Lessons From the Breach Hotline

by blackbottledev | Mar 7, 2022 | Breach Hotline, Breach Response, Cybersecurity

Email Compromise Trends The Highest on Breach Hotline: Lessons Learned

Breaches happen to ALL businesses. Of the calls into the Black Bottle IT Breach Hotline, 33% directly resulted from email compromise and user error! Unsurprisingly, ransomware was a close second that resulted in calls to the Breach Hotline.

Most often, scammers go right for the finance employees and their emails, and they use phishing or malware to access a finance employee’s email account, such as an accounts receivable manager. Then the scammer emails the company’s suppliers fake invoices that request payment to a fraudulent bank account.

Types of Breaches You Should Know About

Backdoor Attack: A backdoor is a malware type that negates standard authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, allowing perpetrators to issue system commands and update malware remotely.

Printer Cyber Attacks: Hackers can connect your printer to a botnet, which can be used to steal your data and carry out cyber attacks.

Spoofing Attacks: When someone or something pretends to be something else in an attempt to gain your confidence, get access to your systems, steal data, steal money, or spread malware.

User Error: An unintentional or lack of action results in a data breach; this category includes activities like downloading infected software and keeping a weak password.

Email Account Compromise: EAC is not limited to phishing and malware emails to compromise victims’ email accounts, gaining access to legitimate mailboxes.

Ransomware: During the first half of 2022, there were an astonishing 236.1 million ransomware attacks worldwide. The top five industries impacted include Banking and Financial Services, Education, Energy and Utilities, Government, and Manufacturing.

Third-Party Compromise: Third-party risk is the likelihood that your organization will experience an adverse event: data breach, operational disruption, or reputational damage. A third-party attack occurs when a criminal infiltrates your system through an outside partner or provider with access to your systems and data.

Data Leak: A data leak is when sensitive data is accidentally exposed physically, on the Internet, or any other form, including lost hard drives or laptops. This means a cybercriminal can gain unauthorized access to sensitive data without effort. The consequences may include the destruction or corruption of databases, the leaking of confidential information, and the theft of intellectual property.

What Can Businesses Do to Protect Themselves

According to Michael Valentine, Black Bottle IT’s Compliance Security Expert, the businesses that called their breach hotline over the last 24 months did not have monitoring; some only had Anti-Virus or nothing at all.

Having an incident response plan to manage third parties is also a must. While the benefit typically outweighs the risk for many third-party relationships, partnering with third parties increases your attack surface risk. At Black Bottle IT, we answer third-party relationships as it is not necessarily “if” but when an incident will occur and how severe it will be.

Human error continues to be a concern. Black Bottle IT and industry experts agree that Cybersecurity training should occur about two to three times per year — or almost every four to six months. One of the most common reasons security training programs fail is a lack of adequate planning and effort on behalf of organizations.

Tools alone don’t do the trick. Implementing multi-factor authentication, or MFA, across all devices and updating software is necessary. We alleviate businesses’ pressures, such as assessing and remediating against new attacks, protecting their organization against data theft, addressing skills shortages, and filling resource gaps.

Contact Black Bottle IT today for a no-obligation Cyber Risk Gap Assessment.

Black Bottle IT Joins MSP Alliance®

by blackbottledev | Jan 26, 2022 | Cybersecurity, Risk Management, Vendor Management

Black Bottle IT joins a vibrant global consortium of cloud-managed service providers and technology-enabling vendors.

MSPAlliance is the oldest Managed Services group and the only Accrediting and Standards based body created specifically for the Managed Services Industry. With thousands of members worldwide, the MSPAlliance is a powerful and influential global network of IT professionals. MSPAlliance works in a collaborative effort with service providers, technology-enabling vendors, governmental bodies, as well as other industry associations to further the acceptance of the managed services and cloud industry to the business consumer.

MSPAlliance Member companies can achieve MSP and Cloud Certifications including MSP Verify, Cloud Verify, GDPR Verify, Cyber Verify, SOC audits, as well as other certifications and audits relevant to this profession.

“We are delighted to have Black Bottle IT as a member of our global association,” said Celia Weaver, MSPAlliance president. “By upholding the MSPAlliance Managed Service Provider’s Code of Ethics, Black Bottle IT will work with MSPAlliance, as well as their industry peers, to help ensure the integrity of the managed services and cloud profession.”

