Posts

Cyber attacks are becoming increasingly common, and cybercriminals see small to medium-sized businesses as prime targets. The devastating consequences of a cyber attack can be long-lasting and far-reaching, as demonstrated by the chilling story of Expeditors, a logistics company that fell victim to a ransomware attack in 2022 and discovered the true cost of cyber attacks.

[ez-toc]

cost of cyber attacks

The Immediate Effects of Expeditors’ Cyber Attack

The ransomware that hit Expeditors left their data and infrastructure at risk, forcing them to halt operations. The immediate effects of the attack were catastrophic, resulting in $47 million in lost revenue, overages, and payouts to customers. Additionally, the company spent $18 million on remediation and recovery efforts, further impacting its bottom line.

Ongoing Impacts: The 2023 iRobot Lawsuit

The fallout from the cyber attack didn’t end with the initial shutdown. In February 2022, Expeditors CIO Christopher J. McClincy said, “The cyber-attack limited our ability to arrange shipments or manage customs and distribution activities, or to perform certain accounting functions, for approximately three weeks after the attack.” Later in the statement, he added, “We continue to navigate residual effects.”

Then in 2023, the company was hit with a lawsuit from iRobot, one of their biggest customers. The lawsuit claims “Expeditors’ own inattentiveness and negligence exposed its systems to attack, and Expeditors lacked and/or failed to implement the necessary business continuity plan to ensure that it could continue providing services to iRobot.”

This legal action added to the ongoing financial impact faced by the company and reignited news stories about the attack—likely impacting the company’s reputation with potential clients, current clients, partners, investors, and other stakeholders.

What’s Your Risk Exposure?

The story of Expeditors should serve as a stark example of the increasing threat that cyber attacks pose to all businesses, but especially to small and mid-sized companies. According to a recent report, 47% of all U.S. businesses suffered some kind of cyber attack in 2022. At the same time, another report found that companies with less than 1,000 employees are three times as likely to be the target of a cyber attack as larger businesses like Expeditors.

Cybersecurity experts say that it’s not if a company will be a target, but when. In fact, a study of penetration testing results found that cybercriminals can penetrate 93 percent of company networks.

Invest in Proactive Measures

Small to medium-sized businesses are seen as easy targets by criminals since they often invest less in cybersecurity and lack security expertise. Cybercriminals understand this and take advantage of these weaknesses, using techniques like phishing, malware, ransomware, and other malicious tactics to gain access to sensitive data or disrupt operations. As a result, it is essential for businesses to invest in robust cybersecurity solutions that can help protect them from cyberattacks.

However, according to the Cyberspace Solarium Commission, many “cybersecurity budgets at U.S. organizations are increasing linearly or flat” when they should be growing in response to the exponential growth of cyber threats.

Best Practices to Mitigate the Risk from Cyber Attacks

Investing in multi-layered cybersecurity is the surest way to keep you and your company out of the headlines. By implementing cybersecurity solutions utilizing best practices, businesses can significantly reduce the likelihood and severity of a cyber incident.

Some key strategies include:

  1. Investing in robust security solutions: Deploying firewalls, real-time monitoring, and intrusion detection systems can help identify and prevent unauthorized access to your network and data.
  2. Regularly updating and patching systems: Keeping software and systems up to date ensures protection against known vulnerabilities, making it more difficult for cyber criminals to exploit your systems.
  3. Implementing strong access controls: Restricting access to sensitive data and systems through multi-factor authentication and the principle of least privilege minimizes the risk of unauthorized access.
  4. Educating employees on cybersecurity best practices: Regular training on topics such as recognizing phishing emails and creating strong passwords can reduce the risk of employees inadvertently compromising your network.
  5. Developing a comprehensive incident response plan: A well-defined incident response plan outlines the steps to be taken during a breach, including containing the incident, assessing the damage, and recovering from the attack.

By learning from the Expeditors case study and prioritizing cybersecurity, businesses can better protect themselves from the devastating consequences of cyber attacks and ensure long-term success. Protect your business from cyber threats with a comprehensive security risk assessment that can help identify any areas of vulnerability and provide guidance on best practices to shield your organization.

How to Spot a Phishing Email

How to Spot a Phishing EmailEmail phishing activity is reaching a new high, especially in the financial services sector.

Common attacks are nothing more than online scams involving gift cards, while some are targeted spear phishing campaigns with the goal of gaining access to corporate networks. The best defense against fraudulent emails is educating end-users on how to spot suspicious emails. Phishing schemes often have signs that can trigger recipients to question their veracity. The key is to slow down and pay attention to the details. To that end, we have put together a list of ten common phishing email characteristics.

