When thinking about end-users and IT Security two related things leap to mind; the first is an early 2000s gameshow, the second an adage about chain strength. Both serve to say the same thing, when it comes to network security, your end-users ARE your weakest link.
Regardless of the amount of money spent on firewalls, intrusion detection, log management, compliance, and network vulnerability testing, security surveys are unanimous that end-user actions are directly responsible for more than 80% of global security breaches. Whether direct or indirect, intentional or accidental, end-users are reliable only in that they expose their employers to massive security risks. Because of this, diligence is required in making sure your users understand the corporate risks inherent to a data breach, and what they as individuals and as a collective can do to prevent such unauthorized access.
End-user focused security services have become of paramount concern in the age of the cloud and remote-worker, there are simply too many paths open for an industrious hacker to exploit. Computer Integrated Services works with clients to help identify the key users and topics of concern, then conducts end-user security seminars, focused on education and awareness of best practices for security.
“But a lot of my users are Millennials, they were born online, they know this stuff”
While that may be true of an increasing number of companies, the truth is that a large portion of the workforce is still comprised of the opposite end of the user spectrum, aging users who are not generally inclined to keep up with changes in technology. And, often, these are your power users, key executives with the most access and the most privileged information.
The first step CIS’ elite Network Security Team recommends is to conduct end-user testing from several vectors. It is critical to identify potentially troublesome users in your environment. This identification allows CIS and our client’s IT staff to provide guidance to specific users, as well as attempt to establish technology barriers to help protect them.
Testing also serves as a guideline for focusing the development of CIS’ Security Seminar program, a customized end-user focused presentation, or series of presentations, from CIS’ Chief Information Security Officer. Training seminars are conducted in groups of users, typically coordinated by need and level of capability, to allow for focused learning, as well as efficient use of time.
Seminar material varies from client to client, depending on the needs of each specific user base, as well as the continual emergence of new network security threats. Seminars are typically best when they are engaging and interactive, so CIS always encourages questions within the covered topics. Follow-up materials such as best-practices reminders, written tests to review and reinforce the subject matter covered, and follow-up one-on-one sessions are also typically provided on an as-needed basis.
Topics covered will typically include:
Regularly covering these topics, and more, and staying diligent about end-user education is the only path toward real security. Users are notoriously demanding of any IT Staff, it’s time to be demanding back; IT Security should be every employee’s concern.
For further details, or to schedule a CIS Security Seminar, please contact us today.
Computer Integrated Services’ Network Security Team is monitoring the following…
At 12:37AM EST on October 16th, 2017, ARS Technica disclosed to the World a “new” flaw in a wireless protocol (communication language). They call it KRACK (“Key Reinstallation Attacks”). This vulnerability theoretically makes it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.
This issue potentially affects any device using WPA2 (Wi-Fi Protected Access II). To quote one report, “Both Windows and iOS aren’t believed to be vulnerable to the most effective attacks. Linux and Android appear to be more susceptible.”
CIS is monitoring this issue on behalf of our clients, and will provide patches or further advisories when they are available from manufacturers. At the time of this writing, the attack has NOT been reported to have stolen any information. If you have specific concerns about this issue, please contact the CIS Service and Support Desk at firstname.lastname@example.org.
CIS and Micro Focus, global leaders in Identity and Access Governance, are teaming up on October 5th to bring an exciting engaging dinner event to C-Level executives interested in learning more about the organizations and their cutting-edge Identity solution. The event will feature a private dinner and discussion with Dan Shmitt, Chief Information Officer, Major League Baseball (MLB) Advanced Media. Mr. Shmitt will share his experiences working with both organizations, and host a round-table discussion focused on the many advantages gained from implementing the solution. Highlights will include:
The event will take place at a famous New York City steakhouse, and is by invitation only. If you are interested in attending, please contact your CIS rep, or email us and someone will get right back to you.
To celebrate our many years of partnership, and reward our treasured mutual clients with a top-end dinner and night out, CIS and ShoreTel are pleased to announce we will be hosting an exclusive Client Appreciation Dinner on the evening of September 27th. The Italian restaurant selected for the event is among the most well-reviewed in New York City, and is sure to provide a first-class experience for everyone in attendance. We are doing everything possible to touch base with personal invitations, but if you are a CIS or ShoreTel client who has not heard from us, and would like to attend, please contact your CIS rep today!
Well, probably not, but that could largely be due only to the fact that the KGB was disbanded in 1991. The current iteration of Russia’s State Security organization is known as the Federal Security Service of the Russian Federation, or FSB; this is the organization alleged to be utilizing ties to Kaspersky Lab for nefarious purposes.
Kaspersky Lab is the 4th most widely adopted anti-virus platform in the world, and holds the largest market share of European cyber-security manufacturers. With over 400 million users added since the company was founded in 1997, Kaspersky is a very large player in the global security space. Which makes dire warnings about the company’s product line, such as those issued by the U.S. Cybersecurity Coordinator, Rob Joyce, at the end of August, extremely concerning.
“I worry that as a nation state Russia really hasn’t done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia.” – Rob Joyce, U.S. Cybersecurity Coordinator
Following Joyce’s commentary about the security of Russian companies, he continued to say that he would not recommend Kaspersky Lab products to family and friends, further confirming an official stance by the U.S. government that Kaspersky products are not to be trusted.
Suspicions about Kaspersky Lab have been abundant in tech and government communities for several years now, persisting despite strong denials by Kaspersky Lab and its founder, Eugene Kaspersky. Kaspersky, acting as CEO of the company, has gone so far as to offer source code for his security products for independent review; an offer which has yet to be accepted by any government organization.
A great deal of the suspicion in this case is directed at Kaspersky himself. A member of Russia’s elite, Kaspersky was educated in a KGB-connected University, and maintains many connections to high-profile figures in Russian government and national industry. The Russian government, and this community of oligarchs, has repeatedly and publicly made attempts to exploit Russian companies for their own benefit, both legally and illegally. There is a growing fear that even if Kaspersky Lab is not willingly cooperating with the Russian government, they may be otherwise compromised.
Recent news reports have confirmed that, throughout the summer, the United States Federal Bureau of Investigation has been meeting with U.S. energy and technology sector companies, to quietly advise them to remove all Kaspersky Lab products from their systems. Additionally, all products from Kaspersky Lab will no longer be utilized by any branch of the U.S. Federal Government. This is an extremely aggressive step which we believe the government would not have taken without careful consideration, as it has potentially broad impact.
At this point, CIS is recommending a highly cautious approach to this situation, and advising our clients to follow the lead of the U.S. Government, and begin to remove Kaspersky Lab products from any critical systems. Additionally, we advise that any current Kaspersky Lab clients either conduct a Network Vulnerability Assessment, or, at minimum, run network security scanning tools. Our team of security experts is available to discuss your requirements at any time, and make recommendations for alternate technology from more trustworthy organizations. If you would like to coordinate a call with our team, please contact your CIS rep today.
Running the entire IT Operation for even the smallest business can be a tremendous challenge. Between keeping up with new technologies and threats that emerge on almost a daily basis, to handling licensing and budgeting, to squeezing extra life out of stubborn aging equipment, to handling an end-user community that may be “less than computer-savvy,” one wonders where the hours in the day for sleep can be found. And, in our experience, this is frequently not the only job the “Computer Person” has at their organization! Many people in a solo support role have ended up there simply through taking on various technology-related tasks. As their company grew over time, their responsibilities increased to the point where they are doing at least two full-time jobs.
CIS has worked with the small and medium sized business community throughout the company’s 22-year history. The organization provides both monthly managed IT services as well as IT support blocks, both of which lead to directly working with many individuals who are that sole “IT Person” for their organization. Through this experience we’ve come to recognize certain common challenges and things left undone from client to client. Typically these are issues that a larger staff, or a support organization, can handle as priority items. For the small and medium sized IT person, they can typically be found on the “if I had more time” list.
The following suggestions are 25 quick recommendations we’ve provided to countless Small and Medium Sized Businesses to improve Security, Policy, Administration, and Stability. CIS can provide direct support for any or all of these efforts, and many more, with an ongoing managed services agreement, or can provide staff augmentation and consultative services for clients that prefer to handle things mostly internally.
To get us warmed up, here are a few easy logical IT practices that everyone should follow
Unified Security Management provides a “single pane of glass” view into your organization’s network security, asset inventory, vulnerability, intrusion detection, behavior monitoring, SIEM, and log management, dramatically reducing time-consuming tasks such as log reviews, and condensing everything into easily understood reports that can be immediately acted upon.
This may seem obvious, but the vast majority of devices end up in “set and forget” mode, leaving them vulnerable to brute-force and phishing attacks, as well as breach from a current or former employee. Where applicable, have passwords that are a phrase, the more complex but memorable the better.
