Coretelligent Blog | Cybersecurity and the Human Element

Businesses invest in all kinds of technologies to prevent cybercriminals from breaching their systems. Implementing firewalls, antivirus, and endpoint protection, organizations hope to put a barrier between an attacker and company data. Even though these tools can be very effective when implemented correctly, there’s a catch. Cybercriminals often bypass perimeter security measures by focusing their efforts on one thing, humans.

That’s right; humans play a critical role in data breaches. Attackers look for human errors to exploit and use social engineering tactics like phishing to obtain sensitive information and credentials. Once a cybercriminal possesses stolen credentials, they will look for ways to move laterally throughout your network.

So how do you put a firewall around humans (figuratively, of course)? You need to establish strong cybersecurity policies and provide user awareness training. User training and awareness are so critical to cybersecurity that The Office of Compliance Inspections and Examinations (OCIE) identified them as key factors in its Cybersecurity and Resiliency Observations report.

Cybersecurity Policies

To prevent users from putting your business at risk, create robust cybersecurity policies.

Password Policies

Make sure your organization has password policies. Bad password habits make it easy for attackers to gain access to your systems. Two of the most common password problems are weak and reused passwords. Attackers often use automated systems to guess passwords. The weaker the password, the easier it is to guess. Require your users to have strong passwords that are long and complex.

Your policies should prohibit users from reusing passwords. Reusing passwords makes it easy for an attacker to gain access to multiple accounts. For example, let’s say a user has the same password for their online banking and business email. If their bank becomes breached, that attacker now has information to access an email account at your business. From here, the attacker could impersonate the user, sending malicious emails throughout the company.

Lastly, your organization should create a standardized schedule for password resets. A standardized schedule improves security and keeps password policies top of mind for users.

Clear Desk Policy

Cybercriminals may use in-person tactics. Implementing a clear desk policy can prevent an attacker who visits your organization, an employee who’s an insider threat, or someone who wants to capitalize on an opportunity from stealing or leaking data. Require users to lock their computers when they are not at their desks. Any document containing personally identifiable information (PII), intellectual property, or sensitive information should be locked in a restricted storage area to prevent unauthorized access.

Security Awareness Training

Cyberattacks have become more sophisticated, making it difficult for users to tell the difference between cybercriminals and trustworthy sources. KnowBe4 reported that “1 out of 3 employees was likely to click on a suspicious link or email or obey a fraudulent request…” in their Phishing by Industry 2020 Benchmark Report. The good news is that this same report showed that users could substantially reduce their risky behaviors with phishing awareness training.

Human error often happens because users don’t understand the level of risk associated with their actions, and they are not familiar with the tactics used by cybercriminals. Comprehensive security awareness training should educate users on identifying attacker tactics and actionable steps they can take if they notice something suspicious. Organizations should also consider phishing specific awareness training as phishing is one of the most common attack vectors.

Businesses should conduct user awareness training regularly. After users have completed awareness training, your organization should verify the effectiveness of that training. Conducting a phishing test will help you identify your organization’s risks and help you further develop your training.

Reducing Risk

Even a human with the best intentions can make a mistake. Unfortunately, no matter how innocent the error, it can lead to a breach. In addition to cybersecurity policies and user awareness training, implement tools to strengthen your access rights and controls, and monitor your network for suspicious activities.

Multi-factor Authentication

If an attacker obtains credentials to your business, having multi-factor authentication (MFA) implemented can prevent the attacker from accessing your network. With MFA, a user needs to enter another factor like a code via an app or text in addition to their username and password. So, an attacker would require a user’s cellphone and their credentials to log into their account.

Active Security Monitoring

Organizations can make the mistake of assuming that they have security monitoring when they only have performance monitoring. Security monitoring detects suspicious activities and security incidents on your network, while performance monitoring is only checking for functionality.

If a human error allows an attacker to access your network, security monitoring can help your security team detect the attacker’s activities. It can be difficult to identify an attacker’s behaviors when they are masked by a legitimate account. Implementing a security event and information management (SIEM) platform helps security analysts identify an attacker’s behavior by making correlations between activities across the network. SIEM platforms allow security teams to investigate a problem before it turns into a breach.

Holistic Cybersecurity

At the end of the day, humans make mistakes. The truth is a data breach can happen even with the best technology and user training. Taking a holistic approach to cybersecurity is the best way to mitigate your risk. Coretelligent’s CoreArmor provides comprehensive security with user awareness and phishing training, real-time intrusion detection, and around the clock monitoring by our in-house Security Operations Center.

Call us at 855-841-5888 or contact us to learn how Coretelligent can help you improve your cybersecurity posture with CoreArmor.

Click here to sign up for our FREE cybersecurity risk assessment.

Five Topics to Cover in Your Next IT Strategy Session | Coretelligent Blog

In-house IT teams can be overworked and under resourced. Just trying to get through the day, organizations take on a break-fix methodology. To achieve business goals, organizations need to look beyond the day-to-day transactional IT and towards long-term strategy. Businesses may not have in-house teams with the level of expertise or industry knowledge to make high level IT decisions.

Coretelligent offers clients Virtual CIO (VCIO) sessions which provide the IT leadership and guidance needed to make critical IT decisions. VCIO sessions are an opportunity to discuss the state of your IT infrastructure and how to make improvements so that it’s proactively supporting your operations.

