Watch to learn about the absolute essentials businesses need for threat detection and compromise prevention.
Having issues accessing the video above? Watch the video here.
“Things are just nuts.” SOC/SIEM Director Heff didn’t hold back on his honest opinions about the current cyberthreat landscape. But while COVID phishing scams, web skimming, and ransomware rage, if you can understand the landscape, you’re halfway there. When it comes to knowing your enemy, the SecurityMetrics SOC/SIEM is running reconnaissance. Heff and Forest closely monitor the daily ebbs and flows of cyber threats and attacks, and use that time-sensitive information to better protect SecurityMetrics customers.
Attendees learned about the specific motives, tactics, and trends they need to know in order to have a fighting chance against cybercriminals. Heff and Forrest delves into statistics and stories about phishing attacks, crypto-mining, and ransomware in the field, and followed up with the absolute essentials businesses need for threat detection and compromise prevention.
This webinar was hosted on September 23rd, 2020, as part of SecurityMetrics Summit 2020.
Hi, everyone. Welcome. Welcome to today's threat briefing. I am Hef. I'm your host. Along with me on this journey is Forrest. Forrest, how are you doing?
Doing well, man. How about you?
Good. Good. We have a jam packed stuffed threat briefing today, and we really wanted to just give anyone at home that's listening. We wanted to give you kind of a road map on where we are seeing some trends, with regards to the threats and the threats that are out there, and then also provide a little road map of what's maybe possibly gonna happen here in the next twelve months. And if you're you're searching for a strategy, you don't know where to go, you you don't know where to look, we hope to give you some guidance on that today as well. So without any further ado, I think it's important that we introduce ourselves for us. What do you do as part of our team here?
I work primarily in the security operation center. I do threat analysis and trying to find the bad guys.
I've been with the company for about nine years now in various capacities, whether that's, IT and systems and network administration, penetration testing, or managed firewall and security engineering.
Yeah. And and there are a lot of acronyms coming at you today, folks. And our goal is not to overwhelm you with this information, but really to kinda, just provide you some some guidance. And I am the director of the SOC, so our job is to get out there and find the bad guys, hunt the bad guys, and try to let our clients know who's attacking them or who's not attacking them.
So we see a lot of different things. We are part of the security metrics company, and part of that is we are a data security and compliance technology company. We also offer a lot of managed services as part of our team, and that means we're out there looking for the threats. So, we are a very busy team.
We try to find a lot of the breaches that happen out there, and when they do, we we notify our clients. So our agenda is pretty straightforward.
We're talking about people, process, and tools, Forrest. Right?
Yeah. Yeah. The trifecta there. It's, it's an awesome foundation. I I love the framework that that allows you to to build out, just any any, organization to to have that awareness and reproducibility and just, you know, get things done.
So we thought we'd we'd start with the people side of things. And before we get too deep into the people side of things, it's important that we we set a foundation of what has happened really since January. I mean, January, it just seems for us like things are just nuts. It's just out of control. What's going on out there in the world?
Oh, boy. Yeah. It's, it's been quite the year. So thanks, twenty twenty.
It's been like gasoline on fire. I mean, really, when it comes right down to it with the threats that you're seeing fueled by the pandemic, and, of course, now a lot of businesses are are doing remote workers, and all of that has kinda changed the threat landscape and who's being attacked and how they're being attacked. So we always like to start with a little quote, and this quote comes from us, from our friends at Webroot and Nick. And Nick actually I I love this quote for us. Pressure pressure will mount on business leaders to cut costs, cut security spending, but the bottom line is the the cyber criminals out there, the threat actors, they're not cutting their budgets. They're gonna keep going at it. They're they're always looking for vulnerabilities and ways to exploit, weaknesses for all types of businesses out there.
Most definitely. There's there's a a lot that goes into that with, you know, the the the global economic kind of landscape that's going on currently. A lot of people have fallen on hard times and, ultimately in the end, a lot of cybercrime is about the money, you know.
About seventy one percent according to, I think it was Verizon's report last year, seventy one percent of breaches were financially motivated. So, the the vast majority of this stuff is people looking to to cash out in some way. And so, in in a lot of ways, it's like any other opportunistic crime, you know, just the the biggest difference is it's on the global scale, you know. We're we're not just dealing with people in your immediate vicinity. You could be getting hit by somebody in Bangladesh or the Philippines or, you know, anybody on the other side of the planet could be, you know, trying to take a pot shot and see if they can get something.