10 Signs of a Phishing Scam

  1. It just doesn’t look right – Is there something a little off with the emails? Too good to be true? Trust your instincts about the warning signs of potentially suspicious activity.
  2. Generic salutations –  Instead of directly addressing you, phishing messages often use generic names like “Dear Customer.” Using impersonal greetings saves the cybercriminals time so they can maximize their number of potential victims.
  3. Links to official-looking sites asking for sensitive data – These fake websites are often very convincing, so before revealing personal information or confidential data, examine the site to make sure it’s not a fraudulent website.
  4. Unsolicited email that uses personal details about you – Information like job title, previous employment, or personal interests can be gleaned from social networking sites like LinkedIn and then used to make a phishing email more convincing.
  5. Unnerving phrases – Thieves often use phrases meant to scare you (such as saying your account has been breached) to trick you into acting without thinking and in doing so, revealing information you ordinarily would not.
  6. Bad grammar or spelling – Grammar mistakes and misspelled words are a dead giveaway in a basic phishing attack. The use of unusual syntax is also a sign that something is wrong.
  7. Urgent request – For example: “If you don’t respond within 48 hours, your account will be closed.” By convincing you the clock is ticking, phishing scammers hope you’ll make a mistake by clicking on a phishing link or opening a malicious attachment.
  8. You’ve won the grand prize – This phishing technique is common but easy to spot. A similar, trickier variation asks you to complete a survey (thus giving up your personal information) in return for a prize.
  9. Verify your account –  These types of phishing attacks spoof real emails asking you to verify an online account with a site or organization. Always question why you’re being asked to verify – there’s a good chance it’s a scam.
  10. Cybersquatting – Often, cybercriminals will purchase and squat on website names that are similar to an official website in the hopes that users go to the wrong site, such as www.google.com vs. www.g00gle.com. Always take a moment to check out the URL before entering your personal information.

Related content: 6 Steps to Reduce Phishing 


Coretelligent’s Recommendation:

It is essential for your organization to have comprehensive solutions for cybersecurity designed by a trustworthy, proactive provider. Our CoreArmor solution offers 24/7 intrusion detection and monitoring, in-depth assessment to identify vulnerabilities, best-in-class phishing testing and end-user awareness training, and more. Your organization must be protected against emerging email threats in 2024 and beyond. Contact us today for strategic guidance on how to mitigate the security risk from phishing attempts.

CPRA vs CCPA

Today’s businesses operate in a global landscape where data privacy and security compliance are more complex than ever. Case in point, there is a significant amount of uncertainty about the upcoming CPRA requirements and how it differs from the CCPA. Let’s look at CPRA vs. CCPA.

[ez-toc]

CPRA vs CCPA

CPRA Vs CCPA

The California Privacy Rights Act strengthens the consumer privacy rights outlined in the CCPA and establishes new data security requirements for businesses with enforcement beginning on July 1, 2023.

Businesses must protect the privacy of personal information, including taking steps to implement authentication procedures, updating policies, and securing user data. In addition, businesses must comply with CPRA by July 1, 2023, or face potential fines, lawsuits, and more.

In terms of CPRA vs. CCPA, it is important to note that the CPRA does not replace the CCPA. Instead, the CPRA amends CCPA by adding clarifications and strengthening provisions.

What is the California Consumer Privacy Act (CCPA)?

Enacted in 2018, the CCPA was the first significant privacy law in the US after the EU adopted the General Data Protection Regulation (GDPR).

The CCPA is a baseline law that created consumer privacy protections like the right to know what personal information a business collects and shares. It required companies to provide notice of their data practices and more. It applies to all businesses operating in California, whether they have a presence in the state or not.

The CCPA requires businesses to provide certain notices and disclosures, such as a dedicated privacy policy, to individuals before collecting their personal information.

What is the California Privacy Rights Act (CPRA)?

The CPRA builds upon the CCPA by further expanding consumer privacy rights and strengthening data protection requirements. For example, the CPRA grants consumers even more control over their personal information by requiring businesses to obtain explicit consent for data processing activities outside the scope of contractual necessity or legal obligation. It also adds more data security requirements and expands the scope of data security procedures covered by the law.

Key Differences Between CCPA and CPRA

Businesses should note that the main distinction between the CCPA and CPRA is the addition of strict consumer data privacy and security provisions. For example, the creation of a new category of sensitive personal information expands the data types that are subject to greater protection measures. Additionally, the mandatory cybersecurity and risk assessments and third-party audits required for some businesses will add additional layers of complexity to compliance programs.

