False Sense of Security – Ep 404 

Gary Salman from Black Talon Security joins David as guest host while Donna celebrates her birthday in the Keys. David and Gary will explain why not being constantly vigilant when protecting network security can lead to a false sense of security.  They will discuss the threats Black Talon is seeing in the cyber environment these days and via tabletop exercises they conduct with organizations as well as ways to help protect your organization from and prepare for cyber events and other crisis situations.

In this episode:

False Sense of Security – Ep 404

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

Thanks to our donors.

False Sense of Security

Typically, if your IT or MSP provider is protecting your network with EDR (endpoint detection response) or XDR (extended detection response) technologies, you are considered to have solid protection. EDR looks at the machine individually. XDR tends to look at the machines or the network as a whole, and it can start to see things going on across the environment versus being isolated to one computer.

Even though EDRs and XDRs are solid technology, Gary says they are seeing a lot of really high end EDRs and XDRs beat by the threat actors. The problem is we’re now at a point where this technology is readily available and the threat actors have it in their arsenal too. Hackers are picking up this technology and figuring out how to get around this tamper proof technology and deploy their malicious attack.

Now, this is not to say you should get rid of these EDR and XDR products because a hacker got around it. In the cyber world it is important to understand that nothing is 100%, everything is potentially beatable. But, most of the most robust security is always multi-layered. Almost every ransomware gang now steals the data. One big question to ask your IT or MSP provider is do they have something in their security stack that is going to alert them if data is being exfiltrated from your network.

Another thing to consider is that with the new AI technology that everyone is excited about, guess what? The hackers are excited about using it too. They can use it to write malicious code, to figure out how to make their ransomware better and how to make their attacks more effective. On the flip side, EDR and XDR technologies are using AI too. So it really is a cat and mouse game.

What We Should Be Looking At

1. Email protection – use technologies that can sandbox or detonate links and attachments before they are delivered.
2. Vulnerability management – constantly confirming that your firewalls are configured properly.
3. The human factor – constant training your staff on security safeguards, cybersecurity risks, how to detect and prevent becoming a victim. Humans are your last line of defense, but can also be your biggest risk.
4. Vulnerability scans – running a vulnerability scan once a year is worthless.
5. Penetration testing – have actual pen tests done on your network by a third party forensics firm; insurance carriers providing cyber coverage are starting to ask you to prove you are doing pen tests.
6. Cyber awareness training – everyone should participate in cybersecurity awareness training; from top down… everyone!
7. Simulated phishing tests – all organizations need to conduct phishing tests on their workforce; review results of those and address the “frequent clickers/failures”.
8. Independent third party assessments – insurance carriers are starting to request independent third party assessments of your network, not assessments your IT or MSP provider does for the organization.

More and more, the insurance industry is pushing the concept of cyber due diligence. It is likely to become the standard across many industries in the near future.

Tabletop Exercises (TTX)

Tabletop exercises are activities in which you get key staff members that are assigned emergency management roles and responsibilities in the organization get together to discuss simulated emergency situations… before that happens in real life. Unfortunately, many organizations don’t do these or they say they’ll just call their IT or MSP provider. In reality, the IT or MSP provider’s role in a cyber incident is limited. There is much more to worry about than technology in cyber attacks.

What about active shooter situations, building fires, community riot situations, natural disasters, etc? A tabletop exercise defines a specific circumstance. It basically walks you through how you’re going to handle it. But the catch is, there’s no one telling the business what to do. The business is going to have to figure this out on their own during this exercise. TTX tells us how we are going to fight through a problem and bring your business back up as quickly as possible. It can help you decide how you are going to talk to clients, treat patients, manufacture your products, etc. It can help you see where weaknesses are and determine there is a need for redundancies or further training needed for staff. TTX helps organizations understand the potential risks, see how the response team members interact and work together and identify where strengths and weaknesses are within your process, plans and people.

Organizations can do their own TTX, but having a facilitator, like Black Talon, who has experience with TTX can help you think about things you normally wouldn’t and provide some insight on things they’ve seen during real life events.

Backup challenges

Many people believe having a data backup is all that’s needed to recover from a cyber event. Unfortunately, data backups can fail or be compromised themselves regardless of whether they are local backups or cloud backups.

These days you should have to have local backups, cloud backups and off site backups. All these things are really important. As 2010 as it may sound, cold storage is where it’s at. Cold storage for a small business could be an external hard drive that gets rotated out every couple of days and removed from the business. These days you really need backups that are totally disconnected from the network and the internet.

For more information Black Talon Security or reach out to them regarding their services or to facilitate a TTX for your organization:

BlackTalonSecurity.com

Call 800-683-3797

Contact Gary Salman on LinkedIn.

Protecting your organization from cyber attacks takes constant vigilance. Technology alone cannot prevent a cyber attack. Ongoing management of endpoint and network vulnerabilities is crucial. But also being prepared when an attack happens via tabletop exercises is critical as well. Everyone is on the cyber team, not just your IT or MSP provider.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.