A thought straight from the oft-quoted The Art of War, if you don’t understand your “enemy” – in this case hackers of all types as well as, unfortunately, internal threats – you cannot hope to defeat them. If you approach your layering of network security not from an internal place of comfort, but from an external place of seeking access, you will be on your way to thinking like the enemy.
Nobody knows everything, not even our team, but sometimes the hardest thing to do can be to ask for help. We’ll just leave this here: Contact a CIS Rep Today
A well-documented environment is a well-protected environment. This is a crucial but often forgotten step in the disaster recovery planning process. Backups and the ability to spin up virtual or even physical servers are great, but good documentation is the roadmap on how to get from hopelessly lost back to functionality.
What would happen if your primary production server crashed? What would happen if the office lost power for a week? If you can answer basic questions like these, you’re on the way toward disaster readiness.
Have a backup. Use your backup. TEST your backup. Sending your data offsite is a great start, but how long does it take to bring it back, stand up a new server, and get everything running? Know your Recovery Point Objective (RPO) and Recovery Time Objective (RTO), the point in time to which your business must recover, and the time it can tolerate it taking to get there. Be sure that you have full image based backups. If there is anything important, have a backup. Have at least one backup offsite.
As Harold Melvin and the Blue Notes sang, “If you don’t know me by now…”. We could list endless examples of company breaches based on one user clicking a bogus link in an unknown email, corporate messages landing in the News, or payments being sent to phony vendors based on invoices that “looked real to me.” Educating yourself and your end users about the looming threat posed by everyday email is critical.
CIS recommends running a network vulnerability assessment on at least a yearly basis, if not quarterly. Our team’s offers NVAs that are geared toward the Small and Medium Sized Business, designed specifically for affordability and effectiveness. Additional security can be gained by running more regular reports with tools such as Network Detective or Nessus. Management reviews of security reports should be undertaken on at least an annual basis, to provide visibility for issues potentially impacting compliance and finances.
A wall with a hole in it is not a wall at all.
Stronger encryption standards yield more secure communications. If you can use the same encryption as a federal agency, why wouldn’t you?
Limiting traffic is a great way to manage bandwidth as well as security, only allow business-related traffic to flow.
Exposing the network to remote access and control can be a dangerous proposition, unless it is well implemented. Restrict access to only those who absolutely need these services. Putting SSH behind a VPN provides an additional layer of security.
Hackers are knocking on the virtual door every day, it’s best to keep an eye on them and monitor any suspicious traffic. If patterns emerge, it’s best to consider if attempts are random or targeted and more nefarious.
Administration & Policy
This is the easiest path into any environment. If someone looking to breach your environment finds an end of life OS, it’s Game Over. End of Life systems receive no security patches, no updates, and no support from vendors, leaving the business at risk. Even a system as recent as Windows 7 is already in “extended support” and should be updated.
Patching is so simple and so frequent that it has become a mundane part of the routine, one that’s easy to ignore or postpone for something more interesting. Unfortunately, patching is the one surefire way to stay up to date with known vulnerabilities. CIS strongly recommends monthly patch review and deployment; systems that were patched on even a quarterly basis were impacted by WannaCry. Any device that has an IP address on the network is vulnerable; maintain the latest patches and updates to stay a step ahead.
You’re not President Skroob, the password for your network – or your luggage – should not be 1-2-3-4-5! Don’t make it easy on someone looking to breach your environment, as a standard practice and written policy, change standard or default usernames and passwords to something non-standard. The frequency with which we see “admin/admin” credentials is astounding.
Basic security administration can be accomplished with simple policies such as these. If an employee is leaving their workstation for 30 seconds for coffee refill, typically, it is fine to leave their computer unlocked, but if they’re gone for 15 minutes? An open computer leaves both data and privilege open to anyone who happens to pass by. Rotating passwords, no matter how much users may grumble, is simply basic entry-level security.
SSL, or Secure Sockets Layer, is the current standard for secure access between web browsers and web servers. Http is antiquated and no longer secure, it must be replaced.
Typically database information is considered critical company data, it is where you store information about clients, projects, and vendors. Most organizations protect database information while it is at rest by deploying encryption, however as the workforce changes, more users access database information remotely. If a user’s application exists outside of the server on which the database resides, the data will be in transit while it travels to the user. It is critical that this communication maintain the same level of encryption as when the database is at rest.
The best approach to access is to provide a Least Privilege model, giving users only the access they need to do their jobs, and nothing more. No user should have access to systems they have no need for, and no users should have access in overlapping systems such as accounts payable and accounts receivable. Separation of Duties reviews should be conducted on a regular basis and enforced via policy and automation.
