National Cybersecurity Awareness Month: The Top Cyber Treats of 2022 and How CREG Systems Can Help

It’s October, so it is time for pumpkin patches, apple picking, cold weather, and more! October is also National Cybersecurity Awareness Month, launched in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security. 

What is National Cybersecurity Awareness Month?

When Cybersecurity Awareness Month began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight savings time. Over the years, National Cybersecurity Month has developed to change with technology. 

According to reports, the most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities. However, CREG Systems is Northern New York’s most trusted and experienced resource that is prepared to prevent ransomware attacks on your business. 

What are the Top Cyber Threats of 2022?

We at CREG Systems seek to educate the public about how to maintain their network health. We do so by providing educational materials, like this article. We also assess your network and provide recommendations and services that will strengthen your security. Contact us today to protect your data. Meanwhile, here are some common threats that CREG Systems recommends you watch out for:

  • Ransomware
    • Ransomware has been a growing threat in recent years. Several high-profile attacks demonstrated to cybercriminals that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware. On average, ransomware claims a new victim every ten seconds worldwide, and ransomware cost businesses around $20 billion in 2020, an increase of 75% over the previous year.
  • Misconfigurations and Unpatched Systems
    • Security misconfigurations arise when security settings are not defined and implemented, or when default values are maintained. Usually, this means the configuration settings do not comply with the industry security standards such as CIS Benchmarks or OWASP Top 10. Misconfigurations are often seen as an easy target, as they can be easy for attackers to detect.
    • Misconfigurations can be much more than an accidental firewall rule. Some of the most common misconfigurations are unpatched systems, broken access control, sensitive data exposure, and vulnerable and outdated components. Attackers can purchase tools from deep web marketplaces to scan for these vulnerabilities, much like a penetration testing contractor could do for your organization.
  • Credential Stuffing
    • Credential stuffing happens when an attacker uses stolen credentials from one organization to access user accounts at another organization. These credentials are typically obtained in a breach or purchased off of the dark web. You may have seen news stories about Disney Plus accounts getting hacked, yet Disney found no evidence of forced entry. This is because credential stuffing simply involves logging into a victim’s account with their username and password.
  • Social Engineering
    • Social engineering isn’t the breach of a system, but rather the compromise of a person, which causes them to release confidential information unknowingly. This most commonly takes the form of an email phishing attack in which the individual is tricked into downloading malware or giving up their credentials. Typically, social engineering is the first step in a multistep cyberattack.
    • What’s more concerning is that over 70% of social engineering and phishing incidents are discovered by external parties. This means that when employees are falling for the bait, they usually don’t realize they’ve been hooked. On top of that, attackers are constantly coming up with new ways to evade automated security tools.

How can CREG Systems help?

CREG Systems ensures that the data you share and store is secure and protected, which pledges efficient operation and credibility to your organization. Our certified and highly trained staff will meet your needs and plan a security system roll-out strategy that best fits your goals.

  • Hardware & Software
    • Keep your data safe by using the most up-to-date security software and hardware.  Make sure you are secured through NEXTGEN firewalls, use sandboxing for extra protection, and ensure you have a defense at the gate.
  • Multi-level Protection
    • From your desktop to the firewall, each device in your organization should have segmented and multi-layered protection. Usually, you can stop a data breach before it threatens your vital information.
  • Insider threats
    • While many organizations have multi-layer security systems and data protection in place, there could still be other risks to consider. Former employees can be a threat to your cybersecurity.  Be sure to remove any access they may have and their data as soon as they leave the organization.  Be sure to teach employees about the importance of security and have regular testing to ensure your data is secure.
  • Good Cyber Habits
    • Be sure to keep your information backed up but, never keep your backups online.  Be sure to keep your systems updated and double-check apps to determine if they are corrupt or not. Limit access privileges and use two-factor authentication.  Preventing cyber threats is better than curing them.

What Steps can you Take Now?

