In a recent blog post, I wrote about the MGM hack and how it was potentially conceived via a phone call from a hacker who posed as an MGM user, called the IT helpdesk and asked for a password reset ...
There are so many processes and procedures that we must now implement to minimise the chances and opportunities for a threat actor!
The person on the phone knew enough about the MGM systems to be able to manipulate a conversation with the helpdesk, which in itself is alarming as to how that information was gained in the first instance.
"This is called social engineering!"
There are so many processes and procedures that we must now implement to minimise the chances and opportunities for a threat actor to plant malicious software or a ransomware program into systems, not forgetting your cloud-based application servers.
Don't be fooled into thinking that just because your systems are on AWS, Azure, HP Cloud, or Google they are safe from being encrypted by hackers. If you let people into your local systems, somewhere in your configuration will be the links and access details to your cloud-based data. If you do not lock these down with encrypted storage and decent passwords, then it is as good as not locking your doors at night.
Phishing, Vishing and Text Messages are now so commonplace in terms of threat actors trying to gain access to data and bank accounts that I cannot stress enough caution to you all. Your people need to have constant training and your IT provider may not have the skill set to deliver the messages as they may be too busy fire-fighting on a practical level to lock down your systems.
Also, from a cyber essentials point of view, your IT provider cannot be allowed to 'mark their own homework'. At least once a year you should have a network review by an external body and get penetration and phishing tests applied to your networks!
The third test that needs to be checked on a regular basis is that your backup files are actually backed up and that you can run from these in the event of a disaster. If your main database does get hacked and encrypted by a Ransomware attack, can your backup systems run without the risk of being infected with malware or ransomware?
With VoIP phones and, in the main, all other essential products moving to Internet Protocol (IP) based hardware, are you securing your networks and using some type of segregation such as VLANS?
Setting up networks is now more complex than ever and you need to ensure that your IT/Technology partner is up-to-date with the latest methods to minimise the risk of any threat actors gaining access to your company's in-house or cloud-based systems.
"Keep your business as safe as possible!"
Over 70% of businesses fold within two years of a major disaster as data is not backed up effectively and very often, non-existent as the back-ups have not been completed nor tested on a regular basis.
Find a good independent consultant who knows the market place and they will be able to advise you as to who the movers and shakers are in the IT arena.
Until next time ...
PRITESH GANATRA
Would you like to know more?
If anything I've written in this blog post resonates with you and you'd like to discover more about cyber awareness and training for you and your team, it may be a great idea to give me a call on 01604 926100 or take a look at my website which you can find by clicking here.
The word 'Technology' has too many connotations in today's world!
Where do we start? Simple terms like 'IT' and 'Telecoms'? or terms that appear NOT to have an actual meaning at all!, e.g. 'Internet of Things (IoT).
Technology also encompasses specialist products and services like 'Rugged' and 'Tough' android devices, Lone Worker Software, panic alarm devices, smart energy devices, low energy lighting, credit card terminal (PCI DSS) security, indoor/ outdoor Wi-Fi systems, Ultrafast Gigabit internet connectivity, access control systems, industrial IoT circuit controllers.
BTS UK can consult from simple solutions to the most complex, provide some of the products through a wholesale channel, bring together a multi-disciplined 'Task Force' to deliver and implement complete Technology 'projects'.
I am your technology problem solver and I look forward to helping you.
No unauthorised use, duplication, distribution or modification to any original content contained within this blog is permitted without prior written permission of the author. All other trademarks and registered names are acknowledged.
