Posts

Harness the power of cloud management.

5 Major Benefits of Cloud Management Outsourcing

Harness the power of cloud management.Businesses have moved beyond cloud migration and onto cloud strategy. Most organizations have at least a portion of their data or applications on the cloud. Additionally, enterprises are opting for a multicloud or hybrid approach by combining several clouds or cloud types.

In looking at strategy, organizations are eager to take advantage of all the benefits the cloud offers, like scalability, availability, redundancy, and reduced costs. What companies may not understand is that the wrong cloud configuration could actually cost money and reduce efficiency.

Outsourcing cloud management to an experienced IT partner can ensure that you maximize the benefits of the cloud.

Here are five reasons to outsource your cloud management:

1. Expertise

  • There is no one size fits all approach to the cloud.
  • An experienced IT partner works with you to implement a customized cloud solution that supports your business goals while maintaining security and compliance.
  • Taking a multicloud or hybrid cloud approach requires an expert who is familiar with unified cloud management.
  • Smaller IT teams may not have enough experience or the right tools to deliver the right cloud solution.
  • Improper configuration of the cloud can reduce productivity, availability, and security, along with spikes in usage costs.
  • Experienced Managed Service Providers (MSPs) offer expertise throughout the cloud journey, including strategic planning, data migration, and maintenance.
  • A customized cloud solution with a knowledgeable IT partner will provide a consistent experience with predictable costs.

2. Free Up In-House IT

  • Small in-house IT teams can become bogged down by daily helpdesk tasks, which prevent them from focusing on cloud optimization and security.
  • MSPs typically have access to more robust tools and can dedicate a team of engineers to your organization’s infrastructure.
  • With an MSP managing your cloud solutions, your in-house IT team can focus on other projects that directly support the business.

3. Increased Security

  • As organizations continue to make remote work a part of the new normal, cloud vulnerabilities have caught cybercriminals’ attention.
  • To maintain security and compliance, you need the right access controls, regular vulnerability management, and active monitoring.
  • Even if your company has comprehensive cybersecurity tools like a security information and event management (SIEM) platform, many in-house IT teams lack the necessary expertise to use these tools to their full potential.
  • MSPs often use more sophisticated tools allowing them to achieve greater visibility into your infrastructure.
  • Some MSPs like Coretelligent, have in-house security analysts who have specialized skills in areas like forensic analysis.
  • Security analysts can see the correlations between security incidents, which mitigates risks and decreases the response time to incidents.

4. Better Performance

  • If you are experiencing poor performance from the cloud, it could be because of how it was designed or deployed.
  • MSPs can provide better cloud performance because they have more experience architecting and managing cloud infrastructures.
  • MSPs also tend to have larger teams, so they can dedicate engineers to monitoring your cloud infrastructure around the clock, allowing them to fix problems in real-time.

5. Reduced Costs

  • The cloud allows businesses to move costs from capital expenditures to operational expenditures.
  • When implemented appropriately, the cloud can reduce overall IT costs allowing organizations to focus on strategy instead of hardware.
  • Public clouds often have a pay-as-you-go model causing some companies to experience unexpected spikes in billing.
  • MSPs are often able to provide predictable billing with cloud services, making budgeting easier.

Find an Experienced IT Partner

To maximize the benefits of the cloud, you need an experienced IT partner. Coretelligent has years of experience building and supporting customized cloud infrastructure. We have a cloud agnostic approach ensuring your cloud solutions are built around your business goals.

Our IT planning services will ensure that you are optimized, secure, and compliant. With our CoreArmor, cybersecurity solution, our U.S. based in-house support team monitors your infrastructure 24x7x365.

Are you looking to outsource your cloud management? Contact us to learn how Coretelligent can help you harness the power of the cloud.

Read our blog: Your Cloud Solution Must Include a Strong BDR Strategy, to learn how to create IT resilience in a cloud-based world.

by
Business technology trends

9 Business Technology Trends to Watch in 2022

Think About It
It is no secret that business needs to stay on top of the ever-changing technology landscape. Companies that do not keep up will not succeed in the digital age. But, depending on how fast your business adapts, you could be missing out—or left behind altogether.

As a new year begins, we start to see lists touting the latest information technology trends to watch. However, it can be a challenge for non-technological business leaders and busy IT managers to keep up, digest, and make thoughtful decisions about the technologies in which to invest.

In this post, I share nine tech trends that we consider the most impactful for our clients and similar companies in the coming year.

For a deeper dive on how these trends will impact your business, download the free white paper → The Top 9 Business Technology Trends to Prepare for in 2022.

Download

The Top 9 Business Technology Trends to Prepare for in 2022.What Are the Biggest Technology Trends for 2022?

  1. Data Fabric

Gartner defines data fabric as a “concept that serves as an integrated layer (fabric) of data and connecting processes.”

  1. Distributed Enterprises

As we have seen the rise of remote and hybrid work, we also see an increase in the distributed enterprise model. The distributed model entails co-locating various teams that make up a company.

