In the rapidly evolving digital landscape, the importance of cybersecurity cannot be overstated. As businesses of all sizes increasingly rely on technology for their operations, they become more vulnerable to cyber threats. In this article, we'll explore key insights from a recent episode of Stimulus Tech Talk, focusing on cybersecurity strategies and business tips to protect your organization.
Stimulus Tech Talk: Top Strategies for Protecting Your Business From External Cybersecurity Threats
Understanding Cybersecurity Threats
Cyber threats come in various forms, ranging from phishing attacks and malware to data breaches and ransomware. External threats, originating from outside the organization, pose significant risks, while internal threats can also compromise security, whether intentional or accidental.
According to Nathan Whittacre, CEO of Stimulus Technologies, external threats target vulnerabilities in an organization's infrastructure, such as firewalls, servers, and network switches. Meanwhile, endpoint threats focus on individual devices like desktops and laptops, often exploiting human behavior through email phishing or malicious websites.
Proactive Measures for Cyber Defense
To mitigate cyber risks effectively, businesses must adopt a proactive approach to cybersecurity. One essential strategy highlighted in the podcast is conducting regular penetration tests to identify vulnerabilities in the organization's infrastructure. These tests simulate real-world cyber attacks, helping businesses uncover weaknesses before they can be exploited by malicious actors.
Moreover, implementing multi-factor authentication (MFA) across all systems adds an extra layer of security, reducing the risk of unauthorized access to sensitive data. MFA requires users to provide additional verification beyond passwords, such as a one-time code sent to their mobile device, enhancing security measures.
Employee Training and Awareness
Human error remains one of the most significant contributors to cybersecurity breaches. Therefore, educating employees about cybersecurity best practices is paramount. Training programs should cover topics such as identifying phishing attempts, recognizing suspicious emails, and adhering to password guidelines.
Creating a culture of cybersecurity awareness within the organization ensures that every employee understands their role in safeguarding sensitive information. Regular reminders and updates on emerging threats help keep cybersecurity top of mind for all staff members.
The Role of Managed Service Providers in Cyber Security
For businesses lacking the expertise or resources to manage cybersecurity internally, partnering with a managed service provider (MSP), like Stimulus Technologies, can offer invaluable support. MSPs specialize in providing comprehensive cybersecurity solutions tailored to the unique needs of each client.
Services offered by MSPs may include round-the-clock monitoring, threat detection, incident response, and ongoing security updates. By outsourcing cybersecurity to trusted professionals, businesses can focus on their core operations while maintaining peace of mind knowing their digital assets are protected.
In today's digital age, prioritizing cybersecurity is no longer optional but essential for the survival and success of businesses. By understanding the various cyber threats facing organizations, implementing proactive security measures, investing in employee training, and leveraging the expertise of managed service providers, businesses can strengthen their defenses against cyber attacks.
Staying informed and proactive in addressing cybersecurity challenges ensures that businesses can navigate the digital landscape with confidence, safeguarding their data and reputation in an increasingly connected world. Take the first step towards securing your business today, and listen to the entire episode of Stimulus Tech Talk for more invaluable insights into cybersecurity and business tips.
If you would like to talk to us about your technology needs, schedule a call today
Stimulus Tech Talk: Top Strategies for Protecting Your Business From External Cybersecurity Threats - transcript:.
Intro 00:00
You're listening to Stimulus Tech Talk. A conversation based podcast created by Stimulus Technologies covers a range of topics related to business and technology.
Sherry Lipp 00:15
Welcome to a Stimulus Tech Talk. I am Sherry Lipp, marketing manager at Stimulus Technologies. And I'm here with our CEO and Nathan Whittacre. And today we're gonna be talking about external cybersecurity threats. Good morning, Nathan.
Nathan Whittacre 00:28
Morning, everybody. Great to be here.
Sherry Lipp 00:31
To get started, can we talk about the difference between external threats and internal threats. So what we mean when we talk about external threats?
Nathan Whittacre 00:41
So it's the words I think, describe exactly what we're talking about. So external threats are anything coming from the outside of the organization to the inside. And then internal threats are anything that can be caused by, you know, insiders, whether it's people internally in the organization doing something on purpose, harming the organization, or the network, or accidentally causing issues. So it really depends on which direction you're coming from as what we're talking about the different types of threats that occur.