  • Enabling multi-factor authentication
    • Multi-factor authentication (MFA) is a cybersecurity measure for an account that requires anyone logging in to prove their identity in multiple ways. Typically, you will enter your username and password and then verify your identity by another method, like fingerprinting or responding to a security question.  
  • Using strong passwords and a password manager
    • Password managers are pieces of software that often take the form of apps, and browser plugins or they might be included automatically in your browser or computer operating system. With a few clicks, you can generate new, secure passwords that are long, unique, and complex. These passwords manager automatically store your passwords and can autofill them when you arrive at the site. 
  • Updating software
    • Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
  • Recognizing and reporting phishing
    • The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (about 4 seconds) and ensure the email looks legit. Here are some quick tips on how to spot a phishing email: 
      • Does it contain an offer that’s too good to be true? 
      • Does it include language that’s urgent, alarming, or threatening? 
      • Is it poorly crafted writing riddled with misspellings and bad grammar?

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.

National Cybersecurity Awareness Month: The Top Cyber Treats of 2021 and How CREG Systems can Help

It’s October, which means it is time for pumpkin patches, apple picking, cold weather, and more! October is also National Cybersecurity Awareness Month, which was launched in 2004 by the National Cyber Security Alliance and the U.S. Department of Homeland Security. 

What is National Cybersecurity Awareness Month?

When Cybersecurity Awareness Month began, the awareness efforts centered around advice like updating your antivirus software twice a year to mirror similar efforts around changing batteries in smoke alarms during daylight saving time. Over the years, National Cybersecurity Month has developed to change with technology. 

According to reports, the most common tactics hackers use to carry out ransomware attacks are email phishing campaigns, RDP vulnerabilities, and software vulnerabilities, and the total ransomware costs are projected to exceed $20 billion in 2021. However, CREG Systems is Northern New York’s most trusted and experienced resource that is prepared to prevent ransomware attacks on your business. 

What are the Top Cyber Threats of 2021?

We at CREG Systems seek to educate the public about how to maintain their network health. We do so by providing educational materials, like this article. We also assess your network and provide recommendations and services that will strengthen your security. Contact us today to protect your data. Meanwhile, here are some common threats that CREG Systems recommends you watch out for:

  • Phishing
    • Phishing is one of the most common types of cyberattacks, mainly because it is often an effective technique for gaining access to an organization’s network and systems. It’s usually easier to trick an employee into handing over sensitive data (like login credentials) or running a piece of malware on a company computer than to accomplish these goals through other means.
  • Double-Extortion Ransomware
    • Ransomware has been a growing threat in recent years. Several high-profile attacks demonstrated that ransomware was profitable, driving a rapid increase in cybercrime groups operating this malware. On average, ransomware claims a new victim every ten seconds worldwide. Ransomware cost businesses around $20 billion in 2020, an increase of 75% over the previous year.
    • Another recent trend is the “double extortion” ransomware campaign. Instead of simply encrypting files and demanding a ransom for their recovery, ransomware groups now steal sensitive and valuable data from their victims as well. If the target organization does not pay the ransom, this data is posted online or sold to the highest bidder.
  • Remote Work Exploitation

In 2020, the COVID-19 pandemic forced businesses to pivot quickly to a remote workforce.  In a short time, companies with no existing telework programs had to adapt and update their infrastructure to allow employees to work from home.  However, the rush to stand up remote work programs left security gaps that are exploited by cybercriminals. In 2021, companies continue to face new security threats made possible by widespread telework, including:

  • The exploitation of Remote Access Solutions:
    • Employees working from home need access to the corporate network. As a result, the use of virtual private networks (VPNs) and the remote desktop protocol (RDP) has exploded during the pandemic. Cybercriminals have taken advantage of this, exploiting poor password security and VPN vulnerabilities to access corporate networks, steal data, and plant ransomware.
    • Thread Hijacking Attacks:
      • In a thread hijacking attack, an attacker with access to an employee’s email or other messaging accounts will respond to an existing conversation. These responses will contain malicious attachments or links to phishing sites and are designed to expand the attacker’s access within an enterprise network. With the rise of remote work, the frequency and success rate of these attacks has grown as employees increasingly communicate using alternative platforms and cybercriminals are more successful at gaining access to email accounts.
    • Vulnerable and Compromised Endpoints:
      • With remote work, employees are working outside the corporate perimeter as well as the cyber defenses deployed there. Additionally, these devices are less likely to be up-to-date on patches and compliant with corporate policy. As a result, they are easy targets for exploitation by cybercriminals.

How can CREG Systems help?

CREG Systems ensures that the data you share and store is secure and protected, which pledges efficient operation and credibility to your organization. Our certified and highly-trained staff will meet your needs and plan a security system roll-out strategy that best fits your goals.

  • Hardware & Software
    • Keep your data safe by using the most up-to-date security software and hardware.  Make sure you are secured through NEXTGEN firewalls, use sandboxing for extra protection, and ensure you have a defense at the gate.
  • Multi-level Protection
    • From your desktop to the firewall, each device in your organization should have segmented and multi-layered protection. Usually, you can stop a data breach before it threatens your vital information.
  • Insider threats
    • While many organizations have multi-layer security systems and data protection in place, there could still be other risks to consider. Former employees can be a threat to your cybersecurity.  Be sure to remove any access they may have and their data as soon as they leave the organization.  Be sure to teach employees about the importance of security and have regular testing to ensure your data is secure.
  • Good Cyber Habits
    • Be sure to keep your information backed up but, never keep your backups online.  Be sure to keep your systems updated and double-check apps to determine if they are corrupt or not. Limit access privileges and use two-factor authentication.  Preventing cyber threats is better than curing them.

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.

Cybersecurity Defense: The Biden Administration Executive Order, is it a Great Start Towards Improving the Nation’s Cybersecurity?

In May, President Biden issued his executive order on improving the nation’s cybersecurity. However, this is not the first time that a president has tried to address this critical issue. Every president since Bill Clinton has issued a similar executive order to no avail.

While cybersecurity is an ever-growing complex topic, there is hope that the latest executive order is taking the step to get ahead of the next multimillion-dollar cyber-attack.

Why is Cybersecurity Important?

Hackers working for profit and espionage have long threatened American information systems. But in the last six months, they’ve targeted companies running operational networks like Colonial Pipeline with more persistence.

A cyber-attack can become a costly expense.  Not only does the network have to be repaired and protected, but hackers may also demand money to get back data, access, or personal information.  The average ransomware requested from a small business is around $4,300, but the average cost of downtime after a ransomware attack is $46,800.  Meaning that even though a ransom request may appear small, it can cost your business more as time goes on. 

70% of businesses are ill-prepared for a cyberattack. In other words, hundreds of thousands of industries have holes in their cybersecurity or have no cybersecurity at all.  It is vital to educate employees on the importance of cybersecurity.  Implementing cybersecurity training is a start to keeping your company safe from cyberattacks. 

How Will the Government Help?

The U.S. government began taking small steps to defend cybersecurity in 1998 when the Clinton administration identified 14 private sectors as critical infrastructure, including chemicals, defense, energy, and financial services. Other industries were slower to protect their computers, including the oil and gas sector.

By modernizing our government’s approach to cybersecurity, the uniformity of standards across all agencies will make it easier for companies to get a clearer picture of the expectations.

The executive order lays out clear directions on where the U.S. needs to improve and how outside companies can help it get there. This should encourage greater buy-in and assure that this order is the one that finally makes a difference.

Executive Order Key Points

  • Remove Barriers to Threat Information Sharing Between Government and the Private Sector
  • Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
  • Improve Software Supply Chain Security
  • Establish a Cyber Safety Review Board
  • Create a Standard Playbook for Responding to Cyber Incidents
  • Improve Investigative and Remediation Capabilities

In the wake of million-dollar cyber-attacks such as JBS and the Colonial Pipeline, it is imperative to take extra steps to mitigate the risk of a cyber-attack.  At CREG Systems, we take pride in our cybersecurity knowledge and put a lot of time into educating our customers on its importance. 

CREG Systems helps keep the data you share and store secure and protected, which pledges efficient operation and credibility to your organization. Our certified staff will assess your network’s strengths and potential weaknesses and design a solution that fits your needs today and prepares you and your business for the future.   