  1. Cybersecurity Mesh

Escalating cyber threats and decentralizing the workplace requires an innovative approach to cybersecurity. Enter the concept of cybersecurity mesh which broadens defense beyond a central physical plant.

  1. Hyperautomation

The growing utilization of artificial intelligence (AI) in business processes has been a powerful technology disrupter. Hyperautomation is one of the leading outcomes of this development.

  1. Privacy-enhancing computation

Privacy-enhancing computation (PEC) is part of a collection of methods helping to solve the challenge of achieving data privacy.

  1. Low-Code/No-Code

Low-code and no-code techniques allow non-developers to piece together without specialized knowledge.

  1. Predictive Analysis

Predictive analysis is a data-driven assessment that is used to forecast the likelihood of a given future outcome using historical data and machine learning.

  1. Networking, Connectivity, and Security for Remote and Distributed Work

Whether part of a formalized hybrid or distributed workplace model or just a liberal remote work policy, dealing with protecting data and systems is the new normal.

  1. Cybersecurity

Finally, cybersecurity deserves to be singled out as it will remain a constant focus for IT in the coming year. Discover which types of cyber attacks are expected to increase in 2022 in the whitepaper.

Technology Trends and Strategy

While these are not the only tech trends of note, they are the trends that we expect to have the most impact on SMBs in specific sectors. We, at Coretelligent, will be tracking these trends and collaborating with our clients as they navigate the challenges and opportunities they bring.

The business landscape is constantly changing, and it’s crucial to adjust your business strategy accordingly. As a leading managed service provider with industry-specific experience and a full suite of IT solutions (including IT strategy and planning, cloud services, and more), Coretelligent is exceptionally well-positioned to help executives and business owners decode these trends. We can help guide your business in determining what technology enhancements are appropriate to incorporate into your technology strategy.

Reach out to learn more about our solutions and continue the conversation about technology and strategy.

Chris Messer, Chief Technology Officer at Coretelligent, HeadshotAbout Chris

As Chief Technology Officer at Coretelligent, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development. Click here to learn more about Chris.

by

Emerging Threats Signal More Trouble for Financial Services Cybersecurity

Emerging Threats Signal More Trouble for Financial Services Cybersecurity

Hedge funds, private equity companies, venture capital, and other financial services firms are prime targets for cyber criminals seeking to compromise data-rich institutions. Additionally, as keepers of valuable personal identifiable information (PII) and propriety data, the financial services sector is subject to increasing regulatory requirements as the cybersecurity threat landscape expands.

While financial firms have been highly motivated to make significant investments in cyber security, the need for risk management is only deepening from persistent threats. The Robinhood data breach is a recent reminder of the danger and the ease with which threat actors can gain access to networks. With over seven million customers affected, the Robinhood breach is the largest in history.

According to representatives from Robinhood, the cyber attack, which began with a social engineering exploit, has been contained and did not include social security numbers or account details. But what about the next time? What if the PII from over seven million customers found its way for sale on the dark web? The cascading consequences are staggering to contemplate.

“Financial services companies are incredibly popular targets because there are always new customers feeding the demand for personal and financial data to sell or use as leverage,” shares Chris Messer, CTO at Coretelligent. “Whether criminals are targeting your customers’ data to directly exploit, sell on the Dark Web, or to hold for ransom, the potential fallout for impacted clients and the financial and reputational risk to your business is extreme.”

There are more than a few emerging cyber threats that have security teams on edge. For example, the development of AI that can write better spearphishing emails than humans has staggering implications considering how many data breaches begin as phishing attacks. And don’t forget that phishing attacks are up by 22% in 2021.

In addition, AI-powered malware is a concern since it can target particular endpoints, making it more effective and profitable for hackers to cripple critical infrastructure and steal data with disruptive attacks. Finally, smishing incidents (like phishing, but via SMS) are also likely to increase in severity as attackers capitalize on a workforce that is increasingly doing business via their smartphones.

Multi-layered Approach to Information Security for Financial Service Organizations

Since businesses within the financial services industry are already required to have certain protections in place, it’s tempting to think that your organization is secure. But, unfortunately, between the increase in frequency and the changing nature of attacks—combined with the ever-changing compliance response—your cybersecurity implementation is not one-and-done. Instead, to keep up, a robust cybersecurity posture requires constant monitoring, continuing education of employees, periodic vulnerability assessments, regular penetration testing, and expert threat intelligence.

Coretelligent recommends implementing overlapping layers of security called defense-in-depth to protect your organization fully from ransomware attacks and other cyber incidents. These individual layers should include everything from easy-to-implement practices to complex security tools to defend your financial services organization. This defense-in-depth infographic highlights the cybersecurity strategy and best practices that Coretelligent employs for continuous multi-layered protection. These include next-generation firewalls, endpoint security, patch management and security updates, access management policies, advanced spam filtering, and much more.

Defense-in-depth

Coretelligent’s Multi-layered Cybersecurity Solution

Are you looking to evaluate your organization’s current security coverage? Use our Cybersecurity Evaluation Checklist to help assess your firm’s cybersecurity readiness. This checklist is a jumping-off point to help your firm determine its current cyber risk exposure and readiness for critical event management.