Sherry Lipp 01:15
And in your book, you talk about you have two different sections, kind of labeling infrastructure and endpoint threats. So why did you have two separate sections for that?
Nathan Whittacre 01:30
There's a very distinctive difference. And I think it's partly depends on which way hackers or attackers are trying to, you know, what, what type of vectors are using to attack an organization. So if you're looking at infrastructure, and let's, let's talk about what we define there. So infrastructure is the stuff you don't generally use as, as a person using the computers or, or data. So that could be defined as your firewall, it's your servers, your network switches, maybe your cloud hosting environment. It's really the hardware and the server software and the networking equipment that is used to operate the company's network. Whereas endpoint threats are threats against your desktop or laptop, phone, tablet, whatever you're using on a day to day basis. And the way that hackers get into those different environments are quite different. And so I guess we can get into that a little bit. What what how hackers get into those different things.
Sherry Lipp 02:42
So what are the you know, the most common, you know, endpoint threats that people that business owners should be looking out for.
Nathan Whittacre 02:52
So I think the biggest thing today is still email, email compromised business email compromised. Hackers are targeting users through email, or, you know, different types of ways to get their employees to interact, whether it's, again, generally an email is the best way to get into it. But it could be, you know, instant messaging, it could be going to a malicious website or a malicious malicious search. But it's getting a user to do something they wouldn't necessarily do. And, again, you email is the easiest way to do it. Because we're always are, a lot of people are constantly on their emails interacting with lots of different people. So it's pretty easy if you can get past all the security engines on email, to get somebody to click on something that looks legitimate, but is not. Web browser threats are still common, you know, if you miss type, a domain name when going or doing a search for company, and and hacker has been able to create search terms that are very similar that you could go to a website that's not valid to so those are probably our two biggest threats to endpoints, but it's really convincing a user to do something they wouldn't necessarily do. There are other ways. But it's usually the hackers have gotten in through an external attack, gotten into infrastructure, and then a threat is able to propagate across the network. And this could happen, maybe connecting to a malicious Wi Fi router, or another machine on the network is compromised. The hacker can use that to get access to other machines. But what we see most common today is a user does something wrong on their device, and it causes harm to the network.
Sherry Lipp 04:48
So if somebody gets a link in an email, is it just clicking it that can cause a problem or do you have to do something once you get there or both?
Nathan Whittacre 04:56
It could be just clicking it. If you don't have the right protections Same place on the endpoint, it could be as simple as even opening the email. That's why outlook is often does not automatically download images or files, in the emails in the preview pane, is because even the act of looking at the message could cause a file to download or something malicious to happen on the device, but it's often clicking on something. So, you know, for example, if you get an email, common, maybe an attachment, like a PDF attachment, or a word attachment, or what hackers are often doing now, is they're making it look like a file share attachment. So, hey, this is the latest profit and loss statement that's shared, you know, using Dropbox, or SharePoint or ShareFile, or something like that. And the user is like, Oh, I'm gonna look at the profit and loss statement. So they click on that link, and it takes them to a website that looks just like Microsoft SharePoint, or Dropbox or something like that. And it's not really that file, it's, it's actually a malicious website. And so that's often what's happening is these through email, the links are redirecting from something that looks legitimate to a site that isn't legitimate. And that's how they're downloading that, that file. Other things that can happen that's common we're seeing now is is a redirection to maybe some type of tech support page or remote access page. And so hackers have been able to figure out how to install extensions in your web browser that allows remote access to your machine to by clicking on the link. So it might take you into Chrome, or Firefox or edge or Safari. And it automatically installs an extension in the web browser that gives them remote access. So it often requires a little bit of user interaction for it to occur. And they've gotten really good at making it look like a legitimate thing that you should do. And usually, there's some type of social engineering component where there's time pressure on doing it saying, like, oh, you need to pay this bill, immediately click on this website, to pay the bill, or, you know, something along those lines that seems to be time sensitive.
