Posts

Social Engineering: 2020s Top Cybersecurity Threat

Social Engineering attacks are the most potent cybersecurity threats plaguing enterprises. They owe their power to their innovative undetectability. Forbes puts social engineering as a top cybersecurity threat for 2020. 98% of cyber attacks rely on social engineering. How can an organization protect itself from an insider threat? We explore the what, why and how of this damaging cybersecurity menace.

This article contains:

What is Social Engineering?

Social engineering refers to crafty ways hackers trick unsuspecting victims into downloading malware, and/or leaking credentials via social platforms. The types of social engineering include:

  • Phishing/vishing/smishing: Fraudulent emails or voice messages or text messages are used to extract personal information or download malware.
  • Spear-phishing: Phishing that is custom-tailored to target key employees, particularly C-level ones, via social media or email.
  • Baiting: Using a lure such as a planting an infected device or the promise of the latest movie to get victims to bite the bait.
  • Pre-texting: Using false impersonation to gain the victim’s confidence – a call from your bank’s customer support team asking for your credentials to prevent an “unauthorized withdrawal”.

Why are Social Engineering attacks so damaging to cybersecurity?

social engineering attacks What makes social engineering so potent is its ability to escape detection as it craftily preys on employees themselves to execute the attacks. Insider threats escape typical methods of prevention and detection. Additionally, attacks are getting increasingly sophisticated and personalized; even using AI and machine learning (ML) to target their victims.

If you’re about to say, “They definitely can’t fool our employees!”, consider a video or voice message in exactly the same appearance or voice of your manager asking you to urgently send some critical business documents. You’ve been “Deepfaked” – an advanced form of social engineering that can dupe even the most discerning.

The FBI estimates that Business Email Compromise, a form of fine-tuned phishing has caused $26 billion in losses in just the past three years. Facebook, Sony, Target, RSA, Associated Press, political parties and top governmental organizations – no sector no matter how secure and well-guarded – have been spared from the ingenuity of social engineering attacks.

How can organizations protect themselves?

  • Inform and Train: Social engineering cannot work without the complicity, unwilling as it may be, of the employee. Conduct regular security training in good email and cybersecurity hygiene, keep employees informed about the latest flavors of malware vectors, and encourage employees to forward suspicious emails to the security team. Champion, gamify and incentivize good cybersecurity practices. It is well worth it!
  • Use in-built mechanisms: Platforms such as Office 365 come with anti-phishing policies that can secure your organization. Explore and harness them, particularly for sensitive data and high-profile groups.
  • Secure Authentication: A majority of security breaches are attributed to compromised credentials. Multi-factor Authentication/Two-factor Authentication (MFA/2FA) is proven to block 99.9% of account hacks. Ensure that your applications, particularly third-party ones, support it.
  • Basic safeguards: Don’t forget the basics such as up-to-date anti-virus software, spam filters, and network monitors. Consider methods such as sandboxing emails to validate links.

How CloudAlly can help

While organizations work hard to prevent and detect social engineering attacks, a strong offense in the form of rapid disaster recovery may be the best defense. Seamless data recovery is central to quickly recovering from data loss and minimizing its damage.

SaaS Data Needs Protection, Start Free Trial Now!

CloudAlly’s SaaS backup and restore solutions automatically back up business-critical cloud data with support to easily recover it from any-point-in-time. All major SaaS platforms such as Office 365, SharePoint/OneDrive, G Suite, Salesforce, Box and DropBox are supported. More critically, our solutions are stringently secure with Amazon S3 storage, OAuth/MFA/2FA capability, global data centers, and GDPR/HIPAA compliant. With provisions to restore to the database of your choice, flexible licensing, and 24×7 real-person, responsive support – we fit right into your setup.

Try our full-featured trial now and protect your SaaS data from the dangers of social engineering. 

Blunt social engineering attacks

Backup your SaaS today!

Multi-Factor Authentication (MFA) Is the New Office 365 Mandate – Does Your CSP Support It?