I don't know about you, but I read this recent report about how these coronavirus scams for for some of these threat actors, it's been more scams than any other event in the last decade. I mean, we're talking more scams than it's for them, it's like, Christmas, Valentine's Day, and the Super Bowl all rolled into one, and they're just having a ball out there. And and it's so insane, the threat landscape. We thought we'd take a few minutes just to talk about some of the threats, some of the emerging trends that have been going on.
The big one that everyone seems to talk about is the phishing stuff. And I I think we've we've seen some crazy numbers out there, six hundred and forty percent increase in active phishing sites since January. I read that in one report. I've read other reports that say other numbers.
But the bottom line is these phishing scams, these attacks, the social engineering stuff, it's just not going away.
Yeah. I'm I'm really interested to see, you know, we we do see that massive increase in these these domain registrations.
What I'm wondering how how successful are they? You know? Like, it'll be interesting to see when we get, you know, number crunching at the end of the year. You know, they're they're taking a lot of shots, how many are landing. So that'll be really interesting to to see over the next few months once once we start getting a better idea of, how how much is actually hitting there.
What's what's interesting too is the pandemic threats, the they're evolving now, and what we're starting to see is these themes.
We're we're seeing the trend to go away from COVID themes, and they're now moving towards phishing scams in favor of the election that's coming up, the BLM themes. We're seeing a lot more of that and less of the pandemic related, phishing attacks. But the challenge though more than anything is they targeted industries, and it's always following the money. I mean, that's what threat actors do. At the end of the day, we're seeing more of targeted industries around the health care, the legal, the financial industries.
And if you had to put a finger on a horse, why would you say they're they're continuing still to go after those those industries?
That's, those are very high value targets. I mean, if you can if you can get into a financial network, oh, man. Yeah. Go crazy with wire transfers, all kinds of stuff. You know, that's that's pay dirt right there. Then you get into things like health care or, legal organizations.
I that that stuff could be, you know, the the gold mine for, you know, the the right people.
You you you get that very sensitive kind of information, that that's, worth quite a bit if if you're willing to, do nefarious things with it. I mean, you you've got people that are that are getting into things like blackmail and extortion, and they're leveraging this information to just, you know, really ruin someone's day.
Yeah. These threat actors and it's not always about the money. Oftentimes, it can be about other there's other goals. There's always different types of motives involved in all these situations, but they're following the money train, and they're they're going after the sensitive data.
They're they're looking for the crown jewels. So if you have those crown jewels in your environment and you don't know what is the most important things to protect, well, the bad guys are gonna find it. And when they do, they're gonna they're gonna try to take advantage of it. So I there's another trend going on right now, and it's all over the news, and I I think some people listening are probably maybe impacted by the remote worker trend.
What do you think is going on there?
A huge shift in the landscape, really, especially among, or among, larger enterprises. I mean, you you see, especially, the the tech giants have really embraced remote work. It's it's, in a lot of ways, a big shift in the way that people are looking at employment on the whole. It opens up a lot of opportunities, and I don't think it's gonna be going away anytime soon.
I think, the the barn door is open, And, now that people have seen that the vast majority of positions out there that that are functional at this level, there's gonna be a lot of demand for it. Not only, amongst the companies themselves, but from the talent. So you start pea you start getting people that are able to move to, places with lower class of living and still able to to make a a decent wage at one of these large organizations. It's it's, kind of a no brainer in that sense.
So, you're starting to see a lot of people, mass exodus from Silicon Valley, you know, like, who wants to pay, you know, three, four thousand dollars in rent when you can, you know, get a a mention for that out in the Midwest. You know, it's, I I don't think this is going away anytime soon.
And for a threat actor, it's really you think about the huge geographic footprint now that businesses have to protect. And if you're on the call here today, you're listening, if you're a director of IT or you're working on the cyber side of the house, boy, it's just a challenge. I mean, she's trying to get a handle on all of the the vulnerabilities that come with working remote. So those those really are some some important trends. They're gonna keep happening, but there are some other trends too. And I think one of the trends that we should probably touch upon is the cryptocurrency mining stuff that you we're we're just seeing a lot of that with our clients as well.
Yeah. It's, this one's actually been getting really popular.
It's, I I believe it was just last week, that I I saw there was a a piece of malware that's, operates entirely peer to peer. There's there was no, centralized commanding control, And it one of its payloads was to install a cryptocurrency miner. And, so this is this is really starting to to blow up, in a in a big way. Number three, threat over the the last thirty days, US cert CISA report was, there was, like, remote administration tools, the I can't remember what the second one was, a file list piece of malware, but the third one was cryptocurrency miner, specifically XMrig for Monero. So it's it's interesting that this is, really coming to the forefront because it's a it's a quick and easy way for somebody to to cash in and, you know, make money from an exploit.