Like all strategies, your IT strategy is not a set it and forget it process. To ensure your IT road map is aligned with your business initiatives, you should reevaluate it at least once a year. At Coretelligent, we regularly evaluate our clients’ IT infrastructure and make proactive recommendations to keep them secure, compliant, positioned for growth, and aligned with their business goals.

Here are five topics that your IT partner should address in your next strategy session:

1. Cybersecurity

Cybersecurity has been the theme of 2020. Cyberattacks have been on the rise as confusion around COVID-19 still lingers. Without the proper infrastructure, remote work environments present substantial security risks. Coretelligent stays abreast of cyber threats that affect our clients’ industries. We make recommendations to address these threats as well as client specific vulnerabilities.

Endpoint security is critical with the transition to a remote workforce. Your IT partner should be monitoring your infrastructure including your endpoints for cybersecurity incidents and running regular vulnerability assessments. During your strategy meetings they should make recommendations on how you can improve your endpoint security with tools like endpoint detection and response (EDR) platforms and security awareness training. If your IT partner is providing user security awareness training, ask if they are validating the effectiveness of that training with phishing testing.

2. Compliance

Compliance can seem complex, but Coretelligent’s VCIO sessions provide strategies for aligning your policies, procedures, and systems with regulatory standards. Most IT compliance standards are related to data security, specifically how data is stored and accessed.

Proper access management is the foundation of cybersecurity and compliance. Your IT partner should regularly evaluate your current IT practices and create a plan to close any compliance gaps. This includes reviewing and updating your data governance policies and procedures.

3. Cloud Strategy

There is no one size fits all when it comes to cloud strategy. Many organizations take a multi-cloud approach, having a combination of public and private cloud. Depending on your business needs, you may need a hybrid cloud model with some systems on the cloud while others remain on-premise. With a variety of combinations, how do you know which cloud strategy is right for you?

Ultimately your cloud strategy will depend on your operations, data, business goals, and budget. Coretelligent takes an agnostic approach to cloud solutions ensuring that each solution is focused on client’s specific goals, performance optimization, security, and compliance. If you have questions around scalability, mobility, and availability, the cloud is a topic you will want to discuss with your IT partner.

4. Collaboration Platforms

Daily operations rely on employees’ ability to communicate efficiently. For those in financial services, poor collaboration platforms can mean lost deals. Coretelligent provides clients with recommendations for collaboration tools that will optimize workflows. In some cases, clients may be able to reduce costs by consolidating to one collaboration platform.

Your IT partner should make recommendations that increase productivity while maintaining security and compliance. Is your firm subject to compliance standards requiring communications archiving? Having an IT partner familiar with your industry and compliance standards helps ensure that you are securely archiving emails and video conferencing communications.

5. Business Continuity

In addition to optimizing your IT infrastructure for security and operational efficiency, Coretelligent uses time during your VCIO session to discuss business continuity. We evaluate the systems and procedures you have in place in the event of a breach or disaster and then make recommendations on how to improve them.

When was the last time you reviewed your disaster recovery plan? Have you tested it? Your IT partner should help you review and update your disaster recovery plan. They should ensure your backups are secure and accessible even during a disaster. Does your IT partner regularly maintain an asset inventory? Maintaining an accurate list of your assets and their locations is often required by regulatory agencies.

A Comprehensive IT Strategy

Not all IT teams or MSPs have the expertise to provide meaningful recommendations for your IT infrastructure. Too little experience could result in purchasing unnecessary or insufficient tools which can cost your business money. Organizations looking for long-term success need to move away from the break-fix methodology.

At Coretelligent, strategy comes standard. We have years of experience developing IT roadmaps for firms in highly regulated industries like financial services and life sciences. Whether you are looking to improve your security, migrate to the cloud, or need support with IT planning and strategy, we are here to help! Call us at 855-841-5888 or contact us to learn how Coretelligent can help your business.

Looking to address GxP challenges in your next strategy session? Watch our on demand webcast: GxP Data Compliance: Quality & Speed to learn more about compliance for life sciences organizations.

5 Reasons to Outsource Cloud Management | Coretelligent Blog

Businesses have moved beyond cloud migration and onto cloud strategy. Most organizations have at least a portion of their data or applications on the cloud. Enterprises are opting for a multicloud or hybrid approach by combining several clouds or cloud types. Organizations are eager to take advantage of all the benefits the cloud offers, like scalability, availability, redundancy, and reduced costs. What companies may not understand is that the wrong cloud configuration could actually cost money and reduce efficiency. Outsourcing cloud management to an experienced IT partner can ensure that you maximize the benefits of the cloud. Here are five reasons to outsource your cloud management:

1. Expertise

There is no one size fits all approach to the cloud. An experienced IT partner works with you to implement a customized cloud solution that supports your business goals while maintaining security and compliance. Taking a multicloud or hybrid cloud approach requires an expert who is familiar with unified cloud management.

Smaller IT teams may not have enough experience or the right tools to deliver the right cloud solution. Improper configuration of the cloud can reduce productivity, availability, and security, along with spikes in usage costs. Experienced Managed Service Providers (MSPs) offer expertise throughout the cloud journey, including strategic planning, data migration, and maintenance. A customized cloud solution with a knowledgeable IT partner will provide a consistent experience with predictable costs.

2. Free Up In-House IT

Small in-house IT teams can become bogged down by daily helpdesk tasks, which prevent them from focusing on cloud optimization and security. MSPs typically have access to more robust tools and can dedicate a team of engineers to your organization’s infrastructure. With an MSP managing your cloud solutions, your in-house IT team can focus on other projects that directly support the business.

