Remote Code Execution Vulnerability Affecting FortiOS and FortiProxy (CVE-2023-33308)

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects proxy policies and/or firewall policies with proxy mode and SSL deep packet inspection enabled. This CVE was discovered and responsibly disclosed to Fortinet by security researchers. At this time, exploitation has not been observed in the wild, and a proof of concept (PoC) exploit has not been published publicly.

If you are an ISG customer that utilizes our firewall management services, we have already addressed these vulnerabilities unless we haven’t been able to reach you. Please contact us or reach out to your ISG representative to schedule service or if you need assistance.

Summary

As demonstrated in CISA’s Known Exploited Vulnerabilities Catalog, threat actors have actively exploited Fortinet vulnerabilities in the past. Due to the severity of the vulnerability and the fact that similar vulnerabilities have been weaponized by threat actors, ISG and our security partners strongly recommend upgrading to the latest available versions of FortiOS and FortiProxy on all affected devices.

Impacted Products

ProductsVulnerable VersionsPatched Versions
FortiOS7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0FortiOS version 7.4.0 or above
FortiOS version 7.2.4 or above
FortiOS version 7.0.11 or above
FortiProxy7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0FortiProxy version 7.2.3 or above
FortiProxy version 7.0.10 or above

ISG Technology is working with our security partners to monitor intelligence sources for campaigns linked to active exploitation of this vulnerability.

Recommendations

Please follow your organization’s patching and testing guidelines to avoid any operational impact.

Recommendation #1: Upgrade to the Most Recent Version Release

ISG and our security partners strongly recommend updating to one of the following versions outlined in the table below to remediate the newly discovered vulnerability

ProductsVulnerable VersionsPatched Versions
FortiOS7.2.3, 7.2.2, 7.2.1, 7.2.0, 7.0.10, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0FortiOS version 7.4.0 or above
FortiOS version 7.2.4 or above
FortiOS version 7.0.11 or above
FortiProxy7.2.2, 7.2.1, 7.2.0, 7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0FortiProxy version 7.2.3 or above
FortiProxy version 7.0.10 or above

Workaround: Disable HTTP/2 support on SSL Inspection Profiles

If you are unable to upgrade to the versions above, Fortinet recommends in their advisory to disable HTTP/2 support on SSL inspection profiles used by proxy policies or firewall policies with proxy mode, to mitigate the vulnerability.

Fortinet’s example with custom-deep-inspection profile:

References

Please see the following references for more information.

Fortinet Advisory

NVD-CVE Details

Need Help?

If you need help with any of these patches, please contact us or talk to your ISG Representative.

Recommendations for Mitigating Cyber Risks During Russia/Ukraine Conflict

The White House has warned about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. To prepare, we recommend all organizations implement the following cybersecurity practices as soon as possible.

Improve Network Monitoring at Your Perimeter

Ensure you have visibility for incoming and outgoing traffic with appropriate safeguards.

  • Monitor and consider blocking high-risk outbound network traffic:
    • SSH (TCP 22)
    • MSRPC (TCP 135)
    • SMB (TCP 139, 445)
    • Unsecured LDAP (TCP 389)
    • Secured LDAP (TCP 636)
    • MSSQL (TCP 1433)
    • RDP (TCP/UDP 3389)
    • WinRM (TCP 5985, 5986)
  • Review your WAF configuration and set to blocking mode to mitigate zero-day attacks.
  • Log, correlate, and review events. Focus on threat intelligence, lower alerting thresholds if possible, and be aware of risk patterns associated with Russian actor tactics, techniques, and procedures (TTPs).

Create Contingency Plans to Disconnect High Risk External Connections

Preparedness, control, and proactiveness are key in a successful defense.

  • Inventory any unfiltered VPNs and other vendor/contractor connections. Make sure you have monitoring in place and understand access risks.
  • Limit traffic destinations for high-risk protocols wherever possible (see column to the left).
  • Watch for collateral damage and propagation via automation. NotPetya showed us that poorly monitored and unpatched interconnected systems provide reliable attack surfaces.
  • Perform tabletop exercises to ensure readiness during any disruptive event and at least annually. Ensure all your key resources have current contact information and can support business continuity on short notice.
  • Validate your backup and recovery processes.