Essentially, what it comes down to is once they've gotten into the network, especially for nonsophisticated actors, they're they're just looking for a quick buck. They they aren't gonna be, they don't know how to leverage sensitive information or things like that. So fastest way to to cash out is to steal CPU cycles, essentially just siphoning off your electricity so that they can crunch some hashes and, walk away with some crypto, hopefully cash out some way, you know, the ATM or who knows. It's, it's a pretty pretty cool dynamic.
It's it's, I I could go on for hours about cryptocurrency, but I'll I'll I'll spare you.
But we have we have a lot of other areas to talk about too. And the other area that's not going away is these malware, the trojans, the backdoors, the droppers. I mean, it's the usual suspects. At bottom line, I we I saw one report for us that said seventy two percent of all attacks in twenty twenty were those types of attacks.
So not only in our mind, we we're still dealing with all the phishing stuff, we're still dealing with all the remote workers, and now we're still dealing dealing with the Groundhog Day of the same stuff, same usual suspects.
But, boy, the interesting note too is I read something about, twelve percent decline in quarter two, I believe it was. Quarter two of twenty twenty, a twelve percent decline in malware attacks, which, again, still doesn't make our job any easier, but that's interesting to see that that trend as well happening.
Yeah. I'm I'm interested to know, you know, what's, what's taking up that gap. You know, it's it's not it's not going away. These guys aren't giving up anytime soon. That's for sure.
So, there is interesting stuff around ransomware and I the the the numbers that we're seeing, our friends at Emmysoft, they they came out with a report that essentially said a hundred thousand ransomware submissions happened between January and June of twenty twenty, and that's a tremendous number.
But, Forrest, what I found was interesting is the the the people that are getting attacked, the corporations, the organizations, the businesses that are getting hit with ransomware, it's really the ones that can pay.
And a lot of the attacks that you see in the news are related to organizations that are doing pandemic research. So if they're researching things like vaccines, they're the ones that are gonna be targeted. And we saw that with the University of Cal in June. We saw that San Francisco where they paid one point four one point one four, billion Bitcoin, I believe it was. Did you see that in the news?
I didn't. I the the one that I saw was, the University of Utah. And the thing that I thought was really interesting about that was, they had backups.
So they weren't paying to decrypt, the the ransomware threat actors are are evolving. You know, a lot of it had been exploiting, lack of, disaster recovery. You know, people didn't have backup, so they needed to pay to get their data back. Well, now, the you know, everybody's kinda gotten gotten keen to that, So, the the, threat actors have had to evolve their tactics so that they can try and extort money out of people.
So what do they do? Now instead of just encrypting everything, they're they're siphoning all the data back and threatening to disclose it all. You know, it's we're we're gonna air your your private data unless you pay us x amount of money. So the the University of Utah wasn't paying to, get the data back.
It was to prevent them, in, you know, a a good faith of, hey. You know, please don't put these people on blast.
Yeah. And a lot of these companies and organizations, they don't even have a policy or procedures in place on how to pay through Bitcoin. So that challenge that's a challenge. And then here's the thing that a lot of people ask, especially in the, University of Cal breach was, do we pay it or we don't pay it?
Why even pay it? Because once you pay it, then you set that precedent. Well, what happens if they hit you again? Are you gonna keep paying?
So but in University of Cal's case, they thought the data was so important, so valuable for the progress that they were making in in researching a vaccine that they felt it was important to pay to get the students' data back. So interesting interesting dynamic going on there, interesting trends with ransomware. And that kinda leads us into a change, and this is something that we're seeing out there is we're seeing a lot more attacks that it's not just about stealing the data. It's also we steal the data, and then we encrypt the data.
So if you wanna get it back, you gotta pay a ransom to get it back.
That's that's an interesting change in the landscape that we haven't really seen in previous years to the degree and the scale that we're seeing now.
Yeah. Kinda calls back to the the more sophisticated threat actors would, you know, if they are able to extract that information, they're gonna use that to try and pivot or maximize the the value that they get from the data they they were able to obtain. So a lot of things you see like, credential harvesting. So they'll they'll go in, get a bunch of usernames and passwords and start doing password sprays and seeing what kind of accounts they can hit and turn around and sell that.
You know, it's it's just mining that that gold vein for as deep as they can.
It's some pretty pretty interesting stuff that they they, have have moved to this form of of leverage rather than just relying on on the denial of access to the files.
The prospect of just being locked out of your network is frustrating enough, but then to have your data exfiltrated off and then to have to pay a ransomware on top of that, it just doesn't get any easier. And and that's it's definitely a big trend that we're seeing. So I thought would be good that we we talk about why why this matters to our folks that have tuned in today. And there's a lot of stuff going on. We talked about the people. We're gonna talk about the processes, and we're gonna talk about the tools and the technology.
And we really we really wanted to just hammer home some of the stuff that we're seeing, and we're seeing a lot. It's just such an interesting time to be alive and to be working in cybersecurity.
So without any further ado, I would I would ask for a drum roll, please, but let's get right into it here, Forrest. Let's talk about the people trends.
We always like to start with people, and people really is what drives cybersecurity.
Everyone in your organization, if you think about it, really is a cybersecurity professional.
So the so the degree is different compared to, you know, maybe some other people in your organization, but everyone should really be thinking about cybersecurity. They're they're it's should be at the front of the mindset every time you open up an email, every time you're you're gonna answer that phone and you and you might have a vishing let's talk about vishing here in just a second. So, let's get right into the the people side of things. With the with the people side, we we have basically five five areas here, and one of them is the remote workforce challenges, and that's that's definitely not going away here.
Let's, let's actually rewind. Well, here we missed one slide. Here we go. Most most important, these top four here.
It is a team sport, for us. Right? We're we're all on the same team trying to for every business out there, it really is a team sport. You gotta have everybody on the same page.
We sometimes refer to it as, humans being your firewall.
And have you heard that term before?
Oh, yeah. Yeah. And it's, it it definitely, is is very true.
There's it doesn't matter how removed you think somebody is, from from that role. There have been, breaches discovered because, you know, cleaning crew finds some random piece of equipment, you know, that that wasn't there previously and, you know, raises the the flag on that. It's it it doesn't matter, who it is.
Just having that level of awareness, is is very necessary. I mean, whether it's reception or engineers or whoever, that they're they're all potential, targets in in that sense where it's, somebody can get a foothold in into your environment through one of those employees, they don't they don't really care where they start as long as they can get get a a footing somewhere.
Yeah. I think, you know, a good takeaway here is we we often hear, you know, people say, well, I have nothing of value on my computer. It's I'm just doing my work task. I you know, I have nothing at home of value.
But the reality is the threat actors don't look at it that way. They look at at your at your life as though door a doorway. And you think about you might have a LinkedIn profile, right, and the the threat actor is saying, I'm gonna do some reconnaissance and I'm gonna find your LinkedIn profile. And guess what?
I'm gonna pretend I'm a recruiter for another company, and you're gonna get excited because I'm gonna reach out to you through LinkedIn. And the next thing you know where they send a PDF file to you and you the PDF files loaded with malware and you click on it not realizing that it's bad, and the next thing you know is you've given the threat actor a doorway into your life. And what's interesting about threat actors is they actually will try to they will try to pivot from your work from your personal life. They will pivot into your work life.
And they you may not actually be even the target, but they're just trying to use your doorway into your work life to try to get whatever data or whatever information they want to exfiltrate off. So the key here with the people side of things is realizing that education, awareness, I I like to call it the low hanging fruit, but it's not really it's so important that we we have that focus on that culture of security awareness no matter what industry or business you're in.
Alright. Should we switch gears? Let's, let's let's dive into one more area here with this, with the people side of things, Forrest. I got, we put together this little slide with regards to the people trends, and these people trends are not going away.
The people trends, especially around the workforce challenges, we talked a little bit about the remote workforce. It's just gonna keep growing. Right? I mean, it's there's no doubt about that.
Most definitely. Yeah. Like I said, it's, a long term change in in how people approach work, all around the world. And, one thing that that, really comes along with that is, when somebody's working from home, now their network is essentially a potential bridge into your network. So, that's that's that's really important to keep in mind when it comes to things like endpoint protections and, VPN software and things like that where, you know, it's it's you gotta make sure that that what they're using to do their work is really shored up, around the edges so that that, you know, you're not gonna have, some malware infested machine, that is then gonna pivot over to, this person's work, from home laptop and, try and and make things nasty from there.
I think, though, it's good to talk about digital empathy for a moment. This term is just taking off, and digital empathy is all about when you think about cybersecurity, and a lot of people have a negative connotation to it, it's, oh, you guys are gonna lock down everything. I'm not gonna be able to do anything. You're gonna make me have a password that has a million characters. You're gonna make me jump through hoops to get access to my programs.
But this is the challenge that we have from a cyber perspective is not making things more difficult, not hampering the business, not adding more bureaucracy to the business, but being helpful and trying to make the business succeed, but not adding too many security controls where they can't succeed. And this is gonna be a huge thing taking off here with these with remote workforce.