3. Increased Security

As organizations continue to make remote work a part of the new normal, cloud vulnerabilities have caught cybercriminals’ attention. To maintain security and compliance, you need the right access controls, regular vulnerability management, and active monitoring. Even if your company has comprehensive cybersecurity tools like a security information and event management (SIEM) platform, many in-house IT teams lack the necessary expertise to use these tools to their full potential.

MSPs often use more sophisticated tools allowing them to achieve greater visibility into your infrastructure. Some MSPs like Coretelligent, have in-house security analysts who have specialized skills in areas like forensic analysis. Security analysts can see the correlations between security incidents, which mitigates risks and decreases the response time to incidents.

4. Better Performance

If you are experiencing poor performance from the cloud, it could be because of how it was designed or deployed. MSPs can provide better cloud performance because they have more experience architecting and managing cloud infrastructures. MSPs also tend to have larger teams, so they can dedicate engineers to monitoring your cloud infrastructure around the clock, allowing them to fix problems in real-time.

5. Reduced Costs

The cloud allows businesses to move costs from capital expenditures to operational expenditures. When implemented appropriately, the cloud can reduce overall IT costs allowing organizations to focus on strategy instead of hardware.

Public clouds often have a pay-as-you-go model causing some companies to experience unexpected spikes in billing. MSPs are often able to provide predictable billing with cloud services, making budgeting easier.

Find an Experienced IT Partner

To maximize the benefits of the cloud, you need an experienced IT partner. Coretelligent has years of experience building and supporting customized cloud infrastructure. We have a cloud agnostic approach ensuring your cloud solutions are built around your business goals. Our IT planning services will ensure that you are optimized, secure, and compliant. With our CoreArmor, cybersecurity solution, our U.S. based in-house support team monitors your infrastructure 24x7x365.

Are you looking to outsource your cloud management? Call us at 855-841-5888 or contact us to learn how Coretelligent can help you harness the power of the cloud.

Read our blog: Your Cloud Solution Must Include a Strong BDR Strategy, to learn how to create IT resilience in a cloud-based world.

Coretelligent Blog: Email Security

Companies in almost every industry rely on email. Whether it’s for collaboration or deal flow, email keeps businesses operating. With email being so critical, it’s no surprise that it remains one of the top attack vectors for cybercriminals.

One of the reasons attackers favor email is because they can go around technical security measures by focusing their efforts on humans. Human error is one of the top causes of data breaches. This is partly because human behavior is predictable, and attackers know how to abuse these patterns effectively. A recent example of this would be COVID-themed emails. Throughout 2020 cybercriminals have attempted to use COVID-themed emails to gain access to networks and data. Bitdefender’s 2020 Mid-Year Threat Landscape Report found that four out of ten COVID-themed emails were spam.

Email Security Threats

One of the first steps in improving your email security is being aware of the types of threats that exist. Below are some common email threats:

Spam

Spam emails can be used for both commercial and criminal purposes. Spam emails are bulk emails sent out to large distribution lists. While some companies create spam to advertise a product or service, attackers generate these emails to harbor something sinister. Cybercriminals use these bulk emails to deliver malware and other viruses.

Phishing

In phishing attacks, cybercriminals use social engineering via email to get users to complete a task. Attackers gather information on their victims from social media and other public databases. They use this information to make their emails sound more personal in hopes of gaining your trust. The emails encourage you to take action like clicking a link or responding with sensitive information. Phishing emails often have a sense of urgency so that users don’t spend much time contemplating the request. Unfortunately, phishing emails are highly effective because they play on societal norms and human behavioral patterns.

Impersonation Fraud

Similar to phishing, impersonation fraud uses social engineering to provoke user action. Just as it sounds, cybercriminals pretend to be a trusted entity like your bank or even your boss. The attacker’s goal is to pressure the user into completing an action or interacting with malicious content. It may sound absurd that your boss asks you to send him $500 in gift cards immediately, but people are often too afraid or embarrassed to question the validity of a request from an authority. So, despite the feeling in their gut, they carry out the request.

According to a Mimecast report, impersonation fraud increased by 30% during the first one hundred days of COVID-19. Attackers took advantage of people’s fear of the virus, pretending to be entities like the CDC, WHO, and healthcare facilities. These emails would encourage people to download the latest information on COVID or click a link to donate to research. In reality, they were installing a virus on their computer or device.

Malware & Ransomware

Verizon found that email is still one of the top vectors for delivering malware. Malware and ransomware are deployed when a user downloads an attachment or clicks on a URL. Once deployed, attackers can access users’ workstations and move laterally through the company network.

Ransomware is a form of malware that allows attackers to encrypt files, workstations, or networks. Once they control your systems, they lock you out and demand payment in exchange for a decryption key.

Insider Threats

Businesses often overlook the potential dangers posed by internal threats. Without proper access management, a user could have unlimited access and control over systems and data. If an attacker gained access to these credentials, there are no limits to the damage they could do.

Data breaches can happen by accident. Users are human, and that means they have the potential to make mistakes. An unaware user that interacts with an attacker email or mistakenly clicks on a malicious link can cause a data breach.

