It’s been two weeks since the IT world was rocked with the news of the CPU vulnerabilities known as Meltdown and Spectre. It’s making headline news due to how far the vulnerabilities extend—to nearly every processor manufactured over the past 20 years—as well as the potential impacts in mitigating these vulnerabilities. Every server, computer, tablet, phone or any other computing device with a modern CPU is potentially affected. (See WEI’s Customer Advisory about Meltdown and Spectre in this blog post.)
Happy New Year! As we say hello to 2018, we can reflect on the massive progress technology made throughout 2017. The cloud came to a new level of maturity, cybersecurity incidents rocked the world and organizations embraced hyperconverged infrastructure as the future of data center modernization. But what lies ahead? Read on for a look at cybersecurity predictions for the coming year.
Have you ever looked at your dog or cat staring out the window of your house towards the horizon? Ever wonder if they contemplate what may be beyond their visible perimeter? It used to be that internal IT did not have to contemplate what lay beyond the perimeter. Network security was fairly simple – create a wall of security around the data center and its resources, along with the users and their desktops scattered throughout the building. Traffic passed through the perimeter firewall while users passed through the front building entrance to access the network. It was a page out of the medieval castle defense playbook in that unauthorized users, unknown devices and external threats were kept at bay outside of the walled perimeter.
WEI is aware of the new vulnerabilities related to Intel and other CPUs which could potentially allow an attacker to gather privileged information from CPU cache and system memory, putting enterprise security at risk. The vulnerabilities are code named “Meltdown” and “Spectre." The “Meltdown” issue is reported to only affect Intel CPUs while “Spectre” is reported to affect Intel, AMD, and ARM. The impact of these vulnerabilities could extend back to CPUs from as early as 1995 (in the case of Intel).
This holiday season, the frenzy is not about the “must have” toy, it is the must have investment – Bitcoin. The TV networks cannot stop talking about the dramatic rise in its value that seems to occur on a daily basis, if not hourly. The cable business news shows shuffle in cryptocurrency and financial industry pundits to discuss the significance the new digital gold and the cryptocurrency market at large. They debate each other whether bitcoin is a sure deal that will continue returning positive dividends, or a bubble that is about to burst. Both sides of the argument have their “experts” as to why you should or should not get involved bitcoin mania. CNBC reports that people are maxing out their credit cards to buy, buy, and buy. Some people are even taking home equity loans on their house to maximize the number of coins they can afford.
Mark Twain popularized the phrase, “There’s gold in them thar hills,” when he wrote about the gold rush of 1849. Today, the gold lies not in the hills of California, but within crypto mining servers dispersed across the Internet. This new gold is not mined by the power of the pick and shovel, or even dynamite. Instead, computer processors power the mining operations that create this digital gold. Welcome to the modern day gold rush of today’s digital age.
There’s a lot to learn every day in the world of technology, especially with the ever-increasing amount of high-profile cyber breaches and criminal hacks. It seems every news article brings a new security scare, and businesses should be more alert than ever before. Want to know what threats are out there? Read on for an overview of recent security breaches, and find out what your organization can learn from them.
Remember the destruction WannaCry caused? The casualties included up to 300,000 encrypted computers in over 150 countries, not to mention the damage or loss of data entirely. The newest ransomware cyber-attack threat is far worse than WannaCry, and it's going by the name “Petya.”
The news is buzzing with instances of companies being taken for a ride by cyber thieves. Their new tactic? Injecting dangerous software into the organization and locking their data up until a ransom is paid. While the FBI still recommends not paying the ransom, enterprises are taking varying approaches to combatting ransomware. In this post we dive into some recent ransomware attacks and takeaways your organization can learn from them.
Every data center, application environment, enterprise organization, and cloud provider would probably like nothing better than to achieve “zero downtime” for all of their operations. High availability (HA) architecture can provide the flexibility and reliability that you’re seeking for backup and recovery solutions.
Nearly every day, there is a new cybersecurity breach to announce; businesses should be more alert than ever before. In 2015, the Ponemon Institute and Symantec discovered that a whopping 47 percent of U.S. data breaches were the result of a malicious insider or criminal cyberattack. Read on for an illuminating look into recent high-profile cases, and what you can learn from them.
