Dena Bauckman

3 Steps to Combating Cybercriminals’ Attacks on Local Governments

admin — Tue, 10 Dec 2019 20:51:28 +0000

3 Steps to Combating Cybercriminals’ Attacks on Local Governments admin Tue, 12/10/2019 - 14:51 Thought Leadership Dena Bauckman

In recent years, we've seen high-profile cyberattacks directed at national governments in service of a political agenda. Now, in an unfortunate but predictable development, hackers are targeting state and local governments, and their motives are purely about profit.

Texas was one of the latest victims. Hackers took over computer systems in 23 rural municipalities and demanded a ransom to restore access. None complied with the demand, but many still lost the ability to provide key civil services such as processing utility bills and retrieving birth certificates. Damage was unavoidable.

With so many bigger targets to prey on, why would hackers menace local governments? Ultimately, smaller targets are low-risk and high-reward. Think about it: Governments have massive amounts of sensitive data that could be sold or used to launch identity theft attacks. Local governments also have limited cybersecurity resources, making them easy targets.

In most instances of attacks on municipalities, ransomware attacks seem to be the most common. Although the advice usually given is to never pay the ransom, having key municipal services offline represents a very strong incentive to pay. In this post, we will show you how to avoid ransomware along with a host of other attacks specifically targeted at local governments.

Understanding What’s at Stake

Governments with limited resources need to understand what they’re up against if they’re going to use those resources effectively. The AppRiver “Cities Under Siege” report contains important insights about the scope of the threat right now.

Among the C-suite decision makers and IT experts who work for government offices with at least 250 people, 58% said cyberattacks were “prevalent” and 36% said they were “imminent.” Maybe most alarming, 75% said hackers have better offenses than their government offices have defenses. Civil servants clearly understand the scope of the problem, including that they’re largely defenseless against it.

What’s less understood is the full extent of the damage. Immediately, cyberattacks interrupt infrastructure and suspend services. If officials decide to pay a ransom, it creates a huge unexpected expense (not to mention there is no guarantee they will be able to recover their system). Even if they don’t pay, it can cost handsomely to fix IT issues. Over the long term, successful hacks can even erode confidence in institutions and effective governance. It’s not an exaggeration to suggest that persistent attacks on government can undermine faith in democracy itself.

Governments across the country are already discovering the complicated costs of cyber incidents. Tallahassee, Florida, had $500,000 diverted out of an account for employee payroll; Greenville, North Carolina, saw city services disrupted for weeks; Baltimore paid $18 million to fully recover from a ransomware attack; and Newark, Atlanta, and San Diego also faced hefty recovery bills. Far from being a remote risk or a minor cost, cyberattacks are a serious threat that all local governments need to keep on their radars.

The Cybersecurity All Governments Need

Ultimately, local governments need to adopt the same approach to cybersecurity as larger governments and major corporations. The scale will be different, but the underlying strategy will be the same:

Use multi-layered defenses: Cyberattacks can take many forms and come from many sources. The only way to stop all (or even most) of them is by adopting a multi-layered defense. That means it can identify, block, and mitigate threats while also providing protection at both the network and endpoint levels. The specifics of cybersecurity will look different in every municipality, but they should always rely on multiple defenses deployed in different directions.
Focus on weak points: If hackers encounter a little resistance, they will often move on to other targets, so it’s important to address the weak points they’re most likely to attack. Email is at the top of the list because social engineering can be used to entice users to click and start a ransomware attack. It is also an easy way for hackers to launch myriad other attacks. Protecting the inbox should involve a combination of encryption, sender authentication, threat filtering, and user training.
Engage the stakeholders: When companies need more money for cybersecurity, they go to executives. When governments need more, they must turn to constituents. Realistically, better security will involve bigger investment, and the community must be on board if that means raising taxes or diverting funds from other civil services. Make the case by highlighting the real consequences of cyberattacks and emphasizing that everyone, not just the government, suffers as a result. Frame it as a community priority rather than an administrative expense.

Complacency is your worst enemy. More than a few municipalities have concluded they’re too small, too remote, or too low-tech to be victims — and they are wrong. Instead of gambling on being overlooked by hackers, treat this issue like the inevitability it is. Cyberattacks are certainly coming. Whether they’re successful is up to you.

