Intact’s Impact At ACSC Conference 2017!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 20 March 2017

What an exciting few days the Intact Security team had at the Australian Cyber Security Centre conference and we like to think that we stood out! With our bright lab coats and decorated spine, we wanted to highlight the importance of checking your security posture and to identify where your weak points may lie.

It was great to be able to promote our services, create awareness and meet such great people! Cyber security awareness is growing, unfortunately mainly due to news coverage of major global cyber attacks. But during the conference, it was evident of the passion everyone has to make everybody safer in our increasingly connected world.

Brilliant talks were given by multiple speakers on attack prevention and how it is possible for everyone to achieve a better level of identification and improvement of risk. It was also addressed in several talks that the Cyber Growth Network has got off to a great start and is continually being built to provide a successful cyber security industry in Australia.

A big thanks to everyone who had a ‘crack’ at our ‘Top Gear Lock-Pick Challenge’. However, a massive congratulations is in order to our six worthy winners who each received one of our beautiful champagne hampers, including our first place winner over the two days who successfully picked the lock in 1.5 seconds! Who knew that was even possible!? Do not worry, he is one of the good guys!

We would like to thank everyone who attended and approached the Intact team during ACSC conference. We hope you had some fun and that in the future we will be able to support you in your security needs. Always remember that no problem is too big or too small, Intact Security are here and happy to help.

Relax. Your security is Intact.

Author: Intact Security

Google


The Countdown Is On For The ACSC Conference!

Posted on by Martin Quinn in Security Blog Leave a comment

 

 

By Samantha Woollard (Internet Security Specialist) 6 March 2017

The Australian Cyber Security Centre (ACSC) Conference is back and the Intact team are ready to go!

This is the conference’s third year and is one of the main security conferences held in 2017; so be sure to attend! The conference starts on the 14th March 2017 and finishes on the 16th, at the National Convention Centre in Canberra.

Senior cyber security experts from all over Australia and beyond will be taking to the stage to discuss brand new and emerging threats, vulnerabilities and mitigation techniques and also hot topics within the world of cyber security. Appearances will be made by a Cyber Security Advisor from Cisco, the Manager of Cybercrime Operations from Australian Federal Police, a senior specialist from the National Cyber Centre of Finland, to name a few. The full program of the events and speakers during the conference can be seen here.

Within the exhibition hall, many security experts and businesses will be present to provide the opportunity to sculpt new partnerships to ensure the security of your company. You will be able to find the Intact Security team at booth 68. While you are visiting us, why not try your luck at picking a lock against the clock to win a luxury hamper!

Who can go?
CEOs, CIOs, CISOs, CTOs, IT Managers, ITSAs, ITSPs, IRAP Assessors, Researchers, Risk managers, anyone that is interested in cyber security or connected to the internet.

With so many cyber attacks in 2016, 2017 is the year we fight back! Why not come meet the Intact team at our booth and see what we have to offer. The countdown is on! Don’t miss out, register now!

Relax. Your security is Intact.

Author: Intact Security

Google


BEWARE: Small Businesses Become A Growing Target

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 27 February 2017

Small businesses believe that due to their size, they are an unlikely target for cyber attackers. But they could not be more wrong.

Perhaps ten years ago, when the chance of attack was much less than present day, it would be acceptable for businesses to think in that way.  Just because your company does not have a huge revenue does not mean it is obscured to attackers’ sight.  It is because of this reason that hackers have latched on to targeting smaller businesses; they are easier to penetrate due to the lack of security. Around 43% of cyber attacks target small businesses. This number has only been increasing in the past years and will continue to do so if nothing is done to stop it.

I can not emphasise more that the reason for an attack is not solely money. Loss of information and disruption can damage businesses and are also massive reasons for attack. Hackers want to destroy businesses and their reputations no matter if they have 2 employees or 20,000. It is estimated that over half of small businesses have not put any budget towards aiding their security and mitigating risks as they do not think that their business holds any valuable data. Even holding customers billing address, email address and phone numbers are classed as sensitive information and if you have promised your customers that this information will not be shared then it must be protected from theft.

After an attack, small companies can expect to lose an average of $1,150,000 and also expect an additional loss of an average of $1,250,000 due to disruptions within the business.

Do not wait to be hit by an attack to take action, by then the damage could be done. You can not just hope that you will not be a target, as now in 2017, no one is safe from the threats of cyber crime. Fortunately, Intact is here to help. Be prepared.

Relax. Your security is Intact.

Author: Intact Security

Google


You Have Been Breached, Now What?

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 20 February 2017

So you have identified that you are under attack or have already been breached. What should you do now? First of all, breathe. Do not panic. There is a chance it will happen to everyone; it is how severe the attack is that will come into play.

Identify what type of attack it is. There are various types of attacks; such as DDoS attack, malware has been installed, you do not have control of your machine; someone is accessing a port that is not normally accessed, to list a few.

Identify where it is coming from. Is the threat coming from an inside host that has been compromised or from an outside source.

Stop the attack. If a specific machine is slow, you notice phishing attempts within your emails, random programs have been installed, your anti-virus has stopped running or anything else suspicious, report the problem to your security team or equivalent as soon as possible. Henceforth, let them handle everything.

