Happy Halloween!
Scary times!
You have a lot to be thankful for if you or your company were not affected by natural disasters this year. But, if you live in Middle TN, you were, or will be, affected whether you realize it or not.
The recent hurricane caused a major disruption in the long-term traffic from the east coast through Tennessee from North Carolina. The threat of war on multiple fronts throughout the world is another scare point. Let’s add in a controversial, polarized election for more chaos.
If local businesses weren’t destroyed by floods, they could be destroyed by supply chain disruption, or scammers capitalizing on the fake news and support websites.
Something that can be scary on a local level is “clickbait.” Clickbait is a sensationalized news headline in an email or a compromised website that supposedly offers assistance to those in need. They generally get you to click on an interesting link to hack your computer.
The two-factor authentication, 2FA, that most banks and financial companies use today is the result of hacking attempts into business and personal accounts beginning from before the time of Covid -19.
Hackers and their illicit companies have become mainstream and are a serious threat. Did you know that there were over 2,365 cyberattacks in 2023, with 343,338,964 victims. 2023 saw a 72% increase in data breaches since 2021, which held the previous all-time record (Forbes Advisor – Cybersecurity: Facts and Figures you should know, August 28, 2024).
Intrusion and exploitation is fast becoming the bigger threat than even ransomware. Hackers are getting on systems and on average, not being detected for 206 days. During that time the “kernel” is becoming embedded in the backups and so becomes persistent. The “kernel” is malware code that allows access to your computer. Recovering from a backup solution may work short-term, but the kernel is still there to be reactivated leaving your company open for another exploit.
It is no longer a case of someone in their mother’s basement trying to break into the company. It is groups of malicious people including nation-states that are doing the hacking. It is artificial intelligence (AI). It is automated attacks that cannot be stopped without active involvement and cost.
Small businesses are the low-hanging fruit. They are being exploited because they have a mindset where they think “it won’t happen to me, because I’m too small”. Or, “I don’t have anything stored that would be of use to a hacker, so they won’t bother me.” Hackers know that. They know most small businesses do not put their resources into proactively defending their companies.
Even if they just hack into your home computer, they can then access your bank accounts, health information, and everything else you have ever accessed online. If you work remotely, they may even be able to get into your computer systems at work from your home computer.
Sure, on and off-site managed backups are necessary. Managed firewalls are necessary. Managed anti-virus is necessary. Those are required to keep businesses safe from physical threats like fire, flooding, rogue employees and lower forms of malware. However, these days it is no longer enough.
Security as a service is now necessary. These security companies are pro-active in searching for exploits in your systems. Using algorithms, artificial intelligence, backed up by good (White hat) hackers, these companies provide another level of protection. This type of protection also provides the necessary documentation for cyber insurance, should it be purchased. Security as a service basically is proactive protection for your company and a primary method of meeting cyber insurance requirements.
If you don’t have these, cyber insurance is a waste of money, because the companies may not pay out if you are not actively engaged in protecting your company.
Nay and Associates, LLC provides security as a service as an add-on to their managed services. We’ve looked and found some cost-effective options that will work to protect our clients. The result is an agent that can be placed on each client’s computer that can identify, isolate and remove rogue programs, backed up by security experts.
Unlike some of the more common security software you see advertised, the managed services mentioned above are more likely to catch and remediate attempts that could potentially damage or compromise your computer systems. Managed security services will identify external hacking and catch things already present on your computer systems, such as embedded “kernels”.
All the best and stay well,
Jim Nay
Recent Comments