Increasing Your Email Security

As with all aspects of cybersecurity, taking a holistic approach to email security is the best way to lower your risks of a breach. Consider implementing the following:

Email Security Platform

Email security platforms serve as one of your first lines of defense. These platforms filter emails looking for patterns, keywords, and malicious attachments and links. When it detects harmful content, it will prevent the email from entering the inbox by putting it into quarantine. From there, your security analysts can investigate further.

Next-Generation Antivirus

Increase your endpoint security by implementing a next-generation antivirus. Unlike traditional antivirus, next-gen antivirus uses artificial intelligence and machine learning to identify and respond to attacks. It can detect and block malware, including fileless attacks.

Security Awareness Training

Why do users engage with malicious emails? Often, it’s because they are unaware of security best practices and common cybercriminal tactics. Conducting regular user awareness training empowers users to recognize attacker emails and respond appropriately. Businesses should also perform routine phishing tests to measure the effectiveness of their security awareness training.

Password Policies

Two of the most common password behaviors are generating weak passwords and reusing passwords for multiple accounts. Attackers use algorithms that can guess common or weak passwords. Businesses need to implement password policies that require users to generate long and complex passwords. Reusing passwords is incredibly dangerous in that if an attacker has access to one account, they have access to multiple or all accounts. In essence, one breach leads to another. Imagine your employee uses the same password for both their social media and their company email. If their social accounts are hacked, the attacker can compromise the business email account, if not more.

Multifactor Authentication

If an employee’s email credentials are stolen, having multifactor authentication (MFA) makes it more difficult for an attacker to use them. MFA requires additional factors to confirm the user’s identity. Additional factors are typically codes from a text or app. So even if an attacker can obtain credentials, they more than likely will not have the user’s cellphone, which is needed for an authentication code.

Secure Archiving

Highly regulated businesses, particularly in financial services, are often required to archive all correspondence, including email. To maintain security and compliance, enterprises need secure email archives that use encryption and MFA. User controls for these archives should follow the rule of least privilege, limiting access to only those who need it.

Monitoring

There are different types of monitoring. Not all monitoring looks for cybersecurity incidents on your network. If a user installs malware from an email, actively monitoring your IT infrastructure will alert you to changes being made on user workstations and the company network in real-time. This allows your security team to respond quickly to prevent further damage.

Comprehensive Cybersecurity

Email is critical for day-to-day operations, which is why it’s a focal point for attackers. Mitigate your email security risks by partnering with an MSP who understands cybersecurity and compliance. At Coretelligent, we believe in providing clients with superior cybersecurity solutions that allow for maximum performance. CoreArmor, our security and compliance solution, provides holistic and robust protection with innovative solutions and monitoring from our in-house Security Operations Center.

Are you looking to enhance your email security or increase your overall cybersecurity posture? Call us at 855-841-5888 or contact us to learn how Coretelligent can help your business.

Learn how cybercriminals use stolen credentials in our blog, OCIE Alert: Protecting Client Data from Credential Stuffing.

Coretelligent Blog: OCIE Alert on Credential Stuffing

Only two months after releasing an alert on ransomware, The Office of Compliance Inspections and Examinations (OCIE) once again released a cybersecurity alert advising SEC registrants of an increase in cyberattacks. This time the focus was on credential stuffing. In a successful credential stuffing attempt, an attacker will gain access to client accounts, sensitive data, and the company network using stolen credentials.

Hackers have been focusing their credential stuffing attacks on institutions within financial services. They are hoping to access client accounts, personally identifiable information (PII), and financial assets. ZDNet reported that attackers used credential stuffing on a NY-based investment firm and an international money transfer platform sometime between the summer of 2019 and earlier this year. The attacks caused outages, which resulted in $2 million in lost revenue.

How Does Credential Stuffing Work?

Credential stuffing is when a hacker uses stolen credentials to gain access to user accounts and networks. Attackers create automated scripts to test thousands of credentials on multiple web applications. Hackers use tools to make it seem like their scripted login attempts are the regular activities of thousands of people. The tools make the logins appear as though they are coming from different browsers and IP addresses.

The reason credential stuffing is so successful is because many people use the same username and password for multiple accounts, e.g., their bank, email, and social media. According to INC., around 66% of Americans reuse passwords. Let’s say your employee uses the same credentials for accessing the company network and their online bank account. If a hacker breached your employee’s bank, the attacker now has user credentials for your network. This is why it’s critical to have a password policy.

Breach after Breach

Hackers can obtain user credentials using many different techniques. For a credential stuffing attack, user accounts typically come from a prior breach. Attackers may have their own database of usernames and passwords from previous hacks, or they could purchase databases from the Dark Web. Disturbingly it seems to be a growing trend for hackers to publish stolen credentials on forums for free. One of the largest stolen credential databases is known as “Collections #1-5”. According to Wired, the collections include around 2.2 billion usernames and passwords.

If a hacker can gain credentials for client accounts or your network, they will more than likely sell them on the Dark Web. Unfortunately, that means you are more likely to be breached again as a result. Data breaches are more than an inconvenience and bad public relations. Security incidents and breaches can cause damages like:

  • Noncompliance
  • Downtime
  • Lost Revenue
  • Litigation Fees
  • Reputational Damage
  • Business Closure

It can take years for a company to overcome the challenges caused by a data breach.

Protecting Client Accounts and PII

OCIE recommends the following cybersecurity practices to mitigate the risks associated with credential stuffing:

Create Strong Passwords and Do Not Reuse Them

The unfortunate truth is humans are one of the top causes of data breaches. Human behavior is often predictable, and hackers use this to their advantage. Two common password faux pas are weak passwords and reuse of passwords. Creating weak passwords makes it easier for hackers to guess your passwords. Reusing the same password for multiple accounts means that if a hacker has access to one account, they have access to all your accounts.

