid approach. Don’t worry the IT administrators cannot see the passwords in a user’s vault.

3. Securely Share Passwords

In businesses, password sharing is essential and crucial for task completion, yet it's imperative that employees have a secure method to share these passwords with their team. A password manager serves this purpose effectively. It enables organisations to establish shared folders for various groups such as individual departments or project teams. Moreover, users can securely share credentials with designated individuals, with the added convenience of automatic credential transfer to the recipient's vault.

Furthermore, our offering of Keeper's password manager provides the option to dictate whether the recipient of shared credentials or folders has the permission to edit or merely view the shared items.

4. Implement Role-Based Access Control (RBAC)

Employees should be granted only the system access necessary for their job functions, nothing more, this is the Principle of Least Privilege. This not only aids in preventing insider attacks but also reduces organisational risk if an employee's account is compromised. Adopting a standardised password management solution allows organisations to enforce Role-Based Access Control (RBAC) and keep track of account activities for any unusual behaviour that might suggest misuse or a security breach.

5. Dark Web Monitoring

Cybercriminals often target Software as a Service (SaaS) developers and other vendors, aiming to steal credentials from their clients' employees. It may take months for an organisation to detect a breach, and usually, the victims of these third-party breaches are the last to realise they've been compromised. Meanwhile, cybercriminals might have already sold the stolen login credentials on the dark web.

BreachWatch, a widely-used extension for Keeper's password manager included in our Enterprise offering, monitors dark web forums and alerts organisations in real-time if any employee passwords or credentials appear online. It integrates smoothly with the Keeper password management platform, allowing IT administrators to promptly enforce password resets.

6. Simplified employee onboarding and offboarding

The use of a uniform password manager streamlines the onboarding process for new hires, facilitating a smooth transition even when the team is partially or fully remote. IT administrators can efficiently prepare new employees for work within minutes by either manually registering each one via the admin console or enrolling multiple users simultaneously using Keeper's supported methods. New employees are welcomed with a personalised email invitation containing a link to set up their Keeper Vault.

Former employees retaining active passwords pose a significant cyber risk, and securing passwords during the offboarding process is vital to an organisation's cybersecurity infrastructure. Upon an employee's departure, their system access must be revoked without delay. Password managers not only enable IT administrators to promptly withdraw access from ex-employees but also offer the option to conceal passwords for current employees within the platform. This measure prevents the copying of passwords through screenshots or written notes and facilitates the secure handover of accounts to successors.

7. Helpdesk Tickets

It is estimated that 40% of help desk calls/tickets pertain to password resets, each costing the business approximately £60. Envision a scenario where a multitude of employees are synchronised on a 90-day password renewal cycle; the impact on productivity could be substantial.

IT support teams can be targeted with social engineering attacks aimed at password resets, they typically rely on static data to confirm an employee's identity, a password manager such as Keeper mitigates that risk.

Consider the potential accomplishments of your support team with a decrease in password reset calls/tickets!

Choosing Keeper as Your Organisation’s Password Manager

Keeper's Enterprise password management solution offers all the essential features required in a password manager, plus many additional benefits. The Keeper password manager operates on a zero trust and zero knowledge basis, ensuring that only the end user can access the plain-text data in their Keeper vault—Keeper's employees included.

With Keeper for Business, every employee receives Keeper across an unlimited number of devices, ensuring comprehensive protection throughout the company. Moreover, it includes a complimentary family plan for every employee.

Contact our friendly Cyber Security specialists at Actisoft today to find out how Keeper Password Manager can help you improve your security posture and protect your users and organisation.

Get Started Now!

Insider Threat: Is there an Enemy Lurking Within Your Business?

Tue, 12 Jul 2022 16:39:33 +0000

Insider threats represent a huge security risk to all organisations, and research suggests that the average cost is almost twice that of other types of breach. Whether the people behind the threats are acting nefariously or are completely oblivious to what they’ve done, the impact is just as serious. While business leaders are becoming more aware of the risk of insider threats, many organisations still lack the resources and knowledge to protect their data. In this article, we’ll take a look at the different types of insider threat, discuss the associated costs and show you how to mitigate risk.

What is an Insider Threat?

The term “Insider Threat” is used in the cyber security industry to describe any kind of threat posed by individuals from within an organisation. This can include current employees, stakeholders, contractors, board members, partners and previous employees. Basically, it refers to anyone who has the potential to access networks and put them at risk, whether intentionally or accidentally. The kind of information at risk of being compromised might be financial records, customer and employee data, passwords, business contracts or details of the organisation’s security procedures.

Insider Threats fall into two broad categories: intentional and unintentional. .

Intentional Threats tend to come from disgruntled employees, current staff members or contractors who misuse systems for their own personal gain and/or to cause disruption. People may work alone or in partnership with others, such as hacking organisations or business competitors.