 CPRA Data Security Updates

Here are some data security requirements outlined in the CPRA:

  1. Reasonable security measures: California privacy law expects businesses to implement “reasonable” security measures to protect the personal data they collect.
  2. Sensitive personal information protection: CPRA expands the categories of personal information, and businesses must employ reasonable security measures to protect this data, including encryption and access controls.
  3. Annual security audits: The CPRA requires that businesses performing higher-risk processing (as defined by the CPPA) conduct annual cybersecurity and risk assessments, as well as vulnerability assessments and penetration testing.
  4. Third-party vendor security: Companies must conduct due diligence on vendors that handle personal information, ensure they have adequate data protection measures in place, and only transfer data to vendors with confidentiality agreements in place.
  5. Training and education: Businesses must train their employees to manage personal data and ensure they understand how to protect it.
  6. Data breaches: The CPRA now considers email account leaks as data breaches, particularly if such leaks result in the exposure of personal details linked to people residing in California, as well as when security question leaks occur.
  7. Data minimization and retention: Companies must limit the data they collect, store, and retain to a reasonable amount necessary for their operations.

Potential Consequences of Non-Compliance

The potential outcomes of non-compliance are significant. The CPRA clarifies consumers’ rights to sue for violations and creates the California Privacy Protection Agency (CPPA) to enforce the CCPA and CPRA. Companies that violate the laws can face hefty fines and sanctions, including criminal penalties or suspension of the company’s ability to conduct business in the state. Additionally, organizations that fail to comply could become subject to costly and time-consuming lawsuits.

Announced in August 2022, the first enforcement action of the CCPA was a $1.2 million settlement against Sephora for neglecting to inform consumers about the sale of their data and to adequately process sale consumer opt-outs.

Enforcement actions are expected to increase after the full force of the CPRA goes into effect in July 2023.

How to Navigate a Changing Regulatory Landscape

It is critical to know what data your business collects and how it is secured to ensure compliance with the CCPA and the CPRA. Working with an IT partner that understands data privacy laws and regulations and data security requirements is essential for organizations looking to stay compliant in this increasingly regulated environment.

Your organization may also be required to follow additional requirements like the European GDPR or New Yorks’s Shield Act. By enlisting the services of a qualified IT services provider, organizations can make certain they are up to date on all the latest regulations and utilizing best practices for data protection. In addition, having an experienced IT partner means businesses can avoid disruptions and safeguard operations and focus on growing their bottom line.


Related Content → Read about how a GRC-enabled solution can streamline and simplify compliance  Understanding Governance, Risk Management, and Compliance for Financial Services.


 

Multi-layered Security

Are you utilizing a multi-layered security solution? In today’s escalating environment, it is not enough to just have a cybersecurity solution, instead, your company needs a robust multilayered security solution that includes multiple checks and protections against intrusions.

[ez-toc]

 

Multi-layered Security

Multi-Layered Security: How to Improve Your Cybersecurity Strategy

Cyber attacks are increasing at an alarming rate. In fact, global cyber attacks were up by 38% in 2022 over the previous year–and this trend doesn’t appear to be slowing down for 2023 either.

In light of this increase, are you putting yourself and your business at risk because of your deficient posture? The consequences of not being prepared for a data breach, ransomware, or other cyber incident are severe and include:

  • Financial loss from shutdowns and restoration efforts
  • Reputational damage
  • Personal liability
  • Fines and penalties from regulators
  • Permanent loss of proprietary data
  • Exposure of confidential and proprietary data
  • Costly lawsuits from clients, employees, and others impacted by data breaches or loss of productivity from stoppages
  • The complete failure and dissolution of your company

In evaluating your current posture,  it is important to ask yourself the following questions:

  1. When was your company’s last vulnerability assessment?
  2. Have you made the recommended improvements?
  3. Do you know how to address your security vulnerabilities?
  4. Could you defend your current strategy to investors and regulators if a breach occurred?

Defend Against Escalating Threats with Layered Security

The potential risk from a deficient or merely adequate cybersecurity posture are just too significant. The escalating cyber threat landscape requires a rigorous, dynamic, and proactive security strategy. The only way to truly protect your firm from cyber threats is with a robust cybersecurity position. The most secure approach is utilizing multi-layered security protection, often referred to as defense-in-depth. Without this method, your company is an easy target for cybercriminals, and it could  be considered negligent in the event of a cybersecurity incident.

To provide some context—your lax security approach is just as negligent as leaving your front door wide open and announcing to the world that you are out of town for the week.

 

Multi-layered Security

This infographic demonstrates the multilayered approach to security, specific best practices, and their associated Coretelligent solutions.

What Does Layered Cybersecurity Encompass?

