An introduction to the field of cybersecurity.
Why Do Businesses Need Cybersecurity?
Businesses need cybersecurity for exactly the same reason that businesses need physical security. In exactly the same way that a company needs to protect its good and its things in the warehouse from physical attackers. People who break in through doors and windows. Attackers also break in through computer networks to try to steal data. Things that are important to the company or important to their clients. Those same thieves will try to sell that data on black markets to make a profit and do a lot of damage to the company in the meantime.
Why Antivirus is No Longer Enough
What is Ransomware?
Ransomware is an increasing threat to many businesses today. Cyber criminals launch malware against their chosen targets and encrypt or lock up all of the files that are important for that company to continue operating. Once they have all the files locked up they now have the company in a position of leverage. They will use that position to extort the company, asking for a ransom payment in order to restore the files back to their original state. Depending on the company, they may ask for hundreds, thousands, or even hundreds of thousands of dollars.
What is Phishing?
Phishing is a term we use when an attacker sends an email, or places a phone call, or both at the same time to their chosen target. The goal of the attacker is to trick the person receiving the email or the phone call into thinking that it’s legitimate, and that it’s important, that they need to take action right away. It preys on our natural ability to trust people who are calling us or emailing us. The best defense against phishing is to have well-trained employees, people who know the signs of a suspicious email, the signs of a suspicious phone call, and think twice before they click on a document.
What is MDR?
MDR stands for managed detection and response. What that means is teams of trained professionals who are watching 24 hours a day, seven days a week, in shifts, to look for the signs and signals of an attacker breaching a computer network, and then respond appropriately, in a timely manner, to stop that attacker from doing any more damage.
What is Counterintelligence?
The Counterintelligence Service at Binary Defense is a group of professionals who are watching for any information that has to do with our protected clients, that shows up on the dark web, on criminal forums, on social media posts, or hidden forums.
What is SIEM?
SIEM is an acronym that means Security Information and Event Management. It’s a software solution that allows skilled analysts to pay attention to all of the things that might be going on on a computer network that are relevant to security. Not all of those indicate an attack is in progress. But when they’re pieced together, they show an important picture describing to the analyst what is going on on that computer network, and enabling the analyst to make a good decision about whether an attack is currently ongoing or if there is an unusual condition that needs to be remediated.
What is SOC-as-a-Service and why does a business need it?
SOC stands for Security Operation Center. That’s the team of trained professionals who are analyzing the signs and signals that might alert them to an intruder in a network. It’s important for a SOC to be working 24 hours a day, seven days a week, because attackers do not keep business hours. Our analysts can properly distinguish between an unusual event that doesn’t mean anything in particular on a network, and the subtle signals that a skilled attacker might be trying to wind their way through the network and gain access to privileged information.
What is a zero-day vulnerability?
A zero-day vulnerability means a flaw in some software that an attacker could take advantage of to run their own software or malicious software, on a targeted victim’s network. Zero-day means that there is no patch available from that software’s vendor. Most attacks that are successful do not take advantage of zero-days. Most attacks actually take advantage of flaws in software for which a patch is available that would fix it and close that hole. Attackers are able to do that because there are so many patches available for software, it can be confusing and difficult to keep up with them all, but it’s vitally important that companies do.
What is Defense-in-Depth?
Defense-in-depth is the term that we use to describe a strategy of defense that assumes attackers will evade or bypass some of the security mechanisms put in place to stop them. Attackers are clever, and when they encounter impediments to their work trying to break into a network, they sometimes find ways to get around those. The defenses that you put in place should assume if an attacker is gotten past one point of defense, that there is something else to catch them. One of those pieces of defense-in-depth that’s very important, is someone monitoring your logs to make sure that if an attacker does get through, anything that they do after that in terms of trying to gain access to other systems, elevate their privileges by getting an administrator account, or running unusual scripts or programs, gets detected by an analyst and responded to in a timely manner to keep that attacker from doing any more harm.
Other Prevalent Cyberthreats to Businesses
One of the most prevalent threats against small to medium-sized business, is through the remote desktop or remote access method that that company uses to login to their network when they’re away from the business. That same method of logging in remotely that works so well for the suppliers or for the employees, can also work in the favor of an attacker. If the attacker is able to guess a password, or they’re able to steal a password from some other data breach and reuse that same password to login through the remote access portal that the company has for their employees, now the attacker is all the way past the external defenses and can operate inside the network as if they were an employee. It’s at this point that the company is most at risk and benefits the most from having a managed detection and response service, someone who is watching those computers for signs of unusual behavior. Even if it look like an employee has logged in, if the supposed employee account is doing things that only an attacker probably would, then that triggers alarms and can result in a response and evicting the attacker from that network.