Sherry Lipp 07:22
So Could somebody get an attack or, you know, infiltration without really realizing, because I know, in the past, you know, you click on the link in your laptop, or your computer screen is exploding with pop ups? But can they actually install this extension? You might not even know?
Nathan Whittacre 07:37
Yeah, so that's what we're really trying to do now is you click on a link, and nothing really happened, you know, it's like, okay, well, that didn't work. And then you just keep on going through your day. And what's happened is that they've installed a backdoor into your computer or installed a remote access tool to your computer. And they'll do something after, after you're not using the computer. So there's no interaction. So now they have a backdoor into your computer to do ransomware. Or to key log or to, you know, basically look at what you're doing without crashing your system. And that's really the difference from what, you know, 10 years ago, or 20 years ago, a virus, its intention was malicious, immediate, you know, I'm going to take down your computer, you're going to, you know, lose all your data, delete all your data, but now they're more interested in and really scoping out what's happening on the computer and seeing how much how important is the data that's on the device? Can they use it to get access to other things on your network? Or, you know, if you're in accounting, you might be taking credit card numbers, maybe they can siphon off credit card numbers for years, you know, that might be a good way of doing it. So there's times that you might click on a link, and like you said, nothing really happens. And you're like, Okay, well, you know, I guess, I guess that wasn't an email for me anyways, and you just keep on going throughout your day. And now you have something in the background that's doing bad things on your computer.
Sherry Lipp 09:08
Is it possible for employers to make it so an employee couldn't click on an email link? Or is that not something that could happen?
Nathan Whittacre 09:17
Possibly, you know, most, nowadays, most advanced security systems have some type of link filter on it. So what happens is, as the as the email comes in, all links are rewritten so that the link actually goes to the email scanner. The artificial intelligence is a security system first, and they verify that the link is valid. And then it'll pop up and say, you know, if it's not valid, they'll say, Well, don't click on this. This is a bad link. So that's one way of doing it. You can block all links. I mean, there's something in office 365 That you can just say no links are valid. Or you can block off file downloads of potentially malicious file types. So there are ways to do it, but it makes it I don't know, it makes it pretty tough on the end users, one thing, kind of different than blocking links is blocking what? What files and executables can do on your computer, and we call the zero trust, which means that we don't trust anything that hasn't been pre authorized on the computer. So you take away administrative rights on the computer so that users can't install software on their devices. But that's not quite good enough, because that means they can still download and run things in their profile on the computer. And so with zero trust you, if a file is downloaded it, it can't run, it can't do anything without an administrator saying I'm allowing that file to run. What we found, though, is oftentimes, that also limits you know, and frustrates users that might be doing, you know, things that they need to do on a day to day basis. So there's a balance in the security about, you know, allowing known you can whitelist things and say this is these are allowed. And then you can kind of grey list things and say, Okay, well, we'll allow these but monitor it and then you blacklist, you blocked blacklist certain things that never are allowed. So the administrators can have an idea of what's going on on the computer and then get alerts if anything malicious happens. And then with a bad security, the system is monitoring how the software that you might have downloaded is interacting with the system. And if you know if it's interacting in ways that it shouldn't be like, if it detects that keylogging is happening, you know, logging everything you type into the computer, then that alerts to the monitoring system, if there's something malicious going on or are a piece of software is like scanning the entire hard drive looking for, you know, security numbers or something like that. So you can install software on the endpoint, that really protect the environment, even if the users have some ability to click on links, or download files and software, which a lot of users need to do that to do their jobs correctly. So it really takes a whole different approach to protecting the endpoint than what we've done in the past. And because
Sherry Lipp 12:33
you have different settings, different security parameters by employee level, so you know, higher level employees or executives could have more.