Bolster Your Security Awareness Program

Educating end users will lower your risk from malware and social attack vectors.

  • Implement or execute a simulated phishing campaign. These attacks are usually carried out via email but now are frequently delivered via SMS, phone calls, and social
  • media. Ensure your employees are vigilant.
  • Reassess your password standard. Encourage pass phrases and strong passwords: easy to remember, hard to guess. Use a secure password manager to reduce call
  • center events due to users who use complex, hard-to-guess passwords.
  • Implement MFA on any external ingress points. Consider expanding scope to those that don’t store or transmit sensitive information. If they pose a risk by being able to pivot to other systems if compromised, assume the worst.
  • Timely and effective communication is paramount. Consider the human factor: most people are scared during conflicts. You’ll receive the best outcome by keeping your communications simple, actionable, and direct while delivering with calmness.

Improve Your Rigor Around Patching and Update Consistently

Poorly monitored, unpatched assets create additional risk.

  • Ensure your assets are patched and up to date (computer systems, mobile devices, applications, etc.). Automatic updates are strongly encouraged.
  • Ensure your endpoint detection and response agents are active, receiving threat intelligence feeds, and set to protect/block risks.
  • Enable an allow-listing policy on your EDR solution (which files can execute). Recent attacks have showed Russian actors have misused legitimate drivers from trusted vendors, such as EaseUS (Partition Master), to weaponize wiper attacks and in some cases bypass poorly configured or mismanaged EDR/MDR.
  • Look for behavioral evidence or network and host-based artifacts from known Russian state-sponsored TTPs. Table 1 from CISA’s Alert (AA22-011A) lists commonly observed TTPs.

Webinar: Cyber Insurance. And The War On Ransomware.

Cyber insurance is a must-have weapon for all organizations trying to mitigate modern security threats. But the exponential increase in ransomware has created an industry chain reaction – Insurance providers are leaving the market, premiums are on the rise, more security controls are being required, and organizations are left scrambling.

Prepare For The War On Ransomware

In this executive panel discussion, you’ll get actionable advice directly from an industry-leading cyber insurance provider as well as the technology/solution providers actively fighting the war on ransomware. View the full webinar here

What You’ll Learn:

  • The rise of ransomware and industry chain reaction
  • The role of cyber insurance in incident response plans
  • Evaluating your current policy (Good? Bad? Or Ugly?)
  • The increasing controls insurance providers are requiring
  • How business and IT leaders must partner together

Cybersecurity Lingo Every C-Level Executive Should Know

Businesses face various security threats, including ransomware, phishing attacks, computer viruses, and more. With these security threats increasing, managed security services are no longer a luxury—they’re a necessity.

Before business owners and executives can fully understand the advantages of managed security, they need to understand some basic IT security terms. Here’s our glossary of basic cybersecurity terms executives should know:

Business Cybersecurity Basics

  • Cybersecurity – the protection of computers, networks, and infrastructures from digital threats and risks.
  • BYOD – “Bring Your Own Device,” a business policy that allows or requires employees to use their own devices instead of company-provided ones, that can impact cybersecurity.
  • Infrastructure – the physical and organizational assets and framework comprising an entity. In IT, infrastructure includes hardware and equipment like monitors and servers; software; and organizational processes.
  • Network – a group of computers that are digitally connected to enable communication, file sharing, and other data transmissions. Types of networks can include Local Area Networks (LAN), Wide Area Networks (WAN), and many others.
  • Managed IT Services – IT services that provide continual support, generally on a monthly payment plan, to proactively manage IT reliability, infrastructure, and security.
  • Managed Service Provider (MSP) – an IT provider that offers managed services.

