Menu

Tec-Discussions

Check out the newest discussions

8 Unforgettable Lessons from Fortinet’s Q4 2016 Threat Landscape Report

How do you stay one step ahead of those increasingly crafty cyber criminals?  By studying trends and understanding criminals’ behaviors and preferred tactics. You can start with Fortinet’s Q4 2016 Threat Landscape Report, which gives you a comprehensive view of what’s going on in cybersecurity.  

What You’re up Against

Cyber attacks are getting bigger and more sophisticated. This rising aggression and unpredictability in the threat landscape has companies scrambling to defend themselves.

In the final quarter of 2016, the world saw the largest data breach and denial of service attack to date. And businesses are still reeling from the recent WannaCry ransomware attack, which affected at least 150 countries and may end up costing as much as $4 billion.   

As an organization, you can’t sit back complacently waiting for the next attack.  You need to arm yourself—with the right information.

Fortinet Intelligence is a Powerful Weapon

To compile the Threat Landscape Report, our technology parter Fortinet, exhaustively looked at over a trillion security events from the last three months of 2016.

What they found is that many of the threats we’re seeing today aren’t new. Take, for example, SQL Slammer, which topped the application exploit list for the final quarter of 2016.  It’s been around for years. Threats mutate over time, so it’s helpful to study past incidents to stay one step ahead.   

Here are eight revelations highlighted in the report. By addressing them now, you can be better prepared to counter a cybersecurity attack:

  1. Watch your devices. Cyber criminals are ratcheting up attacks on unprotected and vulnerable IoT devices.  Printers and routers are particularly susceptible.
  2. No one is safe.  Cyber criminals are casting wider nets for their prey—making everyone a potential target.  Alarmingly, the Fortinet study found a whopping 10.7 unique application exploits per organization.  
  3. Make sure you stay current with patches.  The report shows 86% of firms registered attacks to exploit vulnerabilities that were over ten years old—reinforcing the importance of keeping software up- to-date.  
  4. Beware of ransomware. The report found that the healthcare sector was the most common victim of ransomware attacks, but all industries should be on guard.  A rise of Ransomware as a Service (RaaS) is also concerning.  
  5. Watch out for malware.  You should be particularly wary of Nemucod and Agent.  
  6. Mobile is vulnerable.  Mobile malware is a global problem and was reported by about one in five organizations — more than what Fortinet’s seen in the past.
  7. Botnets still give companies grief. Fortinet detected an average of nearly seven unique active botnet families per organization.
  8. Cyber criminals never take a holiday. Cyber crooks often target organizations when they’re not expecting it, such as attacking universities during a school break.  

What Organizations Can Do to Counteract Cyber Threats

Companies can take the information gleaned from the Fortinet report and put it into action. Regularly review your security policies, and make sure you’re up-to-date on all necessary patches.  
As a partner of Fortinet, Tec-Refresh can help businesses address the challenges on the threat environment. To gain a better understanding of what you’re up against, download the full Fortinet Q4 2016 Threat Landscape Report.  

Top 10 Cybersecurity Facts

Warning – Watching this video is not for the faint at heart.

3 Ways To Prevent A Ransomware Attack

See what any organization can do to stave off a worldwide attack TODAY.

5 Security Priorities to Outsource to an MSSP

Unlike your IT department, cyber-attackers don’t need to be experts in every aspect of IT security. They only need one method that works.

IT departments need experts to close gaps in security – but most are having difficulty hiring skilled, infosec talent. There are currently 200,000 unfilled security positions in the US alone and experts say that number could increase to 1.5 million by 2019.

Making matters worse is the increasingly dangerous, complex  threat landscape where:

  • Ransomware activity increased 10% in Q1.
     
  • Mobile malware volume grew from 1.7% in Q4 2016 to 8.7% in Q1 2017.
     
  • Network visibility and control is diminishing with upward trends in cloud adoption.

Add to this the fact that the total average cost for a breach is $7 million and the stakes have never been higher. How can your security keep up with cyber-threats when it’s impossible to be an expert in everything?

The answer for more and more businesses is to outsource specific security functions to Managed Security Service Providers.

Consider a Hybrid Approach to Outsourcing

Working with MSSPs offers specialized skills and great competency which can help reduce the complexity and improve the quality of your security. But it shouldn’t be your only strategy. Rather than outsourcing every security function, consider a hybrid approach where you build your internal team with certain specialties and then use MSSPs to fill any gaps.

As you consider the holes in your own IT security, here are 5 security priorities to think about outsourcing:

  1. Security Monitoring: Building a comprehensive security operations center can be a major challenge for SMBs in terms of budget and manpower. While there are many MSSPs offering monitoring services, be sure to carefully check all qualifications, set a service agreement and use checks to hold your service provider accountable.
     
  2. Security Intelligence: For a cybersecurity technology company like Fortinet to gain a complete view of the threat landscape in 2016, they had to collect data on billions of threat events and incidents through a network of devices and sensors. This isn’t an option for an SMB, but an MSSP can maintain a full understanding of the threat landscape and known industry threats and use this information to improve your security intelligence.
     
  3. Security Testing and Third-Party Assessments: Many vendors and regulators require assessments to be run by third-parties, but that isn’t the only reason to outsource these functions to an MSSP. For certain security tests such as penetration testing and application security testing, the objectivity and expertise of an MSSP can find holes you may have missed and help turn your security into an enabler, rather than a disabler.
     
