As December ushers in the holiday season, movie fans around the world gather around screens – small and large – snuggle under blankets, fill bowls with popcorn, and press play on their favorite Christmas movies of all time.
There are endless choices, of course. Standouts among them, are Miracle on 34th Street, It’s a Wonderful Life, and, another “classic,” (our personal favorite) Home Alone.
In Home Alone, the McCallister family is preparing to spend Christmas in Paris. The night before they leave, Kevin, the family’s youngest child, inadvertently ruins the family dinner after a brief scuffle with his oldest brother Buzz, resulting in Kate (their mom) sending Kevin up to the attic.
Kevin berates his mom for allowing the rest of the family to pick on him and wishes that his family would disappear. During the night, heavy winds create a power outage, disabling the alarm clocks and causing the family to oversleep. In the confusion and rush to get to the airport, Kevin is accidentally left behind. He wakes to find the house empty. Thinking that his wish has come true, he is overjoyed with his newfound freedom.
The McCallister home is soon stalked by the “Wet Bandits,” Harry and Marv, a pair of burglars who have been breaking into other vacant houses in the neighborhood. Kevin tricks them into thinking that his family is still home, forcing them to postpone their plans to rob the McCallister house. But, the ruse doesn’t last for long.
Harry and Marv soon realize that only Kevin is in the McCallister home, and on Christmas Eve, Kevin overhears them discussing plans to break into the house that night. Kevin then rigs the house with booby traps.
Harry and Marv break in, spring multiple traps, and suffer various injuries. While Harry and Marv pursue Kevin around the house, he calls the police and lures the duo into a neighboring house which they had previously broken into.
Harry and Marv ambush Kevin and prepare to get their revenge, but a neighbor intervenes and knocks them unconscious with his snow shovel. The police arrive and arrest Harry and Marv, having identified all the houses that they broke into due to Marv’s destructive habit of flooding them.
By now, we’re sure that our message is as clear as mud. So, let’s clarify…
Kevin is a lowly, defenseless child (or so it seems), and the burglars are criminals without a conscious; focused solely on a single goal…to take everything they want, no matter the consequence to the innocent victim.
In the end, the perpetrators lose (big time) because Kevin – as defenseless as he appeared – had a plan. A clever, multilayered solution that could protect him no matter what the bad guys tried to throw at him.
Let’s wrap this analogy up with a bow.
Kevin is an SMB. Just an innocent entity trying to go about the day. Harry and Marv are cyber criminals, obsessed with stealing everything they can even if they leave misery and destruction in their wake.
End scene.
Let’s take a detour… we’re going to transport you from the land of make-believe to reality (prepare for a rough landing)…
SMBs Fear Ransomeware Attack Amid Geopolitical Tensions
According to an article by PRNewswire, they wrote, “Recently, results of the OpenText Security Solutions 2022 Global Small-Medium Business (SMB) Ransomware Survey [were released]. Findings show growing concern about ransomware attacks, the impact of geopolitical tensions, and rising inflation rates. Eighty-eight percent of respondents noted they are concerned or extremely concerned about an attack impacting their business.
“SMBs are a sweet spot for hackers to exploit because they often lack cybersecurity resources – both technology and security expertise,” said Prentiss Donohue, Executive Vice President, OpenText Security Solutions. “Today’s complex threat landscape presents a huge risk to SMBs that don’t have sufficient cyber resiliency preparation to stop the spread and recover quickly from an attack. With adversaries becoming increasingly sophisticated and relentless, a multi-layered protection strategy is no longer a nice to have, it is a necessity.“
Spotlight findings:
- More than half (57%) of SMBs are worried about their cybersecurity budget shrinking amid rising inflation rates.
- Fifty-two percent of respondents feel more at risk of suffering a ransomware attack because of heightened geopolitical tensions.
- Eighty-four percent are concerned about a ransomware attack impacting their business.
There’s a concerning lack of awareness among SMBs when it comes to knowing if they’ve suffered a ransomware attack. Meanwhile, budgets to protect against these risks are low.
- Nearly half (46%) of SMBs have experienced a ransomware attack, yet 67% still don’t think or aren’t sure they are a ransomware target.
