Cybersecurity NZ

Not if, but when. Ransomware on the rise.

Government

Make your organisation cyber resilient.

The excerpt will automatically add to here. Do not edit this block.

Protecting your organisation starts with protecting your data.

Ransomware. It wasn’t that long ago that it was a thing that happened to other people, often the big corporates, the blue chips in America. But not us in little old New Zealand/Aotearoa. We would occasionally hear it mentioned on the news in passing, or on page 10 of the paper. Leap forward to 2021, the year of COVID-19, of lockdowns and the now ubiquitous phrase ‘you are on mute’. The number of attacks made public on local organisations has increased. The biggest single target being the Waikato DHB. They estimate it taking another 2 years before they are back to where they were. 

And at the start of July international software company Kaseya had their remote management tools hijacked to deliver ransomware to unsuspecting victims. This new development is concerning, because the end users did not do anything wrong, nor did the support organisations. 

So what can we learn from these high-profile attacks, and what steps can we take to reduce the risk you are next? The number one thing to do if you haven’t already is to turn on multi-factor authentication (MFA) for all system administrators at a minimum, and preferably all staff. If you have a software platform that doesn’t support MFA you need to be asking questions of the vendor. If you have the choice of methods, using an app on your phone is top of the list, followed by a third party rotating key token (banks often use these). The worst options are receiving an email or text message – neither of these two options are secure. 

Ensure you are backing up your data. This includes Office365 and Google Workplace content. Not all backups are created equal though. Your backups should be going to an offsite location, retained for at least 60 days, and tested. It is no good making a copy of everything to a local hard drive if there is a fire! And no good backing things up if you cannot restore it. In the ideal world backup systems would be air-gapped from the source, and write permissions only allowed to the backup solution. These backups should be monitored and any anomalies investigated. Its common for attackers to quietly infect a system, then wait a month or more for all backups to also be infected before attacking. Look for larger than usual backup sizes, and odd looking content. Artificial Intelligence (AI) bots exist that can do this for you. For those with on-premise servers, ensure your DNS and Active Directory are included in the backups, and ideally locked away separately in a vault (software or physical) so you can quickly recover your infrastructure. 

Review who has access to what. You shouldn’t have more than three super-admins/global admins in any system, and these should be protected with MFA. Also review who has remote access into your systems, either using a VPN or some other method. Separate out the different administrative roles so breaching one account will not open the floodgates. 

Microsoft have a global threat activity website that shows cyber-threat activity for the last 30 days. Disturbingly education makes up of 60% of all recent encounters. 

Cyberthreats, viruses, and malware – Microsoft Security Intelligence 

Subscribe to our newsletter

Subscribe to Cyclone news to keep up to date with new technology, current trends and future thinking.


Aaron Overington
written by our very own

Aaron Overington

Aaron is an IT management veteran with over 20 years experience under his belt, but his passion for technology started even further back in the early days of desktop computing with the ZX Spectrum, the Amiga and the BBC Micro.

Aaron is a key part of the Cyclone team and works as one of our Technical Account Managers, we simply know him as a trusted advisor and a safe pair of hands. Aaron takes the time to understand the demands and needs of NZ businesses and schools before developing tailored solutions.


connect with aaron on linkedin

It’s ugly out there, people. Good security starts with you.

Government

Avoid the hook.

The excerpt will automatically add to here. Do not edit this block.

Staying secure in the modern world

Halfway through the 2021 academic year, and we are still hearing of phishing attacks on schools at all levels throughout Aotearoa. There was a time were only the big global companies were targeted by these attacks. The recent attack on the Waikato DHB should be, and has been, a wake-up call for all organisations. One thing that strikes me when visiting schools is the lack of awareness posters up on the walls. Nothing in the staff room, nothing in the hallways, nothing in the learning spaces. 

For me this is concerning. Most if not all schools have some form of a Digital Citizenship programme they run for students. Part of being a good digital citizen is knowing how to keep safe online. Being able to identify a phishing email, learning to not download an application from a random Internet site, or clicking on links in instant messages is central to this (ISTE standard 2B for students relates directly to this very point). 

The risks that these types of attacks can introduce can be broadly categorised into one of two buckets; ransomware , where all your files are encrypted and you cannot access them without paying the hijackers, and theft where either your data is stolen to be sold on the dark web, or you are tricked into paying phoney invoices.  

Ransomware attacks are growing. Imagine being at the end of a school year, your students have worked hard all year on assignments, and suddenly they are no longer available for final grading or revision for external exams.  

Arguably worse than a ransomware attack is the theft of data. Schools hold a large amount of personally identifiable information (PII) about staff and students, from home addresses to medical information.  All this information holds a value, whether for identity theft, online bully or worse. 

Being tricked into sending school funds to bad actors is still a very real risk, despite years of publicity around the tricks used. A request to purchase 100 iTunes cards for example, or a request from the ‘principal’ to urgently pay the attached invoice should set off alarm bells. The sad reality is it doesn’t always. 