Risks, Threats, & Vulnerabilities

  • Threat – an individual or event that has the potential to negatively affect your systems.
  • Vulnerability – a weakness in your security that can be exploited or penetrated.
  • Risk – the probability that your IT will be compromised due to threats, vulnerabilities, etc.
  • Cyber Attack – a deliberate attempt by an individual or group to breach an organization’s network or infrastructure to steal or erase data, cause disruptions, or otherwise cause harm.
  • Data Breach – when an unauthorized user gains access to restricted data. Data breaches are often caused by cyber attacks, but they may also be caused by vulnerabilities in systems or software which can then be exploited.

Types of Cyber Attacks

  • Malware – any malicious software that is harmful to a network, system, or user.
  • Ransomware – a type of malware that blocks access to a system or data until a ransom is paid.
  • Phishing – a type of cyber attack, often in the form of an email, that attempts to manipulate a recipient into giving up personal or financial information.
  • Spear Phishing – a targeted phishing attack where the attacker uses specific information about the victim, such as place of work, interests, or organizations they do business with, to manipulate the victim into giving up information.
  • Virus – a malicious computer program that replicates itself to “infect” other programs after it is triggered by a bad actor.
  • Worm – a piece of malware that self-replicates to infect other programs automatically once it gains access to a computer.
  • Botnet – a network of computers that have been infected with malware and is controlled by a bad actor. A botnet can be used to send a large amount of traffic in a DDoS attack.
  • DDoS Attack- a “Distributed Denial of Service” attack uses a botnet to bombard a website with a huge number of requests in order to to slow or crash the website.
  • Trojan Horse – malware that exploits a “back door” to gain remote access to a computer.
  • Spyware – malware that operates in the background to collect information such as keystrokes, login credentials, and other data, undetected by the user.

Security Tools, Services & Defenses

  • VPN – a Virtual Private Network (VPN) creates a private network on a public internet connection by encrypting your data.
  • Firewall – a network security tool that monitors traffic and prevents unauthorized access based on a set of instructions.
  • Multi-Factor Authentication (MFA) – a password protection tool that requires two or more forms of authentication before allowing a user to log in.
  • Cloud Computing – an umbrella term pertaining to services, products, and platforms hosted on a secure remote server.
  • Security Framework – a set of standards that serves as a structure or guide for security, such as NIST.
  • Threat Detection & Response – the process of monitoring systems to detect and respond to threats.
  • Pen Testing – penetration testing evaluates an organization’s vulnerabilities, generally by attempting to “hack” their network to explore what weaknesses cyber criminals might be able to exploit.
  • Endpoint Protection – security designed to protect endpoints in a network—devices such as computers and mobile devices where users can access the network. This becomes especially important in a remote network, where endpoints may be spread out rather than located in the same physical location.
  • DNS Protection – Domain Name System protection can blacklist potentially dangerous websites, advertisements, and malware to prevent you from being exposed to risks.
  • Managed Protection & Response – a managed security service that proactively searches for vulnerabilities, potential breaches, and suspicious activity and works to remediate them.
  • SIEM – Security Information and Event Management combines security information management and security event management by analyzing security threats in real time.

Digitally Protecting Your Business

ISG Technology is proud to help businesses with their IT support needs by providing 24/7 network monitoring, real-time alerts and notifications, infrastructure maintenance, and more. We make security simple through our Managed Security offering, which mitigates business security risks by utilizing the most advanced cybersecurity tools and practices to protect your company.

Contact us today to protect your business from cyber threats and gain complete confidence in your security.

Enhancing Security from the Cloud to the Edge

As IT infrastructure keeps expanding, first to the Cloud and now to the Edge, businesses must implement a security model that protects both. This means implementing both Zero Trust and SASE. 

A Zero Trust model of cybersecurity follows the X-Files philosophy of “Trust No One” regardless of whether your users are outside or inside your organization. 

A secure access service edge model, or SASE, works by identifying users and devices and then applying policy-based access to the appropriate applications or data. This approach allows you to grant users or devices secure access to your IT infrastructure no matter where your users or devices are located.

To assist our clients in implementing Zero Trust and SASE models of cybersecurity, ISG Technology has partnered with Aruba to leverage the value of their new Aruba Edge Services Platform (ESP). Adding Aruba ESP to your network and security solutions will provide you with the visibility required to deliver a fully Zero Trust cybersecurity solution.

This content is brought to you in partnership with Aruba Networks

Zero Trust Requires Visibility

Zero Trust Security starts with knowing who is on your network at all times. Without visibility, critical cybersecurity controls that support a Zero Trust model are difficult to apply.

Businesses are increasingly relying on AI solutions to help maintain visibility at all times. Aruba ESP uses AI to detect and classify all devices on your network. Aruba ClearPass Device Insight uses both active and passive discovery and profiling techniques to track all the devices connected, or attempting to connect, to your network, including standard devices such as laptops and tablets as well as IoT devices.

Visibility Leads to Access Control

Once you know who is on your network, you can restrict access based on identity and role, defining precisely who can connect to your system and what they can connect to, even for work-from-home networks. 

Applying Zero Trust best practices based on “Least Access” and micro-segmentation are critical next steps. A “Least Access” model grants users and devices only the minimum access they need to perform a task or role and only for the minimum amount of time necessary. 

Micro-segmentation means breaking up your systems into silos, allowing you to allocate users to only the specific systems they require access to in order to perform a role or task.

To further tighten your Zero Trust model and help integrate your security across both Cloud and Edge platforms, you can use an SD-WAN (Software-defined Wide Area Network) to tie everything together. 

An advanced cybersecurity dashboard, such as those used by Aruba Central, provides your IT teams with network-wide visibility to help them monitor and manage network access and address any cybersecurity issues.

Combining Zero Trust and SASE into One Platform

Today’s network environment and threat landscape require a different approach. The past’s perimeter-centric network security was not designed for today’s mobile workforce or emerging IoT devices. 

When possible, all devices and users should be identified and adequately authenticated before granting them network access. In addition to authentication, users and devices should be given the least amount of access necessary to perform their business-critical activities. 

Aruba ESP is an excellent system that makes managing network security both easier and more secure. Contact us to find out how this system can work for your business.

Implementing Security at the Core of Your Infrastructure

To survive as a business these days, you simply can’t afford to ignore security. However, as bad actors and cyber threats continue to evolve, it becomes harder and harder to keep your sensitive data safe—even for the most advanced security operations. 

It’s no longer a question of if your business will get attacked, but when. So, what can you do about it?

The first step is to ensure that you have a multi-layered cybersecurity model. After covering all the standard weaknesses in a network, you can take security one step further by building it into the infrastructure of your system. 

When it comes to built-in security, we recommend HPE Gen10 servers with their new silicon root of trust. These are the most secure servers on the market, and they recognize threats from the moment they begin to launch.

Layer Your Security Measures

First and foremost, you need to make sure you have the proper security measures in place, including:

  • Firewall. A strong and stable firewall is a vital piece of cybersecurity infrastructure, and it is a tried-and-true piece of your organization’s defense against threats and cyber attacks. 
  • Web Security. Web filtering stops threats before they have the chance to reach your network and defends you against online attacks while allowing your employees to continue performing at their highest levels.
  • Email Security. Did you know that one in every eight employees will share information on phishing sites? This means you need to do all you can to prevent phishing attacks by amping up your email security. 
  • Employee Security Awareness. Preventing cyber attacks requires an all-hands-on-deck approach. You’ll need to train employees about cyber threats and the  best practices needed to keep company and personal data secure. 
  • Endpoint Protection. According to Forbes, 70 percent of all threats occur at the endpoint. That means you need to enhance your endpoint protection—the act of securing networks from every access point, including mobile phones and laptops.

To learn more about the steps you should be taking to strengthen your security, read our Digital Handbook: 5 Steps to Strengthen Cybersecurity Posture.

Build Security into the Core

In today’s world of continually evolving and growing cyber threats, you need security that goes beyond the traditional hardware and software layers. That’s why ISG partners with HPE, which has created the silicon root of trust: firmware-level protection that safeguards infrastructure.

Firmware-Level Defenses with HPE

The silicon root of trust is like a fingerprint. It binds all the firmware—UEFI, BIOS, complex programmable logic device, innovation engine, and management engine—into the silicon before the server is even built. 

When the server boots, it first checks to see that the fingerprint is correct. Then it checks through all the firmware systems and if any improper code is found, the server will immediately stop the process and lock down.

Simple Incident Response and Recovery

If a hacker tries to invade the server, they’ll be stopped before the threat can cause any harm, and you will be alerted immediately. 

When a breach is detected, you have three options: 

  1. Recover the server to its last known good state of firmware
  2. Restore factory settings
  3. Choose not to do recovery so that security teams can take the server offline and perform forensics.

A Secure Foundation for Your Infrastructure

Together, the firmware and silicon root of trust create an unbreakable bond that is forged from the beginning of the build process and carried through every element of the HPE supply chain. 

This means that cyber criminals will not be able to attack with malware through the server, bringing your system one step closer to impenetrability.

To learn more about HPE security, explore their Confidence at the Core digital brochure, and contact us for support in implementing this impressive technology.

MSSP, SOCaaS, & Concierge Security Team: Which Outsourced Security Service is Best for My Business?

Business cybersecurity can be challenging to navigate—especially when you have so many services to choose from. 

Though it’s possible for some businesses to tackle their own cybersecurity, it requires hiring several highly skilled specialists, which can be very expensive. For this reason, most companies outsource their security services to providers who come at an affordable rate and have a wider scope, range of resources, and understanding of complex cybersecurity management.

MSSP vs. SOCaaS with a Concierge Security Team

When it comes to outsourced security services, two main options companies consider are 1) hiring an MSSP (Managed Security Service Provider), or 2) opting for a SOCaaS (Security Operations Center as a Service) with a Concierge Security Team. 

Here’s a quick breakdown of what each solution provides:

MSSP: An MSSP or Managed Security Service Provider helps monitor your systems round the clock, while also providing general security management and solutions when threats arise. Their popularity stems from the fact that they are subscription based, meaning they come at an affordable monthly cost. 

SOCaaS: Security Operations Center as a Service extends beyond the basic services offered by many MSSPs and can vary in pricing model. SOCaaS incorporates key tools such as Managed Detection & Response (MDR), compliance, and real-time alerting to give you a more holistic security solution.

Concierge Security Team: A Concierge Security Team is a single point of contact for SOCaaS that facilitates threat detection, response, and mitigation. They act as your security advisor and an extension of your in-house team to provide you with the human element needed to proactively maintain your systems. They help tailor security services to your business needs by integrating solutions into your existing systems, preventing vendor lock-in or expensive equipment replacements.

Many companies opt to combine SOCaaS with a Concierge Security Team so they can benefit from a valuable combination of AI and human expertise.

Pros and Cons of MSSPs

To get a better look at what MSSPs can do for your business, here are some of their pros and cons: 

Pros

  • They are affordable: MSSPs’ services come at an affordable monthly rate to help your business save money. Instead of charging per service like a break-fix model would, MSSPs give you predictable costs so you can budget better.
  • They can supplement an in-house team: MSSPs can be a good solution for businesses who already have an in-house team but need to delegate more basic IT management to an outsourced provider. They can monitor and maintain your systems while your in-house team focuses on more complex projects.

Cons

  • They have a limited scope and few post-intrusion solutions: MSSPs do monitor alerts, but they don’t usually provide proactive threat hunting and incident response. With an MSSP, businesses will often still need an in-house team to manage analysis, triage, and response. 
  • They don’t provide personalized solutions: MSSPs often outsourced to call centers, meaning representatives have little insight into your industry, compliance, and security needs. This can cause resolutions to take longer and be less strategically optimized.
  • They lack visibility: Because MSSP services are more basic, compliance solutions and other broad-view security solutions are generally not included in their services.

