jillian@itgenius.com, Author at Onsite Helper

September 18, 2024September 18, 2024

Outdated Cybersecurity Processes Are Putting Your Business at Risk

This year has been quite rough for small and medium businesses (SMBs) in Australia, with around 60% facing cybersecurity incidents or breach attempts. Ransomware, phishing attacks, and credential stuffing have been particularly concerning, with businesses like Dan Murphy’s, The Iconic, and Yakult facing major breaches.

The Australian Labor Party also faced one of the largest government-related data breaches, affecting key departments. This should be more than enough proof that small businesses are not exempt from being targeted by ill-intended actors.

Yet, according to a recent report by Cohesity, over half of Australian IT and security professionals fell victim to a ransomware attack. In today’s blog post, we’ll analyse the findings of this report and look at the steps any SMB can take to avoid becoming the next victim.

3 in 5 IT Professionals Have Fallen Victim To Ransomware

The aforementioned report polled 502 IT and security decision-makers in Australia, and even though half of them recognised paying ransom for their data in the last year, four in five respondents still felt confident in their capacity to keep up with modern cyber threats.

Additionally, many respondents expressed confidence in their cybersecurity procedures. However, when questioned about the time needed to restore data in case of a breach, the average was around one week.

This is one week of downtime or operating at reduced capacity. Most SMBs can’t afford this type of loss in revenue. Not to mention the hit to your reputation as a reliable business and the fines accompanying such an event!

The report also found that many SMBs base their cybersecurity confidence on legacy processes that are no longer effective in defending against modern cyber threats. These processes were often developed to address the security needs of earlier computing environments, but with advancements in technology and more sophisticated cyber threats, they can become a liability.

Nowadays, it’s no longer a matter of “if my business will be targeted” but a matter of “when.” Therefore, investing in proper cybersecurity measures and policies is a must-do.

Steps to Improve Cybersecurity

The best way to boost your organisation’s protection against cyber threats is by taking the steps to implement a recognised security standard, such as ISO/IEC 27001 or NIST Cybersecurity Framework.

They help you ensure regulatory compliance and establish robust practices to protect sensitive data and prevent breaches. It’s also a fantastic way to earn your business partners’ and customers’ trust.

However, many SMBs don’t have the necessary resources to get an advanced industry framework like ISO/IEC 27001. If this is the case, you can start at a lower level with an SMB1001 Gold+.

The SMB1001 (available in five tiers, from Bronze to Diamond) is a cybersecurity certification for small and medium-sized businesses. It helps companies implement effective security practices without breaking the bank or compromising security measures.

Onsite Helper is already at SMB1001 Gold level, and we’ve helped several clients implement it for their operations. So, our well-trained and experienced experts can help you set everything up swiftly and smoothly.

Give us a call or send us an email, and let us review your IT security capabilities to see if you have the correct systems in place to make your cybersecurity bulletproof. We can also run a VAPT (Vulnerability Assessment and Penetration Testing) to see how secure your IT systems are.

If you’re ready to take the steps to care-free business operations, contact our team of experts today!

September 11, 2024September 18, 2024

Essential Do’s and Don’ts After a Malware Attack

Malware attacks are increasingly common, especially against small and medium-sized businesses (SMBs). In fact, according to a 2023 report by the Cybersecurity & Infrastructure Security Agency (CISA), 43% of cyberattacks target SMBs.

The good news is that, with the right security measures, these attacks are preventable. Plus, even if your business is hit by malware, there are steps you can take to minimise the damage.

However, time is of the essence in case of an attack, so you must act quickly and decisively. Once you realise (or suspect) one of your devices is infected, it’s crucial that you follow the right procedures.

Moving forward, we’ll guide you through the key steps to keep your data safe and avoid the devastating consequences of a breach. As a bonus, we have a few preventive measures that will make it harder for ill-intended actors to breach your defences in the future.

What is Malware?

Malware, short for malicious software, refers to any software intentionally designed to disrupt, damage, or gain unauthorised access to computer systems.

Cybercriminals use malware to steal sensitive information (financial information, intellectual property, medical records, personal identifiable information, and so on), encrypt or delete data, spy on users’ activities, and even take control of entire systems without the user’s knowledge or consent.