We live in an always-on world, connected across multiple online platforms. The ease in which we share content and connect to friends and colleagues has exploded in the last 5 years. Unfortunately this connectedness allows the attackers to understand the hierarchy at a school, the movements of staff and tailor their messaging accordingly. And because so many transactions are now done online, seeing an email from your favourite online store offering a special deal is accepted with glee, not scepticism.  

Awareness of how to identify a phishing or bogus email can reduce the chances of a user falling for it and introducing an external threat. Better still, awareness and on-going training and assessment that is targeted to the whole school community. The cost to implement these steps starts at $0.  

Ask yourself, what is the financial and reputational cost to do nothing and be compromised?  

Aaron Overington
written by our very own

Aaron Overington

Aaron is an IT management veteran with over 20 years experience under his belt, but his passion for technology started even further back in the early days of desktop computing with the ZX Spectrum, the Amiga and the BBC Micro.

Aaron is a key part of the Cyclone team and works as one of our Technical Account Managers, we simply know him as a trusted advisor and a safe pair of hands. Aaron takes the time to understand the demands and needs of NZ businesses and schools before developing tailored solutions.


connect with aaron on linkedin

Our Top 6 Security Recommendations

Government

Meet the security challenge with eyes wide open.

The excerpt will automatically add to here. Do not edit this block.

Staying secure in the modern world

The recent hack of the Reserve Bank of New Zealand – Te Pūtea Matau (RBNZ) highlights that even central governments struggle with cyber security. Cyber crime is on the rise, and COVID-19 has provided a rich array of new opportunities for the criminal world. There are a number of things that you can do to mitigate some of the risks, and become a harder target. 

Here are our top six security recommendations that every individual and organisation should be adopting. 

  1. Always keep the system software updated. This is the software on your laptop, tablet and phone as well as any network equipment such as routers and modems. The breach at the RBNZ was due to outdated software on a network appliance that they had not maintained and patched. The bad agents used a flaw in the software to gain access. Had they kept this updated they may not have been breached. 
  2. Use Anti-virus software. And keep it updated. There are almost daily updates to most AV products to keep you safe and secure. No operating system is immune to virus attacks, and contrary to popular belief there are now more viruses and malware for MacOS than Windows. 
  3. Use disk encryption. Encrypting your hard drives and USB drives will render them useless if they are lost or stolen. The contents are unreadable if someone trys to access without first decrypting. Both Windows 10 Pro and MacOS have built-in support for drive encryption and it is a very simple process to turn on. We hope that the devices stolen from Capitol Hill in January were encrypted!
  4. Use MFA. Using multifactor authentication provides an additional layer of protection to your accounts. Most applications now support the use of MFA (sometimes called 2FA) and a mobile app. It is a simple yet effective way to add extra security to your applications as without it attackers cannot access a system, even with your username and password. TIP: DO NOT use SMS/Text as a secondary authentication method. It is easy for someone to spoof your mobile number and intercept a message. 
  5. Run Phishing simulations and training. The easiest way for someone to get into your systems is if they know your username and password. It is very easy for someone to craft an email purporting to be from a trusted persons or company, and tricking you into handing over your credentials. There are a number of tools available to run these simulations and to block phishing emails. 
  6. Use Data loss prevention policies. Both Office365 and G Suite have policies available with all subscriptions. The key is to really know your data; where it is, who should have access, and how sensitive it is. Then you can easily develop policies to prevent your data from leaving your environment without your knowledge. 

Talk to us today about how we can support you to secure your environment using these and other tools. 

Aaron Overington
written by our very own

Aaron Overington

Aaron is an IT management veteran with over 20 years experience under his belt, but his passion for technology started even further back in the early days of desktop computing with the ZX Spectrum, the Amiga and the BBC Micro.

Aaron is a key part of the Cyclone team and works as one of our Technical Account Managers, we simply know him as a trusted advisor and a safe pair of hands. Aaron takes the time to understand the demands and needs of NZ businesses and schools before developing tailored solutions.


connect with aaron on linkedin

Protecting your data

Protecting Your Organisations Data

Government

How much is your data worth and can you protect it?

The excerpt will automatically add to here. Do not edit this block.

Protecting your valuable data

Data is a valuable currency and the ultimate goal for cybercriminals. If you own an organisation’s data and intellectual property, you can bring the business to its knees. By breaching the company’s defences and locking up its data, cybercriminals can exploit businesses for a hefty ransom to retrieve their data and avoid the financial and reputational damage that goes along with being breached.

