How to Lessen Cyber Attack Loss

You take time with your staff to regularly review what they should do in a fire. You should be doing the same for your cybersecurity. And a great way to prepare for them is, doing tabletop exercises. 

Tabletop exercises are an essential part of any overarching security strategy. Security needs to be looked at holistically, not as individual disparate areas or functions but as a series of functions that come together under one overarching umbrella. Security exercises like tabletop exercises are a useful way to gauge how effective a company's current security strategy currently is and help them determine how they can achieve their short-term, medium-term, and long-term security goals. 

Tabletop exercises involve addressing a hypothetical cybersecurity breach and working as a team to find a solution to patch the breach and minimize or even prevent damage. You cannot predict every tool you may need in the world of cybersecurity, but you can see where gaps are apparent and how to fill those gaps based on priority: high priority gaps must be filled in the short term, the lower priority gaps can be dealt with on a mid to long-term time range. 

When running tabletop exercises, it is important to make sure all of your key stakeholders are involved. This way you can account for each role in the exercise. If your company does not yet have a security strategy or that strategy is not as comprehensive as it needs to be, you should be running exercises that are designed to expose gaps criminals could exploit. Once any gaps have been identified, you will be able to create or improve the security protocols to needed to address hacks, breaches, or other cybersecurity crises that may arise. 

During your tabletop exercises, your team should run through a variety of possible scenarios that might arise and analyze how and where they would occur. The four steps of dealing with a cybersecurity attack are:  

  • See the attack  

  • Correlate the attack  

  • Stop the attack  

  • Remediate the attack  

When planning your tabletop exercises focus on three to five cases that your team has identified as being the types of attack, or the ones that would cause the most amount of damage. It is crucial that your team conducts tabletop exercises that include both broad and specific attacks. Broad tests could consist of simulating a brute force attack on your email server or trying to breach your company's firewall. Specific tests could include scenarios such as what to do if an employee downloads a bad file when they open a suspicious link in an email. 

If you want to take your cybersecurity tests even further, you may want to consider running a penetration test as well. A penetration test involves hiring an ethical hacker to try and break into your system. If they find any weak spots that they can exploit to gain entry they will then disclose these weak points to your company, so you can create solutions and improve your security. There are external pen tests, which is having someone try and break into your system from the outside using a hole or vulnerability and gain access. Then internal pen tests which is similar but the attack is launched from inside the network. 

By working through scenarios thoroughly when nothing is at risk you and your team will be much better prepared should there ever be an actual breach. Basic cybersecurity relies on a secure network, and vulnerability management is key to keeping your network secure. The vulnerability landscape is changing by the second and it's imperative that your company is made aware of any security gaps as quickly as possible so they can be patched quickly. Conducting tabletop exercises and pen tests is two ways you can help your company remain secure.

IT/IS Strategy in Business

Every company must define its medium and long-term goals. For this reason, business managers must design an organization’s plan, in which they include the strategy to follow. Once the company has established its plan and strategy, all functional areas of the organization must develop their plans, which must be aimed at supporting the organization's strategy. Today, Information Technology and Systems (IT/IS) play a significant role in the business performance.  

The IT/IS department should analyze and interpret the organization's plan and strategy to be able to design a strategic plan aligned with the objectives and goals established in the organization's plan. This department should also evaluate existing systems and technology and IT infrastructure in order to identify the need for technology solutions. As well as provide recommendations to the company, to improve its execution and help create new sustainable competitive advantages.  

Strategic planning provides a theoretical framework, so that managers and executives of organizations can be able to outline the actions to be taken to direct the companies towards the future they envision. It is through strategic planning that executives map out actions and manage resources and human capital, based on a mission and a clear vision of the organization and its destination. Enterprises need to make sure their information strategy supports the current business needs and are prepared for future requirements. Strategic planning is all about where you want to go and how you plan to get there. 

If you’re not entirely sure of how to get started, there are consulting firms to inquire about such things. We’re one of them! You can learn all about how we approach building IT strategy for your company with our Infrastructure & IT Strategy Info Sheet, and contact us here in regards to getting started! 

AI vs. Cybersecurity

There are many benefits that can come with the adoption and implementation of artificial intelligence, but experts believe such widespread acceptance will lead to more effective and more dangerous cyberattacks. Despite the idea that AI may be the best defense against such attacks, its increasing availability will likely lead to more advanced hacking techniques. 

