800-214-0957 info@blackbottleit.com
My Breach Story: Part 1

My Breach Story: Part 1

The Breach – Part 1


I’m not sure how many cyber security professionals have been on the receiving end of a data breach and had to navigate their way through it.  But, part of my passion for this industry was born in my experience.  I was a typical IT Manager, supporting a companies software and infrastructure.  They had a few on-site IT professionals, and some  outsourced partners, and were focused on growing revenue, operational efficiencies, and doing more with less.  The Company had what I’d consider typical security tools in place.  A firewall with IP blocking and blacklisting, a modern AV/Anti-Malware agent, email security tools, etc.


The Call

 

One typical day, I’m at a lunch meeting with the CEO at Panera.  I got a call from my IT Manager since I was at lunch with the CEO. I wanted to stay focused on our conversation, so I ignored the call.  Immediately following I got an SOS text to call her ASAP.  This was not like her, so I knew something needed to be addressed, so I excused myself from the CEO and stepped outside to call her back.  I could sense a little panic in her voice, so I immediately asked her “What’s wrong?”.  She tells me that they received a call from the FBI, stating that an agent would be on-site the next morning to discuss a cyber security incident and that IT leadership and any 3rd party related to infrastructure should be present.  I paused, and being somewhat skeptical, I said, call the FBI office and verify the information provided (thinking it was a scam call).  She said, I already did, and it’s real.  After returning the table, the CEO asked me “What’s wrong?”, I relayed the information, and his first question was  “Is this something that could put the company out of business?”, to which I replied, “I don’t know yet”.  This was the beginning of a very long and hectic three months.


FBI On-site

 

True to their word, the FBI showed up the next morning, and we had all the necessary players around the table to ask questions and determine the scope of the situation.  Before we could open our mouths the FBI proceeds to tell us that he’s not even a cyber crime agent, he’s a kidnapping/ransom agent.  That he doesn’t know anything about  cyber crime, and his job is to read us the information about the incident.   So, he begins and reads a document that says the FBI had been monitoring some bad actors in eastern Europe and that our Company was 1 of 30 companies transmitting data to foreign IP addresses.  After reading the statement, he gave us the specifics of which IP addresses were in scope.  We start asking questions, to which he simply says “My job was to inform you of this activity, if you need more specifics, here is a card of a cyber crime agent that might help you”.  We shake hands, the meeting is over.


Continue to Part 2

 

 

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.

 

Employees Are The Largest Attack Vector

Employees Are The Largest Attack Vector

By now, our inboxes, LinkedIn feeds, and websites of cybersecurity companies have all tried to tell you that Company employees are the most significant attack vector and pose the most considerable cybersecurity risk to all businesses.  Those same companies advise firms to subscribe to some online training for “all your problems will be solved.”  This advice, unfortunately, is not valid.


Since the early days of the westward expansion, fast-talking elixir salespeople have been peddling the magic potion that cures what ales you.  As with most things, complicated problems demand a complex solution.  This could not be more true when evaluating cybersecurity risks and putting together a strategy to lower those risks.


It’s true; cybersecurity awareness training does affect reducing employee-related cyber attacks.  However, it’s only a piece of a larger strategy to improving a companies security posture.


Black Bottle IT advises clients to address six critical areas to tangibly lower cybersecurity risk. 

 

  1. Security Awareness Training – Online training, monthly newsletters, in-person training.  These are all great ways to educate employees on the day-to-day threats. Education material needs to be delivered with more regularity, we recommend monthly.
  2. Email Security – Email is the most common way employees get duped into giving credentials or cutting a check to the wrong payee.  Email security alone just isn’t enough.  A phishing AI engine that learns employee email habits can effectively flag and stop the excellent attackers from posing as an executive and social engineering an incident.
  3. Security Operation Center — Having suspicious activity analyzed in almost real-time to detect unauthorized network access is critical to stopping/limiting a cyberattack before any real sensitive data is stolen. Some companies may have cyber tools to alert, but having the expertise to analyze alerts, determine if the threat is credible, and quickly determine the next steps is crucial to respond to an actual attack.
  4. Ransomware Protection — Stopping a ransomware attack before it encrypts meaningful amounts of data is the best peace of mind a company could ask for.  Bad actors will attack, employees will click on threatening emails, and ransomware will try to encrypt critical data. 
  5. Solid Back-Up Strategy – In the unfortunate event of ransomware attacks, having off-site, isolated back-ups is the only way to restore business operations and prevent a costly crypto payment from resuming operations.
  6. Incident Response Planning — Knowing the who, what, where, when a cyber-attack is suspected saves valuable time when a cyber threat is supposed. Performing annual “fire drills” to simulate actions taken during a cyber attack will ensure a quick response and could potentially limit the damage during an actual incident.

Ok, so there are seven recommendations, but this one is outside our expertise. We’ve seen enough offer this advice:

 

7. Cyber Insurance — having a good cyber insurance policy can further reduce the financial risk of a cyber attack. Most companies with some kind of cyber insurance have no idea if the coverage is correct for their level of risk.  Look to FifthWall Solutions for more information about access to the right insurance policy for your size of business and industry. 


About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.

 

Investing in Cyber Security is Risk Management

Investing in Cyber Security is Risk Management

When talking to IT leadership, one of the most common things we hear is how difficult it can be to justify the investment in cyber security to the stakeholders of the Company.


Let’s face it, Companies invest in technology and expect to see an ROI from operational efficiencies, increase market share, or launching of new products or services.  Most experienced IT leaders understand this; hence, it’s hard to justify the effort to vet potential vendors and/or new technology, craft a proposal to justify the need, only to have the Company’s stakeholders look up and say — “Where’s the ROI on this investment?”.

 

Is there a Tangible ROI in Cybersecurity?

It’s true; there isn’t a tangible ROI that can be easily calculated.  How to put a return on recovering from a fictitious – “it can’t happen to us” data breach scenario.  Besides, having anti-virus/malware and a solid backup strategy is enough to protect us from a nasty virus or ransomware attack, right?  And in the event there is an incident, the Company probably has done its fiduciary responsibility and secured a cyber insurance policy, in the unlikely event an employee would click on a bad email and allow bad actors access to the network and sensitive data.  So, where’s the risk? Insurance will cover the financial burden.


The hard truth is, all IT Leaders know their Companies need better cyber security tools.  But most of the time, it’s never part of their budgets, or it’s the first line item that gets trimmed during financial planning. And that is leaving lots and lots of companies exposed to lots and lots of risk. 

 

Here are some statistics to show just some of the exposure Companies are facing:

  • 43% of data breaches involved small businesses.
  • 24% of data breaches are caused by human error
  • 29.6% of companies will experience a data breach in the next two years.
  • The United States has the average cost of a data breach at $8.19 million
  • The average size of a data breach is 25,575 records
  • The average time to identify a security breach is 279 days
  • 780,000 records are lost to hacking each day

 

So really, the conversation around cybersecurity is a risk management issue. 

 

Can your company accept the risk of no liability or workers comp insurance? 

A cyber insurance professional put it in these terms to me — “Just because you have Workers Comp insurance doesn’t mean you stop putting down salt on icy steps and sidewalks.”  The same could be said for investing in cybersecurity solutions.  Just because you have a cyber policy or some cyber security tools in place doesn’t mean you stop investing in new tools to lower your risk of a cyber attack.

 

What’s Next?

Our mission at Black Bottle IT is to help companies prepare, respond and remediate cyber incidents. We advise clients to invest in cybersecurity tools and services, and there is NO ROI. Still, your risk exposure will significantly be reduced, allowing the Company and its employees to continue serving their customers to the best of their ability.

 

 

About the Author:

This blog was written by John Hensberger, Managing Partner of Black Bottle IT.  Earlier in his career, John was also part of a company that experienced a cybersecurity breach. That experience fueled his passion for assisting other companies with their cybersecurity needs to mitigate their risk. As a Technology Executive and Cybersecurity Advisor, John was recognized as the Pittsburgh CIO of the Year, 2014.  Connect with John here.

5 Tips to Keep Technology at Schools Secure

5 Tips to Keep Technology at Schools Secure

Did you know that the average business manages 162.9 TB of data? Because there’s so much sensitive information on an organization’s server, it’s essential to safeguard your server and applications.

 

Managed security services are the perfect way to ensure that malware stays out of your system. Here, we’re going to talk about what these solutions do and why they’re essential. Read on to begin protecting your business!

 

What Are Managed Security Services?

Managed security services are IT solutions that protect businesses from security threats. You subscribe to a package from a managed IT security services provider. In turn, this provider develops a unique plan based on your business’s individual situation to secure your digital data.

 

This process generally means implementing specialized software that integrates seamlessly with your data storage system. It also means building a security expert network that can respond to potential breaches in real-time. Experts, not just tools, make the difference in response time, reporting, and moving your business forward risk-free. 