Pros and Cons of SOCaaS with a Concierge Security Team

Pros

  • They offer a combination of artificial intelligence and human expertise: As mentioned, many companies choose to go with a combination of SOCaaS and a Concierge Security Team. AI-based tools incorporated in SOCaaS allow for more accurate and proactive threat detection and management, while human IT specialists on your Concierge Security Team act as consultants to provide the most appropriate solutions for your business.
  • They provide custom support and consulting: Working with a Concierge Security Team guarantees personalized service and customized cybersecurity solutions for your business and the industry you’re in. This includes compliance services, giving you a more holistic approach to managing your cybersecurity. 
  • They have greater visibility and ability to provide long-term solutions: A Concierge Security Team will provide triage and response, gaining broader visibility to the threats that face your systems. They can also conduct security posture reviews and provide recommendations based on years of experience and professional certifications to prevent future threats. 

Cons

  • Pricing models for SOCaaS vary: While SOCaaS with a Concierge Security Team is often affordable, pricing models can vary, making it slightly more difficult to budget for business IT. The main reason for pricing differences is that the services offered are much more advanced than an MSSPs and often have a greater scope.
  • They may not be ideal for businesses who already have an in-house team: Businesses who already manage their cybersecurity and are in need of supplemental IT help may not need a SOCaaS with Concierge Security Team solution. They may need a lower-scale, cheaper solution to fill in the gaps.

Find the Right SOCaaS and Concierge Security Team Solution for Your Business 

Finding the right SOCaaS and Concierge Security Team solution to meet  your business needs is vital. Cybersecurity is a necessary function that protects your business against hackers, viruses, malware, and other common threats that can be detrimental to your success. Look for a concierge security team that provides customized, strategic solutions and ongoing support, 24 hours a day, 7 days a week. 

If you’re ready to hire a concierge security team for your business, get in touch to discuss your options and the customized solutions we can provide for your business.

Deal with Breaches Effectively: Managed Detection and Response (MDR)

Business success today revolves around technology. From communicating with your team and clients to storing critical data, almost every operation within modern organizations depends on well-run IT.

With this digital dependency comes the need for businesses to continually enhance the protection of their  technological assets.  Cyberattacks have increased in size and scope over the years, leading experts to predict that worldwide cybersecurity spending will reach $170 billion by 2022. 

Because of the continually advancing nature of cyber threats, more robust cybersecurity methods are necessary to safeguard data. One of those methods is MDR, or Managed Detection & Response. 

Here’s what you need to know about MDR for your business and how it can protect you:

What Is MDR?

Managed Detection & Response (MDR) is an outsourced security service that utilizes both technology and human experts actively search for threats in an organization’s systems and immediately address them. MDR is accomplished using tactics such as continuous network monitoring, threat hunting, incident analysis, and remediation to protect against even highly sophisticated threats.

The Advantages of MDR

While there are many valuable cybersecurity solutions that businesses should invest in, MDR can enhance your protection beyond basic tools. As mentioned, cyber threats are continually advancing and becoming more common, and it is no longer enough for businesses to rely on a firewall or antivirus software alone to protect their systems.

Additionally, many businesses turn to MSSPs (Managed Security Service Providers) in an effort to achieve cybersecurity without understanding their shortcomings. MSSPs have a lesser scope than what is provided in MDR, meaning businesses don’t get the triage and response needed to eliminate false alarms. Instead, the business’s own internal team has to analyze information to determine which potential threats they were alerted for need to be addressed first.

Here are some of the main advantages of MDR as compared to basic tools or MSSP services: 

MDR Combines AI and Human Expertise

With Managed Detection & Response, you get the combined benefit of machine-driven 24/7 security monitoring and human expertise to ensure threats don’t slip through the cracks. This combination of advanced analytics and a human touch means you get fewer false alerts and more custom-tailored support when it comes to addressing potential threats.

In this way, you get the most proactive support. Your team of experts knows how to identify and prevent the latest types of cyberattacks as well as investigate them before taking action—rather than just alerting your IT team to the cybersecurity issue.