Unintentional Threats are down to user error and lack of awareness. Those without adequate training and knowledge about cyber security issues can inadvertently put their networks at risk by falling prey to phishing scams, exercising poor password security or sharing data on compromised devices.

Different Types of Insider Threats

There are several different types of insider threat:

Second Streamers

This refers to current employees who intentionally misuse their organisation’s confidential data, either for financial gain or while working in partnership with others. Second streamers are thought to account for about 62% of all insider threats.

Angry Ex-Employees

When people feel wronged, they sometimes want to seek revenge – and compromising valuable data is a great way to do it. About 29% of disgruntled ex-employees committing deliberate sabotage do so for personal financial gain, while others act purely maliciously and want to cause as much damage and disruption as possible.

Inadvertent Insiders

This is one of the most common types of insider threat facing organisations today, and it’s all down to user error. People often don’t realise they’ve made a mistake (such as clicking on a dodgy link or sharing financial records with a convincing fraudster) until it’s too late, which is why it’s essential for all employees to have robust, regular cyber security awareness training.

Persistent Non-Responder

If you regularly hear someone say something like “all these security measures are just a waste of time, who would want to attack us anyway?” you’re probably dealing with a persistent non responder. Anyone who consistently refuses to adopt appropriate security protocols and continues to share passwords or use insecure devices is a risk – and it’s not always who you might expect. CEOs and board members are often the worst offenders.

How to Mitigate Risk

The cyber security landscape is constantly evolving and notoriously complex, so it’s impossible to completely eliminate risk. However, by adopting a multi-layered approach and ensuring you’re completely transparent about what you expect of your employees, it’s entirely possible to significantly reduce the risk of insider threats. Here are just a few measures you can take to protect your organisation:

Undertake regular risk assessments to assess the likelihood of an attack
Ensure all staff have regular security awareness training
Maintain close management of all user permissions and ensure that leavers are immediately removed from your systems
Undertake penetration testing at least once a year
Implement 24/7 network monitoring
Organise a cyber security assessment/simulated phishing attack
Set up a managed detection and response system

Minimising the risk of insider threats doesn’t have to be hard work when you have the right team on your side. Contact our friendly specialists at Actisoft today to find out how we can help.

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone

Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

IT pros have realised that simulated phishing tests are urgently needed as an additional security layer. Today, phishing your own users is just as important as having antivirus and a firewall. It is a fun and an effective cybersecurity best practice to patch your last line of defence: USERS

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)
Select from 20+ languages and customise the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organisation compares to others in your industry

The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!

Try It Now!

What Are Social Engineering Attacks and How Can You Prevent Them?

Fri, 01 Jul 2022 09:47:38 +0000

is a common tactic used by cyber criminals to manipulate people into sharing confidential information. Hackers exploit people’s trust, knowing that when we’re under pressure we may be more likely to make mistakes. The kind of information hackers seek out varies, but commonly includes bank account details, personal information and company files. Social engineering is a common tactic used by cyber criminals to manipulate people into sharing confidential information. Hackers exploit people’s trust, knowing that when we’re under pressure we may be more likely to make mistakes. The kind of information hackers seek out varies, but commonly includes bank account details, personal information and company files.

Hackers love to use social engineering because it’s easier to trick someone into sharing their password than to spend time trying to hack into an account. So, they lull victims into a false sense of security by gaining their trust and pretending to be someone else.

Social engineering attacks take many forms, but they commonly look like emails and messages from friends and trusted organisations:

Emails from Friends

Hackers spend a while collecting information about their targets, so if your social media followers and friends list are publicly visible it’s relatively easy for them to create fake email from a friend. These messages contain links, videos or images that include malware, so if you click on them they’ll gain instant access to your device and all your vital information.

Emails from Organisations

These kinds of cyberattack are known as phishing emails. Like fake friend emails, these can be very convincing and are designed to look like they’ve come from trusted sources, such as HMRC or your bank.

Once hackers have gained a target’s trust, they will create a sense of urgency by asking for help. This might be in the form of a desperate friend being stranded in a foreign country and needing some funds to be wired to them urgently, or a financial institution asking for you to verify personal information. They may also send a message claiming you’re the winner of an online competition, or pretending to be your boss or co-worker asking for client details.

The Cost of Social Engineering

The monetary cost of social engineering attacks on businesses vary according to different sources, from anywhere to £25,000 to upwards of £4 million.

The biggest social engineering attack recorded to date was led by Evaldas Rimasauskas, who successfully targeted Google and Facebook. He set up a fake company and bank account, posing as a computer manufacturer who worked with the two tech giants. His team of scammers then sent phishing emails to a number of employees within Facebook and Google, attaching invoices for work that had been genuinely undertaken by the real manufacturing company. The money was then deposited into fraudulent accounts, and over the course of two years over $100 million was extorted.