  4. Incident Response: A recent study found 65% of organizations identify skills shortages as the largest impediment to improving their incident response. An MSSP can provide you an incident response plan with an experienced team to execute it so you can work to plug security holes as soon as they are identified and limited the damage.
     
  5. Compliance Requirements: Many compliance requirements involve the use of third-parties for vulnerability scans, penetration tests and other assessments, but that isn’t the only benefit. As PCI DSS compliance changes constantly and becomes more complex, working with an MSSP can help you navigate the various requirements to ensure you avoid any fines or penalties while maintaining your security.

As a Fortinet partner, Tec-Refresh can offer the managed security services to fill gaps in your security expertise and leverage a network of security intelligence and tools. To learn more about our GIAC certified cyber security initiatives, call Tec-Refresh today!

3 Secrets of a Successful Security Automation Strategy

Computer security threats keep growing in number and sophistication. The Internet of Things (IoT) has added to the number of targets to defend as well as the number of attack sources. So have mobile devices. WannaCry was certainly just the start of a new wave of worm-based malware, with the Petya worm quickly on its heels. These attacks don’t rely on human error but spread directly from one computer to another.

In an increasingly worm-infested world, a reactive approach to security isn’t enough. Humans can’t keep up without help, and anti-malware software can’t stop everything. Security automation is necessary if an organization hopes to stay safe.

Three keys to automated security

A successful approach to automated security encompasses three elements:

  1. Data availability.: Keeping up with the data is necessary, though not sufficient. Any system tied to the Internet is constantly being probed for weaknesses. There may be a huge amount of security-related information, and the first step is to make sure it’s all available.

  2. Holistic perspective: Sound decision making requires bringing together the data from across the network, understanding the intelligence  and distinguishing significant indicators from unimportant ones. Success comes from  treating the network as a whole; discrete devices, each protecting separate components, can't do the job.

  3. Rapid action: A successful defense turns intelligence into action. With security automation, threat and breach detection and response is faster and more precise — which helps to contain the damage.

Automated security in action

Security automation looks for patterns that indicate trouble. This includes not just malware signatures but unusual types and levels of activity. Every network has different patterns of normal behavior, and automation tools must be able to detect what’s abnormal for that network.

When a new device is added to the network, the network security platform should automatically interoperate with it. Sharing information from every point on the network gives the best chance of identifying anomalies and their source. For example, if a device starts querying every other device on the network and normally shouldn't, there’s probably a security issue.

Upon identifying a threat, the security system should take immediate action to mitigate it and notify human users. The IT security staff can then look at the report and understand what has happened, and perhaps why. From there, the security team can decide what further action is necessary

The fabric-based approach

Fortinet’s security fabric brings together all the network’s discrete security tools to form an integrated, automated solution. Automated information sharing between physical and virtual tools such as firewalls, endpoint security and behavior-based advanced threat protection (APT) solutions are central to the effectiveness of the security fabric.

Getting there from here

Automation isn’t as simple as turning on a switch. The earlier you start, the sooner you’ll have the level of protection that’s needed. You'll then have the best chance of keeping up with today’s threats and future ones.

Tec-Refresh will help you get started on this path, developing an automated security strategy that will reduce the security risks your network faces. As a Fortinet partner, Tec-Refresh can provide you with the best tools and methods for moving toward intelligent security automation.

Tec-Refresh at Interface Charlotte

We had a ball playing “Tec-Jeopardy” with attendees and showcasing their cybersecurity, data storage, IT and consulting services. Take a look!

Ready To Go For Interface Charlotte!

Big day today and tomorrow at Interface Charlotte and we’re ready to show attendees how we can meet all their IT network, program management, cyber security and consulting needs!

IMG_0478 IMG_0477

CEO Efrem Gonzales in California CEO Magazine

Take a look!

calceo-logo-WIDE1-e14314500331891

Three Ways To Survive A Ransomware Attack

Ransomware.Efrem Gonzales,Microsoftt,Bitcoin,FedEx, the UK’s National Health Service, Spain’s Telefónica and others, WannaCry,Tec-Refresh,cyber securityThere’s been a great deal of talk about the recent WannCrypt/WannaCry ransomware attack. The virus targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin. The result was more than 230,000 computers in more than 150 countries hit, including FedEx, the UK’s National Health Service, Spain’s Telefónica and others.

The biggest issue for those affected was that it all could have been avoided. Microsoft issued a “critical patch” for its newer operating systems nearly two months before to remove the underlying vulnerability. In other words, improper network management was the bigger culprit in this incident.

Take the lessons to be learned here. More to the point, here are three ways that companies can ensure the likes of a WannaCry-type of attack doesn’t wreak havoc on their organization.

Read the rest here.

Tec-Jeopardy at Interface Charlotte

If you’re in the area, be sure to stop by our booth at #Interface Charlotte.

You can test your security knowledge and play Tec-Jeopardy. Register today at http://www.interfacetour.com/evites/cha/tecrefresh.htm.

Burst_Cover_GIF_Action_20170607122827 IMG_20170607_123019 IMG_20170607_123124

Get To Know Tec-Refresh

We’re excited to show what we do on behalf of our valued clients, but it’s not always feasible for folks to come to us.

So let us come to you in this video: