Cyber Security

Keeping the bad guys out.
Keeping you safe.

Cyber Security

What is Cyber Security

Cyber Security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.

Why Cyber Security matters.

There’s been a lot of talk about cyber security lately, from email hacks at the Pentagon to breaches at insurance carrier databases. But big corporations and the government aren’t only at risk. Small and midsized businesses also must make data and network protection a top priority. If you still haven’t developed a plan to safeguard your company’s information assets

Not every breach makes headlines like Target’s did in 2013, but if your business has an exposure, you can be sure people will find out about it. The fallout can be devastating. Customers may doubt their data is safe with you, prompting them to shop elsewhere as a result. After all, if you’ve had one breach, what are the chances you might have another?

A data breach could even make your vendors wary of working you. Network connections you share with them—for processing payroll, for example, or for transferring email campaign lists—could suddenly be suspect. They have their own data to protect, and a breach might identify your business as the weakest link in the security chain.

When a breach is discovered, systems are often taken offline to plug the security hole. During that time, you may not be able to process customers’ orders or continue operations. New equipment or software may need to be purchased to prevent a recurrence of the breach.

You might need to hire a PR firm to do damage control. Notifying individuals that their information was exposed entails printing and mailing costs. The costs to provide credit monitoring services to breach victims can quickly add up. And if affected parties sue your company as a result of the exposure, you’ll have legal fees and possibly a judgment award to pay.

A 2012 study by the National Cyber Security Alliance, which found that 60 percent of small firms go out of business within six months of a data breach.

Breach victims could suffer financial losses through the theft of payment card and bank account numbers. It’s also possible they could fall prey to identity fraud later if criminals use their personal information to open new accounts in their name. But the damage doesn’t stop there. With a name or a Social Security number, someone could commit a crime using the victim’s identity, putting that person’s livelihood and reputation in serious jeopardy. Given the danger identity theft and fraud post, protecting customers’ data is part of being a good business.

Some of the largest breaches during the past few years have been due to small businesses serving as vendors to larger companies. As part of the larger business ecosystem, small businesses will be scrutinized for data best practices so long as they serve as third party vendors for other companies.

In 2015 Version completed a survey on what industries are most affected and where the breach happened: chart
We can see that Point of Sales and Web Apps are the biggest offenders, but are not the only weekness.

chart
In comparison to 2015, during 2016 more events were collected (1061 vs 1017). The Monthly attacks chart shows that the level of activity was similar in the first 5 months. Then 2016 experienced a peak in the central months, and starting from September, 2015 registered a more consistent activity, at least until December when 2016 experienced a new tail of events.

chart
The Top 10 Distribution of Targets confirms, also for 2016, industries and governments on top of the attackers’ preferences. Unlike 2015, single individuals stand at number three, pushing organizations out of the podium.

  • Shadow Brokers
  • WannaCry
  • Petya/NotPetya/Nyetya/Goldeneye
  • Wikileaks CIA Vault 7
  • Cloudbleed
  • 198 Million Voter Records Exposed
  • Equifax Hack
  • More
fire wall

Offensive Security

Red Alert believes in staying a head of the threats that exist to you business. We use tested methods and tech to test the limits of your security. Below are just some of the often exploited attack vectors that are used.

square

Network Intrusion WiFi

With the rise of devices like square and paypal taking cards has never been more simple, just hook your iPad up and go, but these devices transmit over wifi and you could be at risk.

"Man-in-the-middle" and Public Wifi are hotspots for hacking. If you accept, transmit or store any cardholder data, over this same network, you are not secure. If you are found at fault for cardholder data for being stolen, you could be held liable.

Our Exceptional Solutions Image

Email Phishing

Phishing scams aim to trick staff into handing over data -- normally usernames and passwords -- by posing as legitimate email. It's a technique hackers because it continues to be such an effective method.

In a review of 100 simulated attack campaigns, accounting for almost a million individual users, it was found sending a bogus friend request was the best way to get someone to click on a link -- even when the email was being sent to a work email address.

Almost a quarter of users clicked the link to be taken through to a fake login screen, with more than half going on to provide a username and password, and four out of five then going on to download a file.

Putting your users trough cryber security awareness training and supplementing with Phishing campaigns, ensures that your users stay alert and aware of this danger.

Our Exceptional Solutions Image

Physical USB

Plugging in that USB stick you found lying around on the street outside your office could lead to a security breach. But just how successful the tactic can be for allowing hackers to compromise your computer systems?

A BlackHat Group dropped nearly 300 USB sticks, 98% were picked up and reported back, of those picked up, 45% had files opened on the drive.

A 2012 study by the National Cyber Security Alliance, which found that 60 percent of small firms go out of business within six months of a data breach.

Putting your users trough cryber security awareness training and supplementing with Physical Audits, ensures that your users stay alert and aware of this danger.

Our Exceptional Solutions Image

Phone Social Engineering

Our people are our biggest strength and weakness. Hackers pray on this using a method called Social Engineering. Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.

The facilitator of a live Computer Security Institute demonstration, neatly illustrated the vulnerability of help desks when he dialed up a phone company, got transferred around, and reached the help desk. ‘Who’s the supervisor on duty tonight?’ ‘Oh, it’s Betty.’ ‘Let me talk to Betty.’ [He’s transferred.] ‘Hi Betty, having a bad day?’ ‘No, why?‘ ‘Your systems are down.’ She said, ‘my systems aren’t down, we’re running fine.’ He said, ‘you better sign off.’ She signed off. He said, ‘now sign on again.’ She signed on again. He said, ‘we didn’t even show a blip, we show no change.’ He said, ‘sign off again.’ She did. ‘Betty, I’m going to have to sign on as you here to figure out what’s happening with your ID. Let me have your user ID and password.’ So this senior supervisor at the Help Desk tells him her user ID and password.

Our Exceptional Solutions Image

Web Browser Malware

The term drive-by download describes how malware can infect your computer simply by visiting a website that is running malicious code. Most of the time, these are legitimate websites that have been compromised to redirect you to another site controlled by the hackers.

When your browser is redirected to the site hosting an exploit kit, it probes your operating system, web browser and other software (such as your PDF reader or video player) to find a security vulnerability that it can attack. Once the exploit kit has identified a vulnerability, that is where  infection begins. In the infection phase of an attack, the exploit kit downloads what is known as a “payload,” which is the malware that installs itself on your computer. Finally execution, the malware does what it was designed to do.

There is no trick to prevent this type of attack except staying up to date on security patches for all installed software.

Our Exceptional Solutions Image

Threats are not always digital.

Being secure on-line and on your computer and other tech is a good way to stay safe, but theats are not always digital.

Lottery scams remain one of the most widespread frauds and, as with their online equivalent, postal scam versions often target older folk.

Fake checks and money orders, usually accompanied by a letter asking the victim to bank the money and wire a portion on to a third party. 

Change of address scam. This type of postal fraud used for identity theft: A crook changes your address so that all your mail gets diverted to them. They can steal whatever information they need before the victim notices something is wrong. More commonly, the scammer has already stolen the victim’s identity and arranges for credit card bills taken out in the victim’s name to go to another address.

Dumpster diving is still around ensure you shred everything. Information that is tossed might include Pre-approved credit card offers, Street address, Social Security, Bank account information and more. Which could lead to identity theft and the associated penalties.

Let's Partner up.

Let us handle your IT, you focus on growing your business.

  • Managed Backup Storage $0.05/GB
  • Managed Networks starting at $100
  • Proactive Support
  • Cyber Security
Content Image
Top