But perhaps the most important – and most often forgotten – impact of social engineering attacks is the human one. The guilt and shame associated with clicking on an infected email and causing huge organisational damage is too much for some people, with victims becoming depressed or developing severe anxiety. Two people are thought to have committed suicide following the Ashley Madison cyber-attack of 2015, and many others have lost their jobs and livelihoods.

How to Protect Yourself Against Social Engineering Attacks

Since social engineers like to act when people are more likely to be under pressure, it’s important to try to stay mindful and vigilant at all times. Here are some ways you can minimise the risk of a successful attack:

Report and delete any messages that ask for financial information or passwords
Set your spam filters to “high” and regularly check your folders to ensure no legitimate emails are in there
Install robust anti-virus software, firewalls and email filters on all devices and user accounts
Use multi-factor authentication and strong passwords, so even if anyone does manage to get hold of your password they’ll still be asked to provide further information if their credentials aren’t familiar
Double check all email addresses claiming to be from friends or trusted sources before you respond – particularly if they contain links or ask for information
Be wary of tempting offers – if it looks too good to be true, it probably is
If in doubt, stop. Taking a few minutes to check whether something is legitimate is a lot less time consuming than clicking a link in haste

To find out more about how to keep your organisation safe, contact our friendly team of Cyber Security specialists at Actisoft Technology today.

Start Your Free Phishing Security Test

Find out what percentage of your employees are Phish-prone

Did you know that 91% of successful data breaches started with a spear phishing attack?

Find out what percentage of your employees are Phish-prone™ with your free phishing security test. Plus, see how you stack up against your peers with the new phishing Industry Benchmarks!

Why? If you don't do it yourself, the bad guys will.

Here's how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)
Select from 20+ languages and customise the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organisation compares to others in your industry

The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Start phishing your users now. Fill out the form, and get started immediately!

Try It Now!

National Health Service Becomes the Latest Victim of a Credential Harvesting Phishing Operation

Thu, 16 Jun 2022 15:30:26 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

Part of a six-month attack, email accounts on the NHS’ Microsoft 365 instance were compromised, resulting in over 1,100 targeted email attacks used to obtain more credentials.

According to security researchers at email protection vendor Inky, the 139 compromised NHS accounts were being misused from October 2021 until March of 2022 as the cornerstone of further phishing attacks attempted to either harvest credentials to major online platforms, or to trick victims into providing banking details.

Emails were likely sent using two IP addresses serving as SMTP relays for the NHS’ 27,000+ users, allowing attackers to work remotely. What may have allowed this attack to remain undetected for 6 months was the number of emails being sent:

You’ll note the dramatic spike in the number of emails sent in March of this year, likely drawing attention to the attack.

Emails impersonated both the NHS and individuals within, using NHS email footers, and names of compromised individuals to add credibility to the scams.

While there were only 139 compromised email accounts (out of over 27,000, according to the NHS), it literally only takes a single phishing email to alter the course of an individual or an organisation. Because most phishing scams need to get the victim to focus on one response action (e.g., clicking a link or opening an attachment), the scams can generally be identified pretty easily, if the user is vigilant.

And this vigilance comes with education through Security Awareness Training designed to help users understand the nature of phishing attacks, social engineering techniques, and the role they play in corporate cybersecurity.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)
Select from 20+ languages and customise the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organisation compares to others in your industry

Go Phishing Now!

Top Cyber Threats to SMEs

Fri, 10 Jun 2022 11:13:34 +0000

If you’re running a small to medium sized business, it’s easy to think that you might not be a big enough fish to attract the interest of cyber criminals. But the truth is, small organisations are just as much at risk of hacks and other security threats as huge corporations – in fact, being smaller may make you more of a target.

Attackers are targeting thousands of businesses every day, and those with less robust defences in place make much easier prey than bigger organisations who can invest more time and money into cyber security.

Hackers also love targeting small businesses because they often deal with large sums of money and have great contacts – which means there’s lots of lovely data to steal.

It's often said that knowledge is power, and that’s certainly true when it comes to cyber-crime. The owners and managers of SMEs need to be aware of the risks, which is why we’ve put together this short article outlining the most common cyber-attacks right now and what we have seen.

1) Phishing

By far the most prevalent – and damaging – threat facing small and medium sized businesses in 2022 is phishing. These attacks account for 90% of all breaches; a figure that’s grown by 65% since 2021. Phishing attacks are when a hacker sends an email pretending to be from trusted contact, tricking the recipient to click on a malicious link, download a code or share sensitive information. There are several types of phishing attacks you need to know about:

The spray and pray approach, which is where hackers send out thousands of emails all at once, in the hope that one or two will bite
Spear phishing: a campaign that targets a particular person or organisation and includes information which is known to be of interest to the specific target
Whaling: an even more targeted and carefully executed attack, where the hacker goes after a specific C level executive in the organisation

Phishing attacks are becoming increasingly sophisticated, which means that even if you think you’ve seen it all before, you could still be caught out.

3) Social Engineering

Social engineering plays a huge role in cyber-crime. Even though advances in technology have been behind more sophisticated attacks, those attacks can only be properly deployed by a human. So, hackers work hard to understand how people think and manipulate them into making security mistakes or sharing valuable data. Social engineering happens in several phases. First, the hacker investigates their victim and identifies any weaknesses in their security systems. Next they start to gain their trust, either by sharing information the victim might be interested in or by pretending to be a trusted contact. Then, when the target lets their guard down and begins to trust the hacker, they’ll go in for the kill.

4) Insider Threat

Insider threats are posed by individuals from inside an organisation. This can include current or previous staff members, partners and contractors with access to passwords and company data. These individuals may act maliciously, intentionally stealing data or infiltrating systems for personal gain, but often they’re completely unwitting. Lack of awareness about cyber security issues can turn the most diligent worker into an insider threat, so it’s important to have robust policies and training measures in place.

5) Shadow IT

Shadow IT is a term covering the use of different IT systems, apps, services and devices that haven’t been approved by an IT department. Since Cloud services have become more popular, and also since the first lockdown, the use of Shadow IT has grown exponentially. New technology drives innovation and can deliver huge cost and time savings, but without the right security measures in place it also poses a huge risk.

6) Software Exploits

A software exploit is a code that’s been written to take advantage of a particular vulnerability or flaw in a piece of software. Although security professionals sometimes develop these exploits as evidence of vulnerabilities, they’re also widely used by hackers with malicious intent.

The purpose of this article is to provide you with an overview of the most common threats to your organisation. We’ll go into more detail about each type (and a few others!) in our next articles. In the meantime, if you want to know more about how to protect your SME from cyber threats, get in touch!

Are your users putting a big target on your organisation’s back?

Cybercriminals are constantly coming out with new ways to hack into your network and steal your organisation’s confidential information.

Find out if your users are putting a big target on your organisation’s back.

KnowBe4’s new Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organisation’s hidden exposure risk associated with your users.

PET makes it easy for you to identify users with exposed emails publicly available on the web, and checks your Active Directory to see if they are using weak or compromised passwords that are part of a known data breach. PET then reports on any user accounts affected so you can take action immediately!

Here's how it works:

Checks to see if any of your organisations email addresses have been part of a data breach
Tests against 10 types of weak password related threats associated with user accounts

Checks against breached or weak passwords currently in use in your Active Directory

Reports on the accounts affected and does not show/report on actual passwords

Just download the install, run it, get results in minutes!

Identify how many users take the bait and reply before the bad guys do!

Try It Now!

Zero-Day Attacks: What Are They, Who's at Risk and How to Avoid Them

Tue, 31 May 2022 11:00:14 +0000

Zero-day attacks are on the rise, with events reaching an all-time high in 2021. But what exactly is a zero-day attack, and how can you avoid it wreaking havoc for your organisation?

Zero-Day is a generic term which describes a cyber threat that’s just been discovered. When a vendor or developer finds out about the flaw they have to fix it immediately, meaning they have “zero days” in which to act. It’s sometimes written as 0 Day, and a range of different words are used alongside, including attack, vulnerability and exploit

Let’s take a quick look at each one individually, because there are some important differences.

Zero-Day Vulnerabilities are flaws in software that attackers discover before vendors know anything about them. Because those vendors are blissfully unaware, they haven’t yet been able to create the necessary patches to keep them safe.
Zero-Day Exploits refer to the methods hackers use to make the most of those vulnerabilities, and:
Zero-Day Attacks are the next step, when hackers take action and steal data from vulnerable systems

How Do Zero-Day Attacks Work?

You’ve probably heard of patches; solutions that fix problems that arise as the result of software updates. Developers are always on the lookout for these problems, but unfortunately, so are hackers. So, if the attacker gets their first, developers find themselves in a race against time.

Attackers come in a number of forms, the most common being cyber criminals who are in it to make money. Other Zero Day attackers are:

Hacktivists: hackers who are motivated by social or political causes and want to raise awareness of their beliefs

Corporate Spies: these people engage in espionage on behalf of organisations looking for information – often about their competitors

Countries and Political Bodies engaging in Cyberwarfare

Once hackers identify a vulnerability, they will quickly write and develop a code (known as an “exploit code”) that enables them to take advantage of it. The most common way they do this is through phishing emails, which look like they’ve been sent from a trusted source. The message will ask the recipient to click on a link, visit a website or download malicious software. Once the code has been deployed, victims are open to a vast range of cyber-attacks, including identity theft.

