Cybersecurity Defense: The Biden Administration Executive Order, is it a Great Start Towards Improving the Nation’s Cybersecurity?

In May, President Biden issued his executive order on improving the nation’s cybersecurity. However, this is not the first time that a president has tried to address this critical issue. Every president since Bill Clinton has issued a similar executive order to no avail.

While cybersecurity is an ever-growing complex topic, there is hope that the latest executive order is taking the step to get ahead of the next multimillion-dollar cyber-attack.

Why is Cybersecurity Important?

Hackers working for profit and espionage have long threatened American information systems. But in the last six months, they’ve targeted companies running operational networks like Colonial Pipeline with more persistence.

A cyber-attack can become a costly expense.  Not only does the network have to be repaired and protected, but hackers may also demand money to get back data, access, or personal information.  The average ransomware requested from a small business is around $4,300, but the average cost of downtime after a ransomware attack is $46,800.  Meaning that even though a ransom request may appear small, it can cost your business more as time goes on. 

70% of businesses are ill-prepared for a cyberattack. In other words, hundreds of thousands of industries have holes in their cybersecurity or have no cybersecurity at all.  It is vital to educate employees on the importance of cybersecurity.  Implementing cybersecurity training is a start to keeping your company safe from cyberattacks. 

How Will the Government Help?

The U.S. government began taking small steps to defend cybersecurity in 1998 when the Clinton administration identified 14 private sectors as critical infrastructure, including chemicals, defense, energy, and financial services. Other industries were slower to protect their computers, including the oil and gas sector.

By modernizing our government’s approach to cybersecurity, the uniformity of standards across all agencies will make it easier for companies to get a clearer picture of the expectations.

The executive order lays out clear directions on where the U.S. needs to improve and how outside companies can help it get there. This should encourage greater buy-in and assure that this order is the one that finally makes a difference.

Executive Order Key Points

  • Remove Barriers to Threat Information Sharing Between Government and the Private Sector
  • Modernize and Implement Stronger Cybersecurity Standards in the Federal Government
  • Improve Software Supply Chain Security
  • Establish a Cyber Safety Review Board
  • Create a Standard Playbook for Responding to Cyber Incidents
  • Improve Investigative and Remediation Capabilities

In the wake of million-dollar cyber-attacks such as JBS and the Colonial Pipeline, it is imperative to take extra steps to mitigate the risk of a cyber-attack.  At CREG Systems, we take pride in our cybersecurity knowledge and put a lot of time into educating our customers on its importance. 

CREG Systems helps keep the data you share and store secure and protected, which pledges efficient operation and credibility to your organization. Our certified staff will assess your network’s strengths and potential weaknesses and design a solution that fits your needs today and prepares you and your business for the future.   

Our staff are trained and certified as Certified Information Security System Professionals (CISSP), Certified Ethical Hackers, and Certified Wireless Network Administrators and hold CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best and most comprehensive cybersecurity in the North Country.

Hackers Breached US Local Government by Exploiting Fortinet Bugs

FBI Ransomware Alert

As of May 2021, state-sponsored hackers have compromised the webserver of a U.S. municipal government after hacking into a Fortinet appliance.  The Federal Bureau of Investigation (FBI) states that after gaining access to the organization’s server, the hackers moved laterally through the network and created a new domain controller, server, and workstation user accounts to mimic the existing ones.

Not the First Warning:

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) had warned in April 2021 of hacking groups that had gained access to Fortinet appliances by exploiting FortiOS vulnerabilities.  Once they breach a vulnerable server, they will use them in future attacks targeting networks across critical infrastructure sectors.  Hackers will use exploitation techniques such as spear phishing to infiltrate organization networks to prepare follow-up attacks.

Impact:

The size of the attack is unknown; however, the impact on the local government and personal information could have been much higher. Cyber-attacks are preventable if you have strong security and know the best practices for them.

At CREG Systems, we believe that cybersecurity is a shared concern. In other words, we all play a part in keeping our networks safe. Organizations, their leaders, users, and the solutions provider all work together to manage your cybersecurity.

Multi-Layered Security:

We recommend a multi-layered approach to your network and data security. A multi-layered security approach uses several security measures to protect essential information. The numerous “levels” of security make it difficult for hackers to get through every barrier.

We offer cybersecurity services to businesses that support the education of employees and lessen cybersecurity dangers.

Mitigate the Risk of a Cyber Attack:

Detect Mitigate Prevent

CREG Systems ensures that the data you share and store is secure and protected, which pledges efficient operation and credibility to your organization. Our certified and highly-trained staff will meet your needs and plan a security system roll-out strategy that best fits your goals.

