thinkCSC has been closely tracking a global ransomware attack called “WannaCry” that was initiated last Friday and has impacted organizations in at least 150 countries. The attack began in the UK, shutting down several hospitals, thereafter spreading to Spain. The attack has now spread globally to organizations of all sizes in all industries, including those in the United States.
Please note that organizations with network visibility and a comprehensive patching program are protected and will be able to defend themselves against WannaCry. This ransomware is spread throughout an organization’s network by taking advantage of vulnerabilities in Windows Server Message Block (SMB). Targeted organizations are those who failed to deploy the patches Microsoft had released to protect against these vulnerabilities.
To learn more about the SMB security patches and software vulnerabilities, read more here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
What Happens When WannaCry Ransomware Attacks?
When WannaCry ransomware is deployed, it encrypts files and demands a ransom of $300 in Bitcoin. thinkCSC urges organizations NOT to pay the ransom, as payment has not resulted in a release of the encrypted files. Read more here: http://www.bbc.com/news/technology-39920269
To learn more about the WannaCry ransomware attack, read more here: http://www.pcmag.com/article/353670/wannacry-ransomware-what-you-need-to-know
The thinkCSC team is actively monitoring the situation.
All thinkCSC Managed Services Clients have patches in place for exploitation attempts against the Windows SMB vulnerability, as well as IPS network detection for the WannaCry ransomware.
Keep in mind that this is an ongoing campaign, and we are regularly updating our detection capabilities. Additionally, we are keeping a close eye on customer networks as events unfold. Please notify thinkCSC of any reported cases of WannaCry ransomware in your organization.
Recommended Courses of Action:
thinkCSC recommends all organizations take the following actions:
- Ensure that “Security Update for Microsoft Windows SMB Server (4013389),” reference Critical Microsoft Security Bulletin MS17-010, has been applied.
- Update endpoint protection and antivirus software definitions, and have all users leave systems powered on so they can receive patches and definition updates.
- Remove public access from any Windows system with Server Message Block that has not been patched (as a best practice, SMB ports 139, 445 should not be exposed publicly and should be blocked from all externally accessible hosts).
- Ensure that all internal Windows systems are patched, to avoid internal spread of WannaCry ransomware.
- Ensure critical files are backed up appropriately.
While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery. These protections, combined with ongoing staff training, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment.
For new customers interested in information on obtaining our services, please contact us at email@example.com
In the world of technology, proactive adopters have a huge advantage over those who wait to implement a new technology until it has been fully tested. Proactively navigating the rapidly changing world of technology has historically been most difficult for small and medium-sized businesses (SMBs). Due to the traditional cost and complexity of technology, these businesses have struggled with early adoption of cutting-edge technologies. This has allowed larger companies to dominate the first wave of benefits from emerging innovation, while smaller companies have played catch-up – or even settled for second-generation systems on a regularly revolving schedule as first-generation systems are developed.
Now, due to a much more robust, competitive market within technological innovation, as well as the ability to partner with experts in the effort to implement and stay on top of new systems, SMBs can compete on nearly-equal footing with large enterprises. Whether this occurs or not depends entirely on whether SMB owners and leaders understand and capitalize on the three areas in which technology is changing the way business is conducted: the cloud, mobility, and security. In part one of this two-part series, we’ll explore the benefits of cloud services for SMBs.
Everything as a Service: Doing Business in the Cloud
The central benefit of using cloud services is cost-effectiveness. It is the relatively low cost of cloud-based datastorage, cloud-based applications and software, and cloud-based security measures that truly level the playing field for SMBs. Implementing cloud-based services can minimize the economic impact to your IT budget by guaranteeing a predictable monthly cost and uptime for your IT environment. A managed service provider (MSP) converts your organization’s IT spend from a capital expenditure to a predictable and manageable monthly operating expense, much like a utility.
Cloud services can be tailored to specific requirements, especially where compliance may be an issue – and more and more, compliance is an issue affecting businesses of all sizes:
- Health Insurance Portability and Accountability Act (HIPAA), healthcare-related compliance requirements to protect patient data
- Payment Card Industry Data Security Standard (PCI DSS), credit card industry compliance requirements to protect consumers
- Sarbanes–Oxley (SOX), governmental compliance regulations to ensure the reliability of financial reporting by public companies and their accounting firms
- The Gramm-Leach-Bliley Act (GLBA) governs compliance for banks and banking industry organizations
While compliance is something larger enterprises implement as a matter of course, smaller businesses may only begin to consider these requirements as they grow (or after they’re fined for non-compliance). When choosing cloud services, security is one of the most important considerations. You need to know where your data is stored and who has access to it, accounting for both digital security and physical security. An IT partner who focuses on maximizing the benefits of your cloud services, which scale to your need. If you store highly-sensitive or valuable information, this option is a much better fit than the public cloud and the only option for businesses of any size who require secure operations.
Understanding and implementing solid cloud, mobile, and security systems has the potential to even the playing field for SMBs. Successfully carrying out this integrated approach can help you grow beyond the traditional constraints of your industry, taking you to places you never imagined you could go. In these areas, thinkCSC has the expertise and experience to help your organization compete effectively in our evolving technological world.
We have all seen ransomware become more sophisticated, regardless of where we live or work. And the cyber assaults seem to be never ending. Just as security and protocols are developed to keep your network secure, hackers use ransomware to go after educational institutions. As colleges and high schools work quickly to develop offsite backup and recovery solutions to protect them from having to pay ransoms in order to access their data, government offices became the target. Even as technology has made us more efficient and more capable, it has also made us more vulnerable when we don’t implement the right solutions to protect our homes and businesses from these types of attacks. And the biggest threat from ransomware is yet to come: infrastructure threats.
Consider what has happened so far:
- Hospitals and other medical facilities are being targeted. In 2016, hospitals were specifically targeted using Locky ransomware, with one LA hospital paying a $17,000 bitcoin ransom to access their files.
- Utilities are at risk. In April 2016, the Lansing Board of Water & Light (BWL) in Michigan was the victim of a ransomware scheme that has cost the utility nearly $2 million.
- Guests held hostage. In a unique display of cyber hacking, a luxury hotel in Austria was forced to pay an $1,800 bitcoin ransom after hackers accessed the hotel room keycards and locked the guests out of their rooms.
It’s likely that the next threat will be even more insidious, as hackers develop methods for compromising entire systems. Georgia Institute of Technology, recognizing the risk to programmable logic controllers (PLCs), developed ransomware with which they could take control of a simulated water treatment plant, gaining access to PLCs to control valves and additives, and even create false readings. While this was a simulation designed to help understand how to prevent an attack, the risk is real.
Act Now to Prepare for a Ransomware Attack
Businesses of all sizes and in all industries, government entities, schools K-16 and beyond, and individuals must all do their part to prevent ransomware. We must become far more selective about the emails we open, read, and forward, giving special attention to the links we click and the attachments we open. We must invest heavily in better security, from virus software to endpoint detection. We must all take steps to thwart hackers.
At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to their advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goals, contact thinkCSC for more information.
For many years, organizations have argued that security budgets are already stretched to the max and that there is no more room for increased security. With costly security breaches impacting governments, social media platforms, the IRS, and more small and mid-size businesses than we can count, the investment in security suddenly seems like the least expensive option.
IT Security vs. Security Breach
Whether you increase your spending on IT security or simply find a better way to spend your budget, one thing is certain: what you spend on IT security is a predictable, planned cost that doesn’t send your shareholders into a panic, doesn’t make your customers question their loyalty, and doesn’t put you out of business. A security breach, on the other hand, can result in fines, lawsuits, costly recovery, and a loss of customers.