Protect client accounts and PII by reviewing and updating policies and procedures. Have a password policy that requires employees and clients’ passwords to be strong and regularly updated. Require users to have unique passwords for each account they access. Having strong passwords dedicated to specific accounts will limit the amount of damage a hacker can do with stolen credentials.

Implement Multi-factor Authentication

By having multi-factor authentication (MFA), a hacker would need more than a username and password to access an account. MFA requires additional factors like a code via text or application. Even if a hacker has obtained your credentials from the Dark Web, they more than likely will not have access to your phone.

Deploy CAPTCHA

When logging into your web-based email, you have probably been prompted to identify streetlights in a series of images. You may remember nervously trying to determine if a few corner pixels counted as a streetlight so that you could continue to your inbox. It’s okay; we have all been mistaken for a robot by CAPTCHA at least once. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Just as it sounds, CAPTCHA asks users to complete a task to prove they are human and not a bot or automated script. This test prevents automated scripts containing stolen credentials from being able to access your accounts.

Actively Monitor Your Network

Some organizations don’t realize for weeks or even months that their network experienced a breach. Businesses may think because they have some form of monitoring, it will detect cybersecurity events. There are different types of monitoring, and not all systems can identify and respond to cybersecurity incidents. To detect suspicious activities and incidents, you need to actively monitor your network around the clock. Remember, hackers use tools to mask their activity as normal user behavior. Find an IT partner with cybersecurity experts who can use forensic analysis to understand the activities on your network.

Find a Cybersecurity Partner

As cybercriminal’s tactics become, more sophisticated breaches have become less about if and more about when. Stolen credentials can create a domino effect causing one breach to lead to another. Businesses need comprehensive cybersecurity solutions to mitigate their risks and stay compliant. Work with a cybersecurity partner like Coretelligent. Our CoreArmor cybersecurity solution provides real-time protection and threat intelligence to safeguard your systems and ensure you are aligned with regulatory standards.

Do you have questions about maintaining security and compliance? Coretelligent can help! Give us a call at 1-855-841-5888 or contact us today.

Read our blog for more information on OCIE’s recent ransomware alert.

COVID-19's Impact on Cybersecurity | Coretelligent Blog

When the Coronavirus hit earlier this year, it shined a light on existing cybersecurity gaps and created new ones. With most employees working either fully or partially from home, some businesses struggled to maintain security during the transition. Cybercriminals had their pick of weaknesses to exploit due to a lack of user awareness training and new endpoint vulnerabilities. The potential reward seemed even greater with healthcare and life science organizations having highly sought after COVID-19 data. Determined never to let a good crisis get away from them, hackers got to work constructing cyberattacks.

Increase in Cyberattacks

Cyberattacks quickly accelerated when COVID-19 hit earlier this year. Attackers look for data that results in big payouts, so they focused their efforts on industries that will give them the biggest ROI. Hoping to capitalize on the behaviors of unaware users, hackers increased their malware and email campaigns.

Targeted Industries

Access to financial data and high profile clients makes financial services one of the top targets, seeing a 37% increase in cyberattacks, according to CSO. Healthcare and biotechnology organizations are also among the top targeted industries. Attackers are enticed not only by the access to COVID-19 data but the organization’s dependency on that data, making them more likely to pay a ransom in a ransomware attack.

COVID Themed Phishing Emails

During the first half of 2020, users were inundated with COVID-19 themed emails promising new data on the virus, developments of a vaccine, or access to personal protective equipment. According to Bitdefender’s 2020 Mid-Year Threat Landscape Report, about four out of ten coronavirus-themed emails were spam. Knowing that businesses are heavily reliant on email, attackers sent out large spam campaigns and used phishing tactics to gain sensitive information from users.

Malware

In their 100 days of Coronavirus report, Mimecast found that malware increased by 35%. Malware can give attackers access to workstations and even the company network. To infect users, attackers typically send emails with malicious links or attachments. After clicking on a malicious link or downloading an attachment, the users’ workstation becomes infected with malware.

Remote Work and Endpoint Security

Each device that connects to your company network becomes a new endpoint for an attacker to exploit. With distance learning and remote work becoming a part of the new normal, endpoint security has never been more critical. Around 25% of enterprise devices have a critical security application, either inactive, out-of-date, or missing, according to Forbes. Outdated and missing security applications like anti-malware, virtual private networks (VPN), and client management systems present significant cybersecurity risks. These types of vulnerabilities make it easy for attackers to breach your company network.

Planning for the Future

As we draw closer to the end of the year, everyone is wondering what happens next? One thing is for sure, cybercriminals will continue to be opportunists searching for and taking advantage of weak points in your security. Don’t let a data breach be the reason you discover your vulnerabilities. Review and update your cybersecurity policies and systems.

Make sure your cybersecurity strategy includes:

  • Implementing an email security platform.
  • Investing in a robust vulnerability management program.
  • Conducting regular end-user security awareness training.
  • Implementing an endpoint security platform e.g., EPP or EDR.
  • Investing in comprehensive cybersecurity solutions that include active monitoring and intrusion detection and response.