After completing the checklist, reach out to learn more about how Coretelligent can help to strengthen your cybersecurity posture now and into the future.

by
Why are Phishing Emails so Dangerous and How Can You

Why are Phishing Emails so Dangerous and How Can You Spot Them?

Though it’s been around for a while, phishing attacks continue to be one the most common attacks and a favorite among hackers for their effectiveness and simplicity. These types of malicious attacks account for 90% of all data breaches.

Phishing schemes target the weakest link in the security chain–individual users. Phishing messages usually look like legitimate emails and include suspicious links or a malicious attachment made to look like legitimate links or a document from a trusted source. Use these resources to educate yourself and your end-users on better recognizing fraudulent emails.

7 Ways to Combat Phishing Emails

  1. Humans play a critical role in data breaches. Phishing scammers look for human errors to exploit and use social engineering tactics to obtain sensitive information and login details. Learn more by reading Cybersecurity and the Human Element.
  2. With email being the primary communication tool of business, it’s no surprise that it remains a top security risk. Attackers favor email messages because they can go around technical security measures by focusing their efforts on end-users. Discover more about how scammers use the phishing technique in Email Security Threats: You’ve Got Malware.
  3. Ransomware attacks are on the rise for financial services, according to the SEC’s OCIE. Attackers use phishing scams to gain access to your organization’s systems or data. Once they have access, they lock you out by encrypting your data, demand a ransom for the return of control, and may threaten to publish sensitive data if payment is not made. Read more in Ransomware on the Rise for Financial Services.
  4. Read Top 10 Cybersecurity Recommendations for a list of ten recommendations and best practices that can help better protect your business from fraudulent activities and evolving cyber threats.
  5. Does your organization know how to identify a spear phishing attempt? 6 Steps to Take to Reduce Phishing describes potential scammers’ strategies and the tell-tale signs of email phishing.
  6. In Most Common Types of Cyber Attacks & How to Prevent Them, we share cybersecurity tips to prevent some of the most common types of cyberattacks by proactively managing your risk profile.
  7. The End-User Awareness Training guide makes a case for end-user awareness training to mitigate human error and help users recognize suspicious activity. In addition, you will learn how to spot types of phishing attacks and other social engineering attacks.

Cybersecurity Awareness Month is a great time to reevaluate your security risk profile, reinforce your posture with additional security measures, and educate your team on. We hope these resources will help increase awareness and prevent future data breaches. Reach out to learn how Coretelligent can help protect your business with our robust cybersecurity solutions.

by
The hybrid work model is the new normal.

The Hybrid Work Model is Here to Stay: Are You Doing It Right?

Think About It

The hybrid work model is the new normal for many sectors, and now is the time to stop treating it like a temporary solution in response to the COVID-19 pandemic. Instead, we are in the middle of a revolution as many companies are re-imagining their workplace strategy. A less centralized approach allows for social distancing and offers the flexibility and work-life balance that employees crave while realizing cost savings, improved efficiencies, increased workforce opportunities, and more.

The hybrid work model is the new normal.What is the Hybrid Workplace?

Early in the coronavirus pandemic, many workplaces abruptly shifted to remote work. There was a clear distinction between working in the office versus working from home—and it happened almost overnight. The timeline for transitioning back into the office has not been clear-cut and will probably never be fully realized. As the pandemic lingers, many companies and employees see the benefit in shifting to a model where employees commute to the office, but they may also work from home. Who works where and when varies by company, but the one constant is that a company’s entire workforce is not usually all onsite simultaneously. In short, there has been a shift from traditional offices with rows of workstations to a more flexible model that gives more freedom to the worker.

Who Benefits from Hybrid Work?

If there is one thing we’ve collectively learned from the last 18 months, it’s that we are more adaptable than we realized. Faced with a challenge, we all stepped up and, in the process, discovered that a more flexible workplace model makes sense—with or without a pandemic. In fact, 83% of workers prefer a hybrid work model, according to a 2021 survey from Accenture. Workers have more control over where, when, and how they work, which can help promote wellbeing, increase productivity, and reduce turnover.

And looking at productivity for those with concerns, a 2021 McKinsey survey shows that 58% of business leaders saw productivity improve with a shift to hybrid, while 37% say there was no change from a traditional model.  Additionally, a hybrid model that also allows for fully remote workers makes remote talent acquisition a possibility. This aspect means your firm may be able to add the best candidate to your team, not just the best candidate in your geographical location.

While the hybrid model is here to stay—and most of us prefer it—it’s not without its challenges, particularly regarding technology.

5 Technology Elements to Consider

Here are five areas around which your organization may be experiencing growing pains while transitioning to a permanent hybrid model.  I share the challenges and corresponding solutions for each topic for decision-makers to consider.

  1. Collaboration

Collaboration is going to look different moving forward. Your technology will need to support a fluid mix of in-person and digital teamwork, provide access to resources for onsite and remote workers, and create meeting spaces that allow employees to seamlessly work together no matter their location.

Challenge: Replace in-person meetings and team collaboration.