Hackers will be constantly looking for vulnerabilities to exploit, and they can also buy them on the dark web. Depending on the software and the type of data that can be obtained, these exploits are hugely valuable – in 2018, the average cost was around £2,000. Cyber criminals sometimes act straight away, but they may just sit and wait for the best time to attack.

As soon as developers are made aware of a vulnerability, they will try to patch the software in order to prevent an attack. Unfortunately, it can take days, weeks or months for these vulnerabilities to present themselves – and be fixed.

As soon as an exploit has been identified and patched, it’s no longer seen as a Zero-Day threat.

Common Targets

If your system has been infiltrated, you might start noticing things like unexpected traffic, and suspicious scans and log-ins. It’s not always easy to spot a Zero-Day vulnerability, especially if you’re not in the know, but here are a few things that developers look out for:

Missing data encryption
Broken links and algorithms
Bugs
Missing authorisation information

How to Prevent an Attack

By their very definition, Zero-Day attacks are impossible to patch. However, there are some methods that can be used to prevent them happening in the first place. These include vulnerability scanning, patch management software and input validation, which all help you spot threats in real time.

One of the most effective and popular ways to prevent a Zero-Day attack is with a good web application firewall, which helps filter out unwelcome visitors and identify weak spots. We can help with all of the above, as well as offering a range of other systems and services to help protect your organisation from common cyber-attacks. Contact our team of cyber security specialists here at Actisoft Technology to find out more.

Are your users putting a big target on your organisation’s back?

Cybercriminals are constantly coming out with new ways to hack into your network and steal your organisation’s confidential information.

Find out if your users are putting a big target on your organisation’s back.

KnowBe4’s new Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organisation’s hidden exposure risk associated with your users.

Here's how it works:

Checks to see if any of your organisations email addresses have been part of a data breach
Tests against 10 types of weak password related threats associated with user accounts

Checks against breached or weak passwords currently in use in your Active Directory

Reports on the accounts affected and does not show/report on actual passwords

Just download the install, run it, get results in minutes!

Identify how many users take the bait and reply before the bad guys do!

Try It Now!

Verizon: Ransomware Involved in 25% of Data Breaches as Credentials and Phishing are Seen as Key Paths for Attack Success

Thu, 26 May 2022 16:14:08 +0000

Blog courtesy of KnowBe4

Written by Stu Sjouwerman

With the much-anticipated annual Verizon Data Breach Investigations Report finally released, we get a view of ransomware from the data breach perspective that points to a common weakness in your security strategy.

When it comes to the state of your organisation’s ability to protect itself against cyberattacks – and ransomware, specifically – I truly don’t want to be the one that says “I told you so.” But the new data in Verizon’s Data Breach Investigations Report paints a pretty conclusive picture around why ransomware attacks are so successful.

First off, I need to point out that while 25% of data breaches involve ransomware, that number is nearly double what Verizon found in 2020 – demonstrating that, from the data breach perspective, we’re seeing ransomware attacks begin to encroach themselves as a dominant factor in data breaches (and will likely continue to do so).

So, what’s helping ransomware-involved data breaches be so successful? In a word… users.

According to Verizon, 82% of data breaches (ransomware included) involve “the human element” (which Verizon cites as including “Use of stolen credentials, Phishing, Misuse, or simply an Error”). Take a look at the chart below from the report, showing the action varieties found within ransomware-involved incidents:

What you should notice is that three of the four (desktop sharing software, direct install, and email) all imply access to either a user’s endpoint or their web-based email. And how does one get such access? Usually through phishing attacks intent on either compromising credentials (in the case of email) or the user’s endpoint (in the case of desktop sharing software and direct install).

Verizon calls credentials and phishing two of “the four key paths leading to your estate” (in addition to exploiting vulnerabilities and botnets). They go on to state “These four pervade all areas of the DBIR, and no organisation is safe without a plan to handle them all.”

Let’s sum this one up, shall we?

Ransomware is on the rise, users are involved somehow in a majority of all data breaches, threat actors gain access to endpoints and email, and phishing pervades all of this. Seems to me that the issue here (when you rewind the clock back to the initial threat actions that allow these ransomware incidents to occur) is users falling prey to phishing attacks – something easily either reduced or remedied with Security Awareness Training.

There’s no more respected or trusted report out there than the Verizon DBIR. So if Verizon is telling you users are the key to successful ransomware attacks, and that phishing is one of the keys to your kingdom, you need to be doing something about it to mitigate the user risk that exist within your organisation.