Hackers have already hacked into huge institutions and disrupted the lives of many. As the Internet of Things adds new devices every day, the potential pool for AI hacks is also growing exponentially larger. SpaceX and Tesla CEO Elon Musk has spoken about the dangers of AI on multiple occasions, calling it the biggest threat to our society, as well as urging world leaders to impose regulations before it’s too late. As opposed to us humans, who need food, sleep, and other things that create limits in our ability to perform surveillance, AI can act at any time and don't need to take breaks. AI are also capable of processing large amounts of data quickly, making attacks on databases faster and easier to accomplish. While such attacks could be far off, many experts believe they'll begin much sooner. 

Even if met with opposition, or programming to vulnerabilities that have since been changed, the AI can adapt quickly and more effectively than humans - and do so without human input. People defending against cyberattacks will be outmatched by AI, and unable to keep up with the speed at which it operates. This, of course, could lead to larger attacks, and the possibility of attacks that spiral out of control. Despite the potential dangers AI possess, it should be noted that not everyone is standing idly by and waiting for the worst to happen. 

People have also spoken out against Elon Musk's warnings, saying his statements are focusing on the wrong scenarios and making it harder to have an open conversation about our future with AI. Beyond these discussions, there's also technology being developed that can aid against potential threats. Quantum computers are said to be one of the tools we can use against cyberattacks. Companies like Google and IBM have also taken steps to strengthen our cyber security. 

It's inevitable that artificial intelligence is soon going to become a huge influence in our lives. While it's easy to dwell on the negative aspects of its advancement, we also need to dedicate an equal amount of time and effort to its benefits, to avoid finding ourselves incapable of dealing with either. 

-

https://futurism.com/elon-musk-unregulated-ai-could-be-the-biggest-risk-we-face-as-a-civilization/ 

https://futurism.com/ai-researchers-disagree-with-elon-musks-warnings-about-artificial-intelligence/ 

https://futurism.com/ai-and-quantum-computers-are-our-best-weapons-against-cyber-criminals/ 

What Strategy Means to a Business

What is strategy, exactly? And are you aware that you need different types of strategy at different levels within your organization? In this article, we're looking at some common definitions of strategy, focusing on three strategic levels - corporate strategy, business unit strategy, and team strategy. 

Strategy has been studied for years by business leaders and by business theorists. There is no definitive answer about what strategy really is. One reason for this is that people think about strategy in different ways. Some people believe that you must analyze the present carefully, anticipate changes in your market or industry, and, from this, plan how you'll succeed in the future. Others think that the future is just too difficult to predict, and they prefer to evolve their strategies organically. While there will always be some evolved element of strategy, at MakesSense we believe that planning for success in the marketplace is important; and that, to take full advantage of the opportunities open to them, organizations need to anticipate and prepare for the future at all levels. 

Many successful and productive organizations have a corporate strategy to guide the big picture. Each business unit within the organization then has a business unit strategy, which its leaders use to determine how they will compete in their individual markets. In turn, each team should have its own strategy to ensure that its day-to-day activities help move the organization in the right direction. And what are a corporate, business unit, and team strategy? 

In business, corporate strategy refers to the overall strategy of an organization. It determines how the corporation supports and enhances the value of the business units within it, and it answers the question, "How do we structure the overall business, so that all of its parts create more value together than they would individually?" Corporations can do this by building strong internal competences, by sharing technologies and resources between units, by raising capital cost-effectively, by developing and nurturing a strong corporate brand, and so on. 

Business unit strategy is more concerned with thinking about how the business units within the corporation should fit together and understanding how resources should be deployed to create the greatest possible value. Strategy at the business unit level is concerned with competing successfully in individual markets, and it addresses the question, "How do we win in this market?" However, this strategy should be linked to the corporate level strategy. Your business unit strategy will likely be the most visible level of strategy within each business area. People working within each unit should be able to draw direct links between this strategy and the work that they're doing. When people understand how they can help their business unit "win," you have the basis for a highly productive and motivated workforce. 

Then there’s the team strategy. To execute your corporate and business unit strategies successfully, you need teams throughout your organization to work together. Each of these teams has a different contribution to make, meaning that each team needs to have its own team-level strategy, however simple. This team strategy must lead directly to the achievement of business unit and corporate strategies, meaning that all levels of strategy support and enhance each other to ensure that the organization is successful. 

Referenced:

Social Engineering in Cyber Attacks

In this day and age, we need to be taking a closer look at social engineering attacks. It's the act of preying on unknowing victims to obtain personal or business information. It's an art of manipulation that relies less on technical attacks but more on human interactions, usually tricking people to break normal security procedures, by using a pawn. These types of attacks have been so successful because the victims naturally trust other people and want to be helpful, only to be tricked into releasing information. Social engineers rely on the fact that people are unaware of the value of information they possess and aren't careful about protecting it.

Security is all about knowing who and what to trust. There are different types of social engineering attacks, the first being shoulder surfing. Shoulder surfing is nothing more than watching someone while they're entering sensitive information. The shoulder surfer can watch you enter a password, credit card number, or any other pertinent information.  

Dumpster diving is a common social engineering attack, used to retrieve any confidential information. Organizations usually generate a large amount of paper, most of which end up in recycle bins and/or dumpsters. These papers can contain highly sensitive information and dumpster diving includes searching through a work trash for obvious treasures.  Even the most seemingly innocent things, like a phone list, calendar, etc., can be used to assist an attacker using social engineering techniques to gain access to what they want. 

Third type of social engineering is phishing. Phishing occurs when someone attempts to gain sensitive information while pretending to a trustworthy entity through online communication. Communications claiming to be popular websites, banks, online payment processors, or IT administrators are commonly used to lure in a unsuspecting victim. Phishing is typically carried out by email spoofing or instant messaging, which directs users to enter details at a fake website that is almost identical to the legitimate one. The danger with phishing emails is that they may contain links to websites that are affected with malware. There's another term known as spear phishing, a type of phishing that pertains to the attacker pretending to be someone you know. Generating a phishing attack requires more work using information from your contact lists, social media sites, etc. 

Whaling is another form of phishing, however it is a digital con game that targets upper level managers. The objective is to swindle managers into providing confidential information. When you combine phishing with VoIP, it becomes the term vishing. While prank calls have been in existence since the invention of telephones, the rise of Voice over Internet Protocol or VoIP makes it possible for people to call you almost anywhere without being traced. It can convince someone they're talking to a trusted person. 

There is also impersonation, which is a human based type of social engineering. This happens when the hacker plays the role of someone you are likely to trust/obey to get access to information. This plays on our natural tendencies to believe people are who they say they are.  

We have plenty enough to worry about online without the purposely malicious attacks but it helps to be aware of them. They are only getting more advanced as time goes on but planning a step ahead for different forms of cyberattacks, starts with learning about them and building a secure foundation to begin with, online and offline.

These are services that we at MakesSense can actually provide for you, whether you're starting up a business or already run one. Let us know what you need help here with and we can get started on getting you and your business set up with the best cybersecurity program for you.

From Hardcover to Touchscreen

It really wasn't all that long ago when the hardcover textbook was the core source of knowledge in schools. 

I graduated from Archbishop Williams High Schools in 2012 – never having touched a Chromebook nor iPad while in the classroom. In fact, I never really took a computer science class. Most people I grew up with didn't, and if they did, it was a very generalized computer knowledge class that taught the bare basics of using Microsoft Office programs. Whenever we did get the opportunity to use computers, it was almost like a field trip. The use of computers was rare, and only when essential. This wasn't all that long ago.  

When I graduated high school, I knew about a plan for iPads to be brought into the classroom at my old school as a means for using textbooks, which would save a lot of bag-space and become incredibly convenient when it came to students having all their textbooks for their day of classes. No more lugging big heavy books back and forth between home and school, and everything was in one place.  

Of course, there came the drawbacks. Games were the biggest issue with giving iPads to a bunch of teenagers, and this was before Fortnite even existed! I never got to see it face-to-face, however; I moved onto college, where using laptops in class was normal for taking notes, and computer science had evolved enough in higher education where students could develop essentials skills in it.  

Fast-forward only six years later. Children starting in grade school are using Chromebooks and iPads in classes to do their homework. They're learning how to code, how to type efficiently, how to navigate computers. They're taking classes while using computers and about using computers, and suddenly, the computer lab isn't a field trip anymore. 

It was a practice that needed to be done far sooner than it was implemented. The technology industry is booming, particularly for startups. Everybody has that "bright idea" - with the power of technology, and with enough know-how, young people can jump right into building their businesses. Social media has become a powerful tool towards building a following to support your product, which leads to crowd-funding projects that otherwise would need significant support from venture capital firms. All of this wouldn't be possible without apt knowledge of utilizing computers, social media, and the online world in general, something that was entirely ignored and taboo while I was in school. 

