Our Predictions for the 2021 Cybersecurity Environment

Our Predictions for the 2021 Cybersecurity Environment

2020 was a rough year for all of us, particularly from a cybercrime perspective. As businesses and schools rapidly pivoted to remote work and remote learning, many cybercriminals changed their tactics and adjusted their focus to take advantage of the situation as well as user uncertainty and fear.

As working and learning from home remain the norm for many individuals and businesses around the world, cybercriminals are poised to continue aggressively targeting users specifically using a blend of online and offline tactics

Fortunately, there are many steps your organization can take to better safeguard your digital assets against cyberattacks. As cybercriminals adjust their tactics, businesses of all sizes need to remain agile and stay up-to-date on the latest cybersecurity threats.

2021 Top Cybersecurity News

The Ongoing Fallout from the SolarWinds Attack

The SolarWinds attack, which infiltrated both the US Treasury and the Department of Homeland Security as well as a number of private organizations, rocked the cybersecurity world. Uncovered last December, this wide-reaching, devastating attack is believed to be the work of the Russian Intelligence Agency’s Foreign Intelligence Service and may have been launched as early as March 2020.

This supply-chain attack used malware to infect the networks of most, if not all, of SolarWinds’ customers via a software update. However, because the Russian attackers have had access to a wide number of networks for as long as several months, security experts are still working to determine exactly how widespread the attack was and what sensitive data and systems have been compromised. 

Even once experts know the full extent of the attack, the remediation process will be long and grueling. Entire enclaves of computers, servers, and network hardware across both federal and corporate networks will need to be isolated and replaced even as security teams continue to hunt for evidence of malware, determine what information has been compromised, and create and implement strategies to mitigate loss and damage. 

Number of Cyberattacks Expected to Rise

In addition to dramatically changing how we go about our daily lives, COVID-19 has also provided a convenient cover for cybercriminals as they shift their attack vectors away from large, well-guarded corporate networks to small, potentially vulnerable home networks. One study suggested that, in 2021, a ransomware attack on a business is likely to occur every 11 seconds, up from every 40 seconds in 2016. 

INTERPOL’s assessment of the impact of COVID-19 on cybercrime has shown similar trends, with targets shifting away from major corporations, governments, and critical infrastructure in favor of small businesses and individuals. 

2021 Cyber Attack Trends

User-Targeted Attacks Expected to Rise

As workers swap their cubicles for their kitchens, cybercriminals have changed tactics accordingly. The work from home model has brought with it a rise in successful attacks, at least in part because users are more likely to use personal devices (which are often less secure) for work-related activities.

As users log in from home, they create personal islands of security: a model where each user is effectively following different (often lax) security protocols. When workers are onsite, all of their traffic is routed through your business’s network, which is likely closely monitored by a professional security team. However, without a dedicated security team watching every employee’s home network and personal device, your organization is exposed to increased risk.

Cybercriminals are taking advantage of this increased attack area to create personalized attack chains. While traditional tactics often involved a “spray and pray” approach (where cybercriminals used generalized social engineering attacks, such as the classic Nigerian prince scam, to target a large number of users in the hopes that a few would bite), recent trends have seen a rise in hyper-personalized attacks that target specific uses with privileged access to sensitive infrastructure, data, and systems. 

While this approach is more time-consuming (since attackers need to identify and profile specific individuals to create the targeted attack), this approach is more likely to yield shorter attack-cycles, making it increasingly difficult for organizations to identify and stop attacks in progress.

Another user-focused trend to watch out for is cybercriminals increasingly targeting individuals via their phones.

A Blend of Online & Offline Tactics

The work from home era has forced cybercriminals to adapt their tactics, but unfortunately, many have done so successfully. One tried-and-true cybersecurity attack, the phone scam, has seen a resurgence.  

COVID-19 Scams Continue

According to the FCC, many cybercriminals are taking advantage of the fear and uncertainty around COVID-19 to trick unsuspecting victims into revealing sensitive personal information using social engineering. These include phone calls, emails, or text messages offering “COVID-19 kits”, “Coronavirus packages”, or Medicare benefits related to the virus. Scammers use these promises of assistance to try and convince potential victims to hand over sensitive information such as bank account details, social security numbers, or medicare numbers. 

A similar but related scam involves scammers offering “relief payments” from government agencies. These calls, text messages, and emails typically follow a general format: The caller says you have been approved to receive money, either via a relief payment or a cash grant or even via a low-interest small business loan and then asking for personal information (to “verify your identity”), banking information (so they can charge you a small “processing fee”) or both. Some scammers also ask for payment via cryptocurrencies (such as bitcoin) or gift cards. 

If you are located in the United States and are targeted by scammers, please report your encounter to the FCC.

Fake Tech Support Scams on the Rise

Another twist on the phone scam is the fake tech support scam. This follows a similar format to the scams discussed above but involves cybercriminals asking users to grant access to their computers so they can “conveniently” fix a tech support problem you weren’t even aware you have. 

Criminals then use this access to install malware, add backdoors for future access, or log keystrokes (to capture usernames, passwords, banking details, and other sensitive data). 

SMBs Likely to Invest More in Cybersecurity

As cyber threats continue to rise in 2021, small and medium-sized businesses are, particularly at risk. This is because, unlike large, enterprise-level organizations, many smaller organizations still believe that they are less likely to be targeted.

According to research conducted by Analysys Mason and reviewed in Forbes 2021 cybersecurity predictions, SMBs cybersecurity spending (including services, hardware, and software) is projected to grow by 10% between 2019 and 2024, creating an $80 billion market.

Safeguarding Your Organization in 2021

The best thing you can do to safeguard your organization’s digital assets is be proactive. Make sure you are up to date on all the latest cybersecurity threats and have a well-rounded and up-to-date cybersecurity incident response program in place

You should also assess your current cybersecurity posture regularly to ensure it is continuing to meet your needs, and you may want to consider conducting pen (penetration) tests to stress-test your current defenses. You should also make sure that all new employees receive cybersecurity training as part of their onboarding process and that all workers undergo refresher training regularly. You may also want to consider conducting tabletop exercises to give your team a chance to test their cybersecurity response skills in a no-risk environment. 

Virtual Armour is Here to Help

Safeguarding your organization from cybersecurity threats can be a lot to handle, particularly if you aren’t already a cybersecurity expert. That’s why Virtual Armour is here to help. Our team of experts can review your current practices with you, help you identify weaknesses, and create a plan to strengthen your defenses. We are also able to monitor your infrastructure, firewall, and endpoints 24/7/365 for potential threats and help you mitigate or even avoid damage should an incident occur. 

We have extensive experience working with service providers as well as organizations in a variety of industries and verticals, including healthcare, finance, retail, and energy

For more information about our service offerings or to find out what you can do to safeguard your digital assets best in 2021, please contact us today.

Creating an Agile Workplace: How to Prepare for the Unexpected

Creating an Agile Workplace: How to Prepare for the Unexpected

COVID-19 has fundamentally changed the way many companies conduct business, and not all organizations have handled the jarring transition to remote work smoothly. Daily operations and working conditions can be disrupted in an instant, so your organization needs to be able to adapt quickly and effectively to any situation.
Though no situations are exactly alike, there are a few tools and guidelines you can follow to help ensure the next time a sudden pivot in your workforce is needed it’s as smooth as possible.
By being agile, your organization is set up for success in any situation.

What Makes a Workplace Agile?

Agility in the workplace typically focuses on quickly adapting to the changing needs of customers, workers, and the overall marketplace. The current global health crisis has brought with it a renewed urgency for flexible, agile, and adaptable workplaces as many traditional office-setting workplaces transform into distributed workplaces. Though some organizations may be able to return to the office soon, the fact is that work as we know it has been disrupted, and those disruptions will be felt for quite a while.

What Steps Can I Take to Increase My Organization’s Agility?

While seasoned remote workers already have the skills to ensure their work gets done no matter where they are, an organization that has to suddenly pivot to remote work faces a unique set of challenges. Even if your individual workers are set up for success, can stay productive, and are able to easily meet their deadlines, you need to ensure that your entire workforce is able to continue to work together effectively.

Communication is Key

Frequent, open, and transparent communication is always important, but when your workers are no longer working out of a centralized location, effective communication becomes even more vital for maintaining productivity. Those spontaneous brainstorming sessions over lunch, impromptu meetings, and watercooler chatter may not always appear to be productive, but they play a huge role in developing and maintaining group cohesion and encouraging the flow of ideas.
To help retain some of that impromptu team building and idea generation, you might want to encourage managers to regularly host scheduled coffee meetings or happy hours with their teams. If your organization doesn’t use an instant messaging product like Slack or Microsoft Teams already, now is a great time to adopt that technology. Instant messaging apps can be leveraged for both more serious business discussions and the lighthearted workplace chatter that used to happen over coffee or lunch or around the water cooler.

Adapt Your Communication Style to Suit Your Workers

To help empower your newly configured workforce, you will need to be able to communicate with different categories of workers effectively. This may include your regular remote workers, your newly remote workers, workers who are currently unable to work, and any essential workers you may have that must be physically present in your workplace to complete their tasks.
How you communicate with each group may differ, but you might want to consider using internal messaging apps (like those mentioned above) in conjunction with email campaigns to reinforce key messages and text messages for urgent matters. Try out several different communication styles and see which ones are most effective for which groups and reassess your approach to communication as necessary to promote collaboration and ensure critical messages are being received.

Be Proactive

Any good manager knows that it’s best to tackle potential problems before they become actual problems. By communicating effectively with your workers you can learn about potential problems or sticking points before they become major issues. While it may seem costly to act proactively, investing a bit of time, people power, and funds to address potential issues as soon as they come to light can save your organization more in the long run.
How you choose to keep an ear to the ground is up to you and your organization, but regular check-ins between workers and their managers, between managers and their department heads, and between department heads and the executive team can help prevent information silos from forming and ensure that potential issues are escalated appropriately so they can be addressed.

Focus on Retaining Workers

There is a lot of uncertainty in the world right now, so holding onto experienced workers (and their vital skillsets) is more important than ever. When a critical worker leaves, it can cause a frenzy of uncertainty as workers try to bridge the gap until a replacement worker can be found, causing unnecessary stress and anxiety. Even once a replacement is found, it can take months for them to fully settle in and come up to speed, disrupting your everyday workflow.
Have mechanisms in place so that departing workers can train their replacements before they go on maternity leave, retire, or switch to another organization. You may want to record training sessions so they can be reviewed as necessary or used to train other workers down the line. By setting up the replacement worker for success, you not only minimize disruption but also reduce worker stress and anxiety during transitions.

The Importance of a Good Attitude


However, skills aren’t everything. If you are able to expand your team and choose to do so, make sure you weigh intangible skills (effective communication, positive attitude, proactivity, etc.) as well as looking at the tangible skills required to do the job.
Having workers that are flexible, proactive, and positive can help you weather tough times and reduce friction in the workplace. Skills can be taught, but the right attitude is a lot harder to cultivate if workers don’t have the right mindset to begin with.

Empower Your Workers

How do you feel when you delegate tasks to your team? Are you relieved knowing that they have the right skills and attitude for the job, or anxious that you won’t be there to oversee everything and double-check their work?
Someone who works for an organization that empowers their workers is more likely to feel the former: confident that their team has the skills to handle things on their own.
Empowering people is about more than just giving them unfamiliar tasks; it is about encouraging your workers to challenge themselves and letting them know that you believe they can achieve their goals by periodically taking people out of their comfort zones.
You can encourage your workers to take appropriate risks by:

  • Delegating a variety of tasks, such as having a junior member run a meeting or letting your second in command take the lead on the next big project
  • Rotating roles so that employees can cross-train, building their skillset, and deepening their understanding of their co-workers’ roles
  • Giving your workers the autonomy they need to perform tasks on their own. Training wheels are fine, but they eventually need to come off
  • Encouraging your workers to behave like team leaders
  • Creating room for independent decision making
  • Allowing workers to experiment and try new things without the fear of failure

Don’t Forget the Human Factor

Businesses are run on more than technology and processes; the human element plays a critical role in any business or organization. By encouraging teamwork, escalating conversations when necessary, and creating organic opportunities for knowledge transfer, you can teach your workers to collaborate more effectively and give them a chance to develop a deeper respect for their co-workers and their contributions to the organization. This not only promotes social cohesion, but encourages cross training so that employees can remain flexible and, in a pinch, take on new tasks when emergencies and other unexpected changes occur.

Promote Collaboration & Autonomy


A strict hierarchy can be restrictive, delaying ad hoc projects and creating frustration, particularly for workers at the bottom. Establishing horizontal communication channels as well as vertical ones, can increase collaboration and reduce delays.
Another way to make your workforce more agile is to allow teams to work on their own without requiring management to constantly steer the ship. Create a team and invite one of its members to temporarily adopt the role of team leader. Give the team tangible objectives and a reasonable timeline for a project and see what they create. By creating self-managing teams, you can drive collaboration and enhance learning, making your organization more agile overall.

Feel Free to Experiment

A driving principle for many highly agile organizations is that experimentation drives innovation, which leads to change. It’s important to not only be able to respond to change (or adversity) effectively but approach it proactively and be a driving force for change.
Being able to adapt to change can help keep your business afloat, but having the ability to propel change can help ensure you stay ahead of the competition.
However, it is one thing to pay lip service to some vague idea of change and another thing entirely to put your money where your mouth is. Don’t just focus on the executive suite or department managers and ask everyone else to follow their lead, but instead encourage every employee, from the summer intern up to the CEO to get involved.
Many organizations encourage this by giving employees time on the clock to dedicate to their alternative musings. This not only encourages experimentation but gives workers the chance to fail (and fail fast) before moving onto their next idea.
You can encourage experimentation at all levels of your organization by:

  • Having regularly scheduled brainstorming sessions
  • Encouraging team members to discuss their interests beyond work
  • Actively encouraging workers to work on ideas that resonate with them
  • Offering personal support and help if and when required
  • Eliminating or reducing constraints when possible

Being agile is not only important for weathering the COVID-19 storm, but also for weathering future storms and remaining at the forefront of your industry. By taking the time and energy needed to help promote agility at all levels of your organization, you can help future-proof your company and create a great place for workers to work, learn, and grow.

The Costs & Infrastructure Tied to a Remote Workforce

COVID-19 & the Sudden Shift to Remote Work

As COVID-19 forces employees to practice social distancing, or even to self-isolate or shelter in place, the ability for employees to work remotely has gone from a luxury to a necessity. However, pivoting quickly to a mostly or fully remote workplace isn’t an easy task, and brings with it unique costs and infrastructure requirements.

The Infrastructure & Costs Required to Effectively Support a Remote Workforce

 
Your team can only remain productive if they have the tools they need to do their jobs effectively. However, though your employees may be set up for success at the office, you will likely need to make a few infrastructure changes if your company isn’t already set up to support remote work. To help your company transition, and keep your digital assets safe both during and after the shift, you may want to consider consulting with your MSSP (managed security services provider).

Laptops

If your employees mainly rely on desktops to complete their work, you will either need to permit them to bring those computers home temporarily or provide them with laptops. Laptops are significantly more portable and require less physical space than their desk-bound counterparts. This is particularly beneficial for employees who don’t have home offices and are likely going to find themselves working from their kitchen tables or another mixed-use space.

