As cyber threats continue to increase, businesses must take proactive steps. They need to protect their sensitive data and assets from cybercriminals. Threats to data security are persistent and they come from many different places.  

Today’s offices are digitally sophisticated. Just about every activity relies on some type of technology and data sharing. Hackers can breach these systems from several entry points including computers, smartphones, cloud applications, and network infrastructure.

It’s estimated that cybercriminals can penetrate 93% of company networks.

One approach that can help organizations fight these intrusions is threat modeling. Threat modeling is a process used in cybersecurity that involves identifying potential threats and vulnerabilities to an organization’s assets and systems.

Threat modeling helps businesses prioritize their risk management and mitigation strategies. The goal is to mitigate the risk of falling victim to a costly cyber incident.

Here are the steps businesses can follow to conduct a threat model.

Identify Assets That Need Protection

The first step is to identify assets that are most critical to the business. This includes sensitive data, intellectual property, or financial information. What is it that cybercriminals will be going after?

Don’t forget to include phishing-related assets. Such as company email accounts. Business email compromise is a fast-growing attack that capitalizes on breached company email logins. Some hackers are even known to use reply-chain phishing attacks after gaining access to a businesses email.

Identify Potential Threats

The next step is to identify potential threats to these assets. Some common threats could be cyber-attacks such as phishing. Others would be ransomware, malware, or social engineering.

Another category of threats could be physical breaches or insider threats. This is where employees or vendors have access to sensitive information.

Remember, threats aren’t always malicious. Human error causes approximately 88% of data breaches. So, ensure you’re aware of mistake-related threats, such as:

• The use of weak passwords
• Unclear cloud use policies
• Lack of employee training
• Poor or non-existent BYOD policies

Are your employees trained to spot real world threats such as phishing and business email compromises? Visit us here to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.

Assess Likelihood and Impact

Once you’ve identified potential threats, take the next step. This is to assess the likelihood and impact of these threats. Businesses must understand how likely each threat is to occur. As well as the potential impact on their operations, reputation, and financial stability. This will help rank the risk management and mitigation strategies.

Base the threat likelihood on current cybersecurity statistics as well as a thorough vulnerability assessment. It’s best this assessment is by a trusted 3rd party IT service provider, such as Databranch. If you’re doing your assessment with only internal input, you’re bound to miss something.

Prioritize Risk Management Strategies

Next, prioritize risk management strategies based on the likelihood and impact of each potential threat. Most businesses can’t tackle everything at once due to time and cost constraints. So, it’s important to rank solutions based on the biggest impact on cybersecurity.

Some common strategies to consider include implementing:

• Access controls
• Firewalls
• Intrusion detection systems
• Employee training and awareness programs
• Endpoint device management

Businesses must also determine which strategies are most cost-effective. They should also align with their business goals.

Continuously Review and Update the Model

Threat modeling is not a one-time process. Cyber threats are constantly evolving. Businesses must continuously review and update their threat models. This will help ensure that their security measures are effective. As well as aligned with their business objectives.

Benefits of Threat Modeling for Businesses

Threat modeling is an essential process for businesses to reduce their cybersecurity risk. Identifying potential threats and vulnerabilities to their assets and systems is important. It helps them rank risk management strategies. As well as reduce the likelihood and impact of cyber incidents.

Here are just a few of the benefits of adding threat modeling to a cybersecurity strategy.

Improved Understanding of Threats and Vulnerabilities

Threat modeling can help businesses gain a better understanding of specific threats. It also uncovers vulnerabilities that could impact their assets and identifies gaps in their security measures and helps uncover risk management strategies.

Ongoing threat modeling can also help companies stay out in front of new threats. Artificial intelligence is birthing new types of cyber threats every day. Companies that are complacent can fall victim to new attacks.

Cost-effective Risk Management

Addressing risk management based on the likelihood and impact of threats reduces costs. It can optimize company security investments while ensuring that businesses divide resources effectively and efficiently.

Business Alignment

Threat modeling can help ensure that security measures align with the business objectives. This can reduce the potential impact of security measures on business operations. It also helps coordinate security, goals, and operations.

Reduced Risk of Cyber Incidents

By implementing targeted risk management strategies, businesses can reduce risk. This includes the likelihood and impact of cybersecurity incidents. This will help to protect their assets. It also reduces the negative consequences of a security breach.

Get Started with Comprehensive Threat Identification

Wondering how to get started with a threat assessment? Our experts can help you put in place a comprehensive threat modeling program. Give us a call today at 716-373-4467 x115 or info@databranch.com to schedule a discussion.