Office 365 MFA

By Monty Sagal – Director of Channel Enablement & Compliance

Office 365 MFAOffice 365 comes with top-of-the-line security built into its entire suite. However, it cannot protect you from SaaS data loss from your end. These include some of the most common causes of data loss due to human error, malicious intent, sync errors, and malware. Microsoft has mandated certain security requirements from its Cloud Solution Provider (CSP) program partners to minimize the risk of Office 365 data loss. Most organizations typically liaise with more than a few CSPs, so it’s essential that you check that they comply with Office 365 security requirements.  Hence: Office 365 MFA, is the topic of our blog post.

This article is about:

New Office 365’s CSP Security Mandates

The year-on-year increase in the number and inventiveness of malware, phishing, and ransomware attacks has made cybersecurity a top priority for organizations worldwide. Repercussions of malware attacks are exponentially compounded on the cloud – as breaches can cascade from one SaaS app to another. In view of that, Microsoft has added two requirements from CSPs:

  • Mandatory Multi-Factor Authentication (MFA): All user accounts in the partner tenant must enable MFA to be able to“transact in the Cloud Solution Provider through Partner Center or via APIs”.
  • Adoption of the Secure Application Model framework: All partners integrating with the Partner Center API must “adopt the Secure Application Model framework for any app + user auth model applications”. 

New call-to-action

 Why does MFA matter?

The reason why MFA is the gold standard for secure app authentication (which is why Microsoft is mandating Office 365 MFA), is because it eliminates the risk of breaches due to weak passwords. 

If you think your strong password policy suffices, know that it can be easily broken into by most of the common types of malware attacks such as phishing, credential stuffing, keystroke logging. This is because they use credential interception, database breaches, and/or network scanning to steal the exact password, making its perceived “strength” immaterial.

Compromised credentials are the major cause of data breaches, and by bypassing them, MFA has demonstrated success in blocking 99.9% of breaches. The reason behind it is its use of a combination of password, security token, and possibly even biometric verification to authenticate users.

Why you should check that your CSP supports MFA

While Microsoft has mandated MFA, it is worth checking that your CSP supports it. Incidents like the data breach at PCM which gave hackers access to the Office 365 credentials of the company’s clients highlighted how one breached vendor app means your data is at risk too. A partner’s breach is as good (rather bad) as your organization being breached.

We at CloudAlly give the utmost importance to our customer’s data protection. Long before Microsoft’s mandate, we implemented MFA for our Office 365 cloud backup solution, as we believe it to be the most secure method of app authentication. Furthermore, CloudAlly supports the Secure Application Model, with OAuth permission-based access. CloudAlly also comes with ISO 27001 Certification and is compliant with GDPR, and HIPAA. So you can be sure that your Office 365 data is securely backed up with us. 

Try our full-featured 14 Day Free Trial and trust your data protection with a stringently secure partner. Because security is just not worth compromising.  Click Here to read more about our Office 365 Backup.

Canadian Privacy Act and PIPEDA

Canadian Privacy Act and PIPEDA

AWS Canadian Data Center for: Office 365, G Suite, and Box.com backup

Cloudlly is supporting cloud to cloud backups with a new Amazon AWS data centers in Canada.  Our Channel partners & customers in Canada are now able to use CloudAlly to protect leading clients  SaaS applications, while ensuring that all data remains within Canadian borders.

Our new AWS data center in Canada, is allowing for compliance with the Canadian Privacy Act and PIPEDA.

We make backup simple and your data safe.

Office 365: Threat Intelligence and Data Governance Tools

Microsoft Office 365: Threat Intelligence and Data Governance Tools

Threat Intelligence and Data Governance ToolsThere is a lot that’s new about Microsoft’s Office 365 cloud version of its traditional desktop software. Some of the biggest new benefits have to do with two major pillars of an enterprise strategy: first, identifying and mitigating threats in a network, and second, establishing policies and procedures for data governance. Threat Intelligence and Data Governance Tools, are significant to our work process in Microsoft Office 365.

 

Why do companies need good data governance and threat intelligence systems in place?

Lots of experts are looking at studies by Ponemon, one of which estimates the average cost of a data breach at around $4 million — there is also this article from writer Michael Panciroli in April that sites some troubling statistics, for example, an assertion that 45% of surveyed companies don’t have good enough data governance to protect them from serious legal and security risks.