Tracking what workflows reside on what servers is critical in supporting an environment. A proper assessment of the risk to any critical business application must include thoughts about the hardware or server environment in which it resides. As hardware goes end of life, tremendous benefits can be reaped from migrating its applications to cloud-based virtual servers.
Documenting things makes process easier to implement. Any documentation of passwords should be stored safely.
Active Directory is the backbone of your network environment, it should be kept up to date and healthy. CIS recommends a Active Directory management utilities such as DRA from Micro Focus, to help with regular AD administration.
Monitoring server thresholds and utilization, network equipment online status and access attempts, and many more things going on in any environment is a key component of successful management. Without monitoring and the associated alerts, we would constantly be putting out fires, rather than handling things proactively.
Nobody likes upgrades or changes to back-end infrastructure that, on a typical day, just works. Such is the life of the server. Server operating systems are typically a “quoset and forget,”
with the knowledge that this group of servers runs on that flavor of Windows, which will be upgraded at the same time as the hardware. However, there are compelling reasons to consider an upgrade to Windows Server 2016.
The MOST pressing concern for most IT Departments we work with is Security.
One of the primary vulnerabilities CIS’ elite Security Team uncovers on a regular basis is the continued use of unpatched, unsupported, aging software and operating systems. Critical vulnerabilities emerge rapidly as products age out of their support model. If you are currently running Windows 2003 at the server or Windows XP at the desktop; please stop reading and make the change, we will wait. It’s that important. For more “current” users who are running Windows 2008 R2, or even Windows 2012, we’d like to ask you to look at those years, and consider where you were at the time. Now that we have a real feel for how long those products have truly been in the environment, we can understand the inherent security risk in areas like Access Controls and Privileges. Upgrading Windows provides a chance to both utilize the new tools, such as JEA (Just Enough Access) utilities, and to utilize the opportunity to review who has access to what, and why, across your environment.
Providing a more efficient and reliable platform for applications
At long last, Microsoft has decided to adopt a Container model in their Windows Server product. With a stated goal of making Windows 2016 a cross-platform operating system for a seamless Hybrid Cloud and On-Premises model, Containers are a hugely important new development in Windows Server 2016.
The idea behind containers is to “park” or “Dock” processes that typically chew on memory resources, segregating them from other processes in a bubble of sorts. This frees all the other applications to consume required memory and resources, functioning more reliably and efficiently either locally or remotely. Windows Server 2016 actually includes two versions of Containers, a standard Docker and a customized Hyper-V version.
Ok, you probably read about or used 10 products already today that have nano in their name, but this one may be the most interesting innovation of all. Included with Windows 2016, under the hood, is Microsoft’s new small footprint Operating System, known as Nano Server. Nano server utilizes significantly fewer resources, currently able to run on 512MB of disk space and barely 300MB of RAM, and yields a staggering 92% fewer critical bulletins and 80% fewer reboots than typical Windows Server.
Nano Server is not a typical Operating System, it does not have a GUI or command line, it is intended entirely as infrastructure, to work with Hyper-V and in the Hybrid Cloud or Native-Cloud application space. A single implementation of Nano Server with 1TB of RAM today can run 1,000 Virtual instances of Nano Server, an impressive feat on which Microsoft hopes to dramatically improve. As Microsoft puts it, Windows 2016 is here to Virtualize any workload, without exception.
We don’t work in the cloud, should we care? YES!
We get it, the cloud isn’t for everyone. It can be a daunting effort just getting there, and sometimes the learning curve for end users can be too steep. This is why Microsoft made certain to pack Windows Server 2016 with On-Premises focused enhancements as well. A primary change is that Windows Server 2016 includes up to 24 TB of RAM to run the resource-intensive applications used by most businesses. Significant changes have been made to Hyper-V’s encryption capabilities, access via PowerShell, and the ease with which modification of memory and network configurations are performed.
All of these changes are aimed at delivering a better experience to clients not ready to move to the cloud or hybrid cloud, while providing a platform from which to make, first, the step to Hybrid, followed by an enthusiastic leap to Cloud!
Server power equals business capability
Servers are the underappreciated backbone of a business. The more powerful the server the more stable and better performing it will be. By upgrading to Windows Server 2016, your end users will get the best possible experience while running their applications and workloads, and you will gain significant scalability and flexibility to meet the changing needs of your company’s growing dynamic business.
Interested? Contact your CIS rep today!
CIS has helped clients of all shapes and sizes restructure their Windows Server environment, through most of the previous iterations of Windows. The CIS team has unrivaled experience providing customized upgrade and migration experiences, utilizing proprietary tools and approaches, to ensure success. CIS can provide consultation as well as hands-on integration and implementation work for any On-Premises, Hybrid, or Cloud Server Windows environment, get in touch with us today to start the discussion!
Throughout CIS’ 14-year history with ShoreTel, both organizations have undergone significant change, typically to mutual benefit. As a ShoreTel Premier Gold Partner, CIS has been uniquely positioned to provide elite services to clients throughout the New York region, and all across the country. CIS designs, implements, configures, and supports ShoreTel IP telephony solutions of all types, including on-premises, cloud, and hybrid offerings.
On July 27th, 2017, an announcement was made that rival manufacturer Mitel has made financial arrangements to acquire ShoreTel, with the transaction expected to close during Q3 of 2017. The new combined organization will immediately become the 2nd largest in the Unified Communications as a Service (UCaaS) market.
Mitel has already released statements to existing ShoreTel clients and partners, fully committing to the continued support and availability of the product line. Mitel paid a 28% premium on ShoreTel’s July 26th closing price, a clear sign that they are acquiring the line in order to bring together technology from both organizations, enhancing and blending both product lines.
With a very large enterprise presence throughout Europe, the Middle East, and Africa, Mitel has a reputation for leading industry consolidation in the Unified Communications space. As such, they are fully expected to embrace the ShoreTel Connect and ShoreTel Summit CPaaS platforms, enhancing the product road-map and hardware portfolio available to existing ShoreTel customers.
Mitel’s next-generation platform allows an existing telephony call-control system to remain in place, working with new Mitel equipment, software APIs, and Cloud Applications. This means that existing customer investments in ShoreTel technology will be maintained, with NO requirement for upgrades or replacements.
The recently released July 2017 Gartner Unified Communications report ranked Mitel as a “Leader” in the Magic Quadrant. This ranking means that Mitel is a company that analysts consider to be on a path to success, earning the label “Industry Visionary” in the write-up. The acquisition of ShoreTel will only enhance the company’s strength and capability, through adding ShoreTel’s USA market share the new group will have annual sales reaching $1.3 billion, and will employ more than 4,000 people.
CIS is currently in the process of working with the Mitel Partner Team, ensuring a smooth transition for all clients’ administrative needs, manufacturer support, and equipment. The CIS team is fully capable of installing, configuring, customizing, and supporting Mitel systems, and will work with Mitel to continue providing clients with the highest levels of support and technological capability. CIS reps will be conducting awareness sessions with existing ShoreTel clients, either as a group or in a one-on-one format, and this website will continue to provide information as the acquisition progresses.
This is truly an exciting development for ShoreTel and their Client-Partner ecosystem. Mitel’s commitment to ShoreTel’s existing technology and relationships was CIS’ paramount concern as the deal was announced, and they quickly allayed any concerns. CIS has absolute confidence that the combined organizations will emerge as a titan in the Unified Communications industry, delivering the highest levels of service and capability to clients of all shapes and sizes, all around the world.
The days of “the cloud” being a nebulous industry buzzword are over. There are clear winners in the cloud services game and they are, as anyone would expect, Microsoft, Google, and Amazon. Amazon AWS and Microsoft Azure are leading the field in cloud based server space, which is being utilized for everything from development to production to disaster recovery needs. In the end-user facing arena, Microsoft’s Office 365 is far outpacing its rivals, with Google Apps a distant second, staking out territory primarily in the Not-for-Profit and Education markets.
To date, CIS has migrated over 250,000 client users or “seats” to the Microsoft cloud. Typically email and collaboration services are the proverbial toe that clients dip in the water, testing if the cloud is really the right fit for their business, but the journey to the cloud shouldn’t stop there; email is just the beginning!
It has become imperative that any organization whose physical or virtual data infrastructure relies upon aging hardware strongly consider the Microsoft Azure or Amazon AWS when planning the next evolution of the server room or IT closet. Myriad benefits can be reaped from migrating critical company data away from antiquated slow insecure hardware that requires on-site maintenance and care, as well as an expensive monthly outlay for power, cooling, real estate, and other such costs; to a modern, secure, reliable, disaster-proof, mobile platform.
