Posts

CIT Security Services Notification Updated July 9th 2021

CIT Security Services Notification

Updated July 9th 2021

The CIT Security team is sending an alert in regards to a new privilege Escalation “zero-day” vulnerability labeled as PrintNightmare in all Windows Server systems.

At this time there is not a patch available for this vulnerability however, it is possible to disable the print spooler service that is affected by this vulnerability until a patch can be made available from Microsoft. Once the official patch is released from Microsoft it will be approved for installation for CIT managed customers. Managed customers who wish to have the print spooler service-disabled may also make this request to the CIT Services Team

July 9th update:

As a follow-up to our previous security alert regarding the Microsoft privilege escalation zero-day vulnerability labeled as PrintNightmare, Microsoft released an emergency patch which CIT has released effective immediately. All customers that receive CIT patching will receive this patch cycle. If you have any issues or concerns, please reach out to the CIT Support desk at support@cit-net.com or 651.255.5799

CIT Security Update July 2021

Over the last several months there has been a significant increase in attacks on the critical infrastructure of the United States. These attacks include, but are not limited to, attacks on the Solarwinds and Kaseya products. Some attacks have been linked to “State-level” actors and others are still under investigation. The attacks we are addressing today are specifically “supply chain attacks”. Other recent examples of supply chain attacks include the Colonial Pipeline cyber attack and the attack on JBS S.A., a meat processing company. The Solarwinds and Kaseya events were both very serious; however, it is worth noting these are not new. Virtually no vendor, whether commercial or open-source, is immune to attack. As an example, Microsoft recently suffered an attack on their supply chain as well.

As a trusted partner, we at CIT wanted to take a few minutes to outline a broad scope of how we protect our company and work to secure our customers.

CIT has built its security program around the NIST 800-171 security framework. This framework was used to help us define our risks and build out a governance program designed to mitigate those risks.

The NIST framework includes five functions: Identify, Protect, Detect, Response, and Recover. A few high-level examples of what that includes are as follows:

Identify.

This is the core of our security program. Our security governance program includes assessments, gap analyses, security policies and procedures, change management processes, vendor management processes, and so on.

Protect.

This includes building both administrative and technical controls to protect data, identifiable information, and all company assets. Some tools that assist with this function include using multifactor authentication (MFA), limiting access to management interfaces, continuously reviewing and remediating vulnerabilities, and building out a cybersecurity training program.

Detect.

CIT uses several tools to help detect threats and anomalous behavior, including a SIEM solution, as well as an advanced detection and response toolset from Darktrace.

Response.

As mentioned above, CIT uses Darktrace as part of our autonomous response systems, as well as a Security Operations Center to review alerts and correlate data against known and unknown threats.

Recover.

CIT uses a robust backup and restoration toolset to ensure we can continue to provide service to customers, as well as ensure our operations are minimally impacted.

Last but not least, CIT uses a third party to audit our security program to the SOC 2 Type II compliance standard.

CIT also partners with several great resources, including CISA and the FBI, in addition to our vendors. While we do not use the Solarwinds or Kaseya products that were affected by the attacks, we do still use the lessons learned to improve our posture and response capabilities.

While we covered a good deal of CIT’s security program above, CIT has also been helping secure our customers by using these same core principles. For example, we include yearly security reviews, security training, vulnerability scans, and so on in our offerings. This is by design as we are purposely building a strong, secure core infrastructure and the foundation of a security program for our customers. While that is a great start, our customers are strongly encouraged to have detection and recovery processes and tools in place, such as Darktrace or endpoint detection and response (EDR) capabilities, as well as a secure, validated recovery solution, such as a Datto.

As mentioned, CIT uses Connectwise as our core toolset. Connectwise has put significant effort into improving its security posture. Most recently it has rolled out a security page to help be more transparent about its program and roadmaps.

Best,

Todd Sorg, CISO

The State of Malware in 2021

The State of Malware in 2021

You may have been hearing of a new term when discussing malware and ransomware known as Zero-Days.

Zero-day (or 0Day) vulnerabilities and exploits are the hardest kind of attack to detect, because it means the vulnerability, attack, or exploit has never been seen by any security company before they are seen in the wild. These kinds of attacks often have no patches, no workarounds or remediations, and very few rule-based security toolsets can detect them. Rule-based security toolsets are things like traditional antivirus you would run on individual devices, and a new study by WatchGuard Technologies shows these tools are no longer winning the fight against malware.

A few years back Zero-day malware represented only 30% of total detected malware. More recently that number has risen to the 50-60% mark and reviewing the most recent data on Q1 of 2021 shows an explosion of up to 74%!

That means if you are relying on rule-based antivirus to stop attacks, they are missing nearly 3 out of 4 attacks. Pattern-based malware detection is no longer sufficient in today’s world. New exploits, including file-less malware and living-off-the-land techniques, can bypass these toolsets.

With traditional antivirus is no longer sufficient, many companies are turning to the next generation of protection including endpoint detection and response (EDR), network detection and response (NDR), managed detection and response (MDR), and finally extended detection and response (XDR).

Here is a brief rundown of how each can be used to help protect your business:

  • EDR: Endpoint detection is different than traditional endpoint protection (EPP) because EPP solutions focus on preventing malware before it can execute. While this is a noble goal, with a miss rate of up to 74%, it is no longer sufficient. EDR assumes that some malware will get by despite our best intentions and so instead it focuses on detecting and responding to malware that can make it onto your systems, despite your best efforts.
  • NDR: Network detection and response looks at the whole picture of how the individual endpoints on your network communicate with each other as well as with network servers to focus on unusual activity or signs of lateral movement. Often combined with machine learning, this kind of protection provides full network insight and analysis to identify threats.
  • MDR: Managed detection and response is ideal for companies that want to outsource the management of their security toolsets to experts on an as-needed basis. The focus with these tools is the additional benefits of a strong security team without the full-time security team price.
  • XDR: Combining the above toolsets with not just machine learning but artificial intelligence gets us to eXtended detection and response tools. Especially when combined with a Security Information Events Management (SIEM) tool, XDR provides the most comprehensive security available. Visibility includes endpoints, servers, network traffic, and then XDR adds machine learning and artificial intelligence to respond quickly and effectively to any threat seen, both on endpoints and the network itself.

Just as your business continues to grow and mature, the cyber threats around us are also continuing to see growth. Adding detection and response to your line of defenses can increase your peace of mind that your company has reduced their attack surface and increased your ability to detect, respond, and remediate any issues that might come up.

https://cybersecurity.osu.edu/cybersecurity-you/avoid-threats/what-zero-day-exploit

https://www.darkreading.com/vulnerabilities—threats/74–of-q1-malware-was-undetectable-via-signature-based-tools/d/d-id/1341394

qawawhttps://www.infradata.com/news-blog/edr-ndr-xdr-mdr/

Amazon Prime Day Phishing Scams

Amazon Prime Day Phishing Scams

Amazon Prime Day Phishing Scams

Ah, Prime day. The glorious feeling of scoring deals (tablets, air fryers, and clothes, oh my!). As the deals heat up for us, so do the cybersecurity threats.

In the last 30 days, over 2300 new domains were registered about Amazon, a 10% increase from the previous Amazon Prime Day, where the majority now are either malicious or suspicious

Checkpoint

If you get any Prime Day offers in email, your phone or social media remember these three things:

  1. Look out for any misspellings on any emails, ads, and domain names. Start on Amazon.com.
  2. If you’re asked to provide additional details (e.g. your birthday or social security number) it is most likely a scam.
  3. Make sure to have a strong password created before Amazon Prime Day, and use a Credit Card instead of a Debit Card.

Last year during Amazon Prime Day, Checkpoint noted that 20% of domains registered containing the words “Amazon” and “Prime” that were malicious. This year, almost half of the domains were seen as malicious with new related domains being 32% malicious sites. 

With phishing techniques constantly getting more innovative, there are newer and easier ways for victims who are shopping for the latest deals to fall for these types of attacks. Below is an example researchers at Checkpoint found: 

Source: Checkpoint

Cyber criminals have created hundreds of fake domains with the words “Amazon” and “Prime” so watch out for scams during these two days!

Cybersecurity for the Small Business

Cybersecurity for the Small Business

Cybersecurity for the Small Business

Last year in the United States there were 65,000 ransomware attacks- over 7 per hour- and experts say it will most likely get worse before it gets better. In a study conducted in 2020 by Cloudwards, over 51% of businesses were hit by ransomware in 2020, and the estimate for 2021 is every 11 seconds a company will get hit.

The White House warned American businesses last week they should be taking urgent security measures to protect against these attacks, as most companies are ill-equipped to afford the disruption to their business or paying the ransom outright. 2019 saw a sharp increase in the cost of a ransomware attack, up from $6,000 in 2018 to $84,000 by the end of the year. These costs neglect to factor in things like lost opportunities, reduced production, rebuilding infrastructure after an attack, and loss of reputation.

With ransomware impacting large companies and government resources, what are smaller businesses to do to help protect themselves? All is not lost and there are several ways small to medium-sized businesses can help secure their networks.

Use a VPN and review firewall rules

Your firewall is the first line of defense to your network, make sure your company is using a VPN client for remote connections and review the access rules at minimum once a year to ensure only desired traffic is allowed in.

