Cloud Infrastructure offers Maximum Protection and Optimal Performance

Cloud Infrastructure offers Maximum Protection and Optimal Performance

Focused data center system administrator verifying information serversA way to secure, connect and protect your business

(By Taslim Khan. This article was originally posted in the This is Queensborough – January 2024 Edition and has been amended for this format)

Welcome to 2024! The new year brings new opportunities as well as new challenges. The network infrastructure of a business is one of the areas that is always under threat. Network infrastructure is the engine a business runs on. To ensure optimal performance, this engine requires continuous maintenance and upgrades. Unfortunately, in today’s world, it has also become a prime target for malicious actors worldwide. Businesses regardless of size, operating in the US are particularly attractive to the hackers in Russia, China, North Korea, Iran, and many other countries in the world that are unfriendly to America. These threat actors exploit the Law of Averages. They target multiple businesses with the expectation that a significant number will succumb to their attacks, resulting in substantial financial gains. Many small businesses are being subjected to millions of dollars in ransomware payments. Let’s fight back. Let’s secure our assets and protect our business. While at it, let’s also improve performance and increase revenue.

A Case for the Cloud
Business people work conference and meeting in modern office handheld tablet young business woman smilingEnter the Cloud. Cloud-based services encompassing Managed IT, Cyber Security, Back Up & Disaster Recovery and Unified Communications and Collaboration offer unparalleled protection and performance for businesses. Here are the inherent advantages/benefits provided by Cloud based Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs):

  • All services and devices (endpoints) are managed and monitored 24/7/365 by engineers in Security Operation Centers (SOCs),
  • Geo-redundant and diverse locations with “Active/Active” failsafe infrastructure,
  • Compliance with all government mandates such as HIPAA, PCI, NIST, CIS, CISM, and many more,
  • Multiple locations and remote workers are no longer bound by geographical boundaries.
Also: Embracing the Future: Technology Predictions for 2024
Chess pieces on a chess boardThe Security Aspect
Implementing a Managed Firewall and Endpoint Protection service such as Managed Detection & Remediation (MDR) for each laptop, desktop, server, router and switch ensures maximum security. Even if one or multiple devices are compromised due to user error (such as plugging in an affected USB drive or personal smart phone), the SOC can promptly isolate and quarantine that/those device(s) in real time preventing further spread.

Inbox Detection & Remediation or IDR service for emails will scan every email and automatically quarantine the malicious ones before they reach your inbox. However, as we all are very painfully aware how sophisticated these threat actors are in spoofing emails to make it look like that your colleague sent you this email – if you are doubtful, you can submit the email for security check before opening it. The IDR service, within less than a minute will give you a “red”, “yellow” or “green” signal. With that you can either proceed or delete with complete confidence.

Multi Factor Authentication or MFA protocol is the standard today in all government and enterprise environments. And for good reasons – it proves you are who you say you are.

Increasing Business Resilience
A Cloud server with Infrastructure as a Service & Disaster Recovery delivers significant advantages over a premise-based server. For example:

  • Op Ex instead of Cap Ex,
  • On demand scalability,
  • High level security,
  • Built in redundancy,
  • Lower energy cost.
Also, a backup server in a completely air-gapped data center offers the maximum protection against ransomware. In the event of a ransomware attack where the primary server is held hostage and is unavailable, the Cloud provider can spin up a new server in a completely different environment as early as 30 minutes. Ensuring this technology is in place increases business resilience; in the event of the same ransomware attack on a premise-based server it will take weeks if not months to recover that server. Your business simply cannot survive that much downtime.

Reaching Optimal Performance
A complete UC platform combines all modes of communications such as phone, video, instant message, content sharing and SMS/MMS text messaging – all on one platform and makes them available on multiple devices such as desk phone, desktop/laptop/tablet and smartphone.

Unified Communications & Collaboration offers advantages like:

  • Work from home? No problem.
  • Have staff in different time zones? Easy.
  • Need to reach out to 10,000 customers via text message? Done.
  • Need to be compliant to protect patient and client information? Yup.
In conclusion, a well-designed and professionally deployed Cloud infrastructure brings tremendous value to businesses of all sizes. Please consider a cloud migration for maximum protection and better performance.

Businessman wearing sunglasses walking along building

Why FCX is implementing its Cloud and AI Code of Ethics

Why FCX is implementing its Cloud and AI Code of Ethics

Age of AI FCX Code of EthicsSlightly amended copy of original LinkedIn article posted on 01/11/2024 – By Iris Lentjes

Remember when the internet first emerged? How it has changed the way we communicate, socialize, collaborate, conduct business, and even receive healthcare? In a short span of a few decades, much has changed.
While certain newspaper articles are currently reflecting diminished enthusiasm around generative AI, and while it is not fully clear to the public what will happen next, we are now finding ourselves on the cusp of a similar revolution. This is because at FCX, we are witnessing the advent of powerful combinations within a cluster of technologies:
  1. Data mining
  2. Predictive analysis
  3. NLP and other generative AI
  4. Machine learning
  5. Deep learning
  6. Image recognition
  7. Robotic technology
What makes the combination of these solutions impactful are powerful cloud computing and storage capabilities which are now available at manageable costs. 
Although artificial intelligence is not a new concept, in my opinion, we are now at the point where it can deeply impact our daily lives just like the World Wide Web did. It could take a few decades; however, it is likely we will witness profound shifts in the way we work in much less time than that.