The normalization of technology in the classroom isn't something to bicker back and forth about; it's a common-sense advancement of education, something that had to be done. If our young people aren't using computers as an asset to their daily and working lives, it's very unlikely they'll be very successful in their careers in the future. Furthermore, expertise with computers will open so many doors for career opportunities for coding, software development, cybersecurity, graphic designing, and so much more.  

Computers in the classroom is here to stay, and it's a tremendous thing. Sure, we must monitor these kids from playing Fortnite while in class. But we were finding ways to play games with folded pieces of paper when I was in school. Same deal, different tool. The ability to know when to focus on schoolwork versus play is a skill in and of itself, something we all learned while going to school. It looks and feels different, but it's all the same thing. 

Encourage technological exploration. Give children computers and tablets, let them use them and discover how to utilize them, and be amazed by how much they'll know by the time they're teenagers, having grown up with technology all around them. The innovation bound to sprout from the latest generations' minds is something we should all be eagerly awaiting; the potential is astronomical. 

Securing Your Cloud: Tips to Prevent Misuse of Tech

What do Apple, Amazon and Microsoft have in common? Answer: These three giants of technology, considered the most important cloud providers (cloud computing), have had their services attacked by hackers. Corporate users with little experience on the cloud platform run a higher risk of suffering from cyberattacks, due to the drastic change in the technological environment. If your company is taking part in the recent adoption of this technology, check out the following protective recommendations to be followed by companies that need to manage users, data and security on remote servers. 

1. Know Your Place

There are three main segments in the implementation of any service in the cloud: the cloud provider, network service provider and the company. Once the cloud should be treated as an extension of the central company data, the questions arise: can a common set of services and security policies to be applied in all three segments? What are the security issues? 

When selecting your cloud provider, ask what kind of security services they offer, and how it works with hybrid systems. The cloud is a dynamic environment and requires constant updates in its security architecture to keep fight the latest threats. 

2. New Applications, New Reinforcements

Ready to move an application to the cloud? First, consider new ways to strengthen security. For measures to filter access to cloud applications, have a granular pattern of access to information, with privileges of restriction according to the user's level of access. This will add an extra layer of protection in case someone steals the keys to login to your team. To strengthen the login process, consider implementing a two-step authentication, which confirms the user’s authenticity with use of unique codes that are generated for each access. 

3. Adopt Encryption

Encrypting information is one of the most important security implementations for the cloud and should be required due to the heavy traffic of files and e-mails being sent back and forth day to day. You can protect your business and save your company from significant data breaches with dense encryption software. Ask your cloud provider for data encryption schemes. Discover how to encode your information. To understand what kind of information should be encrypted, it helps to know where it is - whether on servers of your cloud provider, outsourced servers, employee laptops, office computers or USB memory. 

4. Struggling with the Virtual

The move to the cloud allows companies to reap the benefits of virtualization, but a virtual environment presents challenges for data protection. The main problem has to do with the management of security and data traffic on leased equipment and virtual machines. 

Physical security devices are not designed to handle the information that is in the cloud. Virtual security devices are what ensures the safety of traffic from one virtual machine to another. These devices are built to handle the complexities of running many applications. If you are building your own private or hybrid cloud, consider adding virtual security products. 

5. Do not be in the dark with the Shadow IT

There are many reports that indicate how the unauthorized use of applications / services (so-called Shadow IT) cloud grows in companies. This lack of control generates security threats and management challenges. Your new cloud application may be at risk. Visualize a simple scenario in which your employees use their smartphones to open a document. This could result in that same file being sent to an unauthorized location, such as a personal backup drive during the phone's daily backup routine. Sensitive information for your company was transferred to a non-secure location. 

The most effective way out is to educate users about the use of technology to understand what kinds of situations can arise and cause issues. Encryption, network monitoring and tools for security management can help defend against malicious attacks or even blatant misuse of company software and information. 

Restaurants to Become More Localized in 2018

Imagine going to your local restaurant down the street, knowing that they brew their own beer, grow their own food from a local garden, and all their meats are imported from a local distributor. Would you be more likely to dine at a restaurant that so heavily supported localized business? That's what restaurant owners are banking on according to National Restaurant Association's "The State of Restaurant Sustainability 2018". And they're banking on it because "consumer interest in locally sourced foods has grown in the past two years", according to nearly eight in ten restaurant operators. Restaurants are looking to become incredibly localized, supporting their communities in a way that makes consumers happier and will strengthen their segment's economy.

