Threats
Continued from page 37
the threat. Traditional AV changed very little until several years ago with the advent of Next Genera- tion Antivirus. NGAV uses definitions coupled with predictive analytics driven by machine learning to help identify undefined threats.
The latest technology to hit the market is enhanced detection and response (EDR) or extended detection and response (XDR). These technologies continue to use traditional signa- ture-based antivirus and NGAV, but they also introduce the use of artificial intelligence (AI).
AI is used to constantly analyze the behavior of devices so it can detect abnormal activities like high CPU usage, unusual disk activity, or perhaps an abnormal amount of outbound traffic. This new generation of software not only detects an attack and warns you that it is occurring, but it can also isolate the attack to the device(s) that are infected by automatically taking them off the network and protecting the rest of your network. Some EDR products like SentinelOne also have threat-hunting capabilities that can map the attack as it unfolds. This mapping aids IT profes- sionals in the identification of devices involved in the attack; a process that can take days or weeks when performed manually. XDR even goes a
bit further in that it looks beyond the endpoint (PC, laptop, phone) and looks at the network holistically.
A good example of how EDR systems are being used as a layer of protection is how SonicWall firewalls combine a physical firewall with a suite of security capabilities like content filtering, DPI- SSL scanning, geo-blocking, gateway antivirus, and more to filter traffic before it enters your network. Then, with the addition of their Capture Client product (a collaboration between Sonic- Wall and SentinelOne), they integrate the power of SentinelOne EDR with the firewall’s rules. This allows you to extend protections beyond devices inside the network and include company devices outside the network as well. This helps to elimi- nate gaps in protection that can exist with remote users.
The notion that you are just too small a com- pany to worry about these threats, or that no one wants your data is a fallacy. Criminals are target- ing small companies every day because they are easy targets. Large companies have armies of
Defense
Continued from page 38
and register that domain as a .net. (Lesson learned, reserve all similar URL’s to prevent this from happening!)
This one example was a sophisticated attempt to convince the client to create a wire transfer; the client now has a policy of triple-checking and
highly educated and well-paid people protecting their networks. And while a large company might represent a big score, hackers can spend years trying to penetrate a large network. However, they know smaller organizations have limited budgets and staff to protect their network. This makes it far more lucrative to hit 50 or 100 small compa- nies for $100,000 than a single large company for, say, $2 million.
Investing in modern security products, build- ing a sound information security program, and educating your team will pay off in the long run,
“The game is constantly
changing, and to keep up with
unknown threats and techniques
it is critical that we all educate and
train ourselves to be hyper vigilant
”
as the question is not if you will be attacked — but when. The cost of the systems to protect you is far less the frequently irreparable harm caused by a breach or infection.
Many people say, ‘I have cyber insurance,’
but fail to put the necessary precautions in place to protect their systems and data. Little do they know that when they filled out the pre-insurance questionnaire and answered ‘yes’ to all the ques- tions, they gave the insurer the ability to deny
the claim. If you do not have written policies, use EDR (or at least NGAV), have a training program in place, and use multifactor authentication to protect user logins, you could be sealing your own fate. Insurers are no longer baffled by today’s technology and are aggressively investigating cyber claims. In fact, we are seeing significantly increasing numbers of denied claims.
There is little you can do after the fact to offset missing protections or enforcement of policies. By taking the appropriate steps to protect your network and systems you can hopefully minimize the risk of falling victim to an attack and ensure
late a bank request, a Netflix credential reset, a credit card alert just to name a few. These attacks mimic real attacks. The recipient reactions are tracked, and reports are made available after the campaign has expired.
The email is delivered (allowed on purpose
that your insurer will cover such a claim. Insur- ance companies will go to great lengths to cover legitimate claims at great cost. In fact, they can be their own worst enemy. In many ransomware attacks, insurance companies will simply pay the ransom because it is more expeditious to do that than it is to pay for the actual remediation. This, of course, only encourages the criminals while leading to higher premiums and greater risk to our technology infrastructure.
To close, I’d like to leave you with a few things that you can do to better protect your systems, data, and network.
• Take the time to understand what protec- tions you have in place and engage a professional to help you identify any gaps in your information security strategy;
• Educate your staff on information secu- rity best practices and the threat spectrum. An educated workforce is one of your best protec- tions. There are several great training tools that are inexpensive and easy to implement, such as KnowBe4;
• Implement a next-generation firewall that utilizes deep packet inspection and take the time to dial in the suite of security features that are designed to stop threats before they get into the network;
• Move to an EDR system rather than relying on a traditional signature-based antivirus;
• Be sure that all systems with access to your networks (computers, network equipment, serv- ers, firewalls, IoT devices, cameras, etc.) are patched regularly to eliminate vulnerabilities that can be easily exploited;
• Do not run unsupported operating systems, equipment, or applications;
• Establish a set of written information security policies, and make sure everyone understands that they need to live by them; and
• Limit those with administrative credentials on your network. If an administrative account is compromised, you have given away the keys to the kingdom. Make sure users only have permis- sion to get to the resources they need to do their job. u
Charlie Christensen is president of East Longmeadow-based CMD Technology Group; http://www.new.cmdweb.com/; (413) 525-0023.
ware will automatically play an educational video that teaches that staff how they were fooled and what to look out for in the future.
When the campaign has ended the results
are tallied in a report. The report will tell you how many opens, clicks, and credentials. The report will also indicate whether the end-user
sat through the educational video. This is a great tool to use from a cybersecurity perspective. Teach your staff, install best-in-class edge protec- tion, spam filtering, end-point protection, anti- virus, dark-web scanning, and backup. Overall, don’t overlook the most important step: Promote awareness and create a strong anti-cyber culture in your office. u
Sean Hogan is president of Hogan Technology Inc.; www.teamhogan.com; (413) 779-0079.
     when it comes to cybersecurity.
   “The game is constantly changing, and to keep up with unknown threats and techniques it is critical that we all educate and train ourselves to be hyper vigilant when it comes to cybersecurity.”
   confirming any transactions with multiple steps. The best way to teach your staff about attacks is to create a fake phishing attack. We create and
run fake attacks to our staff and our clients. We have a library to choose from, and we can simu-
past our filters), the recipient can open, click, and provide data. We call this the trifecta! Normally opening an email is not malicious by itself; click- ing the link can activate embedded malware. If a recipient does take the bait, then the training soft-
 40 MAY 30, 2022
TECHNOLOGY
BusinessWest