Article used with permission from The Technology Press.

Read More

What is Ransomware?

Ransomware is a type of malware that encrypts data on a computer or network into an unreadable format until a sum of money, or ransom, is paid.

How does Ransomware Work?

When run, ransomware will scan the file storage disk for files to encrypt – typically documents, spreadsheets, etc. The files are encrypted with a key that only the attackers know, thus preventing your access to the files. Then, threat actors hold you files hostage, demanding a ransom to be paid for you to get your access back.

How do Hackers Sneak into an Environment?

Hackers are stealthy and can sneak in using many different approaches. Here are a few of the most popular ways that hackers gain access:

• Phishing: This is when a threat actor tricks someone into handling over their sensitive, personal information, such as a credit card or Social Security number. The victim believe they’re handing over their information to a trustworthy resource when in reality, they’re giving their information to threat actors.
• Public-Facing Vulnerabilities: Threat actors scour the internet looking for systems with known vulnerabilities. Then, they exploit them to gain access to the environment.
• Drive-By Downloads: This is when someone navigated to a malicious webpage and unknowingly downloads malicious code to their computer – all by visiting the webpage.
• Purchased Access: There’s a marketplace for everything these days, and cyberattacks are no exception. The dark web is a treasure trove of hackers for hire and deployable ransomware for download.

Ransomware Prevention

1. Keep your computer updated and patched.
2. Verify, then trust.
3. Make sure your connection to a site is secure before submitting any personal information.
4. Stay up-to-date on the latest cybersecurity education.

Ransomware Detection

Prevention is only part of the puzzle. Some attacks are virtually impossible to prevent. It all comes down to fast detection and response times, which help you combat tomorrow’s threats that may not be detectable today.

The most efficient way to detect ransomware is to leverage the tools in your security stay. 

Secure your business with a cybersecurity platform that secure your business and detects hackers. To protect our managed clients, we deploy a suite of cybersecurity tools that are backed by a 24/7 Threat Operations Center that worked to protect your assets and evict malicious actors.

Reach out to Databranch today at 716-373-4467 x115 or info@databranch.com to learn more.

Read More

Buyer beware – software programs or tools that claim the ability to conduct a risk assessment by scanning your network with little to no human interaction should raise concern!

These tools will generally do a nice job discovering vulnerabilities that exist in your technology environment, but vulnerabilities are not risks by default. 

Is you business familiar with vulnerability assessments and their benefits? If not, visit our website here to learn more about the benefits and how they can enhance your cybersecurity posture.

What is Needed

Risk requires the presence of a vulnerability PLUS the action of threat actor.

To illustrate this concept using an example from the tangible world, lets visualize a car. The car is parked, and the doors are unlocked. A premature conclusion would be to state that the doors being unlocked translates to risk. If you apply critical thought however, you will discover that the unlocked doors are simply a vulnerability that could be exploited.

You would need more information to determine actual risk. Is there anything valuable in the car? What is the crime rate associated with the place the car is parked? What would the impact be if someone gained access to the car? Who would attempt to gain access to the car? Are there other compensating controls in place, like a security camera? The same logic applies to the digital world.

The presence of vulnerabilities like unpatched computers or misconfigured devices will contribute to the likelihood of a risk event occurring, but it is shortsighted to say that vulnerabilities equal risk. That statement simply is not true.

A risk assessment requires critical thought to occur beyond the discovery of vulnerabilities by software tools. It requires critical thinking and the use of logic and reason. All of which made capable by the involvement of qualified human beings during the risk assessment process.

Relying on the arbitrary risk statements and scores created by software tools that simply discover vulnerabilities in your network, can lead to a false understanding of your actual risk profile. This can then easily lead to the wasteful allocations of resources – intended to reduce risk – but end up remediating a vulnerability instead.

What Happens After the Assessment?

Typically, a vulnerability assessment can be completed in a day or two. The results of a vulnerability assessment are documented and provided to the stakeholder complete with recommendations around remediating any weaknesses found.

Security shortcomings found during a vulnerability assessment can almost always be fixed. Many times, the fixes are very easy to accomplish. Roughly 60% of all reported cybersecurity breaches occurred because the bad actors exploited common vulnerabilities and exposures (CVE).

This means that roughly 60% of all reported cybersecurity breaches could have been prevented if the victim had simply conducted a vulnerability assessment and made small improvements to their cybersecurity posture that would have eliminated a substantial amount of risk. 

Interested in setting up a vulnerability assessment? Contact Databranch today at 716-373-4467 x115, info@databranch.com , or fill in the form below to set up a meeting with one of our experienced team members.

Not only will we help with the assessment, but our team of highly trained engineers will help your business prioritize based on your specific business needs.

Content was provided courtesy of CyberStone.

Read More

Technology vulnerabilities are an unfortunate side effect of innovation. When software companies push new updates, there are often weaknesses in the code. Hackers exploit these weaknesses until software makers address the vulnerabilities with a security patch. The cycle continues with each new software or hardware update.

It’s estimated that about 93% of corporate networks are susceptible to hacker penetration. Assessing and managing these network weaknesses isn’t always a priority for organizations. Many suffer breaches because of poor vulnerability management.

61% of security vulnerabilities in corporate networks are over 5 years old.

Many types of attacks take advantage of unpatched vulnerabilities in software code. This includes ransomware attacks, account takeover, and other common cyberattacks.

Whenever you see the term “exploit” when reading about a data breach, that’s an exploit of a vulnerability. Hackers write malicious code to take advantage of these “loopholes.” That code can allow them to elevate privileges, run system commands or perform other dangerous network intrusions.

Putting together an effective vulnerability management process can reduce your risk. It doesn’t have to be complicated. Just follow the steps we’ve outlined below to get started.

Vulnerability Management Process

Step 1. Identify Your Assets

First, you need to identify all the devices and software that you will need to assess. You’ll want to include all devices that connect to your network, including:

• Computers
• Smartphones
• Tablets
• IoT devices
• Servers
• Cloud services

Vulnerabilities can appear in many places. Such as the code for an operating system, a cloud platform, software, or firmware.  So, you’ll want a full inventory of all systems and endpoints in your network.

This is an important first step, so you will know what you need to include in the scope of your assessment.

Step 2: Perform a Vulnerability Assessment

Next will be performing a vulnerability assessment. This is usually done by an IT professional, such as Databranch, using assessment software. This could also include penetration testing.

During the assessment, the professional scans your systems for any known vulnerabilities. The assessment tool matches found software versions against vulnerability databases.

For example, a database may note that a version of Microsoft Exchange has a vulnerability. If it detects that you have a server running that same version, it will note it as a found weakness in your security.

Learn more about the benefits of penetration testing here.

Step 3: Prioritize Vulnerabilities by Threat Level

The assessment results provide a roadmap for mitigating network vulnerabilities. There will usually be several, and not all are as severe as others. Next, you will need to rank which ones to address first.

At the top of the list should be the ones that experts consider severe. Many vulnerability assessment tools will use the Common Vulnerability Scoring System (CVSS). This categorizes vulnerabilities with a rating score from low to critical severity.

You’ll also want to rank vulnerabilities by your own business needs. If a software is only used occasionally on one device, you may consider it a lower priority to address. While a vulnerability in software used on all employee devices, you may rank as a high priority.

Step 4: Remediate Vulnerabilities

Remediate vulnerabilities according to the prioritized list. Remediation often means applying an issued update or security patch. But it may also mean upgrading hardware that may be too old for you to update.

Another form of remediation may be ringfencing. This is when you “wall off” an application or device from others in the network. A company may do this if a scan turns up a vulnerability for which a patch does not yet exist.

Increasing advanced threat protection settings in your network can also help. Once you’ve remediated the weaknesses, you should confirm the fixes.

Here at Databranch, our Managed Service plans offer proactive monitoring tools that helps us detect threats before they can impact your network. They also provide increased protection from malware, ransomware, and phishing compromises. Read more about the benefits of Managed Services here.

Step 5: Document Activities

It’s important to document the vulnerability assessment and management process. This is vital both for cybersecurity needs and compliance.

You’ll want to document when you performed the last vulnerability assessment.  Then document all the steps taken to remediate each vulnerability. Keeping these logs will be vital in the case of a future breach. They also can inform the next vulnerability assessment.

Step 6. Schedule Your Next Vulnerability Assessment Scan

Once you go through a round of vulnerability assessment and mitigation, you’re not done. Vulnerability management is an ongoing process.

In 2022, there were over 22,500 new vulnerabilities documented. Developers continue to update their software continuously. Each of those updates can introduce new vulnerabilities into your network.

It’s a best practice to have a schedule for regular vulnerability assessments. The cycle of assessment, prioritization, mitigation, and documentation should be ongoing. This fortifies your network against cyberattacks. It removes one of the main enablers of hackers. 

Get Started with a Vulnerability Assessment

Take the first step towards effective vulnerability management. We can help you fortify your network against attacks. Contact us today at 716-373-4467 x 115 or info@databranch.com to schedule a vulnerability assessment to get started. You can also fill out the form below to request your free baseline security assessment.

Article used with permission from The Technology Press.

Read More

One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out and get replaced by new tools. Continuing to use discontinued technology can leave computers and networks vulnerable to attacks.

While older technology may still run fine on your systems that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach.

Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a cybersecurity breach.

Approximately 1 in 3 data breaches are due to unpatched system vulnerabilities.

Important reasons to keep your technology updated to a supported version are:

• Reduce the risk of a data breach or malware infection
• Meet data privacy compliance requirements
• To keep a good reputation and foster customer trust
• To be competitive in your market
• To mitigate hardware and software compatibility issues
• To enable employee productivity

Older systems are clunky and get in the way of employee productivity. The efficiency of your employee is only as good as the technology they are working on. Slower machines mean a decrease in progress which can negatively impact your business over time. 

Dig you know that 49% of surveyed workers say they would consider leaving their jobs due to poor technology?

Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use within your business?

Get Rid of This Tech Now If You’re Still Using It

1) Internet Explorer

Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers shadowed it out. Including its replacement, Microsoft Edge.

Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser loses all support beginning on June 15, 2022.

2) Adobe Flash

Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.

The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software. 

3) Windows 7 and Earlier

Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11 are now in widespread use. The Windows 7 OS lost support on January 14, 2020.

While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.

4) macOS 10.14 Mojave and Earlier

Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.

If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple and you should consider an upgrade.

5) Oracle 18c Database

If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.

The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.

6) Microsoft SQL Server 2014

Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. Plus, in July of 2024 all support, including security updates will stop.

This gives you a little more time to upgrade before you’re in danger of not getting security patches. However, it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.

Get Help Upgrading Your Technology & Reducing Risk

Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues. We can help you upgrade your technology smoothly and do thorough testing afterward. You can also contact Databranch today at 716-373-4467, info@databranch.com , or fill in the form below  to set up a vulnerability assessment.

Article used with permission from The Technology Press.

Read More

Conducting a vulnerability assessment is important because the exercise will identify security flaws that exist in your IT environment before they are discovered by a malicious computer hacker. Once the vulnerabilities are discovered you can correct them and lower your risk of becoming a victim of a cybersecurity attack.

What Will a Vulnerability Assessment Do?

A vulnerability assessment will discover common security weaknesses such as:

• Operating systems and applications that are not current with the latest security updates or patches.
• Unsecure legacy operating systems that are no longer supported by manufacturer.
• Open ports on perimeter defenses and other devices that allow malicious attackers to easily gain access to your private computer network.
• All Common Vulnerabilities and Exposures (CVE) that exist on the computer network.

Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. There are currently over 163 thousand CVE records catalogued and made publicly available by the CVE program. You can explore the database at www.cve.org.

Why does this matter? Because it is important to recognize that new information security flaws are discovered regularly and then shared publicly. Sharing the information is not restrictive. Everyone can search the CVE database, including the hackers that intend to attack your computer network!

What Happens After the Assessment?

Executing routine vulnerability assessments will discover all the known vulnerabilities on your network before the bad actors have an opportunity to exploit them. Vulnerability assessments are nonintrusive and not disruptive.

Typically, a vulnerability assessment can be completed in a day or two. The results of a vulnerability assessment are documented and provided to the stakeholder complete with recommendations around remediating any weaknesses found.

It is important to conduct vulnerability assessments regularly, at least every quarter if not more frequently. This is due to the dynamic nature of information technology. Many changes occur on a day-to-day basis that can introduce new exposures associated with information security. Examples include:

• The introduction or removal of employees and business process.
• The implementation or elimination of hardware, software, or business applications.
• Configuration changes made to any element of the technology environment.
• Newly discovered bugs and flaws found in off the shelf commercial software products.

Security shortcomings found during a vulnerability assessment can almost always be fixed. Many times, the fixes are very easy to accomplish. Roughly 60% of all reported cybersecurity breaches occurred because the bad actors exploited common vulnerabilities and exposures (CVE).

This means that roughly 60% of all reported cybersecurity breaches could have been prevented if the victim had simply conducted a vulnerability assessment and made small improvements to their cybersecurity posture that would have eliminated a substantial amount of risk. 

Read More