Defense-in-depth is a system of overlapping security layers that range from easy-to-implement controls to complex security tools. These layers are designed to create an interlocking barrier, not unlike the security system at your home, which might include a door with a deadbolt, motion-detection lights, security cameras, and an alarm system that act as overlapping protections designed to safeguard your home. These individual protections combine to work as a system that is continuously protecting your home. Multilayered cybersecurity operates in the same manner. And just like your home security defends on two fronts—as a deterrent to criminals and as a barrier for any criminals foolish enough to attempt to break in—a strong cybersecurity posture defends on two fronts.

Our defense-in-depth infographic highlights the cybersecurity best practices that Coretelligent employs, including next-generation firewalls, endpoint detection and response, patch management and security updates, access management policies, advanced spam filtering, and more.

Evaluate Your Current Cybersecurity Solution

Looking to evaluate your organization’s current security coverage? Use our Cybersecurity Evaluation Checklist to help you appraise your firm’s cybersecurity readiness. This checklist is a jumping-off point to help your enterprise determine its ability to mitigate the risk of cyberattacks before it is too late.



After completing the checklist, reach out for questions about how Coretelligent can help to strengthen your cybersecurity. Learn more about what we offer, including cloud-based solutions, backup and business continuity services, IT planning and strategy, compliance solutions, and more here.

What is cyber hygiene and cyber hygiene best practices?

Cyber HygieneWhat is Cyber Hygiene?

The consistent implementation of cybersecurity best practices to ensure the security and handling of your networks and critical data is what is known as cyber hygiene. Coretelligent will be sharing information and resources to help you fortify your cyber hygiene and keep your business safe from  threats.

7 Cyber Hygiene Best Practices

We have put together a list of cybersecurity tips as a quick introduction to persuade your team to assess your firm’s current security readiness from a cyber attack.

  1. Double (or triple) up on login protection.

    Enable multi-factor authentication (MFA) across your organization for all accounts and devices to ensure that only authorized users gain access to your secure data. CISA’s Multi-Factor Authentication (MFA) How-to-Guide is a good resource for more information.

  2. Shake up your password protocol.

    According to the NIST guidance, users should consider using the longest password or passphrase permissible. Encourage end-users to switch up passwords across applications, accounts, and websites. Using unique, strong passwords can make it more difficult for cybercriminals to gain access and protect your organization in the event of a breach.

    A password manager and online password generator can be employed to generate and for remembering different, complex passwords. Another solution is to employ SSO to control passwords centrally and avoid user password sprawl across various platforms, which can lead to poor password choices, reuse, and insecure safekeeping.

  3. If you connect, you must protect.

    Whether it’s a laptop, smartphone, or another networked device, the best defense against viruses and malware attacks is to perform updates on a regular basis to verify that the latest software updates get applied to your software, browser, and operating systems.

    A plan that includes the automatic security update is a critical layer of security and part of a multi-layered defense strategy.

  4. Don’t get hooked.

    Cybercriminals use phishing tactics, hoping to fool their victims. So, if you’re unsure who an email is from—even if the details appear accurate— or if the email looks phishy, do not respond, and do not click on any attachments or suspicious links in emails.

    Instead, report the phishing attempt to help your IT team and email provider block other suspicious fake emails before they arrive in your inbox. In addition, the use of random phishing simulations is a valuable exercise to help end-users spot phishing attempts.

  5. Beware of social engineering traps.

    Many people don’t realize that many of the posts seen on social media asking for seemingly random details are created by criminal networks. They use these posts to gather data that can be mined for potential passwords and other secure information.

    For example, posts like, “What car do you wish you still had?” or “Tag your childhood best friend” can be used to help criminals work out the answers to your security questions.

    Not only can these tactics impact personal data but are used to target employees in order to gain access to corporate networks. Read CISA’s Social Media Cybersecurity Tip Sheet for more information about good social media and cybersecurity practices.

  6. Don’t forget about mobile.

    Most connected Internet of Things devices are supported by mobile applications. Mobile devices are often filled with suspicious apps running in the background, or using default permissions users never realized they approved, which are gathering personal information and login credentials without the user being aware.

    A robust cybersecurity posture should include a plan for protecting data from employees using compromised mobile devices to access to corporate networks.

  7. Stay protected while connected.

    Using Virtual Private Network (VPN) for employees remotely connecting is the best way to protect networks. A VPN creates a secure connection that encrypts information so that it’s hidden as it travels. This connection makes it harder for attackers to see and access data.

    VPNs are essential when accessing sensitive data like personally identifiable information (like social security numbers) or protected health information, especially when using public wi-fi networks. In today’s hybrid workplace, VPNs are a must to protect against suspicious activity.