How ��ƵɫArchive Makes Regulatory Compliance Accessible and Advantageous

admin — Tue, 12 Nov 2019 20:44:33 +0000

How ��ƵɫArchive Makes Regulatory Compliance Accessible and Advantageous admin Tue, 11/12/2019 - 14:44 Thought Leadership Dena Bauckman

Archiving just makes sense for today’s businesses. Regulations affecting many sectors mandate that all or most communications be saved for prescribed periods. Putting all that information into an archive ensures that it’s always available when the need arises, no matter the industry you’re in.

In order for archiving to be effective, it must also be comprehensive. Therein lies the challenge. An archive is composed of emails but also text messages, social media posts, website data, and more. All of these make up a company’s “digital footprint,” which increasingly has regulatory, legal, and strategic implications. Identifying what communication channels to feed into the archive is the first hurdle for companies to clear.

The second is integrating all those channels into one central repository. Consolidation must be automated in order to be practical, and it must be consistent in order to be valuable. Just a few missing messages can create an issue with compliance or litigation and compromise the entire effort.

A Company Without Archiving Is Archaic

Archiving is too big an asset to ignore, but it’s also a major undertaking to effectively manage. It’s tempting to conclude that archiving will always be either overwhelming or ineffective. What is essential to realize, however, is that relying on an archive is always better than the alternative.

If regulated business communications have not already been archived, that forces a company to sift through different systems — emails, texts, posts, etc. — to find relevant information. That takes a huge amount of time and resources and inevitably leads to errors and omissions.

A similar scenario involves the eDiscovery process. When a company is required to turn over digital business communications as part of legal proceedings, it’s important to supply exactly what is required and nothing more. Collecting the necessary information and removing everything else is, again, a labor-intensive process. To comply with the court’s timeline, companies often turn to expensive lawyers to sort through the communications and handle the disclosure.

These problems are easily resolved with an archiving solution that includes robust eDiscovery capabilities. The key is for companies to find a solution that can archive all business communication while making eDiscovery easy.

Taking a Unified Approach

Until recently, ��Ƶɫ specialized in email archiving and protection. Our April 2018 acquisition of Erado, however, has expanded our cloud-based archiving capabilities beyond email to all forms of digital communications.

Because it’s a cloud-based service, ��ƵɫArchive with Erado gives companies the scale to archive as much of their business communication as they want for as long as they need. The cloud architecture is also highly secure so that sensitive communications are not exposed to unauthorized users or hackers. Plus, a cloud solution can be quickly deployed so that archives are up and running in minimal time.

Thanks to a policy-based approach, administrators can archive communications from certain senders and recipients or specific groups. ��ƵɫArchive supports more than 50 content channels including emails, instant messages, social media, web, text, audio, video, and much more. The administrator defines what gets archived and then collection proceeds automatically. This level of refinement is particularly helpful for companies in the healthcare or finance sectors with strict regulatory obligations.

Meeting those obligations is the final component of ��Ƶɫ’s unified approach. When it’s necessary to produce specific communications or archive audits, they are almost immediately available. Careful indexing makes the eDiscovery process as easy as a Google search, and automated reporting tools save time and money on regulatory audits while meeting every demand.

��ƵɫArchive ensures that business communications remain an asset rather than a liability. Collecting, storing, and securing those communications is as seamless as it is certain. Complying with the demands of attorneys and auditors becomes less risky and less labor-intensive. With comprehensive solutions in place, executives can rest assured that their business is on the safe side of ever-changing regulations and requirements.

��Ƶɫ has that solution. Contact us today.

4 Keys to Business Continuity in the Face of Cyberattacks

admin — Tue, 08 Oct 2019 19:30:42 +0000

4 Keys to Business Continuity in the Face of Cyberattacks admin Tue, 10/08/2019 - 14:30 Thought Leadership Dena Bauckman

In mid-March 2019, an unparalleled event sent shock waves through the world’s information infrastructure: Facebook went offline for 14 hours. Insert audible gasp here. It was the longest-ever outage for the social media site and a harsh reminder that any company, even a tech titan, can be brought to its knees by a cyberattack.