Solution: Zoom, MS Teams, and similar solutions to create a connected experience.

Challenge: Remote Access to file and application resources.

Solution:  Virtual workspaces, VPN, and SaaS file tools such as Egnyte, OneDrive, or Box

Challenge: Reduction and simplification of communications.

Solution: Zoom, MS Teams, and other similar collaboration tools have allowed organizations to converge legacy telephone with voice, video, chat, and digital meetings and whiteboards into a streamlined and unified experience for employees.

  1. Cybersecurity

A shift to hybrid means that security professionals will simultaneously need to protect all fronts. In a hybrid setting, cybersecurity is more of a challenge than securing all onsite or all remote workstations.

Challenge: Increased network vulnerability from devices shifting from onsite to at-home or even unsecured public networks.

Solution: Zero-Trust Access/Networking, combined with VPN, Virtual Desktops, and SaaS applications to help control data and access.

Challenge: Heightened vulnerability to phishing emails as workforce because decentralized.

Solution: SaaS-based training tools such as KnowBe4 to keep employees trained and tested on company policies and how to recognize threats while not in the office

Challenge: Need for active monitoring 24/7 as employees work offsite at all hours of the day.

Solution: Next-gen SaaS-based security solutions to provide continuous monitoring and alerting.

Challenge: Device management

Solution: Cloud-centric management tools such as Microsoft Endpoint Manager (formerly Intune), JAMF, Addigy, and other MDM tools to enable zero-touch deployment and remote configuration management for corporate devices.

  1. Design of Office Spaces and Technology

As the work model changes for employees, so does the office layout. Workspaces will need to become more flexible to accommodate workers who shift between the office and home. Technology and operations will need to align to provide more hybrid meeting and shared spaces and less traditional cubicles and dedicated space. Decentralizing headquarters might be ideal for some businesses.

Challenge: Office plan with a workstation setup that provides flexibility for when, where, and how office workers want to work.

Solution: Hot desking setup and scheduling with standard hardware configurations allow employees to leverage laptops to work at their preferred location and time.

Challenge: Increase meeting spaces for hybrid work meetings to allow for both in-person and digital collaboration.

Solution: Upgrading meeting rooms to leverage Zoom, Teams, and similar digital tools for full digital meeting support.

Challenge: Consider whether satellite offices work as opposed to one larger location.

Solution: Reducing commute time for employees to optimize productivity and working time with colleagues.

  1. Productivity

Standard operating procures for productivity and how managers evaluate efficiency and output will need to be updated for the hybrid environment.

Challenge: Managers may need technology solutions to gauge productivity.

Solution: Data analytics or management tools to help track and monitor employee engagement and productivity.

Challenge: Workflows and Automation

Solution: Leverage automation capabilities within products and platforms to help reduce manual tasks and improve workflows to drive employee efficiency and promote an increase in productivity.

  1. IT Support and Operations

One challenge for IT managers with the hybrid workplace is technical support. Your organization will need to address workers’ need for IT support both at work and home and at all hours of the day. Not an impossible task, but the 9-5 M-F support model won’t be practical for businesses going all-in on the hybrid work approach.

Challenge: A hybrid workforce working where and when they want is a challenge for technical support.

Solution: Robust device management and remote access tools for IT teams or a trusted MSP partner to provide effective around-the-clock support to both onsite and remote employees.

Challenge: Equipment management

Solution: Leverage remote management and monitoring solutions (RMM, MDM) to keep real-time inventory and audit of equipment for tracking and management.

Meeting the Challenges of the Future with Coretelligent

As we navigate the hybrid-work future, you can count on the IT professionals at Coretelligent to help your organization solve any IT challenges you may be facing to your key business processes with a wide range of IT solutions. If you have questions about designing hybrid work solutions for your company, reach out by calling 855-841-5888 or email  info@coretelligent.com to schedule your complimentary initial consultation.

Chris Messer, Chief Technology Officer at Coretelligent, HeadshotAbout Chris

As Chief Technology Officer, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development.

Click here to learn more about Chris.

by
How Can Executives Manage Cyber Threats by Building a Culture of Cyber Readiness

How Can Executives Manage Cyber Threats? Build a Culture of Cyber Readiness

cyber threatsReducing your organization’s risk from cyber threats requires a holistic approach. Cybersecurity should be integrated across all divisions and at all levels. Cybercriminals do not recognize your internal organization or care about job titles but seek to exploit any weaknesses they discover.

Cyber threats threaten your ability to operate, your reputation, your bottom line, and even the survival of your organization.

The foundation of effectively managing cyber risks requires building a culture of cyber readiness amongst your employees. Most cyber incidents begin with a human action—phishing attacks, ransomware attacks, malicious software, malware attacks, and other persistent threats usually start with an employee unknowingly initiating them by clicking on a malicious link or trigging malicious code by opening an attachment.

How to Effectively Protect Your Organization from Cyber Threats?

How can you, as a leader, promote a culture of cybersecurity readiness to reduce your risk from these types of threats? Here’s a high-level, holistic roadmap for considering how best to incorporate security throughout your firm to defend your organizational assets.