Nathan Whittacre 12:43
No, we want to live with that I should be the executive the organization I need to have. You know, and that's part of the problem is, is a lot of you know, that's a common thing is is managers and executives, like, Oh, I know what I'm doing. And I'm the one, you know, that owns the business or runs a business, I should have unlimited, right. And the problem is, is you have the most potential to cause harm in the organization, because you probably have access to all your bank accounts, and you have access to all the high limit credit cards, and you have access to payroll information. And so it's really the, the higher you go up in the organization, almost you need more protection in place, and more restrictions from doing bad things. Because the potential threat is much greater than, you know, a frontline employee. That's maybe just doing you know, marketing, you know, as a marketing manager, you have access to certain amount of data, you know, maybe customer data that's, you know, kind of important that we don't want to expose, but you certainly don't have access to payroll data, like I do, and so restricting, you know, a man at an upper level management C level person is actually more important than giving them unlimited rights to run inside the organization because it's bigger time, bigger fish bigger target.
Sherry Lipp 14:03
Yeah, and that kind of segues into my next thing, one of the things to look out for is, you know, somebody impersonating you, and that's a huge attack. And so if anything says, I'm in a meeting, have you got a second, that's usually a big
Nathan Whittacre 14:21
red flag, you know, and hackers have gotten really good, because, you know, they have a lot of our data, there was a recent release of it was older data. But there was a group that consolidated a bunch of older attacks on LinkedIn and some of these websites that contained a lot of personal information. And so there's a refresh, especially of executive or high level data. So now they have you know, a lot of personal cell phone numbers and and information that's freely available out there. So you know, if somebody you know, is listening to our pod catch with a little bit of energy, not too much probably could get your cell phone number and my cell phone number. And they could impersonate me and send you a text message and say, Hey, do you got a minute, please go buy some amazon gift cards for my clients, you know that I'm visiting. And so you have to be really careful because it's easy to impersonate. And nowadays, because there's so much information about us available for free in the dark web.
Sherry Lipp 15:29
Yeah, and of course, we'll get into some steps about, you know, recognizing that in a second, but before we get there, what are some of the common infrastructure threats that we, that we're talking about.
Nathan Whittacre 15:42
So when we're talking about infrastructure, it's kind of like the threat to the black box is running your organization, whether that's if you have an office with a server, that could be against your firewall are your server or your network infrastructure, if you're mostly in the cloud, it could be against your cloud infrastructure, your Microsoft 365, or your Google accounts, things like that. So you know, and the problem with these type of attacks is they can go on undetected for a very long time, I talk in my book about brute force attacks, where hackers will just sit there and try to guess passwords over and over again, to systems, you know, they're going to, if you have a firewall, or if you have a server, like a remote desktop server, or if you have a WordPress website, for example, it's another one that's really common, they just sit there and guess the passwords, you know, 1000s of times a minute, until they get get it right. And unless you have detection mechanisms in place to stop that from happening, those those types of attacks could go on for weeks and months until they find the right combination. And systems are so fast today, that passwords can be detected within sometimes seconds. If you have a short password, like if you know an eight character password, it just takes seconds, two minutes to do an attack on that and get into a system. So what we find now is, you know, and then this has been going on for a while. But you know, systems, like I mentioned, remote desktop servers are a big threat, because the hackers can go in there just guess the passwords over and over again. And often it's, again, the executive that has administrative rights on the server, that they get into that server. by guessing a password, that's a bad password and, or too short or dictionary word that's too, too short, too easy. And then they get into that server and could do malicious things, they have access to the entire network, all the data. And then they can do, you know, launch a ransomware attack, steal the data, take down the network, do whatever they want, and they're doing it all lot of this is automated, they just, you know, say I want to go after this company. And the, you know, we talked about in the book about these botnets you know, these group of computers that will just sit there and attack the network. And unless that's detected by some type of protection system, it'll eventually win because it can just go on forever until they actually get in. No, it's an interesting and dangerous and and this is, this type of attack has been what's been, you know, honestly, this is the oldest type of attack that's out there. Because it's, you know, it's, it's honestly easy to do, it's really easy to do.
Sherry Lipp 18:38
So it sounds like with an infrastructure protection, you do need more of a technological, something technological and thread place to stop it, where there's a lot with the endpoint that the human, you know, there's a human element to preventing it to.