It’s not only businesses that are at risk of financial exploitation. An individual employee’s identity alone is valued at around US$1,200[1]. However, that’s just the tip of the iceberg considering that a successful cyberattack could result in:

  • Appropriation of resources: cybercriminals often use vulnerabilities in the network to infiltrate systems and use information that can be repurposed to create things of value, such as scams. By co-opting organisational data, such as internal email signatures, cyberattackers can create phishing emails to exploit other victims using your organisation as a proxy.
  • Clients and suppliers transferring funds to bogus accounts: phishing and spear phishing attacks can exploit your email information to expose your customers to vulnerabilities. This can lead to customers sharing details and finances with cybercriminals using fake accounts and posing as employees of your company.
  • Impact to financial credentials: cybercriminals can access company credit cards and bank accounts, which can cause financial losses and damage.
  • Theft of intellectual property: cyberattackers that infiltrate your system or deploy ransomware can access sensitive data and information from within your organisation. This can be used to blackmail your organisation, or be sold through the black market, for monetary gain.
  • Ransom demands: armed with sensitive company and customer information, cybercriminals can further exploit organisations by requesting payment for the return of locked up data.
  • Company information used for unlawful purposes: in addition to financial exploitation, criminals can also exploit confidential information for other means, such as corporate espionage. This can involve company secrets or intellectual property being sold to other competing organisations or used for other illegal activities such as fraud.

It’s essential that organisations invest wisely in tools and technologies to keep their valuable information safe from cybercriminals. To protect company information, organisations must integrate processes like advanced email threat protection, multifactor authentication and employee cybersecurity training into their operations. They should also invest in network security tools, such as perimeter security, to provide the best defence possible for the network. However, there is a fine balance between investing in the right level of protection for your organisation, and over-investing in solutions that may not deliver the best security advantage for your business.

Cyclone has identified four key capabilities your cybersecurity solution must deliver to best protect your organisation and its valuable information in our latest checklist. For more information, download your copy today or contact the Cyclone expert team for a personalised consultation on how best to protect your organisation

[1] https://www.top10vpn.com/research/investigations/dark-web-market-price-index-2019-us-edition/


Top three cyberthreats

Top Three Cyberthreats For NZ Organisations

Government

What are the top three cyberthreats and how can you prevent them?

The excerpt will automatically add to here. Do not edit this block.

Preventing Cyberthreats

There has been a significant increase in targeted cyberattacks on organisations since COVID-19, and these attacks are unlikely to subside any time soon. In fact, the rapid growth of smart devices used to access organisational tools and information, and the prevalence of employees working remotely, will only broaden the attack surface for cybercriminals in future.

Today, there are thousands of cyberthreats that pose a risk to businesses.  With a cyberattack occurring every 39 seconds on average it’s a matter of when, not if, your organisation will be targeted by cybercriminals. [1]  There are three key threats that pose the greatest risk to organisations today:

Top Three CyberThreats

  1. Email based threats and exploitation

Cybercriminals have been using email to exploit victims for a long time. However, gone are the days when you could easily identify a financial scam after receiving an email from a ‘prince’ in a foreign country. Cybercriminals have become more sophisticated as our technologies advance, and the ways in which they exploit victims has changed. Some of the most common attacks include:

  • Phishing: phishing is possibly the most common form of cyberattack. Phishing emails appear to come from a reputable source, and typically include requests to click a link or open an attachment.
  • Spear phishing: a more sophisticated form of phishing, spear phishing is more targeted and may appear to come from someone within the target’s own network, making it more likely that the recipient will fall for the scam.
  • Ransomware: a form of malware that encrypts files, ransomware is commonly sent via phishing emails and downloads to the victim’s device once opened.

As these attacks are common, there are reasonably simple ways you can defend your organisation. First, it’s important to install tools that protect the organisation and prevent data loss, such as advanced email threat protection software. It’s also essential to invest in education for your employees to ensure they understand cyber risks and how to identify scams and threats. Consider conducting regular training sessions with all employees and sending regular mock phishing emails to workers to keep them vigilant against threats.

  1. Hacking

Hackers will typically access your organisation’s network via ransomware or exploiting security vulnerabilities in your system. This opens your organisation to great financial and reputational risk, as well as potentially exposing your customers and partners to risks as well. Having multiple layers of defence is the most effective way to strengthen your organisation’s security posture and reduce the risk of failure in network security. Multiple layers of protection mean that, if one layer fails, another can sure up the organisation’s security. This involves investing in technologies like firewall and network protection to provide a privacy and security environment that both your employees and customers can trust.

  1. Data leakage

The rise of remote-working practices in 2020 has greatly increased the risk that employees pose to organisational security. The prolific use of external smart devices that need encryption to connect to organisational networks have increased the attack surface that can be exploited by cybercriminals, as well as the number of potential points of entry that can be breached. To defend against data leakage through risky access points, it’s essential to invest in multifactor authentication to protect devices and applications. The IT team also needs a comprehensive, up-to-date list of all devices connected to the organisation’s network.

Identifying the right tools and technologies to protect your organisation from a breach and defend it against cyberattack can be complicated. There are four key capabilities to look for in a cybersecurity solution. For more information, download Cyclone’s free checklist today, or contact the Cyclone expert team to discuss the safest and most cost-effective cybersecurity approach for your organisation.

[1] https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds