IT Alert: Microsoft Permanently Disabling Basic Authentication
Aug 08, 2022
What Does This Mean?
Effective October 1, 2022, Microsoft will permanently disable Basic Authentication (Basic Auth) due to security concerns and outdated technology. The planned replacement is called none other than, Modern Authentication (Modern Auth). So, what does this mean for your organization?
Basic Authentication & Security Issues
Basic Auth simply means an application sends usernames and passwords over the Internet as encoded text. These credentials are also often stored or saved on the device.
While the credentials are encoded, meaning converted to characters or symbols, this form of authentication can expose usernames and passwords. Hackers may intercept the transmission, decoding and stealing the information. Since Microsoft announced its disablement of Basic Auth in September of last year there has been a notable spike in high-level attacks by cybercriminals. According to Microsoft, “As a reminder, Basic Auth is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing. Every day [you have] Basic Auth enabled; you are at risk from attack.”
Furthermore, Basic Auth does not support multi-factor authentication (MFA) which is the best protection against cyber-attack and is now required under Presidential order 14028. To learn more about MFA, check out our previous blog here.
Modern Authentication
Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server. With Modern Auth comes additional security features like MFA, smart cards, etc. Modern authentication doesn’t let apps save account credentials and is better designed for Internet-scale and management.
Next Steps
If your organization has not begun the transition to Modern Authentication, it is mission-critical that you begin doing so now.
The US Cybersecurity and Infrastructure Security Agency (CISA) is strongly encouraging organizations to make the move immediately and to enable multifactor authentication.
WVC Technologies can assist you in this transition. Our partner, DMC Technology group and their certified team of technicians can walk you and your team through the process.
Connect With Us.
Greg Gomach
Greg Gomach
Senior Client Executive
Greg.Gomach@dmctechgroup.com
Categories: Risk Services
The Importance of Endpoint Detection & Response (EDR)
Mar 29, 2022
As cybercriminals continue to evolve, their attacks have become more sophisticated. Now more than ever endpoint targeting has become more prevalent. Endpoints include not only desktops and servers, but laptops, tablets, smartphones and even smartwatches. For some IT departments, endpoint management can be in the thousands which makes this a prime target for infiltration. Even more critical is the fact that traditional antivirus software is no longer enough to mitigate your cyber risk – enter Endpoint Detection & Response (EDR) solutions.
What is EDR?
Endpoint Detection & Response (EDR) is a security solution leveraging real-time continuous monitoring and collection of an organization’s endpoint data to detect suspicious system behavior.
What are the benefits of EDR?
Research suggests the average time between a breach and actual detection is over 200 days! EDR solutions help eliminate human response delays through its continuous monitoring which allows for remediation through predictive analysis and advanced threat protection. Once it detects an issue, it automatically takes action to quarantine and remove the threat all while alerting appropriate human administrators to prevent a potentially devastating and costly cyber incident.
- Enhanced visibility into your endpoints and allows for faster response time
- Post-breach detection, remediation, and response
- Machine learning and built-in analytics tools used to identify new and emerging threats
- Prevention of costly intrusion – an IBM study found those organizations that contain a breach in under 30 days save more the $1million.
How can WVCT Help?
WVCT’s Managed Services through DMC Technology Group includes advanced Endpoint Detection & Response (EDR) software that provides you the peace of mind in knowing your greatest assets are being monitored 24×7 against the latest cyber threat. Proactively allowing you to minimize lost data and valuable production time.
For more information, check out our managed services solutions here.
Categories: Risk Services
New Mandatory Requirement For Cyber Insurance
Oct 19, 2021
During the past year, ransomware attacks and other cyber breaches have skyrocketed leading to significant changes in the cyber insurance marketplace. Historically, obtaining cyber insurance was simple and renewals were a matter of updates based on major changes within an organization. Fast forward to now and notable shifts in insurance policies and regulations are taking shape. Underwriters are now asking for more information related to cyber controls and IT risk management.
Multi-Factor Authentication (MFA)
Multi-Factor Authentical (MFA) is now a minimum requirement for cyber insurance through most carriers. The message, if you have not incorporated MFA into your current IT environment, your organization may be considered a high risk which would disqualify you from coverage.
MFA provides an additional layer of security above and beyond your traditional password protection. It requires users to validate their identity with additional credentials. These credentials could be the answer to a security question, the click of a button in an app for approvals, or even a biometric identifier such as a fingerprint. This extra layer of protection stops attackers as they won’t be able to access an account without all required credentials, even if they have stolen a password. The additional proof points confirm the person attempting to enter the system is truly who they say they are.
According to both Microsoft, ‘up to 99% of cyber identity attacks can be prevented with MFA’. Google has also supported this with their research ‘which shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.’
If you already have cyber insurance you more than likely will find stricter requirements during your renewal. If you are in the market for cyber insurance, you will need to incorporate MFA before you seek coverage. Carrier data proves those without MFA are at a much higher risk for extortion and therefore coverage is not obtainable.
Our WVC Technologies team can assist with your MFA initiatives to help you: one, qualify for cyber insurance quotes from multiple carriers, and two, help reduce your claims activity which can improve your insurance pricing.
Connect With Us.
Greg Gomach, WVC Technologies Senior Client Rep.
Categories: Risk Services
The Price of Falling Victim to Ransomware: Colonial Pipeline Forced to Pay $5 million ransom – could you be next?
May 17, 2021
By now, most of you have felt the impact of the recent ransomware attack on The Colonial Pipeline causing skyrocketing gas prices and even leaving some gas stations with shortages. Colonial Pipeline paid a pretty penny to resume operations by forfeiting $5 million to a well-known hacker group called Darkside. This is yet another example of a high-profile cyberattack.
Companies of all sizes are at risk of falling victim to cybercriminals. In late April of this year, Apple disclosed a third-party service provider had been attacked and cybercriminals were demanding $50 million in return for controls. The hackers behind the Colonial Pipeline have already attacked 3 additional companies only after collecting on the Colonial Pipelines ransom. The 3 companies were smaller in size and spread across the world – 1 in the United States, 1 in Brazil and, 1 in Scotland.
While Colonial Pipeline and Apple both experienced ransom attacks (cybercriminals deploy malicious software encrypting files on a computer system and then demand a ransom to be paid to restore the data), they were two completely different types of which exposures cybercriminals are now leveraging to ensure their payout:
- Critical Infrastructure – Colonial Pipeline carries nearly half of the fuel supply on the East Coast meaning holding such a critical company at ransom to resume operations is a ruthless approach to ensuring a ransom will be paid. Cybercriminals are now turning their attention to critical infrastructure as prime targets.
- Third-Party Targeting – Apple was not held at ransom within their own network, but at a third-party supplier of proprietary parts. Due to weaknesses within the third-party suppliers’ network, hackers used the vulnerability to their advantage. Knowing the third-party provider would not have the capital to pay combined with the proprietary data at stake, hackers knew Apple would forfeit the ransom.
It is imperative companies of all sizes assess their networks for weakness. A cybercriminal does not care if your business cannot survive after paying a ransom. They are looking for a quick payout. Many companies rely on third-party IT security professionals to help fill skills gaps to mitigate risks. There is no better time to ensure your company, big or small, has the right measures in place to keep your capital safe and secure.
How we can help
WVCT is here to help you assess your IT risks and support your overall security plan. To schedule a meeting today, connect with our Risk Services Practice Leader below.
Connect With Us.
Tiffany Pollard, CISA
Tiffany.pollard@wvco.com
wvco.com | 419.891.1040
Categories: Risk Services
How to Protect Your Business from COVID-19 Phishing Scams
Sep 14, 2020
As the coronavirus (COVID-19) pandemic continues to impact businesses globally, cybercriminals are taking advantage of this crisis, through phishing tactics, for their financial gain. Phishing is the fraudulent attempt of a cybercriminal to act as a trusted source to gain sensitive information, typically resulting in financial gain for the criminal. Since January 1, 2020, the Federal Trade Commission has received more than 90,000 reports related to COVID-19 fraud with a total loss of $114 million since the beginning of the year.
Business owners already have the day-to-day operations of managing employment needs, fulfilling client orders, and running back-office tasks to manage; the list goes on and on. Having to worry about a phishing attack shouldn’t be one of those added tasks. However, a surge in COVID-related fake emails with dangerous attachments, links, and requests for personal information is our reality.
As teams work remotely, businesses have increased their use of web-based meetings. An example of a COVID-19 phishing scam involves the use of Zoom websites. Scammers are sending fictitious Zoom web address links, that when launched, download viruses that compromise the company’s data. These scams result in expensive fixes to restore company networks.
The Federal Bureau of Investigation (FBI) recently issued an alert warning which urged individuals to be on the lookout for the following red flags:
- Unexplained urgency
- Last-minute changes in wire instructions or recipient account information
- Last-minute changes in established communication platforms or email account addresses
- Communications only in email and refusal to communicate via telephone or online voice or video platforms
- Requests for advanced payment of services when not previously required
- Requests from employees to change direct deposit information
Here are some basic rules and best practices to protect you and your employees from falling victim to these scams:
Exercise caution – Don’t open emails from unfamiliar email addresses or contacts. Or if you receive an email that appears to be from a trusted source, but appears ‘odd’ call and verify with the sender the authenticity of the email.
Avoid clicking on links and opening attachments – Verify a link by hovering your mouse button over the link to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email and notify your IT department.
Get information about government actions regarding COVID-19 from reputable sources – For the most current information, visit the CDC and WHO websites.
Do not reveal personal or financial information – Emails seeking personal information like your Social Security number or login information is a phishing scam. Never respond to solicitations for this information. If you receive an email saying your shipment has been assigned a new ‘tracking id’ and you are asked to click the link to verify the update. Do not click the link. Instead, go to the website of the delivery service and enter the tracking id to verify if a change was made.
Do not use open or unsecure Wi-Fi for working remotely – Never use public wi-fi. When working remotely it is best practice to have a mobile wi-fi device that you can securely connect to.
Connect with your IT department – If you receive a suspicious email, forward the entire email as an attachment to your IT team. If you click on a link or open an attachment in a suspected phishing email, report any incident immediately.
If you are concerned about your company’s security controls or your phishing risk, connect with our team. We can assess your systems and provide value-added recommendations to protect your organization.
Tiffany Pollard, CISA
Risk Services Practice Leader, William Vaughan Company
Tiffany.pollard@wvco.com | 419.891.1040
Categories: COVID-19, Risk Services