If your organization has decided to increase IT security, how do you make sure you’re getting the most out of your investment? We recommend focusing on these areas:
Email is still one of the most popular ways for hackers to penetrate your security, because all it takes is one email on one employee’s system compelling them to open an attachment or click on a link to create a breach that will affect your entire IT infrastructure. People will always be the weakest link in security. Sender policy framework protocols, hosted email exchange services, and ongoing employee training are all essential. Download our email security guide to help your employees think before they click.
Every device that touches your network needs to be secure, whether it’s an employee-owned cell phone, vendor equipment, or a field tech’s laptop. It is crucial to identify every remote device that might potentially connect to your network; have a way to both detect that connection, protect that connection, and eliminate the connection if needed.
Enterprise threat detection uses predictive analytics on a powerful and global scale to recognize and block threats before they happen. Rather than relying on end users to determine the safety of a file or a site, it uses intelligence to stop threats by preventing malware-infected devices from connecting and by blocking phishing sites.
Backup and Data Recovery
Unless you want to be permanently locked out of your data or forced to pay a ransom to restore access, having an offsite backup and recovery service is essential. The email security, endpoint security, and threat detection efforts you implement will prevent many of the ransomware attempts from getting through, but all it takes is one employee clicking on one link in one email that sneaks through to create havoc.
Effective network security that keeps your IT environment efficient and stable is about applying layers. The initial layer is a solid backup and recovery solution, protected by an antivirus solution, and then guarded by a firewall. Enterprise threat detection, email security, and endpoint security are the shields that head off attacks on your business before they happen. It’s more than peace of mind: It’s good business sense.
At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goals, contact thinkCSC for more information.
Backup and Disaster Recovery (BDR) is a necessity for every business, protecting you and your data from loss. Unless you plan to shutter your doors when the next disaster strikes, you need to have BDR in place, so that you can recover data, work from an offsite location, or serve your customers during an emergency. You may not be capable of predicting the future, but you can ensure that you are protected when something unexpected does occur.
What Is BDR?
As the name suggests, Backup and Disaster Recovery – or BDR – is a solution designed to back up your data as well as restore it, in order to improve business continuity. Whether a server crashes, you have a hardware failure, or a storm impacts your business, BDR protects you from experiencing losses or significant downtime. These are three reasons you need to implement a BDR solution now:
- Cost of Unplanned Downtime. More than 80 percent of small businesses have experienced downtime from unexpected equipment failures, with costs reaching $25,000 per incident, according to IDC. And according to FEMA, nearly half of all small businesses never reopen following a natural disaster. Your customers expect you to be available when they need you, and unplanned downtime costs more than money; it costs you your reputation and the loyalty of your customers.
- Increased Cyber Security Protection. Human error is often the cause of unexpected disaster, but BDR can protect you from phishing and ransomware attacks. Even if an employee inadvertently clicks on a link that activates ransomware, having your data backed up offsite can get you up and running quickly.
- Business Continuity. Nature is unpredictable. Whether it’s a storm that knocks out power or some other natural disaster that makes your office inaccessible, planning ahead can keep you in business. Having your data backed up regularly to an offsite location makes it easier to recover and continue serving your customers, even if you can’t get to your office.
Every business, regardless of size or industry, is at risk for an IT disaster, whether it’s equipment that fails or some external force. The only way to effectively protect your business in a way that minimizes the disruption is through a comprehensive backup and disaster recovery program. Don’t wait until disaster happens – prepare now for the unexpected.
At thinkCSC, we take your security seriously. Be proactive and take steps to protect your company today. To learn more about BDR, contact thinkCSC.
Organizations have historically gone to great lengths to protect company files and data. Administrative department managers would spend thousands of dollars a year to develop secure storage options for their paper records, organizing and storing files in fireproof and waterproof lockable file cabinets, with enormous budgets for renting off-site space at document storage facilities to carefully protect their paper archives. The desired end result of these efforts was to protect important documents from disaster and to provide a means for employees to quickly retrieve records.