Ready to increase your cybersecurity posture? Coretelligent’s CoreArmor provides advanced enterprise-class security services for firms of all sizes across many business verticals. Our US-based in-house security analysts proactively monitor your infrastructure 24x7x365. Give us a call at 1-855-841-5888 or contact us today to learn more about our security and compliance solutions.

Click here to download our Impacts of COVID-19: 2020 Cybersecurity Trends Infographic.

Click here to get a FREE cybersecurity risk assessment.

Think About IT with Chris Messer, CTO | Coretelligent Blog

Thoughts from Coretelligent’s Chief Technology Officer, Chris Messer

IT is an ever-changing field, and the reality is IT isn’t top of mind with many of our clientele. Nor should it be. That’s our role – to come in, evaluate, update, remediate, and think proactively for growing businesses. That way, you have the time and resources to focus solely on your day to day operations.

Vulnerabilities, Everyone has Them

Your vulnerabilities are one of our top priorities. They can come in many different forms- from technical weaknesses, including issues with software and hardware or misconfigurations of systems, to human behavior and process-based vulnerabilities.

Believe it or not, risky user behaviors are some of the top vulnerabilities. With COVID and remote work, we’ve seen an uptick in phishing and malware related schemes. In general, attackers are trying to take advantage of people’s fear and uncertainty around COVID. In addition, Biotech firms are being targeted at a higher rate because of their COVID research.

We are also seeing account-based vulnerabilities, where attackers are using stolen passwords. Once they capture one user’s information, they compromise your email and then work their way through the organization. If we look at Marriott’s breach from February of this year, stolen credentials resulted in an attacker having access to the information of 5.2 million guests. It’s possible attackers obtained those credentials through phishing emails.

No matter what category a vulnerability falls under, it’s a weak point that cybercriminals can exploit. One vulnerability is all an attacker needs to breach your system. That’s why it’s critical to have risk and vulnerability programs in place.

How Should You Address These Vulnerabilities?

Every company should invest in a robust vulnerability management program. You need to have a foundation in place that incorporates procedures and policies that identify, evaluate, and address vulnerabilities. Although email and stolen credentials have been the two most common attack vectors, COVID and remote work have exacerbated these attacks.

In terms of email and phishing, remember if an email looks suspicious, it probably is. Businesses should have frequent and repeatable security awareness training in place to keep end-users up-to-date and aware of current threats. Conduct phishing campaigns to test or validate that awareness training is effective. Remind users not to provide their information, download attachments, click on links, or forward emails that could be malicious. If something feels off or looks strange about a vendor email or pop-up, trust your gut. Check with IT or your MSP before taking action.

With account-based threats, implement solutions like multi-factor authentication (MFA), which requires a code in addition to a password. If a user’s credentials become compromised, MFA could protect your company from a breach. Make sure users are adhering to corporate password policies. They should not be rotating or reusing passwords.

Businesses need to continually train and retrain employees on best practices and company policies. You need to continuously go through your vulnerability management program to identify and remediate issues. If you are interested in learning the more technical aspects of vulnerability management, check out our Vulnerability Management Guide: https://coretelligent.com/it-resources/guide-to-vulnerability-management/

Vulnerabilities: Why Care? Your Bottom Line.

There will always be new vulnerabilities that affect your systems. That’s why organizations must have a vulnerability management program that continuously addresses risks. When an attacker exploits your vulnerabilities, it affects your bottom line. A successful breach can cause data loss, monetary loss, loss of reputation, and possibly closure of your business.

Managing Vulnerabilities with White Glove IT

At Coretelligent, we understand that your time is valuable and best spent focusing on organizational objectives. Our job is to ensure that your IT solutions are proactively aligned with your current and future business goals. Vulnerability management is a constant process that requires regular maintenance and monitoring. That’s why we recommend CoreArmor in addition to remote support. CoreArmor provides the active monitoring and human analysis needed to continuously assess and treat vulnerabilities.


About Chris

Chris Messer, Chief Technology Officer at CoretelligentAs Chief Technology Officer, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development.

Click here to learn more about Chris.

Coretelligent Blog on SOX Compliance: Material Cybersecurity Risk | Image of two professionals on a computer

As cybersecurity becomes more complex, compliance can be increasingly difficult for businesses within highly regulated industries. The Sarbanes—Oxley Act of 2002 (SOX) ensures public companies maintain transparency in financial reporting, preventing fraudulent accounting activities, and protecting investors. When it comes to IT, SOX requires companies to have policies and procedures that prevent, detect, and disclose cybersecurity risks and incidents that are considered material—likely to be significant.

We live in a digital world. Our communications, transactions, and day-to-day workflows all happen within a digital enterprise. Companies rely on advancements in technology to support current and future business initiatives. Rapidly evolving technology brings increased rewards as well as cybersecurity risks. The cause of cybersecurity risks can range from technological and procedural weaknesses to human error. To maintain security, compliance, and a competitive edge, businesses need to keep pace with the ever changing nature of the digital marketplace.

SOX Cybersecurity Requirements and Reporting

Companies need to prove that they have data safeguards, and procedures ensuring those safeguards are operational. This includes quality access management, preventative security measures, as well as redundant and secure backups. Security systems must be able to detect data breaches, and the organization needs a communication plan for notifying leadership and investors of identified breaches. In reporting and during a yearly audit, businesses must attest to and provide evidence that these internal controls exist.