And all these folks that wanna have these apps at their home, they a lot of these apps that are getting installed in a lot of people's machines are unsecured, unauthorized, haven't been vetted. There's been no, like, threat risk assessment done on some of these apps, but the business is asking for them. And, you know, you you gotta have that that balance that balance. We have that digital empathy to say, we know you need this. We're gonna try to make it happen as best we can. We want you to be successful. We want the business to succeed, but we want you to do it securely.
Yeah. I think, along with that, part of part of it is you touched on it a bit was, you know, cybersecurity typically is is viewed as, a a encumbrance. You know, it's a it's a hassle. There's, especially when it comes to things like authentication, passwords.
Passwords are a nightmare for the vast majority of the world. You know, you have you have hundreds of different accounts and all these different websites have different password requirements. You can never keep them straight and they all have different password complexities and so on and so forth. It just becomes a nightmare to try and juggle it all.
And, the biggest thing that I think with with Digital Empathy is like, what is the best way to not only help secure these these users from, being exploited, but also not, make it an undue burden where you just throw your hands up and give up. And I think the the biggest thing there is, you you can start doing, things like single sign on where you don't need to have dozens of different logins. You you sign in to this one authentication service and then it uses something like OAuth or SAML and is handing it off on the back end where it's just peace of mind and a lot less complexity. You also
have things like password managers or hardware tokens where you can have multiple factors and not have to pull out your cell phone and re authenticate and, okay, now punch in this. It's, you know, you have a hardware token, plug it in, press a button and away you go. You know, that's that's, exercising empathy for them by by preventing them from from having to go through the undue stress of of a breach or any of that sort of stuff, but also, keeping everybody else, secure as well at the same time.
And we should acknowledge we realize that a lot of folks that are listening to this podcast, your knowledge perhaps is all over the place. We have some folks that have been doing this a long time and and some folks this may be your first introduction to cybersecurity.
So the the the digital empathy piece is really is at the front of our mindset. It's how do we make things easier, but not add more bureaucracy and more undue burden to the business. So, you're gonna hear a lot more about this, and it's a it's a really interesting trend line, in terms of people. So let's switch gears. What do you think, Forrest? Should we talk about some some other fun stuff?
Yeah. Yeah. Let's let's do it.
So we're gonna talk about processes. And when when we talk about process, I I love cyber governance. I love the whole idea of processes and playbooks and policies and all that jazz, but it's a huge, huge area. And we kinda placed it at number two because if you have the right people in place, it doesn't matter, what technology you put in play.
But if you have the right people and you have processes in place, it can make things go easier when it comes to cyber. So let's, let's talk about diving in here into some of the the trend lines that we see. And I think one of the the key takeaways here is the economic realities that every business is just being hit with right now. It's such a different landscape than what it was back in January.
Yeah. Yeah. Most definitely.
It's it's had to a lot of our our approaches have had to, just, you know, completely redone. The the we don't really, interact the same way that we used to.
We we don't have that that face to face, day to day sort of interaction. So it's, a lot of the the process is where, the the the biggest thing I've seen is, where there hasn't been documentation in the past and we're moving to more of a kind of an asynchronous kind of communication style, a lot more dependence on chat and things like that. These gaps in these processes or or documentation or, things like that are are, they're they're brought to the forefront because if somebody isn't immediately available like you're used to, but you still have a job to do, then, you know, you need to have have that, access to that information. So, this definitely I I think that the the people aspect will naturally bring about these process changes, as as, you know, they're they're striving to achieve those goals.
It it just becomes a a question of repeatability.
You know, making sure that things are consistent and it's a a well oiled smooth running machine.
Yeah. And, you know, a lot of times in this area with regards to process trends, if if a business is struggling with cybersecurity, I think this is a great area to start with. If you talk about cyber hygiene, and we we throw around that word a lot around here, but cyber hygiene is really about the day to day activities that your people do. And it's about things like, hey.
Thinking about when that phish when that email comes in, is it a phish or not? It's about things like, are you doing your scans? Are you looking for those vulnerabilities? I know that that's a big area that you like to focus on with our clients.
Can you talk a little bit about scanning for a moment?
Yeah. Yeah. I I think it's very important to have, that level of visibility where, you know, what is it that's running in your environment? What's exposed?
What isn't, you know? What is out of date? What is potentially vulnerable or not? If, that's one of the the first steps, in in the cyber kill chain is this reconnaissance.
And the attacker is gonna be doing this kind of poking and prodding, looking around to try and get a feel for the environment and see what's the weak link, what can what can get somebody a foothold.
So that's that's definitely a a a very something that I drive home a lot. That and, updates.
Updating and patching, would if if, the if the world did more of that, the the it would be so such a reduction of of, breaches. It's it's it's pretty, mind blowing how many of these are are exploiting year potentially years old vulnerabilities that have been fixed for for, you know, a long time. And it's just a matter of, getting around to it. And another thing is, actually listening to and going through your locks. I know there's there's a lot of people that have, monitoring services or alerts that are that are set up and it just becomes a matter of alert fatigue where you just get so many of them that at some point it just falls off the radar. And that's very easy to do because it's, okay, it hasn't been tuned, it hasn't okay, what's important, what isn't important and, you know, separating the wheat from the chaff in that area. But a lot of those those, kinds of attacks can be completely prevented by, having that, that awareness that's that's brought from those insights.
You know, and before we get off the whole process side of things, I it's important that we talk a little about not just scans, not just looking for doing your patching, inventory management, knowing what devices are in your network. I mean, little things like that, knowing what apps are running in your environment, what ports are open. I mean, that basic day to day cyber hygiene is so critical, and a lot of that stuff can be automated.
But beyond all of those things, you know, with the altered business landscape that so many folks are seeing, it's about talking about business continuity planning as well. And and this is a huge area. It now is a great time to be thinking about those kind of things, you know, your contingency planning. If you're not doing things like tabletop exercises, it's a great time to start. Get your most important people in the room and talk about what happens if a server goes down, what happens if if we lose this network, what are we gonna do? Do we have a process in place?
Or have we even updated our processes? If we don't even have one, we've gotta write all that stuff. So it's a it's a good time to focus on a lot of areas with the slowdown a little bit. And if you're not looking at those kind of things, it's it's just an opportunity for for everyone on your team.
So Yeah. You could definitely make it a a fun time to get everybody together and have a business themed, D and D disaster recovery event. Order some pizza.
You know?
We just got hit with ransomware. Roll d twenty.
Get everybody in a room and talk about those security policies. Sounds like a fun time. I don't know. I I I wanna jump on that.
Right? Have we even updated our security policies? It's I think it's been about two or three years. Right?
We gotta get in there and look at them. So, yeah, now's the time to bring that pizza party together. Alright. Let's, switch gears.
Let's talk about the tools piece. And I I guess for us for us, we always talk about it's people first. People, people, people. If you get the right people in place, it doesn't matter which tools you buy.
And a lot of folks have this perception that you just gotta go out and spend millions of dollars on cybersecurity, but we just talked about a bunch of low hanging fruit that doesn't cost a lot of money. And you get those things knocked out, and then you can start building that strategic plan to think about what tools and what areas need to focus on from a technology perspective. So let's, let's kinda dive into it. We have I think we have four areas here that we're gonna we're gonna dive into.
And we're very agnostic with tools. It doesn't matter which kind of tools that we're given. We we can try to run with them, and that's a good pathway to take with any organization. If you can get the right people in place, you can put any tools, whether it's a million dollar tool or whether it's whether it's a lot less than that.
Hopefully, it's a lot less than that. But, yeah, that's what's cool about tools. And if you get the right people, you can do that. So let's talk about some of these bullet points for a for a moment.
Automation. I I hear everybody wants automation, but what are we talking about here, Forrest? I mean, there's a lot of patching going on being done manually right now. Right?
Yeah. There's, there's definitely a lot of of processes that, when when you you get things down to a a a very, smooth operation, a lot of the time, it it it you start to identify the points that it's like, okay. Well, I have to do this same exact thing every time and, you start to be able to define it in a way where, you're expecting these inputs while we can then force this to to, run through these steps and just, you know, take care of the the the light work for me. Let me focus on, the the real model stuff rather than having to go through the the mundanity of click here, do this, do that. You know, once once you have those processes defined to a point, where you know what outcomes or, what sort of branches are gonna gonna be operating, you can you can really start to leverage, some some tools that a lot of them are completely free.
The the the biggest thing is, you know, you start getting into this world of, oh, you need this, super fancy SIM and, all this all this very expensive software and a lot of that isn't necessarily the case. Some of the best solutions I know of are built entirely on free open source software, where it just if you've got the if you've got the talent and and somebody who has the the skills and and the time and the passion, they can then spin that up into something amazing.
One one thing that I wanted to to mention about, these these sort of, you know, very flashy expensive solutions is it doesn't matter if you have this this, you know, multimillion dollar solution.
If you've if you've got, the the wrong person holding that tool, they can turn it into some very expensive scrap very quickly. So it's it's, you're you're not gonna, just trust your your MRI to, you know, some jail off the street. You wanna know that somebody actually has the capability and knowledge to be able to run that.