→ Executives – Drive cybersecurity strategy, investment, and culture

As a leader, it is essential that you understand the basics to help integrate cybersecurity as a significant component of your operational resilience.  And that resiliency requires an investment of both time and money. This investment will fuel actions and activities that build and sustain a culture of cyber preparedness that will protect key infrastructure and intellectual property.

→ Employees – Develop security awareness and vigilance

Employees are a critical line of defense. Gone are the days when security threats were the sole responsibility of the IT team. Securing an organization in this current cyber threat landscape requires education, awareness, and participation from all. Therefore, any investments in cybersecurity must include strong end-user training.

Related Resource → 7 Cybersecurity Tips for Practicing Good Cyber Hygiene

→ Systems – Protect critical assets and applications

Data is the foundation of any business; it is the most valuable asset. Know where your data resides, know what applications and networks store it, and know who has access to what data. Build security into the critical infrastructure of your organization’s data to protect against outside attacks.

→ The Digital Workplace – Ensure only those who belong have access

Implement authority and access controls to manage employees, managers, and customers’ access to your digital environment and protect against unauthorized access. Setting approved access privileges requires knowing who operates on your systems and with what level of authorization and accountability.

→ Data – Make backups and avoid the loss of information critical to operations

Even well-protected systems can be breached if someone makes a mistake. Therefore, make protecting data a priority by implementing a thorough a robust backup program. Additionally, develop a plan that will allow you to quickly recover systems, networks, and data if a breach occurs.

Related Resource → Think About IT: The Case for Cloud Backup

→ Incident Response – Limit damage and quicken restoration of normal operations

The strategy for responding to and recovering from a cyber incident involves developing an incident response plan and regularly evaluating that plan and preparing for its use for business continuity during a crisis.

3 Strategic Actions to Tackle First

  • 1. Backup Data

    Employ granular, fast, and efficient backups and data recovery processes to regain digital operations quickly.

  • 2. Multi-Factor Authentication

    Require multi-factor authentication (MFA) for access to enterprise assets to add an additional layer of protection across your organization.

  • 3. Patch & Update Management

    Create and enforce a regular patching schedule for systems, networks, protocols, and applications.

Defend Against Cyber Threats with Coretelligent

Balancing business initiatives with security and technology can seem challenging, but Coretelligent can help. We provide white-glove, fully managed, and co-managed IT services to highly regulated industries like financial services and life sciences. In addition, our comprehensive security and backup and disaster recovery solutions work for you around the clock so you can have peace of mind. To learn how Coretelligent can help your business, contact us at 855-841-5888 or via email at info@coretelligent.com.

by
SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?

SEC Targets Financial Firms for Security Compliance Failures. Could You Be Next?In late August of 2021, the SEC sanctioned eight financial services firms in three separate actions for security compliance failures. The SEC contends that the firms failed to establish and implement adequate cybersecurity policies and procedures. The SEC charged Cetera Entities, Cambridge, and KMS with violating Rule 30(a) of Regulation S-P, also known as the Safeguards Rule, which protects confidential customer information. According to the SEC, the failures “resulted in email account takeovers exposing the personal information of thousands of customers and clients.” The firms settled and agreed to pay $750,000 in fines.

The SEC’s enforcement actions against these companies should be a reminder of how crucial it is to have an effective cybersecurity program in place at your financial services firm. Security processes designed to prevent unauthorized access, malware, phishing, viruses, ransomware, and other malicious threats will both protect your firm from criminals and fines, penalties, and lawsuits.

What’s at Stake?

Cybersecurity incidents involving breaches of personally identifiable information—like social security numbers, credit card details, and bank accounts—can cause significant damage to a firm’s business reputation. Furthermore, your firm may face fines, lawsuits, regulatory investigations, and even legal liability. In addition, remediation costs, including lost revenues, damages, penalties, and settlements, are also likely. A typical data breach costs companies $4.24 million per incident, according to a July 2021 report from IBM.

The SEC Means Business

It seems that the current landscape of ransomware and other cyber threats has spurred the SEC to take a more aggressive stance against security compliance deficiencies. As a result, this summer has seen additional enforcement actions from the body. In June, the SEC charged First American Financial Corporation and later Pearson for similar exposures of sensitive customer data. This indicates that the SEC is moving to heighten its enforcement of cybersecurity rules and disclosure procedures amongst public companies. Key areas of focus in the recent sanctions have focused on:

    • Failure to implement and adopt widely accepted cybersecurity best practices.
    • Insufficient timely disclosures of lapses when they were identified
    • Inadequate and misleading language in breach notifications to clients and regulators about incidents

“Investment advisers and broker-dealers must fulfill their obligations concerning the protection of customer information,” said Kristina Littman, Chief of the SEC Enforcement Division’s Cyber Unit about the August announcement. “It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks.”

Related Content → What You Need to Know About Cybersecurity and Compliance for Financial Services Companies

Safeguard Your Financial Services Firm from Security Compliance Errors

This increased enforcement should serve as a wake-up call to financial institutions: Senior executives must better safeguard the personal information entrusted to them by consumers.