- The majority (60%) of respondents are not confident or only somewhat confident that they can fend off a ransomware attack.
- Despite many having experienced an attack before, security budgets are minimal to protect against ransomware and other threats:
- 60% spend less than $50,000 per year.
- 50% spend less than $20,000 per year.
- Only 10% spend more than $50,000 per year.
Managed service providers (MSPs) are an appealing security option for SMBs to offset resource constraints.
- More SMBs outsource their security to an IT provider or MSP than not, with 58% using external security management support.
- Concurrently, 65% of SMBs that don’t currently use a MSP would consider doing so in the future.”
——————————-
After reviewing these statistics, the staff at Adaptive couldn’t help but be left with a sense of wonder. The bad kind of wonder. Where you wonder when the “Kevins” of these SMBs might rise up to become the heroes of their own stories, creating multilayered cyber protection solutions. Instead, we were left with this image of SMB owners cowering in a dark corner, bracing for impact.
The truth is kind of depressing.
So, we went in search of a positive cyber security story. It is the holiday season, after all, this is no time for doom and gloom. Here’s what we found…
The 2020 Tokyo Olympics were a cybersecurity success
In an uplifting article by Security Magazine, they wrote, “In the months and weeks leading up to the Tokyo Olympics, intelligence agencies and cybersecurity experts warned of the risks of cyberattacks and the need to exercise preventative measures to prevent the kinds of incidents we have seen in the previous Olympics at Rio de Janeiro, Sochi, Pyeongchang, and London.
Fortunately, the International Olympics Committee (IOC) and the local organizers of the Tokyo Games, the Tokyo Organizing Committee (TOC), needed no convincing. Over the course of these games, it’s become increasingly clear that the organizers did indeed exercise preventative measures and that despite the challenges and limitations of holding an Olympics during a pandemic, the Tokyo Olympics have been a real success story from a cybersecurity perspective. Organizers of all large-scale, televised sporting events—and indeed just all organizations in general—should look to this year’s games as a model to emulate.
The Best Kind of Defense
One of the things that the Tokyo Olympics got right from a cybersecurity perspective is a principle often taught, suitably enough, in sports. As coaches often like to say, “The best defense is a good offense.” A common problem that we see in the cybersecurity field is that far too many organizations wait until they’ve been attacked.
(***Our Home Alone Kid-Protagonist would never allow this!)
Nowadays, this is a recipe for disaster. We know the rate of cyber threats is increasing, with ransomware attacks having spiked 150% in just one year and state-sponsored cyberattacks, also known as advanced persistent threats (APTs), having doubled in three years. We also know that large-scale sporting events such as the Super Bowl, the World Cup, and the Olympics—for various reasons, including the market size of these events and their modern reliance on digital technology—are frequently the target of cyber threats.
Learning from the lessons of past Olympic games, the International Olympics Committee (IOC) and the Tokyo Organizing Committee (TOC) fortunately did not make the same mistake. While this year’s games have not been entirely free of an incident (there was a relatively minor one early on, for example), the kinds of incidents that specialists such as myself are most concerned about with large-scale events like these are those that shut down critical parts of the infrastructure such as ticketing, scorekeeping, or media broadcasting.
In fact, something like this almost occurred at the 2018 Olympics in PyeongChang, South Korea, in which the Opening Ceremonies were nearly brought to a halt. The fact that there was not an equivalent malicious event during the Tokyo games is no accident or stroke of luck. In this day and age, that’s extremely unlikely. Instead, the lack of incidents at the Tokyo Olympics tells us that aggressive preemptive measures were taken. And while I do not know, in this case, what each and every one of those measures was precise, I know which basic principles were observed.
Having the Right People in Place
(Let’s not forget Kevin, the child-hero in Home Alone. Imagine him as an adult in the scenario below.)
With an international event of this size, the first mandatory element to have in place, of course, are the behavioral specialists and analysts who can implement user and entity behavior analytics (UEBA): the process of interpreting intelligence, detecting patterns from that intelligence, and putting together plans for preemptive cyberattacks or counter attacks.
Also necessary are the supporting teams of Level 1 security operations center (SOC) analysts who have their eyes on the glass 24/7, see all the traffic in real-time, collect all the alerts, filter out the false positives, and, when it’s justified, escalate abnormal activity to their behavioral specialist.
Since the Olympics are inseparable from world politics and diplomacy, we can be certain that these analysts represented all the key security and intelligence agencies from the major countries coming together in collaboration. For the U.S., that would likely be the FBI, NSA, and CISA. For the U.K., that would be MI5 and the SIS, and so on. While the pandemic may have made the logistics of such collaboration more involved, there would nevertheless have been a joint command center in some shape or form in which the specialists from these agencies can share information in real-time.
On top of this, we also know that numerous private security firms from various countries, including Japan, Taiwan, and even Israel, have also been recruited to help in what seems to reflect the growing (and necessary) trend of cooperation between government organizations and private tech companies in the area of cybersecurity.
Going on the Offensive
(***Here’s where our kid-hero shines!)
What I’m confident played an essential role in the Tokyo Olympics, having been relatively uneventful from a cybersecurity perspective, is intelligence-driven defense, or the act of looking for known threat actors through the kind of characteristic behaviors they are known to exhibit. Again, it’s defense through preventative offense.
Another recent success story in which the same approach was used was the 2020 presidential election, further proving that investing in proactive, robust cybersecurity measures works. The fact that foreign actors did not successfully interfere in the election was not a sign that the preemptive actions were a waste of effort but rather a success. The same applies to this year’s Olympics. The lack of significant disruptions has been a clear win and is almost certainly a direct result of preemptive measures.
The tactics of cyber threat actors constantly evolve, so we must stay vigilant as well, and resting on our laurels is never a good idea. But given the alarming number of cybersecurity incidents so far in 2021, a success story like the Tokyo Olympics is a welcome bit of positive news and serves as a model example for organizations out there that still tend to err on the side of passivity. The ransomware attacks on Colonial Pipeline and JBS are just two of many examples showing that waiting until an incident occurs is costly and preventable. Instead, take a cue from the Tokyo Olympics: go on the offensive and beat threat actors at their own game.”
———————
It seems unfortunate that we had to go all the way to the other side of the world for a cyber security success story, but the truth is they happen all the time. So why don’t we read about them more? Because there’s nothing to say.
For example, take the story of an SMB in Miramichi that partnered with Adaptive. Together they established a proactive, multi-layered cyber security plan. Day after day the plan has been successfully monitored and… nothing happened. – the end.
Not much of a story, but if we included all of the attacks that were blocked it would read more like a cross between Raiders of the Lost Ark and the Matrix. Alas, when no one knows what’s going on behind the scenes, and the action hero doesn’t pontificate about his adventures, one is left to think it was just another day in Dullsville.
Let’s get back to the world of make-believe (it’s so much more fun there!)… In Home Alone, Kevin is a clever, creative, proactive kid, with a can-do attitude. He has the energy, commitment, and focus to single-handedly (mostly, until a grownup with a shovel is needed), take out the bad guys.
But, in the real world, that’s not, uh… realistic.
Let’s face it. SMB owners are smart, tenacious, and good at what they do. They are so intelligent, in fact, that they were able to take a dream, create a business plan, and turn their vision into a reality.
They now offer products or services that are so desirable that they have a growing customer base, vendors clamoring for their attention, and a backlog of job applicants. There’s nothing that they can’t do, right?
Wrong. They can’t do everything. And they certainly can’t handle specialized fields like law, accounting, or cyber security single-handedly.
The most successful SMB owners know, If you aren’t an expert, hire it done.
9 Reasons Why You Should Outsource your Cybersecurity Operations
According to an article by TCA, they wrote, “The global cybersecurity market is expected to grow at a compound annual rate (CAGR) of 10% from 2020 to 2027. This growth is a clear indication of increased spending on information security by businesses across all markets. At the same time, cybersecurity threats are also growing in complexity as criminals use advanced tools to exploit vulnerable networks.
Sure, having an in-house IT department can safeguard your business from cyber-threats. However, your team will be overwhelmed with managing your infrastructure’s functionality and maintaining its security which can be risky. For this reason, you should hire a dedicated team to handle all your cybersecurity operations.