Apply multi-factor authentication whenever possible

Multifactor (MFA) or two-factor (2FA) authentication takes passwords to the next level. Instead of just relying on a username and password (something you know), now a token (something you have) is also applied to accounts to keep them safe from phishing or brute-force attacks. MFA or 2FA should be applied everywhere possible, including your VPN and email accounts.

Keep systems up to date

Apply vendor patches as soon as they are released and have been tested to prevent recent exploits from targeting your systems. Maintain a regular patch cycle and always apply emergent releases as soon as feasibly possible.

Backup systems off-site

One tactic ransomware threat actors will deploy is deleting backups before encrypting files. Having daily backups that are stored off-site and encrypted with a password not used anywhere else on the network can help reduce that possibility. Be sure to check backups regularly to ensure you could revert to them if needed.

Get additional visibility

You can’t protect what you can’t detect. Having a security toolset like a Security Information and Event Management (SIEM) solution provides additional visibility and can aggregate information from network devices such as firewalls, switches, endpoint detection, and cloud activity in a single pane of glass that is easy to review. A basic SIEM solution doesn’t have to break the bank but can offer valuable visibility into how all the parts and pieces of the network work together and highlight if and when a breakdown occurs.

Many companies have been increasingly turning to cyber insurance to help with incidents -but many industry experts are now discouraging payments as they only fuel further nefarious behavior. One insurance company in France, among Europe’s top five insurers, has stated they will no longer reimburse their customers for extortion payments made to ransomware criminals.

Make sure you secure your network to prevent your company from becoming a statistic, and please do not hesitate to reach out if you need any assistance. We offer a no-cost Gap Analysis to help you review your current state of business as well as offer suggestions as to what your company is doing right and what your company could improve on to increase your security posture and stance.

https://www.npr.org/2021/06/09/1004684788/u-s-suffers-over-7-ransomware-attacks-an-hour-its-now-a-national-security-risk

https://www.insurancejournal.com/news/international/2021/05/09/613255.htm

How Can I Recover Lost Data? Your Guide to Data Recovery

How Can I Recover Lost Data? Your Guide to Data Recovery

We’ve all been there – the moment you hit delete and the panic sets in. Data protection is a key component of IT and can be simple with the right solution. Many times the focus of the protection is to just have a backup but the real focus should be on the ability to recover. Having a copy of your data without the ability to restore it in the time required is often not discovered until it is too late. 

Your data recovery plan should start with a solution that includes:

  1. Your recovery time (how fast do I need to back up and running).
  2. Your recovery point (how far back in time can the business afford to lose data).
  3. The ability and is tested on an annual basis.  
  4. The solution should also take into account different types of recovery from a single file recovery, entire system recovery, or entire site recovery.  

Solutions are available that can provide reliable backups that also include offsite replication and resources that allow for recovery both locally and remotely. 

CIT is Blue Diamond Partner Status with Datto

Providing Business Computer Backup for Minnesota and Wisconsin

WHY DOES CIT PARTNER WITH DATTO?

Together with Datto, we provide Total Data Protection from IT disasters, human error, and malicious activity — making your business invincible, secure, and instantly restorable at any time.

Datto gives you complete backup, recovery, and business continuity solutions that are built for businesses of every size, regardless of infrastructure. Datto products are built specifically for the Channel with scalable storage options, predictable cloud pricing, and 24/7/365 support.

Datto products feature award-winning technology, includingDatto’s purpose-built cloud, Instant Virtualization, Inverse Chain Technology™, Screenshot Backup Verification™, and End-to-End Encryption.

Datto defines innovation, once again.

WHAT ARE THE BENEFITS OF CIT BEING A DATTO BLUE DIAMOND PARTNER FOR YOUR BUSINESS?

You can expect:

  • Priority handling of support cases
  • Opportunity for more efficient ticket resolution
  • Advanced customer experience with CIT connected to a dedicated Datto Blue Diamond Support Team

Darktrace Partner of the Year 2020

darktrace and cit security solutions

Darktrace Partner of the Year 2020

Why Does CIT Partner with Darktrace as a Cybersecurity Solution?

“Darktrace provides us peace of mind, allowing us to better sleep at night because we know that our customers and our own internal systems are protected. With Darktrace Antigena constantly running in the background—on nights, weekends, and holidays—we are secured against even the nastiest zero day exploits.”

– Todd Sorg, CISO & vCIO, CIT

What is Darktrace?

World leaders in Autonomous Cyber AI

The Darktrace Immune System is the world’s leading autonomous cyber defense platform. Its award-winning Cyber AI protects your workforce and data from sophisticated attackers, by detecting, investigating, and responding to cyber-threats in real-time — wherever they strike

Click here to learn more about Cybersecurity Solutions!