Accordingly, Coretelligent recommends that all financial advisors, brokers, and investment firms review their current cybersecurity vulnerability and compliance programs and consider implementing additional defenses to protect client information.

So, let’s start with some basics. What do the SEC security requirements include? Here are just some of the key elements that financial service firms can apply for strengthening their cybersecurity safeguards.

    1. Implementing and maintaining comprehensive written policies regarding cybersecurity
    2. Establishing and regularly testing computer network defenses
    3. Developing and executing a risk assessment plan
    4. Training employees about cybersecurity risks
    5. Ensuring that usernames and passwords used by employees comply with industry standards
    6. Implementing multi-factor authentication
    7. Monitoring network traffic for suspicious activity
    8. Notifying regulators promptly after discovering a breach.

At Coretelligent, our security and compliance solutions are designed with the needs of financial services organizations in mind. When you work with Coretelligent, you are gaining an IT partner who truly understands the security compliance needs of the financial services sector. Free your team to innovate at scale while we provide your financial services company with the solutions to protect against cyberattacks and fines from data breaches.  Contact us today at 855-841-5888 or fill out our online form to receive a quick return call.

 

by
Kaseya Ransomware Attack

Anatomy of the Kaseya Ransomware Attack and How to Avoid the Headlines

Kaseya Ransomware Attack A breakdown of the Kaseya ransomware attack and how Coretelligent successfully evaded any impacts.

The July 4th weekend Kaseya ransomware attack should be a warning to all organizations from small- and mid-sized businesses to multinational corporations. Not only did the attack compromise and exploit the Kaseya VSA product itself, but the hackers’ true focus and intention were to access as many downstream customers through the platform as possible to maximize the potential earnings from their ransomware attack. This kind of attack is referred to as a supply chain ransomware attack. In the Kaseya/REvilware ransomware incident, the hackers responsible for the attack hoped to magnify their results by targeting a service provider and gaining access to client’s systems. Unfortunately, in the eyes of cybercriminals, many ransomware victims are better than just one victim. More victims increase their chances of collecting on a significant cryptocurrency ransom demand, particularly within the realm of managed service providers and their downstream customers.

Shots Fired

While this is the most massive ransomware attack on record, it could have been much worse. Considering that the company is one of the largest in the remote monitoring landscape, the thousands of victims affected could have been tens of thousands. Today, Kaseya VSA users were the targets, but tomorrow it could be the customers of an even more popular vendor or Software-as-a-service (SaaS) provider. There is no enterprise in the world that does not utilize service providers as a regular part of their business—not to implicate any specific company, but think about the prevalence of Microsoft, Adobe, Amazon Web Services, Salesforce, Zoom, and many others. This incident indicates an escalation by cybercriminals, and we should all be paying attention. Sorry to say, but this is the proverbial shot fired across our bow, and now is the time is now to batten down the hatches for the next potential attack.

What Made Coretelligent Different?

Not all of Kaseya’s customers were impacted, however. Neither Coretelligent nor any of our clients were affected. At the same time, other MSPs and their customers were caught up in the Kaseya ransomware attack and locked out of their systems, awaiting backup restoration efforts or a decryption key. We credit this outcome to the fact that we do not rely on any single tool to provide our only means of security, and we have robust incident response planning and workflows to handle such an event. We have multiple layers of protection in place to protect our critical systems and data. Additionally, we were able to mobilize our team immediately upon news breaking of this event to take swift action to mitigate and protect until further information was available.

While not directly impacted, Coretelligent immediately enacted our Incident Response Plan out of an abundance of caution upon learning of the attack in progress on July 2nd. Doing so allowed us to eliminate any potential issues and keep all customers protected until further information on the attack became available. As leaders in the MSP space, we must follow the very same incident response guidance that we offer as recommendations to our clients.

Coretelligent’s robust, multi-layered approach to cybersecurity, also referred to as defense-in-depth, protected us—and, more importantly, our clients.

Here are some of the key provisions that make up this layered defense model:

  • Perimeter Security – Strong firewall policies to allow only necessary services access, security scanning (antimalware, antivirus), DNS/web filtering, Intrusion Detection and Prevention (IDS/IPS), and geo-blocking all help reduce the ability of malicious actors to access services such as Kaseya that were public-facing.
  • Multi-Factor Authentication – All critical services are secured with multi-factor authentication to reduce the possibility of unauthorized access due to compromised credentials.
  • Role-Based Access Controls (RBAC) – Coretelligent operates a tiered and segmented permission structure within our environment. Employees are granted the appropriate level of access to systems based on their role, responsibility, and seniority. This process helps to govern and restrict full administrative access to key systems and infrastructure to a select group of senior internal resources; as such, there are fewer accounts and avenues for attackers to gain access and do damage.
  • Endpoint Protection – Coretelligent leverages SentinelOne Endpoint Protection for all our corporate servers and workstations. This platform, along with others, can detect/block these types of exploit attacks.
  • Security Logging and Monitoring – All critical infrastructure is monitored in real-time via our CoreArmor platform. Logs and data are aggregated from all our critical systems to look for anomalous or suspicious behavior and immediately alert our team.