As digital storage technologies take center stage, it is shocking what little effort organizations make in ensuring that their data is available and recoverable. Very few worry about high availability access to their data onsite (utilizing a SAN instead of direct attached storage, or employing a virtualization cluster instead of a conglomerate of individual hosts). And in a 2013 survey, more than half of the organizations surveyed reported that they do not ensure daily backups of their electronic files.
In a recent review of statistics, we found that less than 25 percent of SMB organizations choose to backup their data to an offsite data center. This suggests that over 75 percent of these organizations are comfortable with the idea of permanently losing crucial data and of closing their businesses in the event of a natural disaster.
But we know that this is not the case. We realize that cost, time and denial often get in the way of doing what is best for our organizations. Oftentimes, we simply need a gentle reminder of the importance of regularly backing up our files. World Backup Day is observed on March 31 of each year, bringing attention to this administrative task that was once taken very seriously.
We tend to convince ourselves that a catastrophic event or a significant loss of data is not going to happen to us. But these things happen to all of us at one time or another. Information technology advisors must consistently remind their clients of the importance of data availability and recoverability, asking the probing questions and encouraging clients to ask of themselves those same questions. How much data are you willing to lose (RPO)? How long are you willing to be down (RTO)? Are you content with losing data in the event of a building or company-wide disaster?
World Backup Day is our annual reminder of the significance of protecting essential data. But don’t wait for a catastrophic event to remind you that faithfully backing up your data and protecting your files is as critical to your organization as it was when we once treated paper files with kid gloves and stored them in durable filing cabinets. By the time disaster strikes, it will be too late.
Sometimes the best way to address solutions for business continuity of computer network systems is by example. Picture this recent real-life situation: a local school district learns a back-to-school lesson involving safe storage of vital network data under the secured services of thinkCSC’s disaster recovery software. Fortunately, the lesson had a good outcome.
In this teachable moment, the virtualization software environment operating the school system’s multiple servers ran out of data storage space, essentially crashing all the servers. The data wasn’t actually lost; the servers were just basically offline and inaccessible, creating a major roadblock for teachers, administrators and students to accomplish much of anything. Normally the downtime for restoring multiple-server functionality would be several days. However, the school district had thinkCSC defending its network, and the solution for backup and disaster recovery — commonly known as BDR — was fairly simple.
thinkCSC’s BDR solution, bundled into a rack-mount box that can be conveniently placed in any room, only requires power and a network connection for initial startup. In an emergency situation, one that requires image-based backup and a timely solution to restore business continuity, this BDR system can actually activate incapacitated servers in a virtual environment until the original server platform can be repaired or replaced.
For the school system, it was just a matter of activating and turning on two or three of its 10 servers in what’s called a “virtual boot,” which expedited the backup process in just a few hours without having to engage in full data recovery or restoring, something that usually takes days to complete. Consequently, everyone was up and running in less than a day, without any further interruption to their daily routines; all the while, the more extensive server reconfiguration was being addressed. After all, education must go on!
It is important to note that we offer several levels of backup from which to choose. You can back up only files, and you can also select image-based backup or full BDR. There are certain levels of restoring, too. You can simply restore files and images, or you can choose to restore the entire network. You can also temporarily turn on the system, which mirrors a premiere level of disaster recovery, because you don’t have to wait around for the full restore time to be functional.
From a business continuity angle, here’s another teachable application of BDR. A small business of nearly 20 employees had recently contracted managed services for IT support. A week after installing a BDR system, the company’s one server completely crashed. Prior to that protective installation, though, replacement of the server was recommended, but due to budgetary constraints, the decision was delayed. Nevertheless, the deployment of thinkCSC’s BDR a week earlier safeguarded the company’s data storage in a virtual environment for more than week following the server crash, while new equipment was on order.
Both of these disaster recovery examples point to the importance of having both basic file and image-based backup systems in place 24/7. Equally important, the value of having multiple levels of BDR protection cannot be overstated, either, including off-site data storage solutions. Off-site data replication provides ultimate data protection for clients and serves as valued assurance that data losses will not occur.