From a phishing attack to a ransomware attack, cyber threats are constantly evolving. If you are unsure whether your firm employs good cybersecurity hygiene best practices or not, then it may be time for a security check-up.

Remember, cybercriminals will use any security vulnerabilities they can find to gain access and steal data. You can start with these cybersecurity tips and move on to using our free Cybersecurity Checklist to review your security measures.

 

Coretelligent is here to help with advice from our cybersecurity experts. Protect your business and learn more about our enhanced managed cybersecurity services designed specifically for small-to-mid-sized companies. Reduce your risk from security incidents – contact us today for help responding to your cybersecurity gaps.

Multifactor Authentication

Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from distinct categories of credentials to verify a user’s identity. It is a crucial component of a robust multilayered cybersecurity posture to help mitigate the risk of a cyberattack.

It is also considered a best practice for organizations of all sizes and across all sectors to meet compliance standards—especially in highly-regulated sectors like financial services and life sciences.

[ez-toc]


Multifactor AuthenticationMultifactor Authentication Explained

The multifactor authentication method should be familiar to all readers at this point. Companies from Apple and Google to Facebook and Amazon utilize (or require) multifactor authentication to reduce risk. Many more will follow in their footsteps as the threat landscape intensifies from cyberattacks and data breaches and as more regulatory agencies require the process.

When MFA is implemented, systems require users to present a combination of two or more qualifications to verify their identity for login. The first authentication consists of a password, which is all that’s required with single-factor authentication. The second verification can vary but often involves asking for a code sent via text or email to a device or account that has previously been verified.

MFA increases security because even if one credential becomes compromised, unauthorized users will not be able to meet the second authentication requirement and will not be able to access the device, network, or database. MFA prevents the unauthorized access of data—including personally identifiable information, intellectual property, and financial assets—by a third party who may have discovered a single password through illegal channels or via a phishing attack.

Multifactor authentication is an element of identity and access management, which consists of policies and practices designed to manage access to enterprise resources and keep systems and data secure. Additionally, Privileged Access Management (PAM) is a subset of IAM that allows for an even more granular distinction between users and access to more sensitive data.



Two-Factor vs. Multifactor vs. Adaptive

  • Two-Factor Authentication (2FA) is the simplest and most common form of multifactor authentication. With 2FA, users must supply two distinct proofs of identity for access. In nearly every case, two-factor authentication is a massive improvement over single-factor.
  • On the other hand, 2FA might not be flexible or robust enough for certain situations and specific industries. With MFA, more than two factors are required for authentication, enabling more variables and security. To elaborate, MFA can grant degrees of access across a broad spectrum of possibilities depending on various data points and multiple factors obtained from the login.
  • Adaptive Authentication is yet another certification tool that uses contextual information and business rules to determine which authentication factors to apply to a particular user, at a certain time, and in a specific situation. It combines user authentication with AI and is an effective tool for balancing security requirements and the user experience. Adaptive MFA also makes access decisions based on data, such as: consecutive login failures, geo-location, geo-velocity (or the physical distance between consecutive login attempts), device type, time of day, and 3rd party intelligence data.

MFA and Multilayered Cybersecurity

While MFA can help strengthen your security, it is still best employed as part of a multilayered cybersecurity program based on a defense-in-depth strategy. Defense-in-depth is a cybersecurity model that employs continuous multilayered security for real-time, holistic protection. The reality of today’s cyber threats is that no one cybersecurity practice is enough to protect on its own. Instead, overlapping layers of cybersecurity protections are recommended. A layered defense helps security organizations reduce vulnerabilities, contain threats, and mitigate risk.

It is also important to note that it is still critical to practice good cyber hygiene, even with MFA. Organizations should set password management policies and educate end-users about best practices. Such policies should include requirements for unique passwords and review the frequency of password rotation, among others.


Related Content →  Evaluate your cybersecurity posture with our  Cybersecurity Checklist.


What is Right for Your Organization?

The answer to this question depends on the specific needs of your business. However, in general, as the threats faced by organizations have become more sophisticated, it has become clear that single-factor authentication is no longer enough to protect data and systems.

Organizations must implement additional layers of security, and MFA is an essential part of that process. Therefore, when selecting an MFA solution, it is important to consider your firm’s needs and choose a solution that will be easy to use and manage by both your IT team and your end-users.

Reach out to our security experts for help in determining which is the right solution for your business and security needs. We can help you assess your risk exposure, determine any compliance requirements for your sector, and evaluate the ease of deployment and implementation necessary, along with other factors.


About Chris

As Chief Technology Officer at Coretelligent, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development. Click here to learn more about Chris.

What is the CIA Triad?

CIA Triad

What is the CIA Triad?