Imagine the following scenario:
You manage IT for a 50-employee accounting firm in Manhattan. As anyone in that position knows, in this context, “manage” means “completely run everything on a limited budget, with limited tolerance for IT requests.” This is as tough a role as there is in the IT world. With few dollars to spend, every decision becomes critical, and the need to squeeze extra life out of each product purchase is paramount; which is why you’re now running 10 critical production servers in a virtual environment hosted on eight year old non-warrantied server hardware with a similarly aged SAN on the back-end. You’ve made a Capital Expenditure (CAPEX) request for new hardware each of the last 3 years, and it’s been rejected each of the last 3 years. You know your backups run, but you’ve never given them a full failover test. Any critical issue with your server hardware could mean the end of your job, if not the entire company.
In this scenario, the traditional method would be continuing to propose the same large CAPEX project to replace old server hardware with new server hardware, working with Dell, HP, EMC, or other such manufacturers. The traditional method will be a short-term fix for some of your challenges, but you will eventually end up back in the same situation, while continuing to pay the overhead associated with real estate, power, warranties, etc. And that’s only IF your CAPEX request is approved!
If you’re smart in your new hypothetical IT Management job, you will surely consider a cloud based solution, built on Azure or AWS. Either solution will require a migration project, so there will always be a year-one request, but in this scenario the expense will yield revolutionary change in how your organizational IT costs and capabilities.
Just a few of the advantages of considering a migration to the cloud:
A migration to the AWS or Azure platform can either move existing virtual servers directly in to the cloud, or setup new Windows Server 2016 servers in the cloud, with the data and roles transferred over to them. As there is company growth and new servers are required, your hypothetical IT Manager character can provision them quickly and with minimal costs added to your monthly bill.
Similarly, temporary servers can be spun up then decommissioned for any specific project needs or “busy seasons.” Going back to our avatar working at an accounting firm, for example, we can reliably predict that the firm’s computing needs are going to spike between January and May every year, and be far less demanding during the taxation off-season. In a traditional server setting, it would be next to impossible for a small firm to repeatedly add server hardware and computing “horsepower” to the environment every year for only a few months. However, by leveraging the cloud, you can create and eliminate servers at will, only paying for true utilization, and creating cost certainty as well as savings across the entire IT year.
Finally, through migrating to a fully cloud-based server environment, your firm gains significant mobility and flexibility. No longer are users tied to their office or to an aging slow Citrix connection to critical data and applications. Employees can work securely from anywhere in the world that can provide them internet access. Similarly, leveraging these cloud offerings creates a server environment that is ironclad against localized outages or disasters in your office, city, or even region. Both Microsoft and Amazon leverage redundant worldwide data centers, ensuring that your data and servers are always available.
CIS helps clients migrate email, data, and services to the cloud securely and successfully. Available Managed Services programs further leverage the cloud to provide enhancements to performance, security, cost, and efficiency, translating to a better user experience and stronger KPIs for clients of all sizes.
At CIS, we see the future of Modern IT as smaller IT closets on premises, with cloud-based servers providing more secure and robust services, and affording all users the ability to work from anywhere, from any device, securely.
Want to make the journey to the cloud with us? Contact your CIS rep, or click here to get in touch with us if we don’t already know you. We look forward to the discussion!
It has come to our attention that a new wave of Ransomware outbreaks has struck thousands of companies throughout Europe, Asia, and parts of the United States. CIS is monitoring the situation and will be providing ongoing updates to clients who may be impacted. As always, caution and diligence are the best answers in a situation like this. Further information for remediation and protection will be provided as new details emerge.
The malicious code is still under analysis from Security and Cyber Crimes experts from around the world. Roughly two thousand companies have reported infection, including giant enterprises such as Merck and Maersk, as well as critical government and private infrastructure in areas like power, healthcare, and emergency response. The target list also appears to include numerous small and medium sized organizations, such as law firms and accounting firms. Much like the recent “WannaCry” outbreak, the attack encrypts company data and demands a ransom; in this case $300 in bitcoin is the common demand, to unlock data.
As with any ongoing investigation, there have been numerous conflicting reports about the malware itself. At this time, we can report the following recommendations with confidence:
CIS advises clients to be diligent about rolling out any critical patches and updates released by Microsoft or other key vendors. End-user education is also increasingly important, in this scenario CIS recommends that a company-wide message be sent, reminding end-users not to click on anything in an email unless they are absolutely sure of the source and content.
We will provide further updates as more information emerges. If you have experienced a security breach, or would like to discuss any concerns or best practices approaches to IT Security, please contact us: 212-577-6033 / http://cisus.com/contact