Free Phishing Security Test

Here's how it works:

Immediately start your test for up to 100 users (no need to talk to anyone)
Select from 20+ languages and customise the phishing test template based on your environment
Choose the landing page your users see after they click
Show users which red flags they missed, or a 404 page
Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
See how your organisation compares to others in your industry

Go Phishing Now!

Eight Top Tips for Managing Risk in Your Organisation

Thu, 26 May 2022 14:23:25 +0000

Technology presents us with opportunities that even just a few years ago would have seemed impossible, but with those opportunities come a whole new set of risks. So, how do you strike a balance? We’ve put together a list of habits to help you embrace the digital revolution and minimise risks.

1) Make Sure You Know Your Business Inside Out

In order to properly manage risks, you need to first have a clear picture of what you’re working with. Once you have a detailed list of all your critical assets, technologies (including all devices), objectives and processes, you’ll be able to get a better idea of vulnerabilities – and how to tackle them.

2) Prioritise Tasks According to Risk

It might feel a bit overwhelming trying to work out where to start, which is why a thorough inventory is worth its weight in gold. Once you’ve identified all the devices and processes you use, do a risk assessment for each one and prioritise your task list according to your findings.

3) Understand What Your Stakeholders and Board Members Want

Most boards and customers are asking more questions about data security now, so you’ll need to be prepared to answer their questions and provide accurate reports. Take the time to build relationships with your stakeholders and listen to their concerns and draw up a risk report based on their needs. Ask your board how often they want to be updated and what level of detail they want – in most cases, they won’t need to understand the minutiae of how you’re handing every risk, as long as you can prove you’ve thought about all eventualities and are being proactive.

4) Follow Industry Best Practice and National Standards

Drawing up a risk management strategy can be time consuming, and your time is precious, so don’t stress yourself by trying to reinvent the wheel. Take a look at best practice in your industry and do some research into how other businesses in your sector are managing risk, then adapt it accordingly to suit your own organisational requirements.

5) Create a Resilient System

Any IT expert will tell you that prevention is much better than cure, so it’s all about being proactive and resilient. Ransomware continues to be a big threat for industries across the board, but it’s actually pretty easy to manage with the right software and processes in place. That said, there’s no silver bullet that offers guaranteed protection against all cyber threats, so you’ll also need a robust incident response plan in place to ensure that if your data does become compromised you can get back up and running quickly and cost effectively.

6) Promote a Culture of Awareness

You can invest a fortune in anti-virus software, but the most important part of your cyber security toolkit is arguably your people. Hackers can only infiltrate your system if someone lets them in, so invest in good training and keep your staff up to date on common risks and how to spot them.

7) Make Informed Decisions

There are lots of different types of software out there that all claim to offer all singing, all dancing protection against cyber-attacks. But just because a brand claims to be good, there’s no guarantee they will be, so take your time to ask questions, read (genuine) reviews and work out what you really need. Never assume systems, people and processes can be trusted until you’ve done your homework.

8) Know Your Enemy

Sun Tsu wrote about it centuries ago in The Art of War, and it’s still relevant now – when you understand who your adversaries are know how they behave, you’ve got a much greater chance of winning the battle. It’s essential to make security awareness an intrinsic part of everything you do and keep on top of the latest cyber crime trends and tactics – or, if you really can’t stand getting bogged down in such things, you invest in a good ally who will fight on your behalf.

To find out more about how to manage risk in your organisation, contact our friendly team of specialists here at Actisoft Technology today!

Are your users putting a big target on your organisation’s back?

Cybercriminals are constantly coming out with new ways to hack into your network and steal your organisation’s confidential information.

Find out if your users are putting a big target on your organisation’s back.

KnowBe4’s new Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organisation’s hidden exposure risk associated with your users.

Here's how it works:

Checks to see if any of your organisations email addresses have been part of a data breach
Tests against 10 types of weak password related threats associated with user accounts

Checks against breached or weak passwords currently in use in your Active Directory

Reports on the accounts affected and does not show/report on actual passwords

Just download the install, run it, get results in minutes!

Identify how many users take the bait and reply before the bad guys do!

Try It Now!

What is the Fourth Industrial Revolution?

Mon, 23 May 2022 14:32:18 +0000

As the cyber threat landscape continues to evolve, passwords and anti-virus software simply aren’t enough anymore. And while there’s no silver bullet that totally eliminates all attacks, employing a Multi Layered Defence will definitely help.

The Fourth Industrial Revolution, also known as 4IR and Industry 4.0, is a term used to describe a new amalgamation of the physical, biological and digital worlds. It combines engineering with science, Artificial Intelligence (AI), robotics, quantum computing, the Internet of Things (IoT) and other emerging technologies. Together, these new systems, processes and tools are completely changing the world around us – and the way we live in it.