Nathan Whittacre 18:54
Yeah, as with infrastructure attacks, what we often do is start with a penetration test. So we, as security experts will launch and attack on the infrastructure to see where the holes are, and the holes are coming. You know, there's often new ways to get into the infrastructure because they find vulnerabilities they find, you know, bad software, bad firmware. And, you know, the systems aren't getting patched as often as they should. And so we launch a, an attempted attack and see where the errors are. And then we go in and patch those up. And so and then the other thing that we do is we put in place these intrusion prevention systems that can detect when these attacks happen, and shut them down very quickly. So, you know, looking at multiple passwords attempts, shut that down. Maybe a lot of traffic data that's coming from a single or multiple networks. That isn't normal and they should that down. So if you're trying to protect your infrastructure, it's it is, it's a manual process to, you know, to patch the systems and make sure that they're up to date by doing these, an assessment. And those should be done periodically. But the prevention that's happening often is really automated. And then you work with your alerting systems to, you know, if there are things that need to happen to maybe shut down a server that's getting attacked too much, then that should open up an alert with your IT people to, to mitigate it as it's happening right after it happens.
Sherry Lipp 20:39
So, you know, we've talked about prevention of phishing and tech stuff, and in past podcasts, but I think, some of the elements, because it is so easy to impersonate or look like something else that some of it's just knowing what like, I know, you wouldn't ask me for certain things, but I didn't know when I first started. So I think, you know, attacks on new employees are probably common, but in the training process, you know, a manager could probably say, I would never ask for this or that as part of the training. So what other types of things can people do to make sure that they're not getting in the wrong, you know, either an email from somebody that they think is somebody else or going to a site, they think is something else.
Nathan Whittacre 21:22
So we have to take and think about multi factor authentication as not just something that you have to enter a code from a text you get on your cell phone, you got to think about it as an organizational and a cultural thing inside inside the organization. So like, you just said, if you get a text from me asking you to meet me asking you to buy gift cards, you're going to figure out a different way to contact me to make sure that that's valid. So there's, there's lower trust in the organization of the communication, you slow down on, you know, on doing things inside the organization, or making purchases on sending out emails, things like that, and you verify through a different route, give you another example that we see common is you get an email to a Accounts Payable person or a clerk inside the organization. And it might be from a vendor seeking to change their bank account, or to do a wire payment or something like that. And it looks completely legitimate, and they make the change and send the payment. And suddenly you've you know, wired or ACH money to a person, that's not legitimate. And so it would be rewarded, if that Accounts Payable person would have found a different way to contact that vendor, if they had a known phone number. You know, of that vendor, I call up, I always, you know, talk to Janice, this is the number I call her on so I'm gonna call Janice, verify that I need to change, you know, maybe ACH routing information. And before I make that make that change, and so you think about multi factor two factor authentication, beyond just getting a six digit code to enter into when you're logging into a website, think about it, as you know, everything that you do that could cause harm to the organization, you're going to verify that through some other method than the original method that you were contacted by.
Sherry Lipp 23:31
And we know, you know, as a company, we can help we know, you talked about pen test, and you know, we can help with the infrastructure, security, but we also can help with employee training. And we have we have as a managed service provider, that is also something else we do.
Nathan Whittacre 23:49
Think the more awareness you bring to an organization, it brings a top of mind. You know, it's easy, as you're getting busy with other things you have to do, you know, there's a lot of pressure to be productive inside the organization. And so asking people to slow down is forgotten very quickly. So that recurrent training, I think is really important. Thanks for bringing that up here.
Sherry Lipp 24:12
All right, any final thoughts on the outside external threats?
Nathan Whittacre 24:20
So it's ever changing? You know, if we did this podcast in a year, I'd probably have 10 Different examples to bring up. There's all kinds of things that are happening out there. So, you know, just being aware that this is happening is the first step. You know, if you're listening to this podcast, I think it's just bringing new awareness to what it is, and then staying on top of it and trusting experts to ensure that your environment is safe, you know, doing those assessments, training your employees, making sure that your systems and IT infrastructures up to date, and just remember that attackers want everybody stuff whether you're a small business with one person or large company with 1000s of people. You have valuable things that have Chris watts. So this applies to everybody inside the organization. And, you know, every company and every individual so it's just important to stay on top of it and keep it, you know, top of mind and in all that you're doing.
Sherry Lipp 25:14
All right. Well, thanks for the great information and thanks, everybody for listening. Thanks, e