While there are many types of malware out there, these are some of the most common ones:

Ransomware: Ransomware encrypts a user’s data, rendering it inaccessible until a ransom is paid. Even after paying, there’s no guarantee that access to the data will be restored.
Viruses: A virus (malicious software) attaches itself to legitimate programs or files and spreads when the infected program is executed. It can corrupt or delete data and, in some cases, make systems inoperable.
Trojans: Named after the legendary Trojan horse, these bits of malicious software disguise themselves as legitimate software. Once installed, they can create backdoors for cybercriminals, steal data, or facilitate other types of malware.
Spyware: Spyware secretly monitors user activities, collecting information such as passwords, credit card numbers, and browsing habits.
Adware: Adware automatically delivers unwanted advertisements to users. While often more annoying than harmful, it can also be bundled with spyware or redirect users to malicious websites.
Worms: Unlike viruses, worms are standalone malware that replicate themselves to spread across networks. They exploit vulnerabilities in software or operating systems, often leading to widespread damage.
Fileless Malware: Unlike traditional malware, fileless malware doesn’t rely on files or software installations to infect a system. Instead, it exploits existing software, applications, and system processes, making it harder to detect since it leaves no obvious trace on the hard drive. Fileless malware often resides in the computer’s memory and uses legitimate system tools to execute malicious activities.

Each type of malware has its own method of spreading, objectives, and potential damage. However, if you’re not a cybersecurity specialist, it can be difficult to know what hit you in case of an attack.

Luckily, the steps to stop an attack from spreading further into your network are easy to understand and follow.

Steps to Follow if You’re Infected

When there’s confirmation that one or more devices have been infected by malware, most people panic, and the first move is to format or reinstall the infected unit(s). While it might seem like a straightforward move, this is a mistake because it overlooks deeper issues.

At this stage, you don’t know what the malware has done to your network and other devices. The malicious software might have spread across the network or could have created hidden gateways for cybercriminals.

So, the first step is to resist your first instinct to wipe the device clean by format and reinstall. If you wipe the computer immediately, you might destroy valuable clues about how the malware operates and how far it has spread.

So, keep calm and take the essential first steps to minimise damage:

1. Disconnect and Power Down

Immediately disconnect the affected computer(s) from your network. Turn off the wireless connections and unplug any network cables. This allows you to isolate the problem.
Disconnect external storage devices. Many forms of malware also try to corrupt your external storage devices, so quickly remove your external hard drives or thumb drives to ensure they’ll stay clean.
Power Off, but only as the last option! Switch off the computer(s) to prevent further spread or data leakage, but only if the malware is encrypting all the data and you aren’t able to understand the operations it is performing.

2. Consult a Specialist

Now that you have managed to isolate the problem, the next step is to consult with a certified malware analysis specialist. These professionals, like OSH’s head of security, Max, are certified in malware analysis and can guide you through recovery.

So, if you call us, Max will examine the specific malware that wiggled its way into your network, understand its mechanisms, and guide you on how to reverse the damage effectively and securely.

How to Prevent Malware in the First Place

While no security system is 100% guaranteed, having the right measures in place makes it a lot more challenging for ill-intended actors to gain access to your data. Plus, most are looking for easy targets, so the’re a good chance they’ll give up after the first few attempts.

The best way to make sure you have all the necessary measures in place is to adhere to recognised security frameworks like Essential 8 or ISO 27001. Still, these standards can be too much for SMBs, so it’s best to start with SMB1001 Gold.

Additionally, it’s essential to restrict privileges for those who use your business’s network. Not everyone in your team needs administrative privileges on their work devices. Also, keep an eye on who can access which files in your database.

Malware often needs administrative privileges to install itself. By restricting access, even if malicious software infects one unit in your network, it won’t have the possibility to spread further.

Don’t Wait Until Malware Finds You!

With how widespread cyberattacks are nowadays, it’s only a matter of time before your defences will be tested.

What will happen then? Will your security systems pass the test?
If you haven’t yet taken the steps to achieve, at least the SMB1001 certification level, now is the time to act! We recently got our SMB1001 Gold certification and helped several of our clients get theirs, so our team of well-trained specialists has the hands-on experience needed to guide you through the process.