ABOUT BLACK BOTTLE IT

When you choose Black Bottle IT, you are adding a TEAM of Experts to fight ransomware and cyber Criminals. For many organizations that make the move to Managed IT Services and Support they have been reliant on a small team who simply doesn’t have the skills or the bandwidth to do much more than fix problems as they occur. At Black Bottle IT, our Managed IT Service Team allows you to proactively manage the IT function so that your team and your goals are no longer hindered but enabled by technology.

ABOUT MSPALLIANCE

MSPAlliance® is a global industry association and accrediting body for the Cyber Security, Cloud Computing and Managed Services Provider (MSP) industry. Established in 2000 with the objective of helping MSPs become better MSPs. Today, MSPAlliance has thousands of cloud computing and managed service provider members across the globe and works in a collaborative effort to assist its members, along with foreign and domestic governments, on creating standards, setting policies and establishing best practices.

For more information, visit www.mspalliance.com

What Does Cybercrime Look Like

by blackbottledev | Jan 5, 2022 | Cyber Insurance, Cybersecurity, Cybersecurity Awareness, Risk Management

Have you gone phishing lately? It’s beginning to look a lot like cybercrime is just around the corner. But what does cybercrime look like? And, how will you know if cybercrime will impact your business?

The number one question our team at Black Bottle IT receives is, “Will my business be impacted by cybercrime?” The short answer is, “It is a question of when not if.” The short answer should encourage us all to learn a bit more about the most recent cybercrimes and their impact on small businesses.

Email and Internet Fraud Scenarios

You receive an event email titled “Your Market Growth Strategy Webinar Is About To Start!” but don’t see this event on your calendar or recall registering.
You receive a voicemail message attachment via email through a notable telecom company, but your company doesn’t utilize its services.
You receive an email marked “high priority” from what appears to be your boss. He claims to be busy in a meeting and requires urgent action on your part to call a specific number.

These are examples of phishing that seem legitimate and often create a false sense of urgency, leading you as the user to click on a malicious link within the message or give away confidential organizational or personal information that can be used to infiltrate your company’s networks.

#1 Email and Internet Fraud: Phishing

Globally, 323,972 internet users fell victim to phishing attacks in 2021. This means half of the users who were a victim of cyber crime fell for a phishing.

What’s Next?

Those who have personally lost money to a phishing scam typically file a police report with their local department and a fraud report with the FBI. But what happens when one of your employees clicks on a phishing email and transfers a large payment for services away from your business’s bank account to a fraudulent one? And then what if that incident turns into a breach that exposes your entire network?

Cyber Insurance

Peace of mind for your business’s cybersecurity doesn’t come from quick fixes or turning a blind eye to digital threats strong enough to put you out of business. It all comes down to a total risk management solution that provides peace of mind. What does this include:

Endpoint detection and response and segregated backups
Next-generation anti-virus
Multi-factor authentication everywhere
Cybersecurity training for employees
A cyber insurance policy specifically for your industry, size, and risk

Get started with Cybersecurity Employee Awareness Training today!

Cybersecurity Awareness Training

Employees Are The Largest Attack Vector

by blackbottledev | Aug 30, 2021 | Cybersecurity, Risk Management

By now, our inboxes, LinkedIn feeds, and websites of cybersecurity companies have all tried to tell you that Company employees are the most significant attack vector and pose the most considerable cybersecurity risk to all businesses. Those same companies advise firms to subscribe to some online training for “all your problems will be solved.” This advice, unfortunately, is not valid.

Since the early days of the westward expansion, fast-talking elixir salespeople have been peddling the magic potion that cures what ales you. As with most things, complicated problems demand a complex solution. This could not be more true when evaluating cybersecurity risks and putting together a strategy to lower those risks.

It’s true; cybersecurity awareness training does affect reducing employee-related cyber attacks. However, it’s only a piece of a larger strategy to improving a companies security posture.

Black Bottle IT advises clients to address six critical areas to tangibly lower cybersecurity risk.