The Global Village

Because of the possibility of instant communication and instant access to a plethora of information due to affordable access to bandwidth and personal computers, many have shifted into feeling we are now citizens in a global village. We are no longer merely local participants and contributors; our involvement and impact tend to be much broader. We collaborate and compete with workers half a world away. The internet revealed how small our global village is and how deeply interconnected we are.

Shaping Society with AI

The technologies associated with AI will change our view of society and the world once more. It will take some years, but they have the potential to solve complex problems that have stumped us for decades and even much longer than that. With the progress of generative AI in 2024, as well as super computing, we can push the boundaries of our ingenuity and intellect already. Repetitive, mundane, and challenging tasks such as completing standard workflows or maintaining a certain set of functionalities within a reliable cybersecurity system can now be performed by machines. This could, in turn, liberate us to explore aspects of our humanity, ideas, or concepts we were previously unable to. More time will be freed up for creative and profound thinking. And so, this shift provides us with a unique opportunity.

The Responsibility of Business Leaders

But exploration of uncharted territory empowering people will only happen if leaders in the business world make an obvious choice and decide to leverage AI for that particular outcome. The business community needs to actively choose abundance, possibility, empowerment, and quality of life for all stakeholders involved. If we capitulate to our lower instincts such as fear of scarcity, invisibility, or insignificance and are impatient, we risk ending up with AI solutions that will increase disharmony, imbalance, and cacophony in the world. This cluster of technologies has the power to reflect our values and preferences as well as our philosophies and beliefs around our economic and monetary systems, just as much as the internet did and has.

We cannot turn away. Choice and aim will continue to matter. The development of this group of technologies can be slowed down, but it will not be stopped.

Ethical Considerations at FCX

At FCX, we have a choice in what solutions we wish to suggest to our clientele. As a result of the changes and outcomes we are witnessing, we felt it necessary to devise our own code of ethics around cloud computing and AI. Certain large corporations have already done so, and we too aim to step into the age of AI with our eyes wide open and with the right attitude. This is to best serve our clientele and their constituents ahead of what may arise.

If your organization has formulated an AI and Cloud Code of Ethics or is in the process of formulating one, I hope you might share it with us also in the comment section. We wish to be part of a community of responsible yet adventurous entrepreneurs and corporations who believe in the promise of technology to enhance and augment positive human capabilities.

Click here to access the FCX Cloud Solutions & Artificial Intelligence (AI) Consultation, Promotion and Implementation Support Code of Ethics.

Embracing the Future: Technology Predictions for 2024

Embracing the Future: Technology Predictions for 2024

4 Cloud Trends 2024January 3rd, 2024 – By Iris Lentjes

As we stand at the threshold of 2024, businesses in the US are set to undergo even further change as a result of technological advancements in the IT sector. Our key predictions represent impactful trends in the Cloud Services, IT and Software space. We predict executives and entrepreneurs will need to pay close attention to the course IT technology will take in the coming year to reap the benefits and stay on track.
Let’s take a look at  the  trends we anticipate to see in cybersecurity, artificial intelligence (AI), remote work and sustainability.
1. CYBER SECURITY EVOLUTION: A LAYERED APPROACH

While the flexibility and scalability of technological applications such as Cloud Infrastructure, Software as a Service, UCaaS and IoT have brought many benefits, the correct implementation of cyber security to protect valuable data assets will remain a priority in 2024. Most executives will continue to recognize that cyber security threats are making businesses vulnerable and will want to continue to implement the necessary solutions. To meet the demand, providers will be working diligently and gear up to introduce and expand comprehensive cybersecurity bundles. The solution sets will be layered, addressing vulnerabilities from multiple angles. While this promises a positive shift in accessibility with prices expected to rationalize, this trend will come with a caveat. Investments in robust cybersecurity infrastructures will be non-negotiable and therefore a new fixed added expense.

In an era where data is king, securing it will continue to be a top priority for businesses and a core part of digital transformation strategies.

2. AI INTEGRATION: A COLLABORATIVE DECISION

After the initial excitement and shock around the level of sophistication of generative AI in 2023, Artificial Intelligence will continue to be used in businesses, but decision making around which applications to implement will be a collaborative process. Customer Service, Operations, Logistics, Production and Marketing departments in various sectors will continue to benefit. The more innovative and creative stakeholders can be when leveraging this powerful technology, the greater the gain an organization can make.

However, as organizations prepare for AI integration, decision-making will evolve into a collective effort. A group of stakeholders within the company will need to deliberate over AI implementation and application investment. This due to the need to focus on ethics and accountability of implementation and presentation to customers and end users. Also, the AI journey demands thorough evaluation before investment. This due to cost of cloud migrations, design and programming, emphasizing the symbiotic relationship between technological advancement and responsible decision-making.

3. THE NEXUS OF AI AND REMOTE WORK: REDEFINING PRODUCTIVITY

When looking at the combined effect of AI and technology enabling effective remote work it seems logical to conclude that traditional work paradigms will be further revolutionized. Expect an impactful shift in human resources as AI takes the reins of routine tasks, freeing up employees to concentrate on higher-value responsibilities. This transformative dynamic necessitates an organizational embrace of change. Those who adapt swiftly to the evolving landscape of AI and  remote work will undoubtedly lead the way in fostering enhanced productivity and job satisfaction.