Here are the benefits of outsourcing your cybersecurity operations:
Cost-effective
For small and medium businesses (SMBs), training and maintaining an in-house security team is time-consuming and expensive. Moreover, recent research shows a cybersecurity skill shortage, meaning it’s quite expensive to hire a security professional on a payroll.
However, outsourcing your business’s cybersecurity operations allows you to access highly-skilled professionals without breaking the bank. As such, you won’t have to manage full-time staff or pay huge monthly salaries. The best thing is that most cybersecurity consultants offer a bouquet of security services, ensuring you get the best value for your budget.
Specialized Security Expertise
Working with a managed security service provider (MSSP) allows you to leverage their vast experience and knowledge. They can identify almost every threat and potential loophole in your existing systems and offer unique solutions to safeguard your business. Most importantly, they’re aware of the latest threats and tools used by criminals, and as such have devised advanced technologies to counter those threats.
Saves Time
Protecting your business from cyber threats can be time-consuming as it involves extensive research into unique solutions that fit your business niche. Even with an in-house IT department, you’ll probably spend lots of time training, and offering them the required tools and software they need. Consequently, you end up losing focus on your other core business operations.
However, working with an external cybersecurity provider frees up your time to focus on growing your business. You also enjoy peace of mind in knowing that your network’s security is in the hands of dedicated professionals.
Round the Clock Support
In cybersecurity, the longer a threat goes unnoticed, the more damage it causes. Unfortunately, cybercriminals don’t have definite working hours, meaning that they can attack your business at any time. They can be based anywhere in the world, and so operate in different time zones. For this reason, your systems need real-time security monitoring to detect and respond to threats swiftly. Your in-house security may not be in a position to respond fast, especially if the attack happens outside your business working hours. As a result, there will be an extended recovery time translating to huge losses due to slow response.
However, a good MSSP offers a 24/7 system monitoring and analysis, ensuring threats are detected from the onset and dealt with before they do any damage. Such quick response ensures your business doesn’t suffer from downtime, saving you from loss of revenue.
Maintains Compliance
Highly regulated industries, such as finance and healthcare, must adhere to strict data protection policies. Even though your business is based outside these two industries, you’re still obligated to safeguard your clients’ data. Nevertheless, maintaining compliance with data protection policies can be a slippery slope, given the evolving digital law landscape. Sometimes the extent of new regulations may be too complicated for an in-house IT department to understand and comply with, resulting in hefty fines.
Contracting a third party to handle your IT security helps your business stay in compliance with the law, saving you from expensive penalties and class-action lawsuits. Moreover, they’ll alert you of any recent law changes, thus ensuring your business maintains compliance always.
Builds Your Brand
Besides product offerings, your brand as a business is also determined by how well you protect your customers from data breaches. In the event of compromised data security, you’ll not only lose revenue but also have your reputation tainted. Consequently, clients will lose their trust in your business and may even file for a class action suit.
Outsourcing your cybersecurity to a third-party provider demonstrates your commitment to safeguarding your client’s data. Therefore, your brand image improves, which cements your professionalism in your industry. Your customers will also have more confidence in your services, knowing that their data is protected.
Provides Security Training to In-house Staff
Outsourcing your cybersecurity operations doesn’t mean that your in-house IT team will not be involved in protecting your systems. Far from it! A good third-party cybersecurity professional will work closely with your IT team to improve their skills in security operations. This way, your team can liaise with the third-party security provider in case of any threat. Even your non-IT staff will get comprehensive cybersecurity training to avoid employee negligence, which is the leading cause of data breaches.
Scalability
One of the most significant advantages of outsourcing cybersecurity services is that you pay for it when needed. Suppose you’re working on a project but choose to pause for a few months or experience downtime for several weeks. If you have an in-house cybersecurity team, you’ll still be required to pay them even when you’re on break. But, working with an MSSP affords you the liberty to pay for their services only when you need them. In the same vein, an MSSP can grow with your business/project size and meets its fluctuating demands.
Access to Top-notch Talent
As mentioned earlier, there’s a small pool of cybersecurity experts. This means that only there’s stiff competition for security professionals, whereby organizations with deep pockets have the upper hand. However, the advent of MSSP companies opened an opportunity for SMBs to acquire top-notch security talent, which was left only for large organizations.”
At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.
Every single device that connects to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.
Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.
To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca