800-214-0957 info@blackbottleit.com

Ask the Experts

Inspired by our Clients & the Time of Year. October is Cybersecurity Awareness Month!

FAQ

Ask Any Cybersecurity Related Question!

Just email our Tag-Team Michael Valentine and Matt Kerr at AskTheExperts@BlackBottle.io.

 

Each time you revisit this page… you should see the Q&A growing to answer your questions.  No question is a dumb question, so ask away!

Michael Valentine
Matt Kerr

Michael Valentine Responses:

Matt Kerr Responses:

How often should our team study Cybersecurity Awareness Training?

Cybersecurity Awareness Training is an important part to both protecting your business and  your staff. We here at Black Bottle IT perform awareness training and phishing campaigns every month. The reason you want to do both on a monthly basis is because it gets your users use to identifying phishing emails with the phishing campaign. Awareness training keeps your users engaged and keeping your staff educated on different ways malicious actors try and compromise them to steal their data or company data. People often dislike Cyber Awareness training, but that training can help you both in the workplace and outside of the workplace. So I think it is a valuable tool that can be used to help protect you and your business

Why should we implement a table-top cyber incident exercise?

Black Bottle IT actually worked with a payroll company on a tabletop exercise.  Knowing who to call first when a breach happens is extremely important.

Preparedness: It helps organizations prepare for potential cyber incidents. Teams can identify weaknesses in their incident response plans, procedures, and personnel skills by simulating various scenarios. This preparation is essential because cyberattacks can happen at any time.

Risk Mitigation: Conducting tabletop exercises allows organizations to identify and mitigate risks proactively. They can identify vulnerabilities and weaknesses in their systems and processes and take steps to address them before a real incident occurs. 

Our business has antivirus software, why isn't that enough?

No surpise, Black Bottle IT receives this question quite often.  

Antivirus software is an essential component of cybersecurity, but it’s not a comprehensive solution on its own. While antivirus programs are designed to detect and remove known viruses, malware, and some types of threats, they have limitations:

  1. Limited to Known Threats: Antivirus software primarily relies on signature-based detection, meaning it can only recognize and protect against threats for which it has known signatures. It might not detect new or unknown forms of malware or sophisticated attacks that haven’t been previously identified.

  2. Doesn’t Cover All Threat Vectors: Cyber threats are diverse and can come through various channels—emails, websites, removable media, network connections, and more. Antivirus software might not cover all these entry points, leaving gaps for attackers to exploit.

  3. Inability to Protect Against Advanced Threats: Advanced persistent threats, zero-day exploits, or targeted attacks often bypass traditional antivirus software. Sophisticated malware can be designed to evade detection by such software.

What is Zero Trust, and how is it changing cybersecurity strategies?

Zero Trust is a security model that assumes no one, inside or outside your network, can be trusted by default. It emphasizes verifying every user and device trying to access resources, applying the “least privilege” principle to minimize access rights. This model is growing in popularity because of increased remote work, cloud services, and the frequency of insider threats. Organizations are shifting to Zero Trust to better protect data, especially in environments where perimeter-based security isn’t practical. 

How can I protect my business from supply chain cyberattacks?

Answer: Supply chain attacks occur when attackers infiltrate systems through third-party vendors or software providers. To protect your business:

  • Vet your suppliers: Ensure they follow stringent cybersecurity protocols.
  • Monitor for vulnerabilities: Regularly audit vendor software and integrations.
  • Use Endpoint Detection and Response (EDR): Track unusual behavior on all devices and endpoints.
  • Adopt a Zero Trust framework: Restrict vendor access to the minimum required. By keeping your suppliers accountable and enhancing your security posture, you can reduce the risk of being compromised by a supply chain attack.
How can my company improve its cloud security as more employees work remotely?

With increased remote work, ensuring cloud security is vital. Key steps include: Implement Identity and Access Management (IAM): Ensure proper access controls for cloud resources, and enforce multi-factor authentication. Encrypt data: Use encryption both in transit and at rest. Monitor cloud usage: Utilize cloud-native monitoring tools to detect unusual activity, like unauthorized access or data exfiltration. Conduct regular audits: Ensure compliance with security standards and address any vulnerabilities. Training employees on secure cloud usage is also critical in minimizing human error, often the weakest link in cloud security.

Are vulnerability scans really required?

Vulnerability scans are not always required, but they are highly recommended in any industry your business is in.

Risk Management – Vulnerability scans help identify and prioritize security weaknesses and potential threats, allowing organizations to see what’s vulnerable.

Best Practices – It is great for any industry to get alerts on devices that need to be updated before a malicious actor can exploit known vulnerabilities.

Regulatory Requirements – In some industries, regulatory authorities require organizations to conduct regular vulnerability assessments or scans. For example, the Payment Card Industry Data Security Standard (PCI DSS) mandates vulnerability assessments for organizations handling credit card data.

Compliance Standards – Many compliance standards and frameworks, such as HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), and NIST (National Institute of Standards and Technology) guidelines, recommend or require regular vulnerability assessments as part of a comprehensive security program.

What are the latest trends in cybersecurity?

Black Bottle IT sees trends such as AI-driven security, IoT security, and increased focus on supply chain security on the horizon in 2024.

AI-driven attacks – Refer to the use of artificial intelligence and machine learning technologies by malicious actors to conduct or enhance cyberattacks.

Automated Phishing Attacks, AI-generated Fakes -videos or audio recordings that impersonate individuals to deceive and manipulate targets, AI password cracking, AI Botnets

All this is possible from the EvilBot ChatGPT

Overall, technological advancements will necessitate a corresponding increase in security measures to protect against evolving cyber threats. These areas—AI-driven security, IoT security, and supply chain security—are expected to remain at the forefront of cybersecurity strategies in 2024 and the years to come.

Why isn't Traditional AV not good enough anymore?

Black Bottle IT describes it this way, there is so so, and then there is great!  Is your business great at what it does? 

Traditional AV — So, so

  • Can only detect previously known threats
  •  Minimal to no data collection
  • Minimal to no added features or benefits

 

 Endpoint Detection & Response (EDR)

  • Can detect previously known and UNKNOWN threats due to behavioral-based monitoring 
  • Complex and detailed endpoint data collection
  • Added features and benefits including application monitoring, threat-hunting capabilities, and advanced reporting
Why are ransomware attacks increasing, and how can I defend against them?

Ransomware attacks are increasing because they are profitable, relatively easy to launch, and target businesses that rely on uninterrupted operations.

To defend against ransomware:

Backup regularly. Ensure you have frequent backups stored offline.

Implement robust email filtering. Block phishing emails, a common ransomware entry point.

Update software. Regularly patch operating systems and applications to close known vulnerabilities.

Use multi-factor authentication (MFA): Reduce the risk of unauthorized access.

Preparing a response plan and educating employees can significantly reduce your chances of being affected by ransomware.

Office

7000 Stonewood Drive, Suite 222
Wexford, PA 15090

Hours

M-F: 8:30 am – 5 pm
Breach Hotline 24×7

Call Us

800-214-0957 (main)

800-214-0957 x700 (breach hotline)