4. RESILIENCE AND SUSTAINABILITY: A TWIN FOCUS

With AI redefining the very nature of work, businesses are turning their attention to resilience. AI will help either entrench or shift corporate objectives altogether. This will drive the c-suite to focus on preserving and enhancing core competencies so the company can pivot towards new directions. How work will be done will shift – the mission of the business may not.

Simultaneously, climate change and shifts in weather patterns will continue and efforts to reduce, reuse and recycle a more obvious choice around production processes. In response, businesses will become more aware of the need to direct their efforts towards sustainability initiatives. The dual commitment to resilience and sustainability underscores a conscious effort to not only weather the storms of technological change, but also contribute to a more sustainable future.

As we step into 2024, these predictions serve as guideposts for businesses navigating the intricate intersection of technology, ethics, and sustainability. Embracing change, fostering resilience, and upholding ethical standards will be the linchpins of success in the technologically charged years ahead.

2024 is here, and it beckons us to forge ahead with innovation, collaboration, and a shared commitment to a digitally empowered future.

Ransomware – When and How? And How to Protect Your Business

Ransomware – When, How? And How to Protect Your Business

cybersecurity-2022-blocking

Ransomware – When, How? And How to Protect Your Business

(By Taslim Khan. This article was originally posted in the This is Queensborough – July 2023 Edition and has been slightly amended for this format)

Ransomware is not a question of IF, rather When. It is not our intention to create unrest or panic among
businesses and the readers; rather to prepare you – Ransomware attacks are a reality today. Businesses of all sizes are targets. A small firm with 5 employees is just as much a target as the large multi-billion-dollar companies such as Target, Sony, T Mobile, YUM Brand (KFC, Taco Bell, Pizza Hut). 60% of the Small to Medium Businesses (SMB) have experienced a data breach. However, be assured that all businesses are under attacks of ransomware. Even municipalities and city governments had to pay large ransoms to free their network. The list, very unfortunately, is long and only growing. To the threat actors – dollar is green – from every source – large and small – private, government, for profit, non-profit – Ransomware is an equal opportunity offender.

HOW & WHEN?Ransom ware, Cyber attack concept. Warning message on a computer screen. Woman working with a laptop. Office business wood table background.

So, let’s take a look at how Ransomware works. In almost every case, there was a sleeper agent that got into a network, typically 6-12 months before the actual attack was initiated. This agent/malware monitors all the traffic and analyzes data. The Threat Actors – the bad guys – gather all the critical business and financial data – including daily financial transactions, deposits, bank balance etc. Once enough information is gathered and a plan of attack is solidified – the attack takes place.

90% of the Ransomware attack gets initiated through an email. Typically, an email is sent to many users on the network. The email is spoofed and made to look like it was sent from a reliable/trusted source. It could be made to look like it is coming from the CEO or the CFO of the company with their name on the email address. With an embedded link and instructions – such as “Hey Joe, yes this invoice is approved – please remit payment” Once that link is clicked – BOOM. The network and the server(s) are completely locked down. A message will appear on the user’s screen with instructions to make ransom payment. Unless that payment is made – the network stays locked, and your business comes to a screeching halt.

Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist


Chess board towerHow to protect your business?

To secure your network & protect your business, a multi prong approach is required.
First, you must consider Managed IT infrastructure/service from an MSP (Managed Service Provider)
& Disaster Recovery as a Service (DRaaS) + Backup as a Service (BaaS) from an MSSP (Managed
Security Service Provider). Both these companies must maintain geo-diverse multilocational SOC or Security Operations Center, preferably with global locations.

Extra man power

These MSPs and MSSPs are manned by 40-50 security engineers & specialists per location. They monitor all traffic and the end points that are deployed and in production – in real time – 24/7/365. Eyes on the glass round the clock – all threats are dealt with and mitigated in real time before they reach your network. Your business infrastructure is always monitored and protected and the guys & gals protecting it are nerver closed – not on Christmas and not on New Years Eve.

This is the maximum protection your dollars can buy to secure your assets and protect your business. The security fortress can be quite elaborate and multi-layered. However, there are some absolute basic necessary measures that must be implemented.
They are as follows:

For your network:

  1. Next Generation Managed Firewall – for your entire network infrastructure,
  2. End Point Detection & Response – for all your server, desktop & laptops,
  3. Threat Intelligence Management Service – this will block all known threats before they can infiltrate your network/firewall.

For Back-up and Disaster Recovery:

  1. Backup as a Service (BaaS) & Disaster Recovery as a Service (DRaaS) – for your server,
    Backup as a Service (BaaS) – for your emails.

Again, network security is like Swiss cheese. There are lots of holes in it. There needs to be multiple layers of services from multiple different vendors to secure your network. How deep you want to go is up to your threat and risk tolerance.

Implementing the above services will significantly improve your security posture and protect your network. However, if you have been mandated to implement stricter security measures or cyber security insurance, then you may have to implement further network security measures. Please consult a Cyber Security Specialist to discuss your options.