The CIA Triad is a fundamental cybersecurity model that acts as a foundation in the development of security policies designed to protect data. The three letters in CIA Triad stand for Confidentiality, Integrity, and Availability.

In theory, the CIA Triad combines three distinct means of interacting with data to create a model for data security. First, the principle of confidentiality requires that only authorized users have access to data within a system.

The second tenet of integrity imparts the necessity of the trustworthiness and veracity of data. The final component of availability dictates that data must be accessible where and when users need it. The intersection of these three concepts is a guiding framework for protecting digital information.

What Are the Origins of the Triad?

As much as the name implies, the CIA Triad is not related to the Central Intelligence Agency; although, their cyber security program almost assuredly utilizes the model.

The individual principles have existed since even before computer data became a reality in the mid-twentieth century. And they were independently utilized in data security since then, but it is not known when the tenets were first thought of as a triad.

The term is mentioned in the 1998 book Fighting Computer Crime, and it appeared to be the standard among security practices at that time. No matter when the idea of the Triad was first conceptualized, the principles have long been in use by security professionals who understood the need to make information more secure.

Where Does the CIA Triad Fit into Cybersecurity?

Effective protection of digital assets begins with the principles of the CIA Triad. All three tenets are necessary for data protection, and a security incident for one can cause issues for another. Although confidentiality and integrity are often seen as at odds in cybersecurity (i.e., encryption can compromise integrity), they should be balanced against risks when designing a security plan.

The CIA Triad forces system designers and security experts to consider all three principles when developing a security program to protect against modern data loss from cyber threats, human error, natural disasters, and other potential threats. It is a springboard for conceptualizing how information should be protected and for determining the best way to implement that protection within a given environment.


Related Content →  The Future of Analytics is in Data Governance: Are You Prepared?


A Deeper Look at the Three Pillars in Action

Remember that the CIA Triad is made up of the core tenets: confidentiality, integrity, and availability. CIA Triad

  1. Confidentiality refers to protecting information such that only those with authorized access will have it.
  2. Integrity relates to the veracity and reliability of data. Data must be authentic, and any attempts to alter it must be detectable.
  3. Availability is a crucial component because data is only useful if it is accessible. Availability ensures that data can be accessed when needed and will continue to function when required.

That’s the theory behind the Triad. Now, we will take a look at how Triad is put into action cyber security strategy with some real-life examples.

→ Putting Confidentiality into Practice:

  1. Data encryption is one way to ensure confidentiality and that unauthorized users cannot retrieve data for which they do not have access.
  2. Access control is also an integral part of maintaining confidentiality by managing which users have permissions for accessing data.
  3. Life science organizations that utilize patient data must maintain confidentiality or violate HIPAA.

→ Putting Integrity into Practice: 

  1. Event log management within a Security Incident and Event Management system is crucial for practicing data integrity.
  2. Implementing version control and audit trails into your IT program will allow your organization to guarantee that its data is accurate and authentic.
  3. Integrity is an essential component for organizations with compliance requirements. For example, a condition of the SEC compliance requirements for financial services organizations requires providing accurate and complete information to federal regulators.

→ Putting Availability into Practice:

  1. Employing a backup system and a disaster recovery plan is essential for maintaining data availability should a disaster, cyber-attack, or another threat disrupt operations.
  2. Utilizing cloud solutions for data storage is one way in which an organization can increase the availability of data for its users.
  3. As the reliance on data analytics expands, the need for data to be available and accessible grows for sectors like financial services and life sciences.

Is the CIA Triad Limited as a Cyber Security Strategy?

As the amount of data explodes and as the complexity of securing that data has deepened, the CIA Triad may seem to be an oversimplification of the reality of modern-day cyber security strategy. However, it is critical to remember that the Triad is not actually a strategy; but instead, it is a starting place from which a security team can create a strategy.

It is a foundational concept on which to build a full-scale, robust cyber security strategy. It cannot eliminate risk, but it can help prioritize systemic risks to address them better. Additionally, the CIA Triad cannot prevent all forms of compromise, but it helps reduce the likelihood of unnecessary exposure and can help decrease the impact of a cyber attack.


Related Content → Is Your Security Posture Negligent? Not with Multi-layered Cybersecurity.


Why the CIA Security Triad is Essential

The Triad is essential because it is a reliable and balanced way to assess data security. It weighs the relationship between confidentiality, integrity, and availability from an overarching perspective. The framework requires that any attempt to secure digital information will not weaken another pillar of defense.

Additionally, the CIA Triad effectively identifies risk factors in IT systems. It is also a gateway for even more advanced risk assessment and management tools, such as the Common Vulnerabilities and Exposures (CVE) list and the National Vulnerability Database.