It may sound like the stuff of sci-fi movies, but most of us have been using at least some of these services for a while. Sat Navs, mobile banking apps, iPhone face scans and tools like Alexa are a common part of daily life. But it’s perhaps in the workplace that the 4IR is having the biggest impact; disrupting every business sector at an unprecedented pace.

A Brief History of Industrial Revolutions

Most people are aware of the first Industrial Revolution, which took place in the 18th Century. It was prompted by the invention of the steam engine, and with these new machines came new opportunities and huge social, cultural and economic changes. The second revolution saw the invention of electricity, mass production and other big scientific improvements, and the third saw the birth of computers and digital devices such as clocks.

In 2016, the founder of the World Economic Forum Klaus Schwab wrote a book entitled The Fourth Industrial Revolution, which outlined the effects - good and bad - that technological innovation is having on the world.

These technologies include:

Blockchain: Often confused with cryptocurrency, blockchain is actually a type of storage facility that enables cryptocurrency such as Bitcoin to be created and exchanged in monetary terms.

Biotechnology: This kind of technology merges tech with biology. It’s particularly prevalent in the pharmaceuticals industry, because it allows scientists to develop cellular and biomolecular processes for the production of new drugs, among other things. It’s also used in manufacturing and is making great strides in the production of greener, more efficient energy.

Virtual Reality (VR) and Augmented Reality (AR): VR is all about immersive digital experiences that simulate the world around us (currently via a headset) whereas AR is a combination of the physical and digital worlds, such as mobile apps that allow us to add filters and change the appearance of selfies.

3D Printing: Printers have come a long way in the past few years, and today’s 3D versions enable users to create actual objects based on an image. Manufacturers can now print their own parts, while in the medicine world prosthetic limbs, tissues and even organs are now being produced.

Robotics: The sci-fi books of the 1960s often spoke about the possibility of robots taking over the world, and with the latest developments it doesn’t seem like such a far-fetched notion! While we’re a long way from having walking, talking and free-thinking robots in every home, they’re becoming increasingly advanced and playing an important role in everything from manufacturing to health and safety.

The Internet of Things/IoT: This is a term that covers a huge range of devices, from smart mobile phones and security cameras to wearable health and fitness devices, smart phones, smart fridges, thermostats and mobile devices.

Other technologies included in the Fourth Industrial Revolution include data storage, Cloud computing, cyber security technology, renewable energy…and much more.

The Impact on Businesses

There’s no doubt that the Fourth Industrial Revolution is having a huge effect on businesses everywhere. Although many worry that the increased role of technology could be bad news for humans, we’re nowhere near that yet. In fact, the 4IR is all about combining humanity with technology to create better experiences for us all – particularly customers. modern technology gives businesses the power to connect with people far more effectively than ever before, because it presents us with the data we need to really understand each other.

That said, because there’s so much more choice available these days, customers have higher expectations, which means more pressure on businesses to get with the programme in terms of their digital offerings. Customers also have more control of their own personal data too, and with the advent of the GDPR organisations of all sizes must be doing everything they can to keep client information safe. That means having robust cyber security processes and tools in place and ensuring all staff understand common risks, and how to avoid them.

To find out more about how you can embrace the Fourth Industrial Revolution without putting your customer’s data at risk, get in touch. As cyber security specialists we help our clients make the most of modern technology whilst protecting them from viruses, hacks and other cyber-attacks. Find out more today!

Are your users putting a big target on your organisation’s back?

Cybercriminals are constantly coming out with new ways to hack into your network and steal your organisation’s confidential information.

Find out if your users are putting a big target on your organisation’s back.

KnowBe4’s new Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organisation’s hidden exposure risk associated with your users.

Here's how it works:

Checks to see if any of your organisations email addresses have been part of a data breach
Tests against 10 types of weak password related threats associated with user accounts

Checks against breached or weak passwords currently in use in your Active Directory

Reports on the accounts affected and does not show/report on actual passwords

Just download the install, run it, get results in minutes!

Identify how many users take the bait and reply before the bad guys do!

Try It Now!

Multi-Layered Defence

Mon, 16 May 2022 10:11:48 +0000

What do we mean by Multi-Layered Defence?

Also known as Defence-in-Depth and Layered Security, Multi-Layered Defence is an approach to network security that uses a variety of tools. The aim is to keep all bases covered by ensuring every individual aspect of your cyber security strategy has a backup to protect against vulnerabilities. Think of it in the same way as keeping your house secure – you can lock your doors and close your windows, but your home will be even safer if you’ve also got a burglar alarm and security cameras installed. When you’ve got an arsenal of protection working together against hackers and other threats, your business will be more secure too.

Multi-Layered Defence is recognised as Best Practice, as recommended by the National Institute of Standards and Technology (NIST) Cyber Security Framework. The framework outlines five key areas to help businesses protect their systems and data:

Identify
Protect
Detect
Respond
Recover

Networks can be defended by implementing twelve essential layers, as outlined below.