Remember to never turn off any machine until the scenario has been checked out and any evidence existing is gathered, as turning it off may erase some important information needed. Remove the affected machine from the network until the situation is dealt with. You can also place it in sleep mode. This will remove the attacker’s ability to remotely access your machine. It may be worthwhile to look for other compromised machines within the work place as it may be the case that more than one machine has been attacked.

After gathering any evidence needed, back up all files and logs. Remember to take notes about what has happened throughout the day, what you found and the actions you took. Run a couple of anti-virus and anti-malware software to find and remove any malware that may be causing the problem and restart the machine to fully remove the malware. Reboot in safe mode, so that only the minimum amount of programs needed are ran. If the machine is still not functioning properly, do a complete system restore and update the computer.

Call your incident response team as soon as possible, either in-house or external company to initiate the incident response plan you should have in place. The first seven days could be tedious, depending on when the attack happened. You may only notice it in June but in fact the breach could have been in October. Log entries will need to be filtered through to find the source of the attack.

After the source of the attack is found and how the attackers were able to infiltrate into your network is uncovered, steps can then be constructed in order to fix and prevent this from happening again.

Revisit your security plan: Make any changes to your plan that will stop that type of attack from happening again. If your security is not strong enough, add another layer of security and make sure it is implemented properly. It is important to have an incident response plan in place for reacting to a breach within the company.

Other Tips

  • Change all work related passwords.
  • Seek professional help (US! – The Intact Security Team)
  • Ensure your IDS is up to date.
  • Ensure your OS and other software used is patched regularly.

Relax. Your security is Intact.

Author: Intact Security

Google


How To Tell If You Are Under Attack!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 February 2017

35% of all cyber attacks are never detected and 54% of attacks go unnoticed for months, even years, leaving the bad guy to continually access your systems to steal more and more information every day. Not sure if you have been breached? Don’t know how to identify an attack within your systems? Below is a list of advice to help discover if your company is under attack.

  • There has been a sudden rise in your network traffic. It could be one of two things; your new blog post is extremely interesting or you are under attack.
  • An escalation of malformed data packets has been sent through your network and a large amount have been caught by your firewall.
  • An increase in failed log in attempts have been logged. An attacker may be trying to brute force into your network or application.
  • After monitoring your network for some time, day-to-day trends appear. However, lately the patterns in your traffic have been inaccurate. You should investigate further into this matter.
  • Alerts have been picked up by your Intrusion Detection System (IDS), but IT have not had the time to examine them all. Ensure that all priority alerts are handled first.
  • There has been unusual activity within accounts including administrative, such as the time they authenticated, actions that were carried out, what information they were accessing/editing.
  • Everything within System32 has a Microsoft signature. If something is running from System32 without the signature then it is malware.

Other behaviour all employees should be aware of:

  • Your work machine has got extremely slow at even completing the simplest of tasks.
  • New programs that you did not install are now present.
  • Your anti-virus has stopped running. To avoid detection, an attacker may disable your anti-virus so they can continue being undetected.
  • Fake emails from co-workers that contain attachments. These attachments could contain malicious software such as ransomware.
  • Random acts happening on your screen that are not in your control; e.g movement of your cursor which is landing correctly and performing actions.
  • Passwords for accounts have been changed.
  • Your web camera light comes on when you are not using it.

Even if your computer is functioning, does not mean that you have not been breached. It is important to report any peculiar signs to your IT team.

In 2017, cyber attacks are becoming as common as breathing. There is no way to completely obliterate the risk of being hacked but if you are smart about your security and vigilant of the pit falls, you will certainly decrease your chance of attack greatly. What do you do if you have been breached? Read next week’s issue to find out.

Still not convinced that you will get breached? Fortinet track real-time threats across the world that our caught by their customers’ FortiGate firewalls. To see the live global threat map, click here!

Relax. Your security is Intact.

Author: Intact Security

Google


How To Get The Most From Your Firewall

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 6 February 2017

Firewalls are the first line in defense to protecting your network. Their main aim is to keep the bad guys out and let the good guys get on with their jobs; preventing threats to your network 24/7. From averting entry of malware to prohibiting hacking attempts. With a firewall your employees can easily access the Internet whilst the packets are constantly inspected and stopping malicious traffic. Without a firewall, every connection to your network can be accessed by anyone, anywhere. No packet inspection would occur allowing attacks to be welcomed. We can agree that a firewall is essential for the security of your network.
However, after being implemented into a business, normally a lot is not done to ensure that it is properly configured; which in some cases can be worse than having none. How do you ensure that your firewall is as effective as you think?
Here are some things to consider when configuring your firewall:

  • Initially, deny all traffic through the firewall. By default, firewalls entrust all connections to and from your network. By denying all, you can ensure that only the services that are needed are available.
  • Disable the administrative page. Most firewalls have a remote administrative log in which does not need to be seen by anyone unauthorised.
  • Change the default password of the administrator and create a new secure one. This should be changed frequently.
  • Block any unnecessary ports. Many ports can be accessed within networks, but only a few need to be accessible. Disable or filter these to reduce your business’ attack surface.
  • Update firewall software regularly to patch any recent vulnerabilities found.
  • Enable firewall logging and make regular backups, keeping copies off-site as well.
  • Enable firewall alerts and investigate anything suspicious.
  • Review your firewall rules every six months and remove any rules that conflict, have expired or simply should not have been added so that the configuration is clear to what should be entering your network and what should not.
  • Block ping requests to your network through the firewall. Basically, an attacker will send a ping request to see if there is something interesting there and if they get a response he knows to investigate further. In the administrator firewall settings, disable responses to ping requests.