 

Because these security services are typically fully managed, you don’t need to worry about maintenance and upkeep. Managed security providers handle modifications and upgrades for you. They also implement the latest virus/spam blocking, intrusion detection, firewall, and VPN systems to keep you safe in an ever-changing digital world.

 

Why Are They Important?

First and foremost, you need high-quality security solutions to protect your business financially. A security breach costs a company an average of almost $9 million. If you’re an SMB, it’s unlikely that you have that kind of money.

 

Sensitive data theft also can cause untold problems for your employees and clients. You likely have employee SSNs stored somewhere within your system. Customer financial information is also often saved to a server. 

 

When a company experience a data breach, they lose the trust of employees and clients. Not only that, but they will likely have severe concerns about identity theft and future financial problems. This problem isn’t something you want to be responsible for because it leaves you open to lawsuits, shutdown time, and customer loss. 

 

Real-Time Network Security Monitoring: The Basics

Now that you understand the importance of data monitoring, you must choose the appropriate solutions. Real-time network monitoring is ideal for companies of all sizes.

 

Traditional monitoring uses analytics tools that only look into at-rest data. Since digital information is changing by the second, this becomes quickly outdated. Users won’t be able to notice new threats until it’s too late.

 

However, real-time network monitoring solutions like Black Bottle IT offers are different. They showcase only current data so that you can see what’s going on in your data system by the second. You, therefore, will get more relevant information and discover what needs to be done to safeguard your data in real-time.

 

Streamline Your Security Operations Today

Now that you know why managed services for security are the right choice for your organization, it’s time to get started. Schedule a free consultation to learn more about our managed security services.

 

Our experts are happy to discuss the best ways to keep your specific digital information secure by meeting your unique needs. We also will help you come up with a payment plan that works for you. Since we’re committed to helping your business succeed with secure and safe information, we look forward to hearing from you soon.

How Do Managed Security Services Work?

How Do Managed Security Services Work?

Did you know that the average business manages 162.9 TB of data? Because there’s so much sensitive information on an organization’s server, it’s essential to safeguard your server and applications.

 

Managed security services are the perfect way to ensure that malware stays out of your system. Here, we’re going to talk about what these solutions do and why they’re essential. Read on to begin protecting your business!

 

What Are Managed Security Services?

Managed security services are IT solutions that protect businesses from security threats. You subscribe to a package from a managed IT security services provider. In turn, this provider develops a unique plan based on your business’s individual situation to secure your digital data.

 

This process generally means implementing specialized software that integrates seamlessly with your data storage system. It also means building a security expert network that can respond to potential breaches in real-time. Experts, not just tools, make the difference in response time, reporting, and moving your business forward risk-free. 

 

Because these security services are typically fully managed, you don’t need to worry about maintenance and upkeep. Managed security providers handle modifications and upgrades for you. They also implement the latest virus/spam blocking, intrusion detection, firewall, and VPN systems to keep you safe in an ever-changing digital world.

 

Why Are They Important?

First and foremost, you need high-quality security solutions to protect your business financially. A security breach costs a company an average of almost $9 million. If you’re an SMB, it’s unlikely that you have that kind of money.

 

Sensitive data theft also can cause untold problems for your employees and clients. You likely have employee SSNs stored somewhere within your system. Customer financial information is also often saved to a server. 

 

When a company experience a data breach, they lose the trust of employees and clients. Not only that, but they will likely have severe concerns about identity theft and future financial problems. This problem isn’t something you want to be responsible for because it leaves you open to lawsuits, shutdown time, and customer loss. 

 

Real-Time Network Security Monitoring: The Basics

Now that you understand the importance of data monitoring, you must choose the appropriate solutions. Real-time network monitoring is ideal for companies of all sizes.

 

Traditional monitoring uses analytics tools that only look into at-rest data. Since digital information is changing by the second, this becomes quickly outdated. Users won’t be able to notice new threats until it’s too late.

 

However, real-time network monitoring solutions like Black Bottle IT offers are different. They showcase only current data so that you can see what’s going on in your data system by the second. You, therefore, will get more relevant information and discover what needs to be done to safeguard your data in real-time.

 

Streamline Your Security Operations Today

Now that you know why managed services for security are the right choice for your organization, it’s time to get started. Schedule a free consultation to learn more about our managed security services.

 

Our experts are happy to discuss the best ways to keep your specific digital information secure by meeting your unique needs. We also will help you come up with a payment plan that works for you. Since we’re committed to helping your business succeed with secure and safe information, we look forward to hearing from you soon.