CIT Newsletter – Defensive IT Vol.1:1
Bad actors threaten business networks and websites
Existential Threats to Your Business Online I
I watch servers and log files constantly for clients. In the last couple of years the volume of efforts to break past firewalls and compromise even small businesses has grown enormously. This cannot be safely ignored. So, what to do?
Will your business survive a total loss of everything you have online? More than half of small business owners to whom I have asked this question did not see an immediate exposure to cybercrime. Mostly, they felt that small businesses would be ignored in favor of bigger ransoms from larger victims. I could relate conversations in which an SMB owner agreed: If everything IT was lost, they probably could not recover their business. This, even when pointed out that their website, channel feeds, accounting and HR records are all related through common IT routes, so all is likely to go if the business is ransomed. My take on that? These are neither foolish nor unintelligent people. Building a thriving business, small or not, is not a trivial task. They surely use the seat belts when driving a car, protecting against a risk they understand, as opposed to protecting against cybercrime, a they poorly understand risk. Enough said.
Do-It-Yourself IT for a smaller business it not usually a credible choice. Hiring an agency or group to “protect” you, can be a good plan, IF the selected provider is, in fact, knowledgeable, experienced, and expert. Most say they are all of those things, but only a percentage claiming those qualities will survive a deep examination. Cybersecurity has been around for a long time, but not in the current tech environment. Speaking from experience, getting up to speed on cybersecurity is now a major undertaking. Few Managed Service Providers have made the effort. Managed Security Service Providers are, of course, another thing.
To be effective in modern IT security work, you must be conversant with the threats you face, have a grasp of the intent, the commonality, and the skills required to deal with them. Some threats I have seen multiple times are listed below. It is not a long list, and not complicated to understand using plain English. The “not complicated” part of that statement is a relative term.
My list is current as of the date of this newsletter. The threats are curated to those I see as most relevant to a small or mid-sized business.
- Insider attack: Somebody with access to your network has maliciously or carelessly divulged log-in access credentials.
- Compromised, privileged upload: Bad software or data has been added to your website or network by design.
- Trusted software or hardware update breached: An update contained code or links that compromised your installation.
- A successful phishing attack. Usually, a link in a email to someone with network credentials was clicked.
- Inattention to system maintenance, especially blog comments or unpatched applications on your network or website.
- Allowed or unsupervised Internet searches from your business Internet connection. Unintended malware was installed.
- Training failures and backend or server access was granted with overly permissive credentials.
- Remote access poorly secured, or invoked with only rudimentary security precautions.
- Software is or was misconfigured, usually by accepting default settings.
- Inadequate backup maintenance, or compromised backups.
To help in your selection of remedies or precautionary measures you will need for your business, I suggest you study the list above. You should come away from that as reasonably informed on sources and origins of threats. The list is also intended to give you the same language as IT techs you may want to chat with.
Please watch for newsletter 1:2. I will expand on the listed items to help you be even more informed. If nothing else, being so informed will make it clear to a vendor or service provider to be on their toes. You will not be seen as a total novice on cybersecurity.
Bruce Clerk – CIT Secured – August 31, 2022