As Coretelligent’s infrastructure was protected with the provisions noted above, our customers were also still protected via endpoint security software from our other partner providers, SentinelOne and Webroot.  In addition, subscribers to our CoreArmor service benefitted from additional real-time alerting and protections against this attack as the indicators of compromise (IOC) used in this attack were discovered and reported. This coverage allowed for security products to better detect and protect against this attack from further spreading or infection of new targets. All our key security vendors provided security updates and tracking information throughout this event to help block the ransomware and additional infected files to reduce further spread and infections.

The Plan You Hope You Never Have to Use

An Incident Response Plan is a set of guidelines and procedures put into effect during a security incident. Generally, this type of plan includes guidelines for the initial response, escalation, containment, and recovery or post-incident activities.

As our Incident Response Plan recommends, we quickly shut down all activity from the Kaseya compromised servers. In addition, we followed the additional steps outlined in our plan to safeguard our resources and those of our clients. As a result, neither Coretelligent nor any of our customers experienced any impacts—excluding inconvenience—as we proceeded through our Incident Response Plan. Additionally, to honor Coretelligent’s commitment to transparency, our team provided twice-daily email updates to our customers, which are also available in this blog post.

As the attack unfolded, Kaseya shared that the hackers were able to gain access through a zero-day. A zero-day is a previously unknown vulnerability discovered in software or system design that cyber criminals can exploit to gain entry to networks. A patch was released on July 13th to address the vulnerabilities, and after careful review of the fix, our Coretelligent engineers begin implementing the patch on July 14th.

Future Plans

Moving forward, Coretelligent will address any concerns we may have with Kaseya and provide an update and recommendation to our clients.

Kaseya Ransomware AttackFrequently Asked Questions About the Kaseya Ransomware Attack

What is Kaseya?

Kaseya is a leading provider of cloud-based IT management and security solutions for small, medium, and large businesses. The Kaseya VSA platform is just one tool that Coretelligent uses to help manage, access, and maintain customer servers and workstations.

How does Coretelligent use Kaseya?

Coretelligent uses Kaseya to remotely access, troubleshoot, monitor, and manage servers and endpoints of our customers and perform automation and maintenance activities for customers who subscribe to that service. Additionally, Coretelligent uses a combination of tools (Kaseya and LogicMonitor) to monitor customers who have signed up for proactive monitoring services.

Who is behind the ransomware attack?

This attack was perpetrated by the cybercriminal group known as the REvil Ransomware Gang. The threat actors were implicated in the June 2021 hack of the meat-processor JBS. After the JBS attack, the group warned that they would next target U.S. companies. As a result, the White House called for President Vladimir V. Putin to shut down the Russia-linked gang and other ransomware groups targeting the U.S.

How did Kaseya get hacked?

The attackers exploited four vulnerabilities in Kaseya’s VSA product to bypass authentication, upload ransomware, and other payloads, and then execute the malicious code/files. This vulnerability allowed the hackers to upload the malicious software, create Kaseya procedures (scripts) to copy files and execute the ransomware. They then executed these procedures against all customer agents tied to each Kaseya VSA server to start the ransomware attack and deliver a ransom note to downstream customers. They then removed logs and other forensic evidence to cover their tracks.

A more detailed technical breakdown is available at TrueSec.

Why were some Kaseya customers infected and others were not?

This question is not yet fully answered at this point, and more forensic details may still need to be shared from the impacted MSPs with Kaseya, law enforcement, and various security firms that are involved in this incident.

From what we can tell, customers utilizing multiple layers of protection were better protected against this attack. For example, Coretelligent uses perimeter firewalls, DNS filtering, geo-blocking, multi-factor authentication, and other security controls to protect our VSA servers. This practice, commonly referred to as defense in depth, provides multiple hurdles for an attacker to bypass, making for a more challenging target to crack.  This approach may encourage the attacker to move on and works to protect Coretelligent and its customers.

Additionally, it should be noted that only premises customers, meaning those with on-premise VSA servers, were impacted.

Is it safe to use Kaseya now that it has been patched?

YES—our Kaseya VSA environment is safe and secured for use. Coretelligent successfully applied version 9.5.7.a patch, which resolved multiple security vulnerabilities in the product and has made all the necessary configuration adjustments and security recommendations to our Kaseya VSA servers as of July 13th.

Kaseya Help Desk Resources:

Our VSA servers continue to be protected by multiple security layers and restrictions, along with comprehensive security monitoring and alerting, which we believe will continue to keep our environment protected and secure.

Will Coretelligent continue to use Kaseya for Remote Monitoring and Management (RMM)?

Coretelligent will undergo a careful forensic review of this experience and decide whether to continue with Kaseya for remote monitoring and management or switch to a different vendor platform. In the interest of full transparency, we will communicate our decision with you, our customers, and provide background and justification about our decision.

How can we reduce the risk of this kind of supply chain attack?