“About 90% of known cyber incidents at public companies went undisclosed in regulatory filings in 2018,” according to the Wall Street Journal, who cited data from the Securities and Exchange Commission (SEC). Businesses are responsible for reporting material cybersecurity risks in a timely manner. This can mean that an organization must disclose a risk or incident before regular reporting. The SEC published the Commission Statement and Guidance on Public Company Cybersecurity Disclosures to provide guidance on disclosures that involved cybersecurity risks and incidents.

SOX requires signing officer(s), typically the CFO or CEO, to attest that the information in their financial and internal control reports are accurate. They cannot contain any false statements, nor can they omit material information. They also need documentation demonstrating that the organization is SOX compliant. Intentionally or inadvertently generating misleading reports or falsifying information not only leads to noncompliance but can also result in expensive fines and prison time.

Understanding Risks and Their Impact

How do you know what your material cybersecurity risks and incidents are? How do you know if you’ve experienced a breach? If you are periodically reviewing alerts, you may miss the context or severity of threats. If your IT team does not have the expertise to analyze risks, they may not see correlations that signify a material risk. Businesses may not report minor security incidents deeming them to be immaterial. What if all these smaller threats and incidents turn out to be a much larger problem? Unable to see the connection between events, an organization could unintentionally omit a material cybersecurity risk in their reporting. Even worse, it can lead to a breach, data loss, and damages.

To truly understand the risks in your environment, you need to monitor your network continuously. You also need the expertise and systems for evaluating the severity of those risks. You cannot disclose what you do not know or fully understand.

With such high penalties for failure to appropriately disclose material cybersecurity risks and incidents, it’s critical your business has a system to identify and assess threats across your network. In the age of digital transformation, periodic reviews of your environment are not enough. Companies need to monitor their network around the clock. Identified threats and incidents need to be assessed and remediated promptly.

Actively Monitoring for Cybersecurity Threats

There is a difference between performance monitoring and cybersecurity monitoring. Performance monitoring lets you know if systems are operating efficiently, but it doesn’t tell you what cyber threats exist or the severity of those risks.

With a pandemic increasing the number of malicious cyberattacks and technology changing daily, it’s no longer acceptable to run occasional cybersecurity scans and assume you’re seeing an accurate picture of your overall security posture. To have a complete understanding of the risks and incidents that occur on your network, you need 24x7x365 monitoring. With a managed detection and response (MDR) service like CoreArmor, a team of security analysts with skills in forensic analysis are able to identify, evaluate, and provide a response plan to threats and breaches within your network.

SIEM Technology

Without the help of security analysts and security information and event management (SIEM) technology, you may not see the significant link between several small risks or incidents. Security experts use SIEM platforms to correlate and analyze threats. This gives your business the context and severity of risks, which helps you determine their materiality. Keep in mind that you need a security expert to utilize the full benefits of these types of security platforms.

Maintaining Compliance with Comprehensive Cybersecurity

To maintain SOX compliance, your organization needs to be able to measure the materiality of cybersecurity risks and incidents. Without the right tools and expertise, your business could experience a breach causing tremendous financial costs, permanent data loss, or even closure. Even if your organization does not need to be SOX compliant, implementing internal controls and data protection procedures increases your overall security posture.

Whether you are getting ready for IPO or need to boost your cybersecurity, we are here to help! CoreArmor provides the expertise and services needed to understand and respond to cybersecurity risks. We have years of experience supporting highly regulated organizations in life sciences. Give us a call at 1-855-841-5888 or contact us today.

Read our whitepaper to learn how to maintain IT compliance in the digital enterprise.

Coretelligent Blog Upgrading to Modern GxP Solutions | Image of a professional woman on a laptop near data servers

Data is the lifeblood of the life sciences. As therapeutics, medical devices, and diagnostics advance from early-stage development into clinical testing and beyond, the scrutiny of reported data and procedures dramatically increases.

In the 1990s, many pharmaceutical and biotech companies implemented SFTP and file servers to store, exchange, and analyze regulated data from environments governed by GxP (e.g, clinical trials, manufacturing, toxicology, etc.).These systems also underwent costly validation procedures to ensure they could hold regulated GxP data. Fast-forward 20 years and these workhorses are becoming ‘long-in-the-tooth’ and are approaching end-of-life. As companies seek to leverage new technologies, like cloud and AI, and reduce costs, many IT teams are evaluating new options to handle regulated data. Here are some considerations when replacing these historical systems with modern, compliant data infrastructure.

High-priority Capabilities

When you are ready to upgrade your GxP data infrastructure, you should consider implementing replacements that provide four essential functions: integrated user access & provisioning, configurable metadata, hybrid cloud support, and robust data security.

Active Directory integration: Any new system you implement should be compatible with your company’s Active Directory. Whether you use Okta, Azure AD, or another service, enabling unified user access control is vital for a secure, auditable environment.

Configurable metadata: Data is just as valuable as the metadata that defines it. Make sure your replacement can accommodate customizable fields, like drug program, partner, and creator. In terms of compliance, metadata can help ensure that data maintains a ‘chain of custody’.

Hybrid: Modern drug development produces large data sets that need to be processed in high-performance local and cloud environments. Hybrid clouds – a combination of public cloud computing and on-premise computing – are essential to the life sciences industry. Make sure your solution has options for supporting cloud and on-premise deployments and can easily synchronize across both environments.

Data security: Cyberattacks have been on the rise with no sign of slowing down. Having an integrated platform that combines data collection/transfer and data security helps protect against common data protection issues.