An aerial shot of the Eltz Castle surrounded by trees in Wierschem, Germany

 

Reaping the Benefits of a Cloud Consultant: Reasons for Engagement, How to Evaluate and when to Disengage.

Reaping the Benefits of a Cloud Consultant: Reasons for Engagement, How to Evaluate and when to Disengage.

Expert Cloud Consultant ChoiceCSuite executives play an integral role in enabling the success of a company by making sure the right technology and partners are in place.

With the rapidly evolving IT landscape, it is becoming progressively difficult to stay updated on the latest technological advancements. Only 5 years ago, IT projects were mostly initiated by IT executives, however in 2023 operations and marketing executives as well as other important stakeholders play a significant role when deciding on technology procurement.

CHALLENGES IN THE CLOUD DECISION MAKING PROCESS

Because technology decisions can be complex, it is easy for a new project to get stalled or delayed because decision makers have a multitude of other responsibilities and do not always have their schedules aligned. And this can be challenging because even though 87% of companies believe digital will disrupt their industry, only 44% are adequately prepared for projected disruption due to digital trends.

To add to this, unfortunately, the technology marketplace is famously crowded and ascertaining accurate information complicated. And on top of that, most organizational leaders reassess their technology portfolio every 35 years as their term dates of a particular stack approach which means evaluations take place when decisions need to be made. There often is not enough time to get up to speed on what technologies are presently available, which will serve the organization best. A simple online search does not cover this need any longer in 2023.

What needs to happen however is for the whole team to be intheknow. The team needs to be able to focus on driving business outcomes and getting the necessary technology in place as swiftly as possible. Effective collaboration while everyone is fully informed during the evaluation process is key.

Accessible Technology Solutions EvaluationLEVERAGING CLOUD CONSULTANTS OR TECHNOLOGY ADVISORS

Cloud consultants and technology advisors, on the other hand, live and breathe this marketplace daily, keeping track of trends, providers, pricing, and more, to offer the most precise and current advice. They  quarterback technology projects for a living; they have the expertise to understand the project requirements and the decision maker’s point of view and can bring a team together. The consultant is an expert with a profound understanding of technology, covering from niche fields such as Artificial Intelligence and Machine Learning to the following services:

  • Data and cloud services
  • Cyber Security and disaster recovery
  • Hosting and content management
  • Software and hardware solutions as well as integrations
  • Sustainable IT and transformation
  • Voice, Messaging and Video (UCaaS, CCaaS, and SDWAN)

Cloud consultants are not restricted to advisory roles and can serve as invaluable partners in the development and implementation of businesses digital strategies. Using a holistic view and going through different factfinding steps can support solidifying overall business objectives as well as implementing specific efficiency enhancing feature sets.

In addition, cloud consultants will negotiate on behalf of the client with a fitting provider or vendor to guarantee budgetary requirements are met.

As a matter of fact, in general, working with a consultant makes sense for most small businesses in particular. Almost half of small businesses (44%) have hired a consultant in the past. (Source: Clutch, 01/2021) And more that than one in three small businesses (39%) have hired an IT consultant, making it the most popular type of consultant small businesses hire. (Source: Clutch, 01/2021)

omprehensive Technology Consultancy
TOP 10 BENEFITS OF CLOUD CONSULTANTS:

To summarize, the top 10 benefits of employing a Cloud Consultant are as follows:

1. Provide knowledge to make decisions and consolidations in the best interest of the company. Providing technical direction throughout the purchasing process. Secure tailored strategy and solution planning.

2. Offer adept practices for cultural transformation when deploying new technologies. Planning the implementation and providing documentation for training initiatives.

3. Auditing technology stacks and specifying a businesss digital goals. This frees up time for the executive team to focus on driving business successes and strategies.

4. Lead you on navigating the IT landscape and leveraging emerging technologies.

5. Optimize the use of both technological and financial resources and future proofing the business.

6. Streamline to a single point of contact. Keeping an inventory of the technology stack and providing ongoing support for this stack.

7. Utilize artificial intelligence (AI) and machine learning tools for customer service.

8. Offer thorough sidebyside technical and pricing comparisons. Delete pressure from quotabased supplier/carrier salespeople.

9. Leverage an extensive network of Cloud, IT, Telecom and Software service providers.

10. Vets the technical services market for the best fit for the client search engines may support the client in fact finding however much information about how well providers perform in real life settings is not published online.

By enlisting a Cloud Technology Consultant, you can capitalize on these benefits and be confident that your business will be optimized and better served by the best available services in the marketplace. Make sure to do your research and vet the consultant/advisor you’re considering for a successful outcome.

Cultivate Cloud Service NetworkHOW DO CLOUD CONSULTANTS GET PAID?

Like insurance brokers, some cloud consultants are also Technology Service Distributors (TSD) or brokers. As such, the initial consultation may be free of charge frequently. However, when working on custom or more complex projects a retainer fee will be added because the consultant will have to spend time researching the project.

The fact that consultants are remunerated by the service provider(s) may appear a bit conflicting; however, be assured that because a consultant is working with several different service providers. The goal is to deliver the best possible solution at the best possible price and support to the end user. Long term partnership with the end user is every consultant’s/TSD’s ultimate goal. Given the nature of this dynamic, typically customers/businesses can expect technology and vendor recommendations from Cloud consultants that is free of bias. This is a significant step up from dealing with any one carrier’s direct sales team.

Providers desire to make their solutions known to as many businesses and organizations as possible and consultants will do their best to be aware of as many technological solutions as possible without necessarily recommending them to a distinct end user. This tends to cause a bit of a demanding dynamic between the advisor and the provider and it’s the job of the consultant to make sure the end user does not have to through this process of selection or relationship building with the technology provider.

While providers benefit from not having to employ cloud consultants and therefore do not need to pay them a salary and benefits, they usually feel ambivalent about the fact that consultants will bring in various vetted providers for organization to choose from. Additionally, to serve their clients best, consultants fight for favorable contract terms and are not bound by quota, which leaves them free from the pressure to offer a certain set of services.

DEMONSTRATING ROI

According to The Predictive Index, 27% of surveyed businesses chose not to hire a consultant because the consultant could not demonstrate ROI. This is the most frequent reason for companies not using consultancy services (Predictive Index 03/2019).

FCX understands this and as a result we have created the Cloud Cost Calculator to provide insight. 

Market Optimal Solutions Evaluation
EVALUATING CLOUD CONSULTANTS

When selecting a Cloud consultant to partner with, it is necessary to appraise their experience and success in the industry. So what should one look for in a consultant? Of course, make sure your consultant displays intelligence, expertise, flexibility and a future ready mentality as well as a successful track record of accomplishment.

Besides this, we suggest having following questions answered:

  1. What sets your model apart from others?
  2. How much experience does your team have in the field?
  3. Can you demonstrate the benefits of your services?
  4. What is your approach to handling complicated problems?
  5. Can you provide illustrations of successful projects you have completed?
  6. Who are your other clients?
  7. Can you provide references?
  8. Is your team keeping up with certifications?
  9. Is your organization solvent and plans to stay active within the next 15 years in this area?

Digital Business Strategies which are Future-proof
TRANSITIONING AFTER THE PROJECT:

It is up to the organization to engage the consultancy for ongoing support. When transitioning from a project phase to a maintenance phase the following considerations can be made:

  1. In-house Expertise: If your organization has developed sufficient in-house expertise during the project, it may be feasible to handle the maintenance phase independently. The technology advisor’s role may have been primarily focused on the project’s implementation or specific technical aspects, and your team can now take over the ongoing maintenance responsibilities.
  2. Established Support Mechanisms: If your organization has established support mechanisms or dedicated technical teams that can handle maintenance tasks, such as troubleshooting, bug fixing, and updates, it may not be necessary to continue engaging the technology advisor. With the appropriate resources and processes in place, you can effectively manage the maintenance phase internally.
  3. Contractual Agreement: Sometimes, the engagement of a technology advisor is limited to a specific project phase, and their contract explicitly states that their involvement ends upon project completion. In such cases, it is natural to disengage from the advisor and transition into the maintenance phase, as per the agreed-upon terms.

It is important to communicate the transition plan clearly with the cloud consultant, expressing appreciation for their contributions during the project phase. Providing a smooth handover and documenting any specific knowledge transfer can facilitate a seamless transition into the maintenance phase while maintaining a positive relationship with the consultant.

Picking the right consultant is pivotal to the successful adoption and implementation of a cloud solution. With so many options available it can seem daunting; but it doesn’t have to be. By having the right questions and building a trusting partnership with your technology advisor, you can use their expertise and experience to make the best choice for your business. Ultimately, there are so many benefits from incorporating an cloud consultant within your business that it’s hard to ignore. By taking advantage of a cloud consultant’s experience and relationships, you can ensure that you are making the best decisions for the future of your business.

Qualifying for cyber security insurance – Part 3: Staying in Compliance

Qualifying for cyber security insurance – Part 3: Staying in compliance


Matsumoto Castle88% of companies now consider cybersecurity a business risk. The time may come when the executives of a firm want to draw up their battle plans. They might have heard of a competitor who got affected and lost significant revenue. They might have seen or read a story in the news which raised an alarm, as so many stories around cyber attacks do these days. The time for action is now.
So how can a business get from a house built with straw and clay to a full-blown fortress with solid walls, watch towers and a strong roof? Below are some suggestions our team of consultants compiled to go from here to there.
STAYING IN COMPLIANCE: THE MOAT, THE DRAW BRIDGE AND THE FLAG.

Before we dive in, let’s step back for a moment. How do data breaches happen? What are the hacker’s strategies? What are the weaknesses they are looking for? Once we learn their tricks – we can better prepare and put the right security measures in place that will simultaneously protect our business while staying within budget and compliance. If done right – we can fight fire with fire.

