Security

Cyber Month Blog 1

04 Oct: The Top 5 Mistakes Companies Make with Cloud Security

These security missteps represent common low-hanging fruit attackers seek to infect companies with ransomware and other costly exploits. Before the pandemic, cloud adoption was already expanding rapidly, and it accelerated even faster once companies had to make urgent changes to their business operations. For example, the Flexera 2021 State of the Cloud Report found that 61% of companies made slightly higher-than-planned cloud investments and 29% made significantly higher-than-planned cloud investments in 2020. However, besides the overnight changes in how companies work, another area witnessed explosive growth: cyberattacks. According to a research study by Deep Instinct, ransomware attacks increased 435% in 2020 compared with 2019, and malware increased 358% during the same period. Additionally, the average ransomware payout has grown to nearly $234,000 per event, according to cybersecurity firm Coveware.

Kesaya Breach Blog Image

21 Sep: The Kaseya VSA Breach: Is Anyone Safe?

Earlier this month, Russian-linked cybercriminal organization, REvil, launched the single biggest global ransomware attack on record. The breach infected thousands of victims in more than 17 countries and demanded $70 million in cryptocurrency to unscramble all the infected machines. What made this breach especially noteworthy was the specific conduit the criminals used to gain access to the victims: Kaseya VSA (virtual systems/server administrator), a remote monitoring and management (RMM) solution. RMM solutions are commonly used by managed services providers (MSPs) and managed security services providers (MSSPs) alike. What makes them particularly attractive to cybercriminals is that each MSP/MSSP breach has an enormous trickle-down effect. For example, CBS News reported that Swedish grocery chain Coop had to close most of its 800 stores for multiple days because the attack crippled their cash register software supplier. Thus, not only do these “one-to-many” attacks lead to more victims in a shorter period, but they also lead to bigger payoffs for the attackers.

Pinewood Part 4 FI

07 Sep: Part 4: The Right Team for your Cybersecurity and the Pinewood Derby

Sportsmanship and collaboration are the key to success – whether it’s a sports team, colleagues on a project, or winning the Pinewood Derby. Because people are at the center of the data, threats and attacks, and the protection against those, leading security solutions companys such as Proofpoint takes a people-centric approach to cybersecurity. Here at Presidio, our philosophy is also centered around our team of technical experts and  getting the RIGHT people in the RIGHT roles to deliver impactful business outcomes for you.

Pinewood Part 3 Blog Image

02 Sep: Effectiveness of Cybersecurity and Weights

Security is like weight; it can be more effective if you put it in the right places. In a Pinewood Derby you can set a weight anywhere on your car, but it will affect your speed depending on where put the weight.  In your technology organization, by having visibility into Shadow IT, cloud risk assessment, and a true footprint of your applications, you can identify and put the right amount of security in the right places to secure and accelerate your business. Visibility in real-time is key when it comes to cloud security. With so many apps, services and other endpoints moving to the cloud, it can be challenging to have a 360 view of everything that is going on. To respond to threats as they come up, you need to ensure you have a bird’s eye view of your entire cloud ecosystem.

Okta Pinewood Blog Image

20 Aug: Foundational Design of the Security Stack and the Pinewood Car Body

At the core of your Pinewood Derby car is obviously the wooden body. What might not be as obvious is what should be at the core of your Zero Trust Network Access (ZTNA). The answer? Identity, or Identity Access Management (IAM) as the foundation in which to build the rest of your ZTNA. IAM is the core of ZTNA because it is the first step in granting entry. Much like showing your ID to enter a bar or board a plane, you are presenting verification that you are allowed to enter. Furthermore, It answers the question “Who has access to your most valuable asset – your data?” Most cyber-attacks take advantage of misused credentials in some fashion.

Pinewood Blog 1 Featured Image

12 Aug: What the Pinewood Derby Can Teach You About Cybersecurity

Taking the spirit of a popular classic childhood event and transforming it into a day of competition and fun + relating this to cybersecurity? Challenge accepted. The Pinewood Derby, a rite of passage for kids in the Boy Scouts of America, is a wood car racing event. Traditionally, each Cub Scout receives a block of pinewood, plastic wheels and metal axles to create a crewless, unpowered miniature car. Although simple in concept, the art and skill come in crafting a car that reduces friction, has an aerodynamic design. The competition also takes into account all-around sportsmanship and collaboration. These concepts can also be applied in many ways including your cybersecurity posture.

3 Basic Zero Trust Blog Image

26 May: The 3 Basic Principles of a Zero Trust Strategy

Despite efforts within the cyber security industry to oversimplify the concept, Zero Trust should be thought of as a strategy and framework, as opposed to a problem addressable simply by implementing technology. Technology plays an important role in providing technical security controls such as strong authentication, least privilege, and impeded lateral movement, etc. which contributes to achieving a Zero Trust model. The combination of a strategically curated eco-system of technical controls and processes requires executive buy-in and organizational support to succeed.

Duo Blog Image 051821

18 May: Finally! Zero-Trust Security That Users Actually Like to Use

Everyone agrees that the best way to combat rising cybersecurity attacks is by implementing better security, but users will circumvent the defenses if it’s too cumbersome.
It’s a well-known fact that passwords are the Achilles’ heel of security. According to the 2019 Verizon Data Breach Investigation Report, more than 80% of data breaches result from an attacker logging into a customer’s applications using stolen passwords—often initiated by an email phishing attack.

Pipeline Rasomware Blog

12 May: FBI and CISA Issue DarkSide Ransomware Alert

Dubbed “one of the most disruptive digital ransom schemes reported” by Reuters, the ransomware attack on Friday shut down an entire pipeline network, which is the source of nearly half of the U.S. East Coast’s fuel supply. As of Tuesday, the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have put out a joint advisory about the attack. The culprit has been identified as DarkSide, a malware operator that runs Ransomware-as-a-Service (RaaS). You can read the full alert here.

Managing Cybersecurity Threats

28 Apr: Managing Threats Through Cybersecurity Expertise

Whether we like it or not, the way we work and where we work has fundamentally influenced our collective perspective. The pandemic forced organizations to quickly update and implement business resiliency plans or scramble to develop and execute plans to support remote work and education potentially mortgaging data security in the process. The pandemic continues to force organizations to revisit long-standing beliefs and attitudes about and toward remote work and education.  As a result, while most knowledge or service-based organizations learned that they are more productive than ever, they are also very vulnerable because traditional approaches to securing remote devices and access to sensitive data simply did not travel well. The cybersecurity industry responded quickly and, in many cases, was well-positioned to support a transition to remote work. The industry foresaw an increased need to secure and manage remote devices as well as access to sensitive data from those devices, but the pandemic expedited and magnified the use case.