There's a lot of discussions around, you know, small to medium sized businesses that may not have the staff in place, may not have the budgets. And we we talk so much about trying to help folks in that that spectrum where you don't need to really have all of that, money and energy thrown at stuff like this where you can really just there's self healing endpoints out there now where you can really just automate so much of this from your patching to your antivirus to things that the endpoints have made it so economical now. And you think about at right now, endpoints have been so huge at the enterprise level in these major corporations, and they're now starting to trickle down into the small to medium sized business sectors.
So that's been really exciting. I do think we need to also very lightly touch on cyber insurance coverage, especially when it comes to the cover. Cyber cover has just been increasing tremendously, and the last numbers that I've been seeing is a two point nine percent increase. So if you've not looked at cyber insurance and you maybe you've considered it or you currently have it, now's a good time to look at those kind of things.
Because after this pandemic is over, those rates may start to go up even more. So the third area that we should really spend a little bit of time discussing is infrastructure. And it's not so much about going out and rushing and buying new infrastructure.
It's really about now's the time to have that discussion, that strategic discussion. Where do you wanna be? What things are coming into end of life? I know we see a lot of Windows seven machines still out there.
Oh, yeah. It's, it's it's pretty crazy. I I do see a lot of, stuff that is just way past end of life and and, you know, especially with the the small to medium business, you you get a lot of these environments where, things were set up as, just kind of a a one off. You know, they they hire an IT guy with, you know, a very limited scope of contract, get, you know, system x, y, and z set up and running, and it's been sitting in a closet for the last, you know, twelve years.
Nobody even thinks about it on the day to day. You know, it's great that it's been that reliable, but at the same time, it's also kind of a ticking time off. So, yeah, again, getting the getting to know, what what is that, in your environment at any time and and knowing, how far down the line. And and even before engaging with with somebody, having an idea of how long is this supported for?
Is this something that that I'm just gonna have to replace in a year, two years? You know?
Getting that that picture of longevity and and knowing when the end of life is is going to be for whether it's a physical device or, operating systems or a specific software that's running in your environment. That's very important.
One one thing that I did wanna touch on a bit, you you had mentioned, kind of the scale. One thing you can do is you can definitely take advantage of, these these, specialized organizations, where they they're able to offer, a very high quality of service for pretty low cost rather than trying to do everything yourself and build up an entire team.
Sometimes it's easier to just leverage other people's expertise.
And, you know, you get managed service providers and things like that. It's, it's it's a great way to to, be able to to, utilize that that level of experience and exposure, without having to try and build it from the ground up.
And I I like when when companies think that way because you can take your maturity level, and when you when you believe or you perceive that your business is not mature from a cybersecurity perspective, you can bring on that partner and leverage their knowledge and their subject matter expertise. Yeah. It's a it's a great pathway to take to speed up that learning curve. So, the the final one on here, and we're gonna wrap things up here very shortly, but it's all about the holistic approach.
We spend so much time in our conversations about looking at the big picture. I mean, you you can't just be so focused on the endpoints or so focused on your antivirus or so focused on scanning that you miss cybersecurity really is a mile wide and an inch deep. And when you think about it, it's not just the the technology piece, but it's also your security education, your security awareness. It's about looking at your, cybersecurity governance.
So do you have the right policies and procedures in place that help the business and don't hamper the business? It's it's a lot bigger. You know? It's it's business continuity planning.
It's, vulnerability management. We can go on and on with all the the categories. So you really have to have that whole big approach. So, did did we miss anything for us before we we give people the best part?
I think the best part right here is coming up in our in our deck.
I I can't think of anything that we've we've missed. I mean, there's there's still much more that we could continue probably on, but, you know, we we do need to end at some point.
So Yeah.
And, you know, I I'd like to end with this the two quotes here, folks. Rather than cutting costs and sacrificing cyber, there's a lot of low hanging fruit. There's a lot of ways that you can enhance your cybersecurity posture with lower cost alternatives. And the costs of preparation and hit hitting off and getting rid of all this low hanging fruit, it it pales.
It really does pale in comparison to a breach. The the latest IBM study that came out, it said basically, you know, if you're a small to medium sized business, five hundred to a thousand employees, you're looking at around two point six five million for the average breach cost. And that's not including the brand, the damage to your brand, the damage to your intellectual property. It's not including what else, you know, your website, all that stuff.
It just it really adds up. So for everyone out there listening, if you're wondering what the next twelve months are looking like, if you need a if you need a road map, we we put together a very, very quick slide on a road map. And right now, it can be challenging. We talked about a lot of different things today.
We we went down a lot of different roads, but your first zero to three months immediate term, if you need a a strategic plan, a tactical plan, what really should they be looking at for us? I mean, there's a lot of remote workers going on and a lot of lot of businesses. What what should they be doing?
Yeah. Look for the things that are gonna be the most exposed. So, typically, that's that's going to be, things that are exposed to the Internet. What what services are you running? What what does an attacker see from the other side of the globe?
You know, because this is, there's there's just so many people out there that are constantly scanning the Internet looking for stuff. So that's that's definitely gonna be, the the first place that I would start first. Also, what other avenues do attackers have into your environment? Things like email, like phishing that you were talking about, or voice phishing where you get a scam call.
Helping people to recognize and and, kinda get that that alarm bells when something isn't quite right.
Maybe I shouldn't click this. And and also instilling the the idea that it's okay to, you know, raise the flag and say, hey, I'm getting getting a weird feeling about this. Can somebody else, you know, take a look at this?
I I think those things where where, that there there's a very broad, level of exposure, that's that's a very good place to to start shortening things up and making sure that, that's that's, you got a solid base there that that, will will really help you in the in the immediate term.
You know, I would say definitely it's about upscaling your workforce to understand and recognize the threats. That security education piece, it's such a a fun thing to do. You can assign people to it. You can get that moving.
Simultaneously in that first three months, you're beyond looking at your exposure and beyond looking at security awareness and education. It's about that business continuity planning, getting it getting your folks into a room, getting doing those tabletop exercises. What are our risks? What happens if the server goes down? What happens if this network goes down? That's that's easy low hanging fruit that can really add tremendous dividends in the first zero to three months. If you split gears now and you switch gears and you look at the next three to six months, again, if you need a strategic plan, a tactical plan, where should a business prioritize their needs in the next three to six months?
I I think going back to so what you're saying, you know, getting that that planning in place, using that as an opportunity to really kind of reassess, not only where you are now, but where things are going.
You know, you have a lot of those things that haven't been dusted off in in years.
Is is that still relevant?
Is this in line with, the the direction that your business is going? There's there's a lot that can be evaluated there. And, always having that that mindset of, okay, this is how things are now, but, what what is our business going to be looking like, you know, in a year from now? And, trying to, tailor things and and setting up a framework and and getting that mindset that is going to be potentially growth oriented or, yeah, this is how things were done in the past, but, you know, that wasn't necessarily the best way. So, rather than, than keeping that around, let's, you know, let's reevaluate it.
Yeah. That three to six month mark is a great chance to get your folks together and look at those third party contracts, looking at those vendor contracts.
It goes beyond it's a lot bigger than that though. I mean, now's the time, that three to six month mark where you can start budgeting and thinking about infrastructure improvements that you may want to look at. It's also a great time to reassess your posture, your security posture. Is it where you want it to be? If it's not, then, you know, you start having those those conversations, which kinda gets us into the the final six to twelve months. You're looking at a little bit longer out.
What happens at that point for the next twelve months here, Forrest?
Honestly, I think, I think cybersecurity is is going to become a lot more pronounced, over the next, five, ten years realistically, where, it it a lot of organizations haven't haven't really focused on it.
It's it's been largely a cost center.
And and, going back to what you were saying earlier, it's it's essentially an ounce of prevention is worth a pound of cure. Right? Those, you know, those those figures, the two point six five million, that's, that's a lot of sticker shock to to have to absorb, especially when you're you're trying to deal with, the the middle of a breach.
Preventing that that stress and and getting things, in a state of of preparedness beforehand, is is gonna do your entire organization a lot of good. So, evaluating and this is where you start getting into, like, budgetary things, you know, when you start doing, okay, what is what is our our annual budget looking like? Have we have we done allocation to the places that we need? Are we taking this seriously? Do we have, enough of a nest egg for, you know, the next disaster that strikes potentially?
Yeah. And and even beyond all that too, there's there's so many concepts that we did not get a chance to talk to today about zero trust architecture and, all that configuration drift and all those things that happen, with with regards to endpoints and automation and all those areas. So, lots of other things. I'm sure another time we can get together, but it's been fun for us.
I have to tell you. I've I've enjoyed I hope the audience at home got some value from today's presentation. If you'd like to contact us and if you have any questions, we we love talking about cyber threats. We love talking about the threat landscape and the actors that are that are doing some nasty stuff out there.
But there's our emails, and we just want everybody to be safe out there. So thank you for joining us. It's been fun.
Take care.
.svg)