MDR Protects Your Business Financially

MDR is provided by outsourced security experts, allowing your business to benefit from a wide range of IT security experts at a more affordable cost. Considering that the average cost of a cybersecurity attack is now more than $1.67 million—and many of these attacks aren’t mitigated by basic security tools— investing in MDR is the clear choice when it comes to protecting your business financially.

MDR Provides Broader Visibility

MDR experts provide a holistic approach to security. Using data collected from threat feeds, OSINT data, and other tools, MDR security teams keep a watchful eye on internal and external networks, the cloud, and all endpoints to ensure maximum protection. They consider businesses’ unique compliance needs (HIPAA, PCI DSS, etc.) as well as the specific context of threats so they can provide long-term solutions that will improve a company’s cybersecurity posture. 

Take Your Security to the Next Level

Using a Managed Detection & Response service is a great way to take your cybersecurity plan to the next level. When you choose MDR, you gain access to a team of well-trained experts as well as the latest software that will carefully monitor any security threats and vulnerabilities within your system. 

Your MDR team can keep you updated on potential problems while also limiting unnecessary alerts and taking quick action when there’s a true threat to your business. And once the threat has been eliminated, the team will investigate the incident to determine how to prevent such attacks in the future.

If you’re interested in reducing the chance of cybersecurity attacks on your company—as well as minimizing the damage and recovery time if they do occur—you should consider using an MDR service to improve security for your business. Contact ISG Technology today to learn how we can help you through our Managed Detection & Response services.

Why Cyberattacks Are on the Rise — And How to Prevent Them

Cyberattacks have become so common that some experts believe that ransomware—a type of attack that holds your computer system hostage until you pay a ransom—will attack a business every 11 seconds by the end of 2021. 

As the number of crimes increases year after year, cybersecurity becomes more important. Without reliable cybersecurity, your business could suffer from lost productivity, legal liability, business continuity issues, financial loss, and damage to your brand’s reputation.

It can take years to recover from a successful cyberattack, especially when it exposes your clients’ data to criminals who want to commit identity fraud. Before you can choose a managed risk plan that works for your organization, you need to understand why cyberattacks happen more often these days. Then, you can explore ways to prevent attacks from targeting you.

Why Cyberattacks Have Become More Common

Several factors have contributed to the increase in cyberattacks, including:

  • The willingness of organizations and governments to pay ransoms.
  • The rise of remote work, which can increase a business’s exposure to risk.
  • The growing reliance on connected devices.
  • The amount of processing power needed to mine bitcoins and other digital currencies.

Paying Ransoms

Organizations often feel immense pressure to pay ransoms. In 2020, hackers targeted dozens of hospitals and labs working on a coronavirus vaccine. The organizations agreed to pay the ransoms because they were desperate to regain access to their work. With millions of lives on the line, they could not lose the progress they had made toward developing and testing a vaccine.

Similarly, criminals have targeted hospitals that give in because the facilities need patient files to provide treatments. Cities have paid ransoms because ransomware prevented them from providing essential services.

On an individual level, it makes sense for these groups to pay ransoms. Unfortunately, each payment makes hackers more confident that their threats will work. As a result, more criminals turn to ransomware to make money.

Remote Work and Connected Devices

Many organizations struggle with cybersecurity even when they have control over their IT infrastructures. Now that more businesses rely on BYOD policies and remote work, IT infrastructures have become harder to control. If a remote worker downloads malware, it could attack the employer’s network through a cloud connection.

Mining Digital Currencies

It takes a lot of processing power for people to “mine” digital currencies like bitcoin. Hackers have found that they can make a lot of money through an attack called “cryptojacking.” The most effective cryptojacking malware works quietly in the background. It slows your system, but it doesn’t call attention to itself, so it can continue mining cryptocurrencies.

How Cybersecurity Can Prevent Attacks

Some of the most effective approaches to managed risk include:

  • Updating operating systems and applications to patch security vulnerabilities.
  • Training employees to spot signs of phishing and dangerous attachments.
  • Encrypting all files and data.
  • Installing a firewall and securing Wi-Fi networks.
  • Changing passwords regularly.
  • Limiting access to files and databases that contain sensitive information.