  1. Research: The  criminals looks for weaknesses within the network. These include:
    • Unsecured network.
    • Unsecured communication channels such as unencrypted emails.
    • Software that has not been updated to the latest version with the necessary patches.
    • Attempt to hack into user account through bugs within an applications.
    • Taking possession of credentials and passwords. The hacker can be aided in this by software that run through millions of the most popular credentials and tries them out on the system (think “12345” or “password).
  2. Attack: The cyber criminal contacts the network or performs a social attack.
    • Network: take advantage of any or all of the weaknesses described above.
    • Social: tricking or baiting employee via email to giving out their password or opening a malicious attachment/link.
    • Prepare for extraction of data or control of the network: Once inside, The criminal plants a piece of malicious software or malware on the network.
  3. Control of your Network: Once they gain access, the hackers are in your network planting malicious software and or malware.
  4.  Exfiltration: The criminals now can track all your web traffic including sensitive information. They have the means to lock down any and all machines within your network including the server. Then they will demand a ransom – typically a financial payment of a significant proportion. This is a “Ransomware attack”. They can start deleting files if you do not that ransom within their demanded time frame. This is really bad news.

Now that we have gained insight into what cyber criminals are looking for and will do when attacking an organization, we can come up with a list of components a business must implement to build a castle that does not look appealing to pillagers.

  1. Network security: Fully managed Firewall with anti-malware and anti-spyware that will include MDR or Managed Detection & Response. 
  2. Internet security which is designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, anti-malware, and anti-spyware.
  3. Applications, data, and identities are moving to the cloud – traditional on premise security stack is simply not intelligent enough to counter the latest threats. Only Cloud Security can deliver maximum and the most up to date protection. It can help secure the usage of Software-as-a-Service applications and the public cloud.
  4. Application security diminishes the likelihood criminals can gain access. It helps prevent is an added layer of security which involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software. This coded into the software itself.

Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist


Going Beyond ComplianceGirl goes over the bridge
The role of IT staff, CTOs and IT-Directors is changing yet again.

When going down memory lane, some of us may recall the role of an IT staff member in the 80s and 90s – it was a very hands-on position, this team member was an all-rounder and had the skills to mostly manage on-site devices themselves. In the early 2000s even more technical knowledge to manage the network was required and very specific skills were needed. The IT team would start engaging and leveraging their partner carriers and IT manufacturers more and more. In the 2010s, a shift took place where IT executives needed to become advisors to the other c-suite members: IT technology had become something that started to shift away from the local area network to the wide area network, managed by the cloud provider. Fast forward to the here and now, the 2020s: IT technology is now a core business driver, and most businesses have various IT projects ongoing all at the same time.

This brings us to cloud based and managed security solutions and why it seems wise right now to make a shift to managed security services.

Increased requirements to provide adequate cybersecurity can not be done by internal staff alone.
    1. The majority of breaches happen in the weekend and during holidays. Internal IT staff often can not work around the clock. This matters because the average time to contain a breach is 80 days (IBM).
    2. It takes an average of 287 days to identify a data breach (IBM). Businesses deserve 365/24/7 monitoring by a network operations center.
    3. Organizations with more than 60% of employees working remotely had a higher average data breach cost than those without remote workers (IBM). It’s harder for IT teams to monitor remote workers.
Internal staff benefits from managed and cloud based security services:
    1. More time to spend on core initiatives that drive revenue rather than worrying about security.
    2. It’s challenging to keep up with certifications and monitoring when attacks are becoming more and more sophisticated.
    3. Focus on staff education, communication and design of virtual desktop space to prevent breaches from happening in the first place.
Compliance is becoming more stringent.
  1. All business in NY state for example need to be in compliance with the SHIELD Act. Businesses in the financial and healthcare industry require compliance to continue to do business. Managed security providers will explain what compliance are met when a new subscriber considers enrolling with their service.
  2. Fines and penalties for non-compliance are an avoidable expense.

Water lily moat


(more…)

Qualifying for cyber security insurance – Part 2: Going down the checklist

Qualifying for cyber security insurance – Part 2: Going down the checklist


Medieval fortified city of Carcassonne, France
88% of companies now consider cybersecurity a business risk. The time may come when the executives of a firm want to draw up their battle plans. They might have heard of a competitor who got affected and lost significant revenue. They might have seen or read a story in the news which raised an alarm, as so many stories around cyber attacks do these days. The time for action is now.
So how can a business get from a house built with straw and clay to a full-blown fortress with solid walls, watch towers and a strong roof? Below are some suggestions our team of consultants compiled to go from here to there.
BUILDING THE FORTRESS: THE ARCHITECTURE, THE BRICKS, MORTAR, THE WATCH TOWER AND THE ROOF.

Before we dive in, let’s step back for a moment. How do data breaches happen? What steps to hackers take before they breach and what weaknesses are they looking for? If we can learn more about this we can use that knowledge to make wise decisions around implementing the right IT infrastructure so we can stay within our budget and make compliance doable for all employees.

  1. Research: The cyber criminal looks for weaknesses in the company’s security. The comprise of:Ancient Catapult
    • Looking for an unsecured network.
    • Looking for unsecured communication channels such as unencrypted emails.
    • Looking for outdated software which is missing a software patch.
    • Attempting to get access to user accounts through bugs in applications.
    • Taking possession of credentials and passwords. The hacker can be aided in this by software that run through millions of the most popular credentials and tries them out on the system (think “12345” or “password).
  2. Attack: The cyber criminal contacts the network or performs a social attack.
    • Network: uses one of the previously mentioned weaknesses to infiltrate the organization.
    • Social: attempts to trick or bait employees in an email in giving out their password or opening a malicious attachment.
  3. Prepare for extraction of data or control of the network: Once inside, The criminal plants a piece of malicious software or malware on the network.
  4. Exfiltration: Depending upon the type of malware is in place the criminal can track what a user types into a machine or locks the system and demands a ransom from the company so they can regain access to their data. Once the hacker extracts the data or can show proof of having the data, the attack has been completed.