1) Firewalls: A firewall is commonly the first line of defence in an organisation’s network security, acting as a barrier between the network and any unsolicited traffic.

2) Patch Management: Hackers are always on the lookout for vulnerabilities, and outdated software often provides them with the perfect way in. Patch management is essential because it means errors and bugs can be easily identified and fixed, making it far harder for cyber criminals to strike.

3) Multi-Factor Authentication: An MFA is an electronic automation method that requires users to be verified in two or more ways before they’re granted access to particular networks, applications and websites. Users are asked to provide information on:

Something they know (e.g., a password or PIN)
Something they have (a physical object, like a card, security key or mobile device)
Something they are (this method uses biometric verification, such as fingerprints, voice recognition and retina scans). While it may sound like a lot to ask a user, these solutions have been developed so effectively and efficiently that they’re easy to use and cause minimal disruption.

4) Endpoint Protection: Today’s businesses have a lot of different devices logging onto their networks, which significantly increases security risks. Every phone, laptop, PC , camera, printer, scanner and smart device (known as “endpoints”) must be individually protected as part of your cyber security strategy.

5) Content Filtering: There’s an enormous amount of web content out there, and if just one of your users happens to access a dangerous website your entire network could be compromised. Web content filtering allows you to block inappropriate or untrusted sources that could put you at risk of cyber-attacks.

6) Email Filtering: The vast majority of cyber-attacks - 94% to be precise - are still delivered by email. Hackers know all it takes is one click on a dodgy link for an entire network to be compromised, so by filtering emails before they arrive in users’ inboxes you can help stop them in their tracks.

7) Security Awareness Training: Knowledge is power, so many experts believe that educating employees is often the best line of defence. By providing staff with the training they need to spot common hacking tactics, such as phishing emails, you will be creating a culture of security and confidence. Threats evolve rapidly, so it’s important to keep training up to date and relevant, and it’s a good idea to conduct regular phishing simulations to keep people on the ball.

8) Robust Password Policies: A recent study from NordPass revealed that millions of people still use “qwerty” and “123246” as their passwords, and – even more concerning - over half of IT professionals still use the same password to access different accounts. In fact, as many as 73% of passwords are duplicates, which means if one account is hacked, the chances are your others will be too. By requiring users to change to complex passwords (containing special characters, numbers and inconsistent capitalisation) you’ll be making it much harder for hackers to break in.

9) Physical Barriers: Although much of modern business is conducted online, it’s still important to consider what physical security you’re using in your workplace. Security staff, cameras, alarms, key cards and good old-fashioned locks are still as effective as the ever were, and combined with modern biometric tools like thumb and retina scans they go a long way towards preventing crime.

10) Dark Web Monitoring: The dark web is notoriously a hotbed of illicit, insidious online activities, which includes the sale of business-critical data. Employee data is often targeted, enabling hackers to send malicious emails and install viruses. You can invest in tools that search the dark web for staff email addresses and passwords to keep you one step ahead.

11) Disaster Recovery: With new threats emerging all the time and the security landscape becoming increasingly complex, it’s impossible for anyone to offer 100% certainty against attacks. But what you can do is ensure that if the worst does happen, you’ve got the right business continuity and disaster recovery methods in place. These solutions include performing regular data backups and making sure your business continuity plan is routinely tested, maintained and updated, vastly improving your chances of getting back to business quickly and with minimal disruption.

12) Managed Detection and Response: It’s impossible for one human (or even a whole team of them) to monitor a system 24/7 and detect potential threats. Managed Detection and Response (MDR) is a solution that combines human skill and experience with state-of-the-art software to ensure your network is as safe as possible, all day, every day. Without the right tools data breaches can go unnoticed for over 200 days, which means cyber criminals to wreak havoc while you’re blissfully unaware.

If you want to do more to protect your organisation’s data and reputation, contact us today to find out more about our Multi-Layered Defence services.

Find out now how many of your users take the bait and reply to a spoofed email

Did you know that 60% of spoofed email attacks do not include a malicious link or attachment? When crafted well, most users are likely to fall victim to a highly targeted social engineering attack.

Try our Phishing Reply Test (PRT) it is a complimentary IT security tool that makes it easy for you to check to see if key users in your organisation will reply to a highly targeted impersonation attack.

PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organisation from these fraudulent attacks!

Here's how it works:

Immediately start your test with your choice of three phishing reply scenarios

Spoof a Sender's name and email address your users know and trust

Phishes for user replies and returns the results to you within minutes

Get a PDF emailed to you within 24 hours with the percentage of users that replied

Identify how many users take the bait and reply before the bad guys do!

Try It Now!