Few businesses have large IT departments that can manage a comprehensive cybersecurity program. You will likely find that you can save money and manage risk better by outsourcing your cybersecurity protection to a company that offers managed security and managed IT solutions.

Protect Your Business

You don’t have to spend a lot of money to get the right cybersecurity that keeps your business safe from attacks. Contact us to learn more about your cybersecurity options and get a quote for the services that match your needs.

Understanding Endpoint Protection

Cybersecurity threats have become complex and sophisticated. Organizations are at risk of attacks from hackers, malicious threats, and even insider attacks. According to Forbes, 70% of all threats occur at the endpoint. Endpoint protection has advanced to cushion organizations from cyberattacks and safeguard data.

Endpoint protection is the act of securing networks from all points of access. Endpoints may include mobile phones, laptops, storage devices, or any components that enter your network. By protecting the endpoints, organizations achieve control over their netEndpoint protection is the act of securing networks from all points of access. Endpoints may include mobile phones, laptops, storage devices, or any components that enter your network. By protecting the endpoints, organizations achieve control over their networks.works.

Why is Endpoint Protection Critical?

Have you ever thought about what a single breach could do to your organization? According to CNBC, the average cyberattack costs $200,000. Companies lose millions of money, with some having no option but to shut down.

Endpoint protection is critical for the following reasons:

Data Is at Risk

Data is inarguably the most essential part of any organization. Losing critical business data may cripple your organization, regardless of how large it is.

Malicious attacks target mobile devices and PCs on your networks, as they are the most vulnerable. Without adequate protection, you may lose all your critical data. Endpoint protection strengthens the overall network. It enhances data security, reduces network downtime, and safeguards your reputation.

Employee Training Isn’t Enough

The scope of the workplace has changed significantly. Organizations have had to consider remote working, meaning employees log into networks using personal devices. Remote working and BYOD policies expose your organization to the risk of cyberattacks.

Organizations should train employees on phishing emails, threats, and cybersecurity in general. However, relying on employee training to safeguard your data may increase the risk of attacks. There is no guarantee that all users will observe the guidelines put in place. Even with proper training programs in place, your organization can be at risk.

Endpoint provides cover for users who may ignore device policies or become vulnerable to attacks. It provides multiple defense layers to fend off any threats.

What Does Good Endpoint Protection Do?

Having reliable endpoint protection is imperative to robust cybersecurity. Ideally, good endpoint protection should do the following;

Offer Multi-Shield Protection

First, your endpoint protection should prevent a security breach from occurring. It should offer the following;

  • Phishing protection
  • Web threats protection
  • Identity theft protection
  • Offline protection

With endpoint protection, your business remains secure against all zero-day threats. Multi-shield protection leverages several shields to prevent attacks in all stages.

Layered User and Device Defenses

Good endpoint protection shields your network from user-vulnerabilities. In case a user does not follow all endpoint policies, your protection comes in handy. In case a user logs into your system insecurely, endpoint protection should prevent access until the threat is over.

Malware Protection

Your endpoint protection should detect, prevent, and protect your network from all forms of malware. It performs real-time monitoring to detect any phishing messages, spyware, and Trojans that may lead to security breaches. Once a threat is detected, endpoint protection should prevent it from attacking your system and chip in to offer extra protection.

Secure Architecture

Your endpoint protection provider should have a secure and reliable cloud architecture to offer support. Having a resilient architecture solves the challenges presented by distributed systems seamlessly. Endpoint protection should be scalable and have the ability to withstand stress and avoid loss of data.

Choosing Endpoint Protection

Good endpoint protection should be secure and resilient to allow robust performance. It should take little time to install, have lower boot and scan times for better performance, and use little memory

At ISG Technology, we recommend Webroot for endpoint protection. Check out this comparison of Webroot and eight competitors to see the differences in performance metrics.

And if you have more questions or want to implement endpoint protection technology, contact us!