Partnering with a tested, transparent, and expert managed service provider like Coretelligent is your best defense against ransomware and other cyberattacks. We offer best-in-class services covering a full range of technology needs with specialized expertise in cybersecurity.

What is the official response and guidance from the U.S. government?

The Deputy National Security Advisor Anne Neuberger has provided regular updates about the Kaseya ransomware attack and law enforcement is continuing its investigations to safeguard critical infrastructure and prevent future incidents. In an early statement about the attack, she remarked that President Joe Biden had “directed the full resources of the government to investigate this incident.”

Additionally, the Cybersecurity Infrastructure Security Agency, one of the federal agencies tasked with protecting U.S. assets, released a CISA guidance advisory which included a multitude of recommendations for hardening IT systems, including:

  • Using authentication process controls, like multi-factor authentication, the use of which might have saved the Colonial Pipeline from getting hacked.
  • Adhere to best practices for password and permission management
  • Regularly update software and operating systems
  • Employ a backup solution to automatically and continuously back up critical data and systems. Store backups in an easily retrievable location that is air-gapped from the organizational network.

Comprehensive Cybersecurity Protection

For more recommendations and information about how Coretelligent’s cybersecurity practices and solutions can protect your organization from incidents like the Kaseya ransomware attack, reach out to schedule your complimentary initial consultation. Coretelligent also offers expertise working with specific industries that have cybersecurity compliance requirements like financial services, life sciences, real estate investment, and others.

Think About It with Chris Messer, CTO

Chris Messer, Chief Technology Officer at CoretelligentAs Chief Technology Officer, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development. Chris shares a post each month called Think About It.

Click here to learn more about Chris.

by

Is Your Hedge Fund Protected Against Emerging Cybersecurity Threats?

Hedge fund technology leaders are facing a crisis of faith, with national cybersecurity experts proclaiming that “Every investment is at risk“. IT data breaches are reaching astronomical proportions and impacting thousands of organizations each year in the US alone. Even the Securities and Exchange Commission weighed in, noting that investors are facing ongoing cybersecurity risk and creating a special branch of enforcement called the Cyber Unit. Protecting against these threats requires specialized knowledge and an ongoing effort to understand emerging cybersecurity threats and how to combat them, particularly in the financial services and wealth management sector. With so much high-value information at stake, hedge fund managers may find themselves in a situation of continually reviewing new resources in an attempt to cover any vulnerabilities in their operations infrastructure.

Common Cyberattacks Experienced by Hedge Funds
The sheer volume of financial data for high net worth individuals would be enough to make a hedge fund extremely attractive to hackers, creating an unacceptable risk for the entity. Each business entity has its own unique opportunities and challenges, and hedge funds are quite susceptible to three key types of attacks: BEC (Business Email Compromise), ransomware and social engineering.

  • Business Email Compromise attacks, also known as phishing or whaling, often take the form of innocent-seeming email threads with cybercriminals attempting to misdirect funds in the form of fraudulent wire transfers. Identifying these emails as an attack requires ongoing diligence on the part of staff members as well as advanced monitoring and notification solutions.
  • Cybercriminals are becoming quite crafty in their attacks, with financial services firms seeing an increase in social engineered attacks that focus on invalid wiring instructions. Any request for a wire transfer or other large transfer of funds or stock should be well-documented and follow strict procedures, with ongoing education to reduce the risk of errors.
  • Protect your firm from unexpected ramifications by adding stringent standards around how dates are written on checks and other legal documentation. Instead of utilizing a 2-digit year in written date fields, be sure you utilize the full 4-digit date. Dates should be written in this format: MM/DD/YYYY instead of MM/DD/YY to avoid confusion.
  • Financial services and healthcare are particularly vulnerable to ransomware or crypto-mining attacks because this type of threat reduces the ability to access business data or critically important information systems. The impact on the organization is often secondary to the negative impact on customers or partners — specifically in the case of fast-moving financial transactions. IT professionals are often pressured to quickly resolve ransomware attacks, which often means paying the ransom to hackers to regain access to important IT platforms.
  • Social engineering attacks are often considered a “long game” because hackers take the time to get to know their targets — learning enough about a key individual to be able to either break into their accounts by guessing passwords or otherwise infiltrating their systems. Early forms of social attacks involved encouraging individuals to click a link to update their information or to verify details about their work and home life or charitable contributions. This type of nuanced attack can be the most difficult for busy executives to spot, as they are used to simply handling details quickly and moving on as opposed to deeply researching emails to determine if they’re a potential threat.

Finding the right solutions to protect against each of these emerging threats requires a systematic review of current cybersecurity principles as well as creative strategies to reduce the ongoing risk of a data breach or other type of attack.

Protecting your financial services entity starts by working with a partner that has a thorough understanding of the current and future threat landscape. At Coretelligent, our cybersecurity professionals are experts in financial technology and can help you understand how emerging threats could place your hedge fund at risk. From developing situational awareness to improving your security posture, Coretelligent provides comprehensive compliance and cybersecurity solutions for financial services institutions of all sizes. Contact us at 855-841-5888 or via email to info@coretelligent.com to schedule your complimentary, no-obligation consultation.

by