Now that we have gained insight into what cyber criminals are looking for and will do when attacking an organization, we can come up with a list of components a business must implement to build a castle that does not look appealing to pillagers.

  1. Network security which prevents unauthorized or malicious users from getting inside the network. Network security needs to take place on every single endpoint: PCs, laptops, smartphones and IoT devices.
  2.  Internet security which is designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, anti-malware, and anti-spyware.
  3. Applications, data, and identities are moving to the cloud. The traditional security stack will not protect this platform. Cloud security can help secure the usage of Software-as-a-Service applications and the public cloud.
  4. Application security diminishes the likelihood criminals can gain access. It helps prevent is an added layer of security which involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software. This coded into the software itself.
Also: Qualifying for cyber security insurance – Part 1: The Basics

(more…)

Qualifying for cyber security insurance – Part 1: The Basics

Qualifying for cyber security insurance – Part 1: The Basics


Insurance ConceptWe have all seen the news: large corporations and government agencies alike have been under attack in cyber space.
Maybe some of your clients have been breached as well? Cyber Security Insurance might be a solution you are looking to offer to your clients. In this post we discuss some of the basics your clients can do when starting their journey to the cloud.
 
THE BASICS: THE FOUNDATIONS OF THE FORTRESS.

The number 1 component what matters is the level of urgency and importance executives give to securing their businesses. If cyber security is a priority, reputable providers can step in and implement a solid cloud based IT infrastructure which prevents and mitigate breaches.  No matter the size of business, big or small, every business needs a modern, up to date cyber security infrastructure. And while cybersecurity insurance premiums are going up 20-30% due to the increase in attacks, here are a few reasons why:

  •  88% of companies now consider cybersecurity a business risk. (Gartner 2022)
  • The average ransom payment made by PaloAlto case workers in 2022 was $300,000. (Paloalto 2022)
  • 60% of companies victimized by ransomware experienced revenue loss (Thrive 2022).
  • A cyber-attack occurs every 39 seconds (University of Maryland).
  • About 1 in 6,000 emails contain suspicious URLs, including ransomware. (Thrive 2022).
  • The average downtime a company experiences after a ransomware attack is 21 days. (Thrive 2022).
Also: Are You Affected By a Data Breach?

Castle of the MotaNo fortress will hold if the foundations which must support the walls are built on shaky ground. At a minimum businesses need to implement the following:
An attitude of responsibility and vigilance. Standford university reports at 88% of breaches can be contributed to human error.
    1. Avoid weak and default user credentials.
    2. If sharing passwords, use a password management service. Lastpass offers service for $6/user/month for example.
    3. Implement multi-factor authentication.
    4. Keep hardware and software up to date.
    5. Make sure all staff receives basic cyber security training during on-boarding with the company.
    6. Enforce IT policies and procedures.
Implement basic cyber security services:
    1. Install a cloud based firewall or any other reliable form of 24/7/365 monitoring of in and outbound traffic.
    2. Store all sensitive and confidential data on platforms which have been proven to be safe – an encrypted drive or an CRM which is fully compliant. Storing sensitive data offline is also an option.
    3. Subscribe to a service which can preform routine data backup and recovery tasks.
Prepare for a possible incident:
    1. Create procedures around lost or stolen hardware and equipment, making sure they can be disabled as soon as equipment has vanished.
    2. Create a disaster recovery or business continuity plan and perform an annual drill, making sure it works.
    3. Communicate and educate all employees.

The world is changing quickly and our reliance on IT technology is increasing day by day. Prudent planning and management can keep businesses in the game. Digital transformation can bring opportunities and flexibility but this needs to be done in a way where the fundamentals are covered and assets remain secure.


(more…)

How to establish if you are affected by a data breach – and what to do next

How to establish if you have been affected by a data breach & what to do next


partial view of woman typing on laptopThink you’ve been involved in a data breach? 
This post can support you in finding out where and when, and it lists a suggested course of action to take.
THE SOURCES AND COMPONENTS OF A BREACH
Generally speaking, there are 3 types of data breaches : A) A physical breach. This involves the physical theft of documents or equipment such as PCs, POS systems and bank cardholder receipts. B) An electronic breach, where a LAN is purposefully attacked.  C) Skimming, where data on the magnetic strip of POS systems are captured and recorded.

Which type of breach happens most frequently? If we can know, then we can take action. Upon investigating we found that according to DarkReading, a leading online source of Cyber Security Information, the 3 most common sources of data breaches in 2021 were:

1) Phishing or stolen credentials as a result of a cyber-attack (87%)

2) A mistake, such as lost devices or incorrect configuration a system (10%)

3) A physical attack, such as a skimmer at a gas station pump that steals payment card data (3%).  Over a third (38%) of data breaches did not reveal the root cause of a compromise (not specified, unknown, or not available), a 190% increase since 2020.  (DarkReading 02/04/2022)

This means that 97% of attacks are theoretically speaking mostly preventable as much can be done to prevent attacks and human error.

metal-knight-helmet-lies-at-the-feetTHE IMPACT OF A BREACH
Depending upon the type of data involved, a breach can result in:
  1. Destruction or corruption of databases,
  2. The exposure of sensitive and confidential information,
  3. And theft of intellectual property.