Facebook probably didn’t lose many users because of the outage, but it did manage to anger advertisers that had prepaid to appear on the platform. By some estimates, a mere 14 hours of downtime cost the company $90 million in lost revenue. Insert second gasp here.

Facebook’s woes highlight an important but overlooked fact about cybersecurity: The worst damage comes from the interruption to the business, not from mitigating the attack or paying off the hackers. The technical issues are insignificant compared with the revenue they erase. And, ultimately, surviving a cyberattack means safeguarding the bottom line, which requires a focus on business continuity above all else.

THE VITAL IMPORTANCE OF BUSINESS CONTINUITY

No small businesses have anywhere close to the cyber resources of Facebook, meaning that outages are likely to last longer for them. And though the damage likely won’t be in the millions, it will be a lot more consequential for businesses with less to lose.It’s important to put the consequences in context because outages are basically inevitable, whether caused by a malicious attack or an IT accident. When the inevitable occurs, business continuity is about minimizing the resources that go offline while maximizing how quickly disabled resources are restored.

As Facebook revealed, time is of the essence. Depending on the size of the business, one hour of downtime can cost between $140,000 and $540,000, which translates to roughly $5,600 per minute, on average. Every second literally adds up, which is why all small and midsize companies need to make business continuity a top priority.

KEY PILLARS OF A SUCCESSFUL PLAN

Business continuity starts with careful, comprehensive planning. Every business is different, however, so the details of every plan will be, too. Regardless, every business should follow these steps when formulating their approach:

Locate all company data: Losing information, from basic records to sensitive company particulars, can bring operations to a halt, even if the data is gone only temporarily. Start planning by identifying where all the company’s data lives and then ranking it in order of importance. Back up as much as possible, beginning with anything deemed mission-critical.
Consider hypothetical scenarios: Partial outages — to specific files or applications like email — are more likely than a full-system outage. Consider what kinds of threats face each aspect of IT and what the consequences of losing specific resources would be. Effective business continuity depends on planning for every possible scenario.
Detail the response strategy: Companies need to respond to outages quickly and systematically in order to minimize the amount of downtime. Create a detailed plan outlining who will play what roles in the wake of a cyberattack, what resources they will use, and exactly how they will respond. The plan should also address the post-outage period. Decide what the company will do to analyze the outage and prevent a repeat.
Review and revise: Businesses are always changing, and business continuity plans must adapt in kind. Once the plan is complete, run it though some test scenarios to work out any kinks. Then commit to regularly reviewing and revising the plan so that it reflects any changes to your data, IT infrastructure, regulatory requirements, or business strategy.

Bolstering business continuity often requires implementing new technologies. When selecting what to use, don’t mistake basic data backup solutions for a perfect guarantee of business continuity. Meanwhile, don’t assume that solutions not specifically marketed as data backups can’t help preserve access to critical data.

Solutions from ��Ƶɫ and AppRiver are great examples. As part of our comprehensive email protection platform, we help companies preserve access to their email accounts in the midst of an attack. That means having the ability to send and receive emails when communication matters most and to retrieve up to 30 days’ worth of past emails to prevent unnecessary business interruptions. Data backup is part of the platform, but the real purpose is business continuity.

This is just one example of how we help small and midsize enterprises become resilient to the worst cyber threats. Round out your business continuity plan by contacting our team.

Why Cybersecurity Protection Must Be Both Comprehensive and Easy

admin — Mon, 01 Jul 2019 18:35:37 +0000

Why Cybersecurity Protection Must Be Both Comprehensive and Easy admin Mon, 07/01/2019 - 13:35 Thought Leadership Dena Bauckman

Regardless of which governing body drops the regulatory hammer in your industry, your business has two main obligations to keep compliance in its crosshairs. The first is to archive business data so that important records can be investigated later, and the second is to protect that data from loss, whether due to theft or mismanagement.

Today, these dual demands are more difficult to meet than ever before. The amount of data businesses must archive has skyrocketed, as companies communicate with customers and employees interact internally via social media platforms, SMS messages, and a staggering variety of other tools. At the same time, the spread of malware as a service is enabling enterprising criminals with even a modicum of computer knowledge to conduct sophisticated attacks on your cybersecurity defenses.

Clearly, security solutions must be up to the task of defending your data, but even the most secure solutions are rendered ineffective if your employees aren’t up to the task of using them. When a tool that is supposed to improve security frustrates employees, they’ll quickly find a workaround that compromises information the tool is intended to protect.

In a best-case scenario, you’ll be on the hook for hefty penalties after an audit. On the other end of the spectrum, it can get much worse. You might find your company drowning in the overwhelming costs that accompany a data breach, from fines and litigation fees to a customer base that no longer trusts you to house sensitive data.

Consider this: Earlier this year, the first-quarter AppRiver Cyberthreat Index for Business surveyed cybersecurity preparedness among small- and medium-sized businesses. An eye-opening 58% believe data breaches are more problematic than break-ins, fires, or floods — and nearly half of respondents said a significant breach would permanently shutter their doors.

Engineering Easy Encryption

At ��Ƶɫ, we understand that archiving and data protection are two sides of the same coin and that the best solution blends into the background of normal workflows. To this end, we’ve developed a suite of security solutions that are virtually unnoticeable to users.

��ƵɫEncrypt allows users to send emails securely without taking extra steps. We use transparent email encryption between customers, which means the email is automatically encrypted and then automatically decrypted when it reaches the intended inbox. Recipients don’t need to use a password or login to a decryption portal, resulting in an uninterrupted email experience.

Because there will be some email recipients who don’t have an existing form of encryption capability, we set up a secure portal that is designed with simplicity in mind. In fact, we’ve worked to reduce the number of clicks necessary for a user to open and read an encrypted email. An encryption solution shouldn't tie users to a desktop, so ��ƵɫEncrypt also is optimized for use on mobile devices to maximize productivity.

We also recognize that relying on users to turn encryption on and off is an inefficient way to decide what gets encrypted. Employees might forget to encrypt sensitive documents, or they might not always know what constitutes sensitive information. To overcome this inefficiency, ��ƵɫEncrypt automatically scans the content and attachments of each email to determine whether it merits encryption. As a result, senders avoid spending time on imperfect decision-making and instead work at their normal operating speed. Your employees don’t know all the compliance regulations that govern your business, but ��ƵɫEncrypt does.

Achieving Absolute Archiving

With ��ƵɫArchive, your archival solution extends well beyond email. Today, your employees exchange information using tools such as Slack or Google Hangouts, and your company interacts with customers on a dizzying array of platforms from Facebook to online forums. Many regulations fail to distinguish one channel from the next, meaning that your LinkedIn or Twitter messages must be archived just as you would archive an email. ��Ƶɫ allows you to designate exactly which channels you’d like to archive in order to make compliance as easy as possible.

In addition, our powerful eDiscovery capability means you can search terabytes of data to find the exact communications you’re looking for. If you’re dealing with an audit or even litigation, this tool is invaluable for proving compliance. Did you send that important message during Q1 over email, Slack, or Yammer? Chances are, you can’t remember. If you already have an archival solution but it’s compatible with only a few channels, our solution allows you to combine current and new archives into a single data lake that contains all your communication information.

At ��Ƶɫ, we design our encryption and archiving solutions to work together, because it takes both to achieve compliance. You can purchase the solutions separately, or you can take advantage of the ��ƵɫSuite — an all-in-one solution with a centralized dashboard. With ��ƵɫSuite, you’ll enjoy a single, easy-to-use interface for provisioning, reporting, and user management, allowing you to make the most of an already robust and user-friendly solution.

Machine Learning for Email Threat Protection: What It Is. How It Works.

admin — Thu, 28 Mar 2019 17:45:13 +0000

Machine Learning for Email Threat Protection: What It Is. How It Works. admin Thu, 03/28/2019 - 12:45 Email Security Dena Bauckman

Machine Learning and Artificial Intelligence are Everywhere

If you attended the RSA conference, or any other recent security conference, you’ve probably noticed that many vendors pitch machine learning and artificial intelligence as the latest and greatest ways to defend against cyber threats. Unfortunately, it’s rarely explained how these concepts work to actually help keep you safe. Understanding these terms is an important part of determining how they should fit into your overall email threat protection strategy.

AI vs Machine Learning

Machine learning is the ability to teach a machine how to learn from experience, something that comes naturally to humans. A child that sees a cat for the first time and then sees a dog, may confuse the two. But after the child sees several cats, they learn to distinguish cats from dogs. In a similar way, machine learning systems improve the accuracy of their pattern identification over time, without human intervention. These systems are built to focus on and improve at a specific task. Let’s take, for example, the identification of cat pictures. The more images of cats we use to train the machine, the more accurately it will be able to identify future images of cats and distinguish them from images of dogs.

Artificial intelligence, on the other hand, is the ability to teach a machine to mimic human behavior or intelligence. This requires the machine to perform multiple tasks and adapt to its surroundings while performing its tasks. For example, with AI we can build a robot that takes care of household chores, like walking your dog. To accomplish this task, the robot would use machine learning to identify your dog, your house, the sidewalk, other dogs and potential street traffic, and then adapt based on what is going on around it. This means machine learning is a component of an AI system but AI is a broad field of technology.

Although machine learning and artificial intelligence are often used interchangeably, most threat detection solutions rely primarily on machine learning. So how are the two types of machine learning, supervised learning and unsupervised learning, used to detect email threats?

Supervised Machine Learning for Threat Detection

With supervised machine learning, a system is trained with predefined data. The system uses this data to create a predictive model that can in turn be used to identify future data. To return to our previous example, supervised learning can be used to identify cat pictures by feeding the system with cat images and labeling them as cats. The system analyzes image attributes and builds a predictive model that allows it to look at future images and assign a probability as to whether the image is a cat or not. With enough data (images of cats), the machine will learn to accurately identify images that contain cats and images that do not contain cats, for example an image of a dog.

In the world of email threat protection, supervised machine learning is used to detect malicious or unwanted emails. The protection software is trained using known bad emails. A predictive model is then built by looking at all available email attributes (body, attachments, HTML and MIME) of the malicious or spam messages. The more example emails used to train the system, the more accurately it’s able to predict whether a new message is malicious or spam. To ensure accuracy over time, the system is re-trained with new email samples as threats evolve.

Unsupervised Machine Learning for Threat Detection

With unsupervised learning the machine is trained using data that has not be predefined. The system analyzes the data and groups or categorizes it. Using our previous example of cat images, the system would be given various images of cats without being told what the images contain. The system would identify and use similarities in these cat images and group them together. If one of the images was a dog, it would determine that the image was not in the same category as the cats. This form of machine learning is very useful in detecting data anomalies.

While unsupervised machine learning is not as commonly used in threat protection solutions as supervised machine learning, there are systems that use it to detect email attacks. In this scenario the system is fed regular email communication data. Over time this system can learn what normal email communication looks like for the organization and its users. This means it can detect when an email purportedly from the CEO is actually from an email address that has never been used by the CEO, or when the content doesn’t match the CEO’s normal writing style. This means that unsupervised machine learning can be particularly helpful in identifying business email compromise or other impersonation attacks.

Machine Learning as Part of a Layered Defense Strategy

Prior to machine learning, email threat protection solutions depended primarily on signatures of known spam and malware to block the unwanted emails – we could tell the system that a specific email is known to be bad, so if you see this email again, block it. This technique was, and still is, important in preventing known threats. But hackers have figured out that small modifications to their attack campaigns can get through signature based systems.

Over time, other methods of identifying malicious emails have also been developed, such as blacklisting URLs and IPs, attachment sandboxing and DMARC sender authentication. All of these methods are useful in preventing some attacks but the attacks keep evolving. Machine learning now adds another layer of defense to protect against advanced threats. The ability to assign a threat probability to an email, in combination with information from other layers of defense, provides the best possible level of protection. Additionally, the ability to automate threat identification and feed that data into a SIEM platform, allows limited human IT resources to focus on identifying threats that may come in through email but then permeate other systems across the organization.

While there is no silver bullet that can stop all threats, using machine learning as part of a layered defense can reduce the number of attacks that get through, and help identify when they do. This combined, layered approach represents the best available strategy to keep your organization safe.