How Does Coretelligent Utilize the CIA Triad?

Coretelligent incorporates the core tenets of the CIA triad into our cybersecurity, managed IT services, cloud solutions, and more. In addition, we practice defense in depth strategy, which is a system of overlapping layers of protection that range from easy-to-implement controls to complex security measures.

These layers are designed to create an interlocking barrier, not unlike the security system at your home.

We guide our clients on how best to balance making their data secure, available, and reliable. To learn more about our solutions, reach out for a consultation with our team.


Related Content →  Evaluate your security readiness with our  Cybersecurity Checklist.


Russian Cyber Attacks

 Russian Cyber AttacksPresident Biden released a statement Monday warning about “evolving intelligence that the Russian Government is exploring options for potential cyberattacks” on U.S. targets. He is urging the private sector to “harden your cyber defenses immediately by implementing the best practices.”

This warning about Russian cyber attacks comes on the heels of recent alerts about the possibility of increased cyber threats, but this is the first time the U.S. government has mentioned specific intelligence around cyberattacks.

“Today, we are reiterating those warnings, and we’re doing so based on evolving threat intelligence that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States,” said Deputy National Security Advisor Anne Neuberger in a press briefing Monday.

Specific details about the cyber threat intelligence were not shared. However, during Monday’s White House briefing, Deputy Advisor Neuberger said that Russia had been conducting “preparatory activity,” which could mean scanning websites and hunting for vulnerabilities. She went on to say, “There’s a range of activity that malicious cyber actors use, whether they’re nation state or criminals.”

The Cybersecurity and Infrastructure Agency (CISA) and other government agencies have been urging private sector organizations to prepare for potential cyber incidents resulting from Russia’s invasion of Ukraine. They issued a Shield’s Up alert earlier this month but mentioned that there had been no specific threats uncovered at that point.

However, with this latest statement from the White House, the threat landscape has changed. As a result, there is no longer time to delay hardening your cyber defenses.

How to Prepare Your Organization for Possible Russian Cyber Attacks?

We have put together this checklist to help your organization evaluate its current level of preparedness considering these latest threats.

Follow Good Cyber Hygiene and Stay extra vigilant

  • Think before you click a link or open an email attachment.
  • Be wary of new social media requests.
  • Encourage employees to report suspicious emails, links, or requests.
  • Review and update passwords to ensure they are unique and complex—including home devices for those working remotely.

Reduce the likelihood of a damaging cyber intrusion

  • Institute Multi-Factor Authentication (MFA).
  • Utilize a Virtual Private Network (VPN).
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities.

Take steps to quickly detect a potential intrusion

  • Utilize antivirus and antimalware software to protect devices and networks.
  • If working with Ukrainian or Russian connections, take extra care to monitor, inspect, and isolate traffic from those organizations.

Ensure that your organization is prepared to respond if an intrusion occurs

  • Assure business continuity by designating a crisis-response team.
  • Review policies and procedures around incident response.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize your resilience to a destructive cyber incident

  • Test backups to ensure data can be restored within acceptable point and time objectives.
  • Identify critical vendors and understand how their services disruptions could impact your business.

To find out how you can further protect your organization, reach out to our security experts to learn more about our multi-layered security solutions.

Critical Infrastructure Sectors Target of Cybersecurity Bill

Critical Infrastructure Sectors Target of Cybersecurity Bill

Earlier this month, the U.S. Senate unanimously passed a major piece of cybersecurity legislation. It requires companies in key sectors identified as critical infrastructure to report significant cyberattacks to the government within 72 hours. The legislation will have far-reaching impacts across most sectors.

The introduction of the Strengthening American Cybersecurity Act of 2022 comes as federal officials broadcast the likelihood of strengthening cybersecurity requirements as a national security response. The escalating conflict in Ukraine has only increased concerns that the United States could be the target of Russian cyberattacks.

Sen. Gary Peters of Michigan, the co-author of the bills, said: “As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government.”

The legislation, which still must pass the House, would require critical infrastructure owners and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours if they experience a cyberattack.

Several members of the U.S. House of Representatives, including Yvette Clarke and John Katko, both of New York, are working with Peters and Senator Rob Portman of Ohio to pass the bill in the House.

CISA identifies sixteen critical infrastructure sectors that provide essential services and are considered so vital that crippling cyber attacks would have a “debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Accordingly, these sectors are the target of the changes proposed within the Act.

What Are Considered Critical Infrastructure Sectors?

Critical Infrastructure Sectors Target of Cybersecurity Bill

Organizations within these sectors will have 12-18 months after passage of the Strengthening American Cybersecurity Act to implement these and other policies and practices:

  • Adopt Zero Trust, which is a shift away from the current practice of trusting all devices and traffic within a trusted network. Instead, zero trust applies security controls to ensure that employees have the appropriate access to the resources they need and that access is continuously assessed.
  • Apply the Principle of Least Privilege in managing access to data. With this approach to information security, end-users are given the minimum levels of access possible, and access to higher levels of access is reviewed regularly.
  • Execute improved mobile security standards and enhanced mobile device management (MDM). Implementing MDM allows IT departments to monitor, manage, and secure employees’ mobile devices that contain or access company assets.
  • Identify and strengthen protections for systems likely to be targeted by ransomware. In addition, prepare for potential breaches by having an incident response plan and practice implementing it with tabletop exercises.

Reach out to our security experts to learn how your organization can get a jump on protecting your business from cyber threats and comply with all current and future requirements. Coretelligent offers robust multi-layered cybersecurity solutions to keep your organization secure and compliant. With over 16+ years of experience helping clients navigate IT compliance regulations and strengthening their cybersecurity programs, we can help your firm understand and meet its regulatory requirements.

increased cyberattacks

Shields Up increased cyberattacksThe Cybersecurity & Infrastructure Security Agency (CISA), the U.S. Intelligence Community, law enforcement, and other agencies recently issued a Shields Up alert regarding a potential increase in cyberattacks related to Russia’s military action against Ukraine and subsequent sanctions against the Russian government and related entities.

While no specific cyber threats against U.S. targets have been identified, U.S. agencies and security experts recommend that all public and private sector organizations adopt a heightened cyber security posture.

They are warning about increased data breaches and ransomware attacks, and other types of attacks, not unlike what was seen in 2017 with the NotPeyta malware. Recent weeks saw distributed denial-of-service attacks (DDoS) on government websites and the discovery of HermeticWiper malware in Ukraine. In the past, Homeland Security and the FBI have accused what they called “Russian government cyber actors” of targeting energy, healthcare, and other critical infrastructure sectors in the U.S.

“From this point forward, military conflicts will extend into cyberspace,” shares Gregory H. Winger, assistant professor of political science, School of Public and International Affairs, and faculty fellow at the Center for Cyber Strategy and Policy at the University of Cincinnati in a recent article in CSO. He goes on to say about Wiper malware, “I have not seen any indications yet that this current campaign or malware has spread much beyond Ukraine. However, there are elements that appear to be patterned on NotPetya, which did go global.”

Guidance for Organizations

CISA is recommending U.S. businesses take a variety of actions considering the current situation, including, but not limited to:

Reduce the likelihood of a damaging cyber intrusion

Take steps to quickly detect a potential intrusion

    • Utilize antivirus/antimalware software to protect your entire network.
    • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations.

Ensure that the organization is prepared to respond if an intrusion occurs

    • Assure business continuity by designating a crisis-response team.
    • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization’s resilience to a destructive cyber incident

    • Test backup procedures to ensure rapid restoration of critical data.
    • Test manual controls industrial control systems and operational technology to ensure that essential functions remain operable.

Additional recommendations from Coretelligent’s security experts include:

Stay extra vigilant

    • Think before you click a link or open an email attachment.
    • Be wary of new social media requests.

Prepare for further equipment delays

    • An already stressed global supply chain is vulnerable to the U.S. chip industry’s reliance on Ukrainian-sourced neon and other exports.

Ensure readiness to respond to a cyber incident

    • Review policies and procedures around incident response.

How to Protect Your Organization?

If you are concerned that your organization’s current cybersecurity posture is not robust enough to sufficiently handle the intensified conditions, reach out to learn more about Coretelligent’s multi-layered cybersecurity solutions.

CoreArmor is a customizable cybersecurity platform that provides a solid foundation of cybersecurity protections and can resolve specific security concerns and issues based on your business needs. Powered by AlienVault’s enterprise-class Unified Security Management® (USM) platform, CoreArmor delivers the following:

  • Managed Detection and Response (MDR) – End-to-end, round-the-clock expert monitoring and threat response.
  • 24x7x365 US-based Security Operations Center (SOC) – Intrusion detection monitoring and response in real-time.
  • Security Automation and Orchestration – Provides accelerated reaction time and extended protection.
  • Cloud Protection – Real-time monitoring of cloud infrastructure.
  • Geolocation – Identity suspicious login activity.
  • Behavioral Monitoring and Endpoint Detection & Response (EDR) – Monitor, collect, respond, and analyze endpoint data to identify threats and threat patterns.
  • SIEM and log management – Allows for expert human analysis and remediation.