The first step is to source food locally, supporting local butcheries, farms, breweries and the like. However, according to the National Restaurant Association's 2018 "What's Hot" report, chefs are saying that restaurants becoming "hyper-local" is the No. 1 culinary concept on restaurant menus in 2018.

Just what is "hyper-local"? It's exactly what it sounds like. Restaurants grow their own food in gardens they run and own, brew their own beer on-site, and produce other house-made items. Restaurants, essentially, abandon a large part of theirimporting of supplies and instead produce a large portion of it themselves, in turn creating more stable jobs and opportunities to local workers looking to stabilize their careers. 

So why go "hyper-local"? How does this benefit the restaurants? Well, it's no secret that one of the hottest ongoing topics in politics is the workforce in America and creating opportunities for local work to flourish. By supporting local businesses and establishing "hyper-local" means of production on-site, restaurants are allowing small, family-owned businesses to thrive in today's economy, while simultaneously producing jobs for those yearning to build a career in the dining industry. This is something people almost universally want, and thus will create more consumer satisfaction as small businesses gain popularity amongst the millennial population.

Giving back is also a huge part of the sustainability effort for restaurants. According to the Sustainability report, 50% or more consumers consider restaurants making efforts to reduce food waste. Recycling things like plastic, bottles and cans, as well as donating leftover foods are huge factors towards why they choose what restaurant they want to dine in. There are more factors than simply ambiance, service and food selection that can sway a person's decision. Thus, restaurants are supporting their local community by giving back, as well as turning the heads of potential guests to their restaurant to consider them over the competition.

The restaurant industry is changing, and the localization of the modern restaurant is something bound to increase over the next few years. More and more people yearn for small businesses to thrive, and this is a huge step towards allowing that to happen. With such an overwhelming percentage of restaurant operators looking to localize in 2018 and beyond, we can expect to see a monumental difference sooner rather than later at how the menus will look in the future.

The Cloud is Set to be a Core Standard of Business Infrastructure

Cloud storage has been around for quite some time, but it's getting to the point where it's no longer a question of whether or not companies are using the cloud, but rather how advanced are they in using it, and what type of cloud services are being used the most. 96% of respondents to the RightScale State of the Cloud 2018 survey say they are using cloud, whether it be public, private or a hybrid of both, and while hybrid cloud is still the most popular option, the trend shows that sooner than later, public cloud will be the go-to option for companies, with 38% of enterprises seeing public cloud as their top priority, up from 29% last year.  

It's easy to see why. The cloud is easily accessible from multiple sources and allow for remote work to get done in a pinch. With public cloud becoming more and more viable with reliable security promises, companies are more comfortable storing their sensitive information on a public forum for their employee to easily access to get their work done, even remotely. The data shows companies are relying on this: 79% of workloads for companies are done in the cloud, whether they be private or public, with only 21% of all workload being done offline.  

As the use of the cloud matures, however, challenges arise for businesses to handle, with security being a top priority. With sensitive company information stored online and accessible remotely by employees, it also opens the door for that information to become accessible to maliciously prying eyes as well. Costs are also a top challenge for big-name enterprises; while 50% of SMBs spend less than $10k on cloud services, 26% of enterprises are spending over $500k per year, with another 26% spending between $100k-$500k, and it's only going to go up. 20% of enterprises plan on doubling their public cloud spending in 2018.  

The cloud is suddenly becoming a core facet of the modern business model. Enterprises are dumping huge amounts of money into the cloud to improve efficiency, and if they're going to do so, they need to do everything they can to maximize their usage. According to RightScale, companies are wasting, on average, 35% of their cloud costs per year, so naturally with companies looking to heavily increase their cloud spending, a top priority for companies finishing in 2018 and onward is optimizing their existing cloud use. This means moving more workloads to the cloud, getting better financial reporting, and implement cloud-first strategies for their companies. By doing this, companies will make better use of their investment to improve their workload efficiency. 

For those looking to startup a business, understanding the cloud, how to best utilize it and how to properly govern the costs of it is key to building a successful infrastructure. It's no secret that the cloud is here to stay and is only growing in usage across the world. Making sure your cloud is secure, consistent and cost-effective is a part of what we do here at MakesSense; we can get you paired up with the most efficient cloud service plan for your business, no matter the size or scale of your team and projects. Head over to https://www.makessense.co/cloud-support-services to learn more!