Month: June 2024

General Security Issues News Ransomware, Phishing and other Malware Security Tools

KASPERSKY BANNED IN THE US

The US has announced plans to ban the sale of antivirus software made by Russian firm Kaspersky due to its alleged links to the Kremlin (source article https://www.bbc.co.uk/news/articles/ceqq7663wd2o).  This shouldn’t have come as a great shock.  In 2017 the Department of Homeland Security banned the anti-virus product from federal networks, and it has long been a target for US regulators.

There have always been some rather vague clouds over Kaspersky.  I well remember going back to 2010//11, working on a major UK Government sensitive project where we had one guy pushing Kaspersky hard, really fighting its corner but it soon became clear that the customer wasn’t going to use it under any circumstances.  But why?  Kaspersky has always scored very high, in fact near perfect scores, when tested independently by AV-TEST, the most trusted source for independent testing. 

Well, it’s all about the problem that it’s Russian owned and to provide a transliteration from Russian, Laboratoriya Kasperskogo.  In the UK it’s operated by a holding company.  Nonetheless the code comes from Russia and that’s going to have a very real impact on the US, especially given it’s almost total breakdown of relations and the ongoing Ukraine conflict.  Only the US Dept of Homeland Security knows whether this is a very real threat to western company’s using this suite of products, or if there’s a political element to it.  Either way, it’s going to damage Kaspersky, totally decimating its sales in the US.

The big question here in the UK, and across Europe and many Asian countries, is, is it safe to use?  In the UK, the British Standards Institute (BSI) has found no evidence of current problems with Kaspersky products.  However, it went on to recommend that its anti-virus products be replaced with alternatives.  Talk about sitting on the fence and damning with faint praise! 

On 29 March the UK’s National Cyber Security Centre (NCSC)  issued refreshed guidance on UK organisations’ use of technology originating from Russian companies, saying it is not at this time necessary, or necessarily wise, to discontinue use of products such as Kaspersky antivirus (AV) products.  That guidance is now nearly 3 months old, and it remains to be seen if it gets updated following the US action.

The judgement that companies will need to make is, whether renewing or looking to replace a current vendor, do we take a risk on Kaspersky?  Having been in this industry for many years, I know that there are lovers out there, of specific products and/or vendors, who will make this a hill to die on, but there are others who will adopt a much more cautious approach.  I don’t expect to see organisations rushing to ditch Kaspersky but I think their sales people, and their resellers, will find new sales and renewals, a real challenge.

Of course I can’t let this pass without a pitch.  So, if you want to take what I say as being tainted by the fact that I re-sell another product, then guilty m’lud, and I’ll take that on the chin.  The product we sell is one that is in heavy use by the US Department of Defense, as well as industries akin, including the nuclear industry.  It’s been pen tested to death and proof can be shown.  It has a unique approach in that it simply stops unauthorised programs from running.  But how?  Data is stored either as non-runnable info data or runnable application programs. Malware is a type of runnable program with undesirable behaviours.  The system uses what is called a Hard Disk Firewall (HDF).  HDF prevents malware infection, stopping malware program files from being stored and run on a computer.  Simply put it takes about a 30 day period to examine your network and end points, identifying what executables are being run and then, working with you, we decide which of those should be whitelisted to ensure your business isn’t impacted in any way, and anything not on the whitelist is blocked from running.  If you want to know more you can contact us on the links below.

Cyber Awareness Training Data Breaches and their consequences General Security Issues Identity and Access Management Risk Analysis and Security Strategy

WHAT IS MANAGEMENTS ROLE IN CYBER DEFENCE?

As I move around talking to business leaders of all sizes of company, one thing stands out.  And that’s that there are many different views as to how involved management needs to be in cyber defence, and some of these views are markedly different.  They range from a very hands off approach, happily leaving it to their IT support, to, and it has to be said, a minority, who see it as their responsibility.

Arguably one of the most, if not the most, important roles any CEO/MD/Chairman (call him or her whatever you like and for the purposes of this article I’ll stick with CEO) is to set the importance of cyber defence in everyones mind.  The tone has to come from the top to be accepted and effective.  When cyber defence is clearly prioritised by the CEO and the Board, it assumes an importance in the mind of the employees.  It is crucial that everyone from the CEO down understands the impact that a cyber breach, or a scam, or a cyber based fraud, can have on the bottom line.