A properly configured firewall can help prevent attacks but what if malformed malicious traffic did happen to get through your firewall or what if internal attacks occurred within your business? Other network services are important to implement to further lower the risks, such as intrusion detection system (IDS), intrusion prevention system (IPS), traffic monitoring, content filtering etc.
Not sure how to incorporate this all into your company? Looking for a secure solution to all your network security needs? Are you are looking for an all-in-one solution or one tailored to fit your business; allowing not only stress-free utilisation and continual management but also delivering the strongest security possible? Then Intact Security can help you! Either for small to medium businesses (SMB’s) or large enterprises, we have the network security solution for you.

Relax. Your security is Intact.

Author: Intact Security

Google


The Importance Of Continuous Monitoring And Vulnerability Management

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 30 January 2017

Companies may be aware that they need to have penetration tests and vulnerability assessments at least annually, but what about your security every other day during the year. Security is an ongoing process and while both these measures help to secure your company, new vulnerabilities are uncovered every day.

80% of external attacks take advantage of known vulnerabilities that have either have not been patched within the software or systems that are misconfigured.  Continual monitoring and scanning of your systems are encouraged within your company. This preventative method in turn will make a huge difference in increasing your security.

Software may be safe and secure one day, and the next it could be riddled with new found vulnerabilities. Just as security experts blog about new threats and alerts to everyone, this also alerts hackers about the weak points present. Using this information, they can generate new attacks and exploits against software that has not been updated.

Implementing firewalls and IDS/IPS (Intrusion detection/prevention systems) is a good step to securing your company, however do not solely rely on them.  These also come with their weaknesses and often hackers can get around them without being detected. Continual monitoring of the traffic within your network can quickly identify unusual activity that could result in the compromise of sensitive data. Anything strange such as a large data transfer or unapproved encrypted requests should alert your security team and be looked further into.

Companies should be on top of their vulnerability management to ensure rapid updates to software and if needed, fixes to networks and/or applications. By frequently scanning and evaluating the state of your security, you can pick up fresh emerging threats, constant changes to software and help you mitigate the risk your systems are under. Without it, many holes could go undetected until the next vulnerability assessment or penetration test, leaving you wide open for attack.

To perform a precise process of protecting your company, you need to implement the right tools to your system as well as scheduled vulnerability assessments and penetration tests. These tools need to be convenient and easy to use, provide accurate results, be affordable and not  impact the day-to-day operations of your business. Vulnerability scanners are the most effective when implemented into a company that are determined on strengthening their security. Applying a good strategy to tighten your security can save you money. The costs of damage and repercussions of an attack can be extremely severe.

Intact Security have a wide range of highly recommended tools for all situations and will help reduce your attack surface. Be it to stamp down on malware on machines, detect active lurking threats in your systems or monitor devices connected to your network, we will help patch your security. Get an advantage over the cyber attackers!

Relax. Your security is Intact.

Author: Intact Security

Google


Vulnerability Assessment & Penetration Test – What’s the Difference?

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) – 19 December 2016

Vulnerability assessment or penetration test? Both are often confused and sometimes thought to be the same thing. However there are some major differences between them which are important to know when it comes to the security of your business.

A vulnerability assessment consists of detecting vulnerabilities, defining what they are, how they can affect your business and advice on remediation. This test is more about breadth than depth, to bring to light what vulnerabilities exist over your systems, rather than exploiting them. During a vulnerability assessment, scanners are used to pick up missing patches that need to be updated and other vulnerabilities that exist. Even though the scanners can pick up certain threats, they cannot think like an attacker. Because of this the system is also manually tested for other threats that require a human’s viewpoint and an attacker’s mind set.

A penetration test simulates what a real attacker would do. Using various tools and procedures, the key is to exploit a business’ system and get unauthorised access to critical information. It gives an extensive insight into how much risk your business is under. This test is more about depth than breadth. Rather than a list of vulnerabilities, the goal is to find out if someone can break in and if so, how far can they delve.

Vulnerability scanners should be used within your company and run frequently, especially when changes are put into place and new equipment is added. However, running these scans can often bring up false positives which can be a real headache for someone who does not have a background in security. How can you differentiate between the real vulnerabilities and the false positives? By having a vulnerability assessment, only the actual vulnerabilities will be brought to your attention along with other manually found threats. Both assessments are essential and be it the security of your network or web application, it is recommended that they each should undergo at least one vulnerability assessment and one penetration test a year. By completing both of these, you will get a comprehensive depiction of your business’ security holes.

Relax. Your Security is Intact.

Author: Intact Security

Google