That kind of gap is what these new cloud features of Office 365 are meant to address — to help client companies to get more effective cybersecurity in place, perform better advanced data governance, and know more about their business data assets.

Major Benefits of Microsoft Office 365 Threat Intelligence

There is a ton of functionality built into Microsoft Office 365 Threat Intelligence that’s related to foiling hackers, conquering malware, and generally keeping a network safe and clean.

One essential element is the Microsoft Intelligent Security Graph — this new feature of Microsoft’s cloud security platform does two major things. One is that it’s a comprehensive data aggregation center that takes in diverse input from hundreds of different sources, along with many of the 350 billion authentications that Microsoft manages each month. The other is that it utilizes machine learning components to increase its threat mitigation power even more. (See more detail on the strengths of Microsoft’s Intelligent Security Graph from Microsoft Vice President of Enterprise Client & Mobility Brad Anderson in this testimonial video.)

In other words, part of the strength of Microsoft Office 365 Threat Intelligence tools is the amount of raw data available to a machine learning system that can work with it and make it into actionable results — for instance, offering real-time tools and alerts, isolating and dealing with content that looks suspicious, and integrating with other security information and event management tools.

Aside from the Intelligent Security Graph, the Office 365 platform also now offers a new Advanced Threat Protection (ATP) reporting interface with all sorts of dashboard views related to network activity. The ability to extend this to desktop clients, and to infiltrate areas of an enterprise network, is very useful to business leaders who need to keep an eagle eye out for disturbing warning signs of inappropriate activity. Maybe it’s a logon from a suspicious location, or activity by an employee that hasn’t been on staff for years. Another major red flag is a significant volume of file deletions, which is another real-time indicator that Microsoft Office 365 Threat Intelligence can analyze.

Relating Microsoft Office 365 Threat Intelligence to Advanced Data Governance

Businesses know that data governance is critically important. Many of them also understand how having access to raw data and tools to filter and refine that data adds to the threat intelligence that they benefit from in-house. But not every business understands how new Microsoft Office 365 tools can enhance data governance in concrete ways. For instance, cloud policy recommendations will help to define data that should be kept and stored in an archive, or data that can safely be discarded. That’s just one aspect of having a security and compliance portal that helps businesses to build and classify their data.

Along with having good data governance and threat intelligence software capabilities, CloudAlly’s Office 365 backup and recovery service is another important part of a fundamental cyber security system. By providing automated daily backups and the ability to restore or export data from any point in time, CloudAlly ensures ongoing business continuity in the event of data loss.

Latest Cyber Attack Reminds Users to Backup Their Cloud SaaS Apps

— How To Backup Google Apps & Drive —

How To Backup Google Apps & DriveThe FBI reports that there are 4,000 cyber attacks per day—that’s almost four attacks per minute—and they’re becoming more prevalent. In 2015, there were only 1,000 attacks per day. That’s a 300% increase, and the latest global ransomware attack may have been one of the worst yet.  Is your company considering how To Backup Google Apps & Drive?

While it’s obvious from their regularity that the business world is no stranger to malicious viruses, malware, and more, in many cases even large organizations aren’t fully prepared to prevent an attack. That’s because, when 93% of phishing emails are now ransomware, it can be difficult to keep up with the criminals particularly when your company’s safety is not in the hands of your knowledgeable IT department but in the hands of your everyday employees. If even one employee clicks on a link or downloads an attachment from a hacker, the data of your entire company could be compromised.

The key is understanding exactly what malware is and knowing whether all of your data, including Google Drive, is protected.

What Is Ransomware?

Ransomware is a type of malware virus that takes over a computer and prevents access to data until a ransom is paid. It works by encrypting files and forcing you to pay a fee if you want to decrypt them. Only the ransomware creator knows the encryption key, and if your company isn’t willing to pay up, the data is often deleted and lost forever.

In many cases, the ransom demand is made via new computer wallpaper, which details specific instructions for payment. Some past messages have read:

  • “Your computer was used to visit illegal content. To unlock your computer, you must pay a $100 fine.”
  • “You only have 96 hours to submit the payment. If you do not send money within the provided time, all of your files will be permanently encrypted, and no one will be able to recover them.”