This also aligns cyber defence and data protection with the business goals.  Cyber defence is a business issue, not an IT issue.  It’s crucial that all clearly understand this and how it should be woven into the very fabric of the business.  The CEO and the board have a clear perspective on the company’s strategic goals and direction.  By their involvement with cyber defence, they can ensure that it is aligned with the broader business strategy to fully protect the businesses data and systems.  It aids with budgets for cyber security tools, training and personnel, addressing the threats to the business.

CEOS might need advice and guidance but their involvement is essential and will help to identify some issues which may not be clear to employees, especially technical employees.  One such is reputational damage.  The damage to a company from a data breach may not be immediately clear.  But once it hits the press, or once the company becomes subject to a fine from a regulatory body such as the Information Commissioner, the word tends to spread.  If you can’t be trusted to maintain a level of confidentiality, can you be trusted with other things?  Doubt spreads and can destroy vendor, customer and partner relationships.

Cyber defence begins with risk management.  Managing cyber risks is no different to managing any other business risk.  There is no business without risk, the trick is to manage your risks down to a level that you are prepared to accept, known as the risk appetite.  This must involve the CEO and directors and business managers.  Each knows what could damage, perhaps catastrophically damage, their part of the business.  IT staff don’t have this knowledge, their focus is often on the technical risks, not the business risks.

Risk management itself begins with a clear cyber defence and data protection strategy.  Depending upon the size of your business, some elements of the suggested strategy below, may not be relevant to you.  This is offered as a guide, not an absolute.

Figure 1- Suggested Cyber Strategy Framework

To help in defining your strategy, you need to undertake a risk analysis which will inform the selection, deployment and management of Appropriate, Affordable and Accreditable (if required) controls.

Appropriate in the sense that controls need to support rather than hinder business process as well as being capable of achieving their goals.  Your controls also need to be appropriate to your business.  Affordable may seem self-explanatory, however in the context of cyber security controls and overall budgetary constraints, return on investment is as important as cost effectiveness.  Accreditation to agreed cyber security standards – of which there are many, is crucial for all organisations.  Being able to provide a trail of evidence which demonstrates on going compliance to selected standards is essential in times of crisis.

Having got this far, we need a risk treatment plan to match the identified risks.  What you’re trying to achieve here is to manage the risk down to an acceptable level.  Don’t get bogged down in trying to eliminate risk, you won’t succeed, but rather get the risk down as low as you can.  Don’t make it too complicated, identify your risks as High, Medium and Low.  Then manage the high risks down to Low, followed by the medium risks.  You do this by applying controls, be they procedural or technical, to the risk and measuring the outcome.

It sounds complicated and you may need guidance, but once done and adhered to, it provides peace of mind to you, that you have done what you need to do to get your Cyber Defence in place.

H2 provides affordable and flexible one-off and ongoing data protection and cyber risk protection services.

To learn more about the services we provide please click here https://www.hah2.co.uk/

Please feel free to give us a call or email.

Alternatively book a demo on our Calendly link https://bit.ly/3yoT0qi

T: 0845 5443742

M: 07702 019060

E: kevin_hawkins@hah2.co.uk

Trust H2 – Making sure your information is secure

Cyber Awareness Training Data Breaches and their consequences General Security Issues Identity and Access Management Ransomware, Phishing and other Malware Risk Analysis and Security Strategy

Cyber Security Defence

When you are an owner or director of a company, you will have to face many challenges starting from employing the right people to protecting the sensitive data regarding the company, your workers, suppliers and clients, who buy products and services from you. Nowadays, data leakage prevention is essential in every business. Last week I touched on cyber security strategy, and I’ll expand on that a little more in a week or two, but I’ll just reiterate here that cyber security and data protection are inextricably linked, both practically and legally.  They apply equally to the large corporate entities and SMEs alike.  It’s purely a matter of scale.  So, let’s dive in and learn more about the security and data protection services that you may wish to consider, having first identified your risks and come up with what is called a risk treatment plan, ie a plan to remediate the identified risks to an appropriate level, taking account of the residual risk that your organisation finds acceptable.

Cyber Security Defence – What Are the Most Common Services?

The Insider Threat

There are a lot of actions that can be taken regarding cyber defence. You need to cover both external and insider threat detection. We need to simplify, and where possible, automate our responses and solutions.  The more complicated we make it, the more chance of it becoming a liability rather than a solution. The insider threat is one that is often misunderstood and in fact, often ignored.  It is one of the most fascinating and alarming aspects of cybersecurity! It refers to the potential risks posed by individuals within an organisation who have access to sensitive information and can misuse it for personal gain or to sabotage the company. These insiders could be employees, contractors, or even business partners who have intimate knowledge of the company’s processes and systems. It’s like a real-life spy thriller unfolding right within the walls of your own organisation! The challenge lies in identifying and mitigating these risks before they cause serious damage. It’s an adrenaline-pumping game of cat and mouse that keeps cybersecurity professionals on their toes!  It is important to note that many insider threats come not from any intended action by an employee, but rather a mistaken action taken by an employee who didn’t know they shouldn’t do whatever it is they had done.  It’s a primary reason why cyber awareness training is so important.  I can’t stress enough how important a comprehensive campaign of such training is.

To protect against insider threats you need, as well as awareness training, a good mix of procedural and technical security.  You need a sound access control policy that clearly lays down how to onboard an employee, what access to allow, and how to protect against employees gaining privilege they don’t need and shouldn’t have.  That policy should also cover off-boarding when an employee leaves.  Here at H2 we have partnered with Cyber Elements to provide solutions to provide the correct provisioning in an easy to administer way.

External Threats

These are the threats that everyone thinks of when the subject of cyber security comes up.  It can be very easy, such as identifying and blocking a virus, or it can be very complex. It all depends on the size and range of the problem. For example, ransomware protection. We have partnered with Platinum-HIT (UK) to provide the HDF concept.  This provides a unique approach to anti malware and provides a good level of ransomware, and indeed, phishing, protection. On any computer system, data is stored either as non-runnable information data or runnable application programs. Malware is a type of runnable program with undesirable behaviours. HDF prevents malware infection by stopping malware program files from being stored and run on a computer. Simply put, if a program can’t run, it can’t infect your system.  This does require a period of examination of your system to identify what does need to run, to run the business, and that is provided within the product.

We have introduced a fully managed proactive cyber defence solution that complements our data protection solution, described below, whilst remaining able to stand alone, in the unlikely event that the data protection element is not required.

In the dynamic world of cybersecurity, staying ahead of evolving threats requires a comprehensive approach that adapts to the ever-changing landscape. At H2, we recognize that one-size-fits-all solutions often fall short, which is why we’ve developed a flexible and scalable cybersecurity solution powered by Guardz, to address the needs of our clients.

Our approach is grounded in sound risk management principles, ensuring that our solutions are aligned with your specific cybersecurity requirements. Whether you need one or more of our solutions, we can tailor an approach that meets your exact needs and budget.

I talked earlier about the symbiotic relationship between cyber security and data protection, which of course includes data leakage prevention, data privacy and compliance. Once again, we have this covered.  Our data protection solution is very comprehensive and looks not just at the technical, but also at the procedural aspect of data protection, from providing a virtual data protection officer, to writing and/or reviewing your policies and processes, to identifying where your data actual is, what it’s status is ie sensitive or non-sensitive, and provides the ability to encrypt the sensitive data in order to reduce your risk.  If you have a data leak and the data is encrypted, then you are significantly reducing any risk.

Summary

All cyber security defence solutions are designed and implemented in collaboration with the client, during a trial period that consists of between 14 and 30 days, depending upon the solution. All actions can be performed remotely and online and there is no requirement for us to be on site, thus reducing time and expense.  Additionally, all solutions are based on SaaS and therefore there is no expensive infrastructure or hardware requirements and being cloud based, it provides the additional advantage that it can monitor and protect end points regardless of where they are, in the office, on the move, or at home.

What’s the advantage of using a cyber defence managed service?

This will differ company to company, and some will have more of an issue, certainly regarding the protection of what is known as Personally Identifiable Information or PII, as defined in the Data Protection Act 2018.  Each must decide what their threshold is for residual risk, ie what risk is acceptable to them, once protections have been put in place.