Our staff are trained and certified as Certified Information Security System Professionals (CISSP), Certified Ethical Hackers, and Certified Wireless Network Administrators and hold CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best and most comprehensive cybersecurity in the North Country.

Data Privacy Day January 28

Data Privacy Day is an international effort to empower individuals and encourage businesses to respect privacy, safeguard data, and enable trust.

Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.

Data Privacy Day is the signature event in a greater privacy awareness and education effort. Year-round, NCSA educates consumers on how they can own their online presence and shows organizations how privacy is good for business.

In 2021, NCSA is encouraging individuals to “Own Your Privacy” by learning more about how to protect your valuable data online, and encouraging businesses to “Respect Privacy”, which advocates for holding organizations responsible for keeping individuals’ personal information safe from unauthorized access and ensuring fair, relevant and legitimate data collection and processing. These themes are encouraged through the below messaging and calls to action:

Calls to Action

  • Personal info is like money: Value it. Protect it. Personal information, such as your purchase history, IP address, or location, has tremendous value to businesses – just like money. Make informed decisions about whether or not to share your data with certain businesses by considering the amount of personal information they are asking for, and weighing it against the benefits you may receive in return.
  • Keep tabs on your apps. Many apps ask for access to personal information, such as your geographic location, contacts list, and photo album, before you can use their services. Be thoughtful about who gets that information, and wary of apps that require access to information that is not required or relevant for the services they are offering. Delete unused apps on your internet-connect devices and keep others secure by performing updates. 
  • Manage your privacy settings. Check the privacy and security settings on web services and apps and set them to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information. Get started with NCSA’s Manage Your Privacy Settings page:https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/

Respect Privacy

ADVICE FOR BUSINESSES: RESPECT PRIVACY

According to a Pew Research Center study, 79% of U.S. adults report being concerned about the way their data is being used by companies. Respecting consumers’ privacy is a smart strategy for inspiring trust and enhancing reputation and growth in your business.

Calls to Action:

  • If you collect it, protect it. Data breaches can not only lead to great financial loss, but a loss in reputation and customer trust. Follow reasonable security measures to keep individuals’ personal information safe from inappropriate and unauthorized access. Make sure the personal data you collect is processed in a fair manner and only collected for relevant and legitimate purposes.
  • Consider adopting a privacy framework. Build privacy into your business by researching and adopting a privacy framework to help you manage risk and create a culture of privacy in your organization. Get started by checking out the following frameworks:
  • Conduct an assessment of your data collection practices. Understand which privacy laws and regulations apply to your business. Educate your employees of their and your organization’s obligations to protecting personal information. 
  • Transparency builds trust. Be open and honest about how you collect, use and share consumers’ personal information. Think about how the consumer may expect their data to be used and design settings to protect their information by default. Communicate clearly and concisely to the public what privacy means to your organization and the steps you take to achieve and maintain privacy. 
  • Maintain oversight of partners and vendors. If someone provides services on your behalf, you are also responsible for how they collect and use your consumers’ personal information.

We offer cybersecurity services to businesses that assist in the education of employees and mitigate cybersecurity risks

Defendify by CREG Systems Cybersecurity Platform

  • Cybersecurity Risk & Assessment Tool
  • Alerts
  • Cybersecurity Policy Builder
  • Incident Response Builder
  • Dark Web Scanning for Stolen Passwords
  • Phishing Simulation Tool
  • Employee Cybersecurity Awareness Training Videos & Webinars
  • Cybersecurity Awareness Poster Library
  • External & Internal Network Vulnerability Scanning
  • Threat Penetration Testing (Ethical Hacking)
  • Website Scanning

Many businesses do not believe that they are a potential target of cybercrime. Personal information is not limited to your basic social security number or credit card information. For instance, it can include recipes as a restaurant owner all the way to market strategies. To find out why you could be at risk of a cyberattack, watch our webinar on cybersecurity!

With COVID-19 and the transition to a remote workforce, your business can be at an even greater risk. Read why remote workers are more vulnerable to cyber attacks here! https://cregsystems.com/index.php/covid19-makes-remote-workforce-vulnerable-to-cyber-attacks/

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server 2016, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.