  • Hardware & Software
    • Keep your data safe by using the most up-to-date security software and hardware.  Make sure you are secured through NEXTGEN firewalls, use sandboxing for extra protection, and ensure you have a defense at the gate.
  • Multi-level Protection
    • From your desktop to the firewall, each device in your organization should have segmented and multi-layered protection. Usually, you can stop a data breach before it threatens your vital information.
  • Insider threats
    • While many organizations have multi-layer security systems and data protection in place, there could still be other risks to consider. Former employees can be a threat to your cybersecurity.  Be sure to remove any access they may have and their data as soon as they leave the organization.  Be sure to teach employees about the importance of security and have regular testing to ensure your data is secure.
  • Good Cyber Habits
    • Be sure to keep your information backed up but, never keep your backups online.  Be sure to keep your systems updated and double-check apps to determine if they are corrupt or not. Limit access privileges and use two-factor authentication.  Preventing cyber threats is better than curing them.

Our staff are trained and certified as Certified Information Security System Professional (CISSP), Certified Ethical Hacker, and Certified Wireless Network Administrator and holds CompTIA A+, CompTIA Network+, CompTIA Security+, Windows Server, and Microsoft Exchange certificates. In conclusion, our staff is the best equipped to deliver you the best cybersecurity in the North Country.

CREG Managed Security Services

COVID19 Makes The Remote Workforce More Vulnerable to Cyber Attacks

COVID19 has affected every business across the globe. The U.S Bureau of Labor Statistics reported the unemployment rate rose to 14.7 percent in April 2020. Find the report published by the Bureau of Labor Statistics here.

The rise in unemployment is primarily due to many industries having to cease operations altogether. However, some were a bit luckier. Able businesses shifted to an entirely remote workforce. This transition happened very quickly and disrupted many standard business procedures. The intentional shift to a remote workforce was temporary and not expected to last long. However, we may see a remote workforce become the new normal.

Working remote was an option long before the emergence of COVID19. As a result of improved technology, the mobility of the workforce has increased. With the majority of businesses now having to follow suit due to COVID19, the question arises- Is a remote workforce a security threat to business? The short answer is, it does not have to be. 

Easy Targets

Remote workers are a natural access point for potential attackers. Many remote workers work on multiple devices. The numerous devices used could be a combination of company-provided devices and also personal ones. Shared devices usually consist of weak networks and insecure passwords. Many do not even employ a basic VPN, in turn leaving their whole system vulnerable. Therefore, their devices are not as secure as devices found in corporate offices.

Increased Risks Due to COVID19

In today’s world, the threat landscape is becoming more deceptive. In 2019 alone, there were over 9.9 billion malware attacks. Here are some other risks to be concerned about:

  • Phishing
  • Social Engineering
  • Ransomware
  • Zero-Day Attack

During a major crisis, the amount of cyber-attacks generally surges. Consequently, that is what is happening during COVID19. The attacks taken advantage of in times like these are usually social engineering and phishing. For instance, attackers will send emails with COVID19 headlines or offering “free” services that one may need in a time like this. People often fall for these deceptive headlines and become victims of a cyber attack. It is essential to educate the workforce on how to recognize these attack attempts.

Take Advantage of Cybersecurity

Giving workers the necessary access to security and operational tools will ensure that all proprietary information is secured. Using a secure gateway is an efficient way to protect all correspondence between workers, whether it is voice or web-based. 

Download our PDF for more information on secure gateways and what they can do for your workforce.

Download Now!

Remote employees make up the most significant percentage of the workforce today. As a result, the way the world conducts its business is about to see a paradigm shift. Companies cannot expect the remote workforce to bear the entire weight of ensuring the security of their networks. In conclusion, it is a business’s responsibility to protect its more susceptible employees. In doing so, the company itself becomes more secure.

Check out what CREG Systems can do for you in terms of cybersecurity!

Related Posts

2020 SONICWALL CYBER THREAT REPORT: THREAT ACTORS PIVOT TOWARD MORE TARGETED ATTACKS, EVASIVE EXPLOITS
Coronavirus and Your Business

2020 SONICWALL CYBER THREAT REPORT: THREAT ACTORS PIVOT TOWARD MORE TARGETED ATTACKS, EVASIVE EXPLOITS

SonicWall, a leader in the security platform category has published its 2020 Cyber Threat Report delivering critical threat intelligence to help organizations better understand how cybercriminals think.

Highlights include:

  • Malware, ransomware attack volume down 6% and 9%, due to more targeted attacks
  • Connected-device dependence leads to 5% increase in IoT attacks, over 34 million exposed
  • Over 40 million web app attacks detected, 52% year-over-year increase
  • Encrypted threats up 27%, almost 4 million identified

Click here to download the full report

#CREGSystems is proud to partner with SonicWall to bring you the latest in #CyberSecurity and #Firewall Options.  Contact us today to learn more about how we can help you mitigate your risks of malware and ransomware attacks!