With the wide range of reported cybersecurity incidents and hackers getting more creative than ever before, there is no shortage of threats to the modern enterprise. IT managers must not only secure current data and systems, but preemptively protect against ongoing future threats, which are constantly evolving. While there are well-known versions of malware, “Tellingly, WatchGuard’s inaugural Internet Security Report found that some 30 percent of malware in Q4 was new, or ‘zero day.’ (Not to be confused with zero-day exploits.) In other words, one-third of malware identified wouldn’t be caught by legacy antivirus solutions,” according to PYMNTS.
Unsecured printing and imaging leads to security breaches, putting organizations at risk of costly lawsuits and public relations nightmares.
Today’s printers can connect to wireless networks, scan and send documents, store data on hard drives, and even produce 3D materials. They have many of the same capabilities—and the same vulnerabilities—as computers. As their features increase, so do the opportunities for security breaches in the printing process.
How good are your enterprise’s security defenses? Today’s hackers have access to an arsenal of tools for carrying out targeted attacks, thanks in part to an anonymous and hidden area of the internet called the Dark Web (also called Deep Web or Darknet). Payment for purchases made there is typically in the international digital currency Bitcoin, which offers a fairly high level of privacy.
The job of an IT professional is challenging, especially since strengthening cybersecurity is constantly a moving target. With attackers trying new approaches and getting stronger with their tactics every day, protecting an enterprise’s data and information is more crucial than ever before. How can you ensure you’re covering all of your security bases? Start with managing the most common security risks, which are described in this article.
Regardless of organizational size or industry, every company faces significant data and network security concerns today. Those concerns increase substantially for organizations that deal with protected or sensitive information in any way, including health, financial, or even basic customer data. The past decade has seen a growing number of both internal and external data security breaches in industries as diverse as healthcare, retail, entertainment, banking, and military contracting, and threats are unlikely to subside anytime soon. Organizations who act now to counter the threats of the future are the ones who have the best chance at protecting customers, employees, and brand reputations.
If you have had the chance to read any of the latest analyst predictions for 2017, then you will have noticed that security remains at the top of the list. So what will you do differently this year than in year's past? As you review your security strategies and revisit best practices this New Year, it’s important to reflect upon the past. We examined the top security threats last year in our white paper, Effectively Managing Cyber Security: Top 5 Enterprise Threats. Now read on to learn about the top five enterprise security threats to the confidential and proprietary information on your network -- that you must consider for this year.
How are your security protocols working? While most businesses are focusing on the type of software being used to keep cybercriminals out of the servers, Intel and its partners are working to change the face of security and working together to achieve better results.
There’s a new technology threat your organization should be cautious of in 2017 – it’s called whaling. Just like the practice of hunting a whale, cyber criminals use this technique to reel in a big catch by targeting top decision-making executives at enterprise organizations—and it works. If that doesn’t sound scary enough, many companies have experienced this threat in a very real way. Read on for a look into some high-profile, real-life whaling cases and their consequences.
We recently discussed an emerging cyber threat called whaling, a new highly-targeted phishing tactic that’s threatening enterprises’ most valuable employees: the C-Suite. While whaling is similar to any other phishing or spam email scam, it’s a tactical approach that takes its time by targeting high-level executives by leveraging what seems to be legitimate business correspondence. How can you recognize a whaling attack before it infiltrates your organization? Read this post to get to know the common security risks.
There’s a new kind of threat to your enterprise, under the phishing and spam umbrella, and that danger is referred to as whaling. Specifically designed attacks target your most valuable team members, the boardroom executives, and infiltrate your enterprise to a scary extent. How can you avoid whaling? Read on for our cyber security threat briefing.
As we look back at the year that was, one cannot ignore the growing prominence of Ransomware within the IT Security community. The dramatic surge of ransomware attacks has been outlined within headlines all across the country as cyber criminals continue to perfect this method of extortion in which no person or organization appears to be exempt from today.
There’s a lot of talk about SDN solutions today such as Cisco’s Application Centric Infrastructure. In fact, Cisco ACI is the industry’s most comprehensive software defined networking (SDN) architecture to date. By integrating ACI into IT operations, IT now has the ability to align IT services with business objectives and policy requirements. Achieving this organizational transformation can be a game changer for most any organization, allowing them to streamline their services at large and gain greater efficiencies and profit margins. Instead of serving its traditional role as a cost bucket, IT can become a leader, introducing and initiating value added projects that recognizably add to the profitability and success of the business.
Ransomware is a flourishing IT threat, and one that can cost organizations thousands of dollars in lost data, ransomware repayments and security breaches. According to Marcin Kleczynski, the CEO of cybersecurity company Malwarebytes, "In the last six to 12 months, [ransomware] has just gone so aggressively to the business environment. We see companies from 25 people all the way to 250,000 people getting hit with ransomware."