Regulatory requirements to notify and possibly compensate those affected. Consumers want to conduct business at companies that they deem safe so known cyber incidents will impact the reputation of a business leading to loss of clientele.

This culminates in statistics which are hard to digest: 60% of small businesses will shut down within six months of an attack and larger companies report an average loss of $4.24 million in revenue as a loss of business as a result of an attack.

Moreover, what makes attacks difficult to deal with is not only the loss of data, money and trust but also the psychological impact of the incident itself, heaving the executive team feeling they have been robbed or an equivalent thereof.


 
YOU ARE NOT ALONEMobile-phone-in-female-hands

According to the Identity Theft Resource Center’s 2021 Data Breach Report, there were 1,862 data breaches in 2021. This was a 68% increase as compared 2020. Unfortunately, the previous record of 1,506 set in 2017 was shattered that year. The reason for this increase according to PBS, is that more companies are choosing to pay the ransom to get their data back, and cyber criminals feel encouraged as a result.

Statistics are showing that the majority of cyber attacks in Q4 of 2021 took place in the Finance Industry (17%), closely followed by the Healthcare (14%), Professional (13%), Public Administration (12%), Information (11%) and Manufacturing Industries (9%).

HOW TO FIND OUT IF YOU WERE BREACHEDSiege Tower

Some telltale signs that you might be under attack are the following:

  • Notices of Failed Login Attempts – this would be a sign of malware being present.
  • Unauthorized downloads where you do not remember downloading an application and one suddenly appears.
  • The cursor moves by itself.
  • Your antivirus software is disabled.
  • Your contacts are starting to receive strange messages from you.

If you use a password manager service, such as LastPass or Dashlane you could take a look at the security dashboard offered. It is also possible they may notify you.

A free online resource available to you is a website called HaveIBeenPwned.com. It was founded by Microsoft Regional Director Troy Hunt and contains a database which lets you check if one of your email addresses or passwords has been compromised.

If you suspect a breach, we recommend you visit the site and enter all of your work and personal email addresses to verify if you have been compromised. The site will let you know their findings.


 
If you think you have been hacked, take the following steps in order of importance:Lightning strikes a knight
  1. Secure your operation (Source: Data Breach Response: A guide for Business):
    • Secure physical areas suspected to be related to the breach. Unfortunately, a breach can also come from inside.
    • Mobilize your response team.
    • Assemble a team of experts to conduct a comprehensive breach response: Identify a data forensics team. Consult with legal council. Do not destroy evidence.
    • Stop additional data loss  by monitoring in and outbound traffic.
    •  Change all of your passwords as soon as possible and make sure those passwords are very strong. This might prevent certain damage from happening.
    • Remove improperly posted information from the web.
    • Interview people who discovered the breach.
  2. Notify employees. The attack may still be underway.
    • What happened
    • How you are fixing the issue
    • Steps they must take to protect themselves
  3. Notify your Cloud Provider and MSP or IT vendor so they can assist you. Make sure the best trained IT personnel is handling your case. This is the equivalent of your house being on fire in the virtual world.
  4. Never pay a ransom. Contact local law enforcement instead and file a police report as soon as you can after the breach has been contained.
  5. Assess and contain the damage. Ensure your damage control team activates your disaster recovery or business continuity plan.
    • Use your checklist:
      • Is the breach contained?
      • What has been damaged?
      • What steps are we taking next?
      • Who needs to know – if confidential data was exposed take steps to notify those who are potentially impacted as well as the appropriate government agencies.
  6. Take data restoration steps. This is different for every company.
    • Take systems offline until security updates can be applied.
    • Restore files from back-up.
    • Enable multi-factor authentication.
    • Ensure all password are changed on all end points.
  7. Notify customers and consumers. If you post on social media notify followers, friends and family members.

While this does might feel counterproductive, communicating with the outer world disempowers hackers. The reason is that most hackers attempt to extort funds by leveraging their power and the way they go about is by scamming or blackmailing you or your customers through social engineering, creating a chain of victims where one friend chained to the next gets effected. Second, hackers might post sensitive content on your own profile. If you are an employee or have important positions this might impact your reputation. Write a short note explaining you have been hacked. Asked your contacts to let you know as soon as they see suspicious activity while you are mitigating the incident.   


 
AFTER THE FIRE HAS BEEN PUT OUT – WHAT TO DO TO PREVENT FUTURE BREACHEScastle ksiaz in Swiebodzice Poland

After the attack, take the following steps:

  1. Full understand your risk profile – every industry has particular attack vectors and carry certain information valuable to the organization. Identify and classify different cyber attach scenarios.
  2. Enforce policy and train staff.
  3. Make sure to back-up critical information offline.
  4. Invest intelligently in security solutions.

To read more, please see this brief from the CISA, listing the steps to take to prevent ransomware attacks.


(more…)
Scroll to top
Cloud 9 - Delivered!

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

Cloud 9 - Delivered! will use the information you provide on this form to be in touch with you and to provide updates and marketing.