September 4, 2024September 10, 2024

Is Your Supply Chain Your Biggest Cybersecurity Risk? Here’s What Every SMB Needs to Know

Cybersecurity is one of the top priorities for business owners. Regardless of size and niche, if a data breach hits a business, the situation can quickly get dire. However, the small guys (small and medium-sized businesses or SMBs) have the most to lose.

In addition to losing customers, SMBs face steep fines (which most can’t afford) and a loss of reputation, which will impact the business moving forward. But what happens when the leak is not due to a lack of cybersecurity measures within your company?

Even when you have all your ducks in a row from a cybersecurity standpoint, your suppliers and business partners may not be as thorough. This is why the supply chain is quite delicate, making it a very inviting target for many ill-intended actors.

According to recent data, 98% of companies have been negatively impacted by a breach in their network. This is why it’s crucial to vet all the links that are part of your supply chain, from direct suppliers to developers of the software tools you’re using.

Third-party Cybersecurity Vulnerabilities in Your Supply Chain

The most obvious third-party vulnerability comes from business partners, suppliers, and service providers. To do business, you have to share sensitive information with other companies, and if their defences are breached, your data is also in danger.

There are countless examples of companies losing customers’ data because a third party’s cybersecurity wasn’t strong enough. Here are a few note-worthy mentions:

The Good Guys Attack

The reputation of the Australian retailer The Good Guys was impacted when one of their business collaborators (My Rewards) was hacked, and their database was breached.

Due to the nature of tier collaboration, My Rewards had a wide range of The Good Guys customers’ information, such as addresses, names, email addresses, phone numbers, and more. These data and data of other companies were all leaked, so even if only one link in the chain was breached, many other businesses were impacted.

The SolarWinds Hack

This operation involved a sophisticated supply chain attack where hackers compromised the Orion software used by thousands of organisations.

The attackers inserted malicious code, enabling them to spy on and steal data from high-profile targets, including U.S. government agencies and major corporations. This breach highlighted vulnerabilities in software supply chains and emphasised the need for robust cybersecurity measures.

Insula Group Ransomware Attack

One of the most recent supply chain attacks happened in July of this year and targeted the IT services supplier Insula. They were hit with a ransomware attack, and since they refused to pay, the incident ended with a leak of around 400 gigabytes of data.

While there are no details (yet) on who was impacted, if we take into account the fact that the Insula Group’s offer includes software products and IT services, it’s easy to imagine the potential for damage.

So, what’s the deal behind supply chain attacks? Why are so many companies, through no fault of their own, pulled into the whirlwind of another business’s data breach?

Supply chains are vulnerable because they involve various external parties, from vendors and partners to the software solutions a business uses.

Let’s take the supply chain of a coffee shop.

First, you have the suppliers (coffee beans, dairy and milk alternatives, bakery items, ingredients, non-food items, and so on). These, in turn, rely on other suppliers.

Then, you have the logistics like transportation and storage – the delivery companies and warehouses will store some of the company data.

Additionally, the coffee shop will most likely use an online inventory management solution, will offer online payment options, and will use a variety of hardware and software components to keep the business running smoothly.

All these are part of the supply chain and are potential threats to the coffee shop’s cybersecurity.

Keep Your Supply Chain Strong

The best way to make sure your supply chain is strong is to vet all your suppliers and service providers and only work with the ones that value their data security and that of their business partners.

To do this, check each possible supplier and provider’s level of security certification (if they have any). For instance, larger organisations usually have ISO 27001 or similar, which is quite straightforward.

However, things get a bit trickier when working with SMBs since many will say they follow the Essential Eight but have no certification to prove it. To be safe, it’s best to prioritise working with SMBs with SMB1001 Gold certification. This level of certification is not too difficult to achieve and takes care of some of the basic security issues smaller businesses tend to have.

Also, keep in mind that this is a two-way street: if your business is breached, you can endanger the reputation and good operation of your partners, service providers, and suppliers. So, the best thing you can do for your safety and the safety of your network is to achieve SMB100 Gold certification (if you haven’t already).

Author: [email protected]