Robust Compliance Posture

For some legacy infrastructure, validation costs outweigh the cost of purchasing the hardware/software itself. Many companies want to eliminate their overhead in validating software and ensure compliance with 21 CFR Part 11. Confirm that replacements for your SFTP/file servers have key features required for speedy validation and defensible compliance with regulations.

In terms of GxP requirements, modern solutions with the most robust compliance posture include user & file-based audit trails that allow administrators to track the behavior of files and individuals. Also look for data infrastructure that provides tools to track file checksums. If you were to experience an audit, inspectors consider the checksum as the best-of-breed indicator of file integrity. As regional data-related governance requirements are growing, like GDPR and CCPA, companies need to ensure that their secure data platforms afford the tracking of sensitive data.

Evaluating the Options

As you evaluate your options for replacing legacy systems, make sure they include:

  • Fast implementation – Solution can be set up rapidly (in minutes for cloud, > 2 weeks for hybrid)
  • Integration ecosystem – Solution integrates with life sciences applications present in my environment (e.g. ELN, LIMS, CTMS, etc.)
  • Ease of validation – Solution offers a validation package and technical support for implementation in a GxP environment
  • Systems compatibility – Solution is compatible with our compute, SSO, and other infrastructure

Replacing legacy infrastructure can be challenging but it shouldn’t prevent you from focusing on digital transformation and using advanced technologies. Upgrading to modern GxP solutions gives your organization the competitive advantage across critical vectors. Improved cost profiles, enhanced security, and automated compliance are needed in the rapidly evolving world of data-driven drug development. The right choice today can empower you to deliver new value to scientific, manufacturing, and regulatory stakeholders tomorrow, all the while future-proofing your data infrastructure.

Ready to upgrade your legacy GxP systems? Cortelligent will work with you to develop a strategic IT roadmap for your life sciences organization. Call us at 855-841-5888 or contact us to learn how our experience and solutions can help your organization grow while remaining secure and compliant.

Watch our webcast on GxP Data Compliance to learn how we can successfully address challenges in the life sciences industry.

Coretelligent | Endpoint Security Blog | Image of professional using a tablet

Cybersecurity is complicated and can be overwhelming for many organizations. COVID-19 has only made things more complicated by forcing businesses into a remote work environment. With bring your own device (BYOD) becoming one facet of the new normal, endpoint security is necessary now more than ever. Each mobile device, laptop, and tablet that connects to your company’s network presents an opportunity for attackers to breach your systems and access data.

With so many devices remotely connecting to your organization’s network, how do you maintain security and compliance? Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) platforms are tools that help your business gain total visibility of the network and control of endpoints.

Let’s compare endpoint security to the defense in gridiron football. EPPs act as your defensive line. Its goal is to stop known and some unknown threats from accessing your company’s network. EDR platforms act as your safeties. It has more visibility into your network, so it can identify and respond to incidents that bypassed your EPP.

What is an Endpoint Protection Platform (EPP)?

Endpoint security is critical to your organization’s overall security. An Endpoint Protection Platform’s goal, like your defensive line, is to detect and stop threats at the device level, so they don’t get through to your network. EPPs are preventative and can identify known and some unknown threats. EPPs typically include Next-Generation Antivirus (NGA), personal firewalls, anti-malware, data encryption, and intrusion prevention. So, if EPPs offer this much protection, why do you need an EDR?

What is Endpoint Detection and Response (EDR)?

EPPs have upped their game by adding capabilities to stay current with today’s dynamic work environment. Even with these improvements, they can still lack many of the features included with an Endpoint Detection and Response (EDR) platform. Suppose your defensive line fails to stop the offensive team. In that case, your safeties have the visibility to analyze the situation and respond. EDRs work in a similar way. EDRs are looking for incidents that occur across your network, and they can react automatically to prevent further damage. EDRs include features like anomaly detection, real-time log reporting, file integrity monitoring, forensic analysis, isolation, and remediation.

Better Together

Gaining a holistic view of your network is even more challenging with a decentralized work environment. EPPs provide the first line of defense, identifying and blocking many threats from gaining access to your network. EDRs have better visibility. They are ready to stop attacks that penetrated your EPP, preventing attackers from reaching their goal. EDRs can even remediate endpoints to a pre-infected state, rendering the attacker’s play as no good.

EPPs provide critical threat prevention at your endpoints. EDR platforms provide valuable incident response tools that offer context for security events. This quick response and insight can lessen the time between identifying a breach and responding to it. Together, EPP and EDR platforms make an excellent team for securing your endpoints.

Maximizing the Benefits

Although endpoint protection and endpoint response platforms can have advanced security features, you still need a knowledgeable IT security team to achieve the full benefits. EPPs and EDR platforms need someone to manage them, provide human analysis, and comprehensive response. Forensic analysis data is only useful if your company has the experts to interpret it. It’s not reasonable for many organizations to have in-house security analysts monitoring their systems around the clock. Consider adding an MSSP like Coretelligent to your team. Our in-house Security Operations Center (SOC) provides 24x7x365 intrusion detection and monitoring.

Is your organization looking to maximize the benefits of your endpoint protection and prevent attackers from scoring your data? Coretelligent has helped many organizations navigate the new normal that is remote work. Give us a call at 855-841-5888 or contact us to learn how we can partner with your in-house IT team or provide fully managed support and security solutions.

Read our case study to learn how we helped an investment banking firm stay productive remotely.