Payment demands can be up to $500 USD with the price doubling if funds are paid within a specified time—usually 24 hours.

The most recent iterations of ransomware have targeted enterprise end users who may not think they are “valuable” or “high-profile” enough to be the victim of an attack. The reality is that anyone can be a victim, which was more than proven in the most recent widespread attack.

Recent Ransomware Attack

Petya” might not sound like a dangerous word, but it’s the name for a vicious ransomware attack that crippled organizations all over Europe and the US in June 2017. It began in the Ukraine and quickly spread around the world, crippling big institutions such as WPP, Mondelez (a food company), DLA Piper (a legal firm), Maers (aDanish shipping and transport company), and Merck a large U.S. pharmaceutical company. The attack locked thousands of employees out of their computers until the ransom was paid.

Large organizations were particularly vulnerable to Petya because it only took one machine becoming infected for the ransomware to spread throughout the entire network. However, that doesn’t mean small companies weren’t at risk, too. Any machine connected to the Internet—nearly everyone—is susceptible.

And “Petya” is only the most recent attack. Just two months previously, the WannaCry or WannaCrypt ransomware attack hit more than 150 countries, 230,000 computers, and hundreds of companies including Telefónica, German State Railways, and the Britain’s National Health Service (NHS).

In both attacks, the ransomware spread rapidly using Microsoft Windows as its venue to move throughout each network.

In the case of WannaCry, the ransomware found a vulnerability in Windows that could have been fixed with a software patch, but many companies were using an outdated version. Worse yet, WannaCry didn’t require humans to spread. Once it was unleashed, it had the ability to move around the network by itself.  WannaCry was able to hunt down vulnerable machines and infect them, too. It spread like a virus, searching out weaknesses and exploiting them.

Petya worked similarly.

The Petya attack began through a software update mechanism built into a regularly used accounting program. Then, a second wave of infections was released using a phishing campaign with malware-laden attachments. However, unlike WannaCry, which tried to spread both internally and externally, Petya focused solely on internal networks, which limited its range of damage.

“I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” Nicholas Weaver, a security researcher at the International Computer Science Institute, told Krebs on Security. “The best way to put it is that Petya’s payment infrastructure is a fecal theater.”

Still, in both cases, the outbreaks were devastating for the companies affected and were difficult to coral once unleashed. And security experts warn that Petya and other ransomware strains will continue to proliferate.

So, how do you protect your company?

Preventing Ransomware Attacks

The best way to prevent a ransomware attack is to be prepared for one. There’s no way to 100% stop ransomware, since it’s up to user error and appropriate training, but there are a few things you can do to negate the affects of a ransomware attack. The first step is to review your company’s security settings along with your software habits to reduce your chance of becoming a victim.

The most important protection: regularly backup Google and all of your SaaS data. The advantage of cloud storage is that it automatically backs up your data in a secure and remote location, so even if your business becomes compromised your data stays protected.

A common misconception when it comes to SaaS data in the cloud is that it’s backed up and protected. This is not the case—Google backup does not exist and Office 365 backup is limited.

Google Drive automatic backup only happens if you use third-party software, like CloudAlly, to protect yourself. This means that if you’re infected with ransomware, all of the files, spreadsheets, and private information that you put in the cloud to keep it “safe” could be at risk of attack.

And an external backup drive is not sufficient. A hard drive backup that is connected to your computer can be compromised during a malware attack.

Using CloudAlly, you can auto backup Google drive every single day including your Mail, Drive, Classic Sites, Calendar, Contacts and Tasks. This simple step can reduce your risk of losing everything if a hacker takes your system hostage. When you have a backup, you can ignore the request for ransom and have your IT department remove the malware without any data loss worries.

Then, once your system is clean again, CloudAlly offers a simple non-destructive restore process, allowing you to recover your data in its entirety with point-in-time recovery.

“If you administer your company’s cloud accounts and need a simple to use but sophisticated backup solution, CloudAlly is all you need.” — Gareth Griffiths, NRH