2021 Password Tips

2021 Password Best Practices

Passwords – Is mine strong enough?  How do I know?  

Every time I write a password article I feel as if this subject has already been done to death by me and others.  But I always get more positive feedback on this subject than others I consider more interesting, so we offer the following suggestions:

  • Use different passwords for personal and work systems.  That way if you are cracked one place, the other is still secure.
  • If you write down and save your passwords, you are better off using paper or a notebook than recording them in an Excel spreadsheet.  If your computer is hacked, that spreadsheet is toast. Store your notebook were it is not easily accessed by someone else.
  • Change your passwords periodically.  That way if yours are stolen off a web server and sold on a list somewhere, they won’t be useful to the bad guys for very long.
  • Longer passwords are better because most passwords are solved using computers and software that makes millions of guesses per second.  At ten or more characters, it would take a machine over a hundred years to solve using current techniques.
  • Use a different password for every device or website
  • Use multi-factor authentication (MFA) whenever it is available.
  • Avoid creating or using shared accounts.  If you don’t share your toothbrush with this person, why would you share your login credentials?
  • Always change the default password when setting up new devices.  Default user names and passwords are easily found online, on the manufacturer’s support site as well as websites that aggregate this information in a single list.  (Check out www.defaultpassword.com)

While that may not be all of the best ideas, it is certainly enough of them.  If you were only going to pick one of them, choose the last one.

Pop Quiz: How Secure is Your Student Educational Data?

Pop Quiz: How Secure is Your Student Educational Data?

The dangers that cyber threats pose to our children have never been greater. For the schools that protect our children, and who store our student’s data, there is no child’s play in keeping our kids safe from cyber threats. Take this quick test below to see if your school and education networks are current with the IT innovations that fight today’s sophisticated cyber threats.

Does Your School Budget Allow for Proper Cybersecurity?

Education is no stranger to tight budgets. Essential programs and courses are routinely cut from cash strapped institutions. Indeed, one of the main challenges to IT administrators in education is having an adequate budget to meet the pressing and emerging cybersecurity issues in school districts.
But as education data systems become increasingly integrated with cloud computing and storage, your school needs the very best in current IT protection. When you’re counting every expense, you need cybersecurity that exceeds your expectations and performs at a fraction of what other vendors charge.

Does Your School Have Proper Identity Security?

It might be hard to imagine why anyone would want to steal your student’s identification. But when you consider how few minors have a credit file, their ID can be a “clean slate” for anyone needing a clean credit report to open utility accounts, credit cards or to take out loans.

Because parents have never before had to monitor their minor’s credit report—and children cannot be expected to monitor their own credit history—the actions of criminals who use a child’s identity can go undetected for a very long time. This makes schools a gold mine for hackers.

Hacking of schools and education facilities is on the rise, the steps you take to protect your student and their ID are the first steps to combating the several creative tactics hackers use to gain access to your network.

Are You Paying Attention to Your Student’s Data?

It is not enough to count on FERPA to monitor your IT security systems and ensure they are up to standard. Recently, major loopholes have been discovered in FERPA which allow EDTech companies to act as school officials and mine and collect your student’s data—data which is then vulnerable to third party hackers.

Make sure your parents and educators are informed on student data disclosure forms, Acceptable Use Policies (AUPs), and opt-out practices. When parents and children know their rights and the limits of EDTech in their school or district, they are able to make wise decisions based on that information.

Are Your Tech Devices Secure?

There is no question that tech devices elevate learning and help students prepare for the technological innovations they’ll encounter beyond education. This is why more than a third of U.S. students are using school issued devices.

Consider the extensive opportunities that allow hackers to access a school’s network through its devices. Not only can it be impossible to chase after the massive input from so many devices, but young students are often prime targets for hackers since they may not be familiar with the many clever tactics hackers use to gain access to sensitive information. That’s why it is more important than ever to make sure the network connected to your school’s devices is secure.

Can Your Student’s Infiltrate Your Own School Security System?

Historically, curious and tech-savvy students have always pushed the ethical limits of what educators deem acceptable use. But with all the information that can be found on integrated district networks, kids have never had more ways to access and exploit the sensitive information of their peers.

Whether it’s for financial gain, to carry out personal grudges, or even boredom, many students are proving highly capable at navigating sophisticated education security systems. Smart schools are not taking chances and, instead, opting for top-notch network security to eliminate threats from outside, and from within.

Student Data Security May Be the Smartest Move

How did you do? If you answered ‘maybe’ to any of these topics, give CIT a call today. Let us know how we can help you ace this test with the very best in education data security. With CIT on your side, you can rest assured that your network is as secure as you keep your students.