Professional cyber security staff are, currently, difficult to source.  There is a global shortage of experienced personnel.  They are also expensive to employ.  You could also argue that there isn’t a full time job for more than one or two, in many organisations.  It therefore makes both operational and financial sense, to outsource at least some of your security operations.

Cyber Awareness Training General Security Issues Risk Analysis and Security Strategy Security Tools

Cyber Security Strategies for SMEs

What is a Cyber Security Strategy

A cyber security strategy is a plan that outlines an organisation’s approach to protecting its information systems and data from cyber threats. This strategy typically includes measures such as implementing security controls, conducting regular risk assessments, training employees on security best practices, monitoring network activity for suspicious behaviour, and responding to security incidents in a timely manner. The goal of a cyber security strategy is to minimise the risk of cyber-attacks and protect the confidentiality, integrity, and availability of an organisation’s sensitive information.

Do I really need that – I’m an SME and not really a target, am I?

Well yes, you are a target and there are a ton of statistics available which shows that SMEs globally are a very real target for cyber-attacks and can in fact, be very profitable for cyber criminals.  There are a lot of reasons for that but one of the top reasons is that typically, SMEs spend very little on cyber defence and generally have very weak defences.  Add to this that they don’t tend to carry out cyber awareness training for their staff, have limited resources and generally don’t have a good grasp of the issues.

Not their fault.  Most are focused on their core business, trying make a quid or two and are pressed for time.  They tend to rely on whatever company, usually local, that supplied their network, hardware and software, generally on a retainer.  The problem is that those companies don’t really have a good grasp of the issues either, concentrating on technology, and then, not necessarily the right technology.

Secure by default and design

Now that’s an interesting title, but what does it mean?  Secure by default and design means that a system or product is inherently built with security measures in place from the start. This ensures that security is a priority throughout the development process and that users can trust that their data and information will be protected. It also means that security features are enabled by default, reducing the risk of vulnerabilities or breaches. This approach helps to create a more robust and resilient system that is better equipped to withstand potential threats.

It applies as much to your network and systems as it does to software development and possibly more importantly to you, it is a legal requirement under the Data Protection Act 2018, or as it is becoming known, UK GDPR.

The first problem many people come up against is that they already have a network, probably connected to the cloud of some sort, very possibly for SMEs, MS365, but when the design was done, there wasn’t a full risk assessment undertaken which is a requirement to underpin that design.  In other words what we in the cyber security industry refer to as Security Architecture Design (SAD), wasn’t a prominent consideration.

No unusual and the common technologies were probably set up, firewalls and anti-virus, but not much else.  And that is where a well thought out strategy comes into play.

What should I be considering in my Cyber Security Strategy

We’ve already said you are an SME, so do you need the sort of comprehensive cyber security strategy that we would see in a major corporate?  No, but it should still cover off the major points and should continue to be reviewed alongside things like your Health and Safety policy and other industry standards that are required to be reviewed for you to stay in business, usually annually.

You need to be thinking about the key components needed to effectively protect an organisation’s digital assets and data. These components may include:

1. Risk assessment: Assessing potential cybersecurity risks and vulnerabilities to identify areas of weakness and prioritise areas for improvement.

2. Security policies and procedures: Establishing clear and enforceable policies and procedures for data protection, access control, incident response, and other security-related activities.

3. Employee training: Providing ongoing training and education to employees on cyber security best practices, such as password management, phishing awareness, and safe browsing habits.

4. Security tools and technologies: Implementing robust security tools and technologies, such as firewalls, intrusion detection systems, encryption software, security monitoring tools and data protection tools, and endpoint protection solutions.

5. Incident response plan: Developing a detailed incident response plan that outlines the steps to be taken in the event of a security breach or cyber-attack, including communication protocols, containment measures, and recovery strategies.

6. Regular audits and testing: Conducting regular security audits and penetration testing to assess the effectiveness of existing security measures and identify any vulnerabilities that need to be addressed.

7. Collaboration with external partners: Establishing a partnership with cyber security company that understands the issues that affect SMEs and who themselves can establish a solid working relationship with the IT provider that is providing and administering your network and IT resources, will enhance your protections, significantly improve your employee and managerial awareness of the issues, and provide you with the peace of mind you need, allowing you to concentrate on your core business.

Scroll to top