Security Awareness Training – Online training, monthly newsletters, in-person training. These are all great ways to educate employees on the day-to-day threats. Education material needs to be delivered with more regularity, we recommend monthly.
Email Security – Email is the most common way employees get duped into giving credentials or cutting a check to the wrong payee. Email security alone just isn’t enough. A phishing AI engine that learns employee email habits can effectively flag and stop the excellent attackers from posing as an executive and social engineering an incident.
Security Operation Center — Having suspicious activity analyzed in almost real-time to detect unauthorized network access is critical to stopping/limiting a cyberattack before any real sensitive data is stolen. Some companies may have cyber tools to alert, but having the expertise to analyze alerts, determine if the threat is credible, and quickly determine the next steps is crucial to respond to an actual attack.
Ransomware Protection — Stopping a ransomware attack before it encrypts meaningful amounts of data is the best peace of mind a company could ask for. Bad actors will attack, employees will click on threatening emails, and ransomware will try to encrypt critical data.
Solid Back-Up Strategy – In the unfortunate event of ransomware attacks, having off-site, isolated back-ups is the only way to restore business operations and prevent a costly crypto payment from resuming operations.
Incident Response Planning — Knowing the who, what, where, when a cyber-attack is suspected saves valuable time when a cyber threat is supposed. Performing annual “fire drills” to simulate actions taken during a cyber attack will ensure a quick response and could potentially limit the damage during an actual incident.

Ok, so there are seven recommendations, but this one is outside our expertise. We’ve seen enough offer this advice:

7. Cyber Insurance — having a good cyber insurance policy can further reduce the financial risk of a cyber attack. Most companies with some kind of cyber insurance have no idea if the coverage is correct for their level of risk. Look to FifthWall Solutions for more information about access to the right insurance policy for your size of business and industry.

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014. Connect with John here.

Investing in Cyber Security is Risk Management

by blackbottledev | Aug 23, 2021 | Cybersecurity, Risk Management

When talking to IT leadership, one of the most common things we hear is how difficult it can be to justify the investment in cyber security to the stakeholders of the Company.

Let’s face it, Companies invest in technology and expect to see an ROI from operational efficiencies, increase market share, or launching of new products or services. Most experienced IT leaders understand this; hence, it’s hard to justify the effort to vet potential vendors and/or new technology, craft a proposal to justify the need, only to have the Company’s stakeholders look up and say — “Where’s the ROI on this investment?”.

Is there a Tangible ROI in Cybersecurity?

It’s true; there isn’t a tangible ROI that can be easily calculated. How to put a return on recovering from a fictitious – “it can’t happen to us” data breach scenario. Besides, having anti-virus/malware and a solid backup strategy is enough to protect us from a nasty virus or ransomware attack, right? And in the event there is an incident, the Company probably has done its fiduciary responsibility and secured a cyber insurance policy, in the unlikely event an employee would click on a bad email and allow bad actors access to the network and sensitive data. So, where’s the risk? Insurance will cover the financial burden.

The hard truth is, all IT Leaders know their Companies need better cyber security tools. But most of the time, it’s never part of their budgets, or it’s the first line item that gets trimmed during financial planning. And that is leaving lots and lots of companies exposed to lots and lots of risk.

Here are some statistics to show just some of the exposure Companies are facing:

43% of data breaches involved small businesses.
24% of data breaches are caused by human error
29.6% of companies will experience a data breach in the next two years.
The United States has the average cost of a data breach at $8.19 million
The average size of a data breach is 25,575 records
The average time to identify a security breach is 279 days
780,000 records are lost to hacking each day

So really, the conversation around cybersecurity is a risk management issue.

Can your company accept the risk of no liability or workers comp insurance?

A cyber insurance professional put it in these terms to me — “Just because you have Workers Comp insurance doesn’t mean you stop putting down salt on icy steps and sidewalks.” The same could be said for investing in cybersecurity solutions. Just because you have a cyber policy or some cyber security tools in place doesn’t mean you stop investing in new tools to lower your risk of a cyber attack.

What’s Next?

Our mission at Black Bottle IT is to help companies prepare, respond and remediate cyber incidents. We advise clients to invest in cybersecurity tools and services, and there is NO ROI. Still, your risk exposure will significantly be reduced, allowing the Company and its employees to continue serving their customers to the best of their ability.

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT. Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As a Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014. Connect with John here.

« Older Entries

Next Entries »