At WEI we are always looking for new and comprehensive solutions to meet our customers’ changing security needs. According to Symantec’s 2015 Internet Threat Report, the number of ransomware attacks by cyber criminals more than doubled between 2013 and 2014. What can businesses do to avoid this? One piece of your comprehensive security puzzle should be to focus on network segmentation.
There are several different ways your current employees can knowingly or inadvertently bypass your security; while all can wreak havoc with your systems and cause irrevocable damage, those with malicious intent in mind are by far the worst. Understanding the different levels of threat and what may motivate these insiders can help you create strategies that truly mitigate your risk.
At least once a year, you can find a report on the web about what the most common passwords are based upon leaked data. Think of these lists as the worst passwords you can ever use. Typically, 123456 and password top the list. Coming up the path of popularity are passwords 123456 and 123456789, as people are required to enter in longer passwords. Need a mix of letters and numbers? You might want to avoid abc123 and trustno1, among many others. Nowadays, a password security alone isn’t sufficient to lock anything down. How best can you secure your system to keep the bad guys out?
As malware continues to evolve at lightning speed, it’s getting more and more difficult to prevent and identify its existence. A computer attack from the APT virus is both insidious and crippling for enterprises. Its lifecycle, if well-masked, can do some real damage in just 12 months. An Advanced Persistent Threat attack on a bank revealed that it’s a methodical attack. Here’s how it unfolded. Seasoned cybercriminals mined the bank’s social media platforms and website to identify its hosts and senior personnel. Stolen data was then used to launch phishing email campaigns and launched malware on the bank’s executives’ laptops. Undetected by antivirus software, the attack expanded throughout the business. All of this took just three months. Over the next several months, the malware had injected a code into all of the infected systems. Slowly, it stole passwords, security policies and network diagrams. The organized crime ring used this data for a more offensive attack across the company’s network. The last two months of the malware attack entailed downloading the bank card information of more than 50 million bank customers.
Did you know that your data could be compromised at this moment, even if none of your security measures have sounded an alarm? As companies across the nation reported data breaches throughout the past few years, one commonality was noted: in most breaches, the data was compromised for weeks or even months before anyone noticed. When you couple that fact with some of the expectations for data security in the coming years, you realize that both internal and external security in most organizations has to evolve if it’s going to do any good.
Every few years a new encryption algorithm is released by an IT solutions provider to ensure your data stays safe. Hardware keeps improving, making older encryption algorithms easier to break. Thus, new encryption mechanisms are needed to keep your systems and data safe.
Once upon a time, it was safe to turn your computer on. Nowadays, a month, week, or even day doesn’t go by where you hear about the latest system attack and zero-day exploit used to install malware and expose data from somewhere across the globe. Some news reports even say the NSA is buying these exploits to take advantage of them before they’re patched to gain access and potentially disrupt computer systems. If the US government is doing it to attack their enemy, you can be sure other governments and organized crime are doing the same to potentially get into your systems. A chain is only as strong as its weakest link and the least protected computer system will be found and exploited.
Managing internal access to data and software has always been a challenge for technical and security departments. In the past, security was often managed physically; workers couldn’t access what they couldn’t physically get to. Today, cloud computing and the need for employees of all levels to access data from disparate locations makes physical controls outdated in most industries. Instead, organizations are turning to a variety of cloud, software, and hardware-based security solutions, some of which are less effective than others.
Is your business utilizing data encryption in your security strategy? The process of changing information to make it unreadable to those except authorized users can help your company securely protect data and safeguard it from potential threats. Businesses use data encryption to protect personal information, customer data, trade secrets, employee files, tax information, credit card numbers and more. This benefits the network is breached. Read on to learn about the benefits of data encryption.
Newscasters seemed rattled by the news last week that Hollywood Presbyterian Medical Center paid hackers $17,000 in Bitcoin to regain access to a key system.
This is no surprise for security insiders. Ransomware for enterprises is a top trending threat. In fact, the center’s ransom pales in comparison to the $123,000 in Bitcoin demanded from a New Jersey school district in 2015; the district decided instead to rebuild systems from backups.
Security analysts say that anywhere from 3 to 40 percent of ransomware victims pay up. The FBI, the agency responsible for investigating ransomware, has no way to help. Instead, the FBI recommends paying the ransom if the victim has no unaffected backup from which to restore files. Several police departments have paid ransoms.