Secure Connections & VPNs

The Costs & Infrastructure Tied to a Remote Workforce
Having employees work from home means they will likely need to access company resources (such as internal networks or sensitive files) remotely. To help safeguard your company’s digital assets, you may want to consider providing your employees with secure connections or VPNs.
For more information about secure connections and VPNs, as well as tips for safeguarding your digital assets while employees are working remote, please read our blog post: COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks).

Leveraging the Cloud

The cloud is, by design, great for supporting remote work. It allows multiple users to access documents simultaneously, cutting down on the unnecessary emailing back and forth and helping ensure all users are referencing the most up to date documents. Programs such as Google Drive can support a wide variety of cloud-hosted documents, including word processing documents, spreadsheets, and PowerPoint-style presentations. You can also easily upload existing documents and files and specify whether the people you share documents with have viewing, commenting, or editing privileges.
For more information about what the cloud is and learn more about its benefits, please read our blog post: Cloud Isn’t the “Future”; It’s the Now.

Staying Connected

The Costs & Infrastructure Tied to a Remote Workforce
The most efficient teams are the ones that communicate frequently. To help your team stay engaged and connected while everyone is working from home, you are likely going to have to rely on video conferencing apps (such as Google Hangouts, Skype, Microsoft Teams, or Zoom) as well as workplace instant messaging apps (such as Slack).
Video conferencing is great for meetings as well as getting some face-to-face time with your team, while instant messaging apps are better for quick questions and the more casual conversations that used to happen around the water cooler or in the break room.
Video conferencing is also great for morale and staying connected on a more emotional level. Scheduling teamwide “lunch dates” or morning check-ins can be a great way to keep spirits up and maintain team cohesion while also letting your employees know that you care about them and are here to support them.
To help support businesses during the pandemic, many video conferencing companies are offering their products for free or at a reduced cost.

Reliable Home Internet

Employees are going to require reliable, high-speed internet to help them stay connected and access the cloud. While most employees likely have internet connections that are robust enough to support applications such as video conferencing, you should have your managers touch base with their teams to ensure everyone has the tools they need to succeed.
Depending on how much of your current infrastructure needs to change, the costs to pivot quickly may be substantial. If you weren’t planning on investing in your infrastructure to support remote work (and therefore didn’t account for it in your annual budget), the costs of this sudden pivot might be compounded if your organization is currently facing reduced profitability in the short term.

Shifting to Remote Work Can Help Future-Proof Your Business

By investing in your organization now, you can not only support your workers during this pandemic but also help future-proof your business. Though the up-front costs are certainly something to consider, remote work has many proven benefits both for employees and employers. These include increased productivity, improved performance, increased engagement, and higher job satisfaction rates. All of these benefits can, in turn, translate into higher profits in the long term, even if your bottom line is currently taking a beating.
Depending on how much of your workforce you allow to continue to work remote once the pandemic is over, you may also find that having fewer employees in the office at one time means you can reduce operating costs by taking steps such as moving to a smaller office.
Being able to support remote work effectively also means you can draw from a wider talent pool and attract workers that are either unable or unwilling to relocate for work. Offering a more flexible working arrangement can also help you attract top-talent with little to no additional costs once you have made the necessary adjustments to your current infrastructure.
Not all IT professionals can be experts at everything, and that’s okay. If your current IT department is feeling overwhelmed an experienced MSSP can help.

Cloud Isn't the "Future"; It's the Now

Technology is continually changing and evolving, creating new and innovative ways to conduct business. While many of us may still think the cloud is some futuristic concept, in reality, it’s already here and has been for a while.

What is the Cloud?

At its core, the cloud is a collection of web-based applications. Instead of purchasing a program, installing it on your computer, and running it locally, the cloud allows you to remotely access programs using the internet. Instead of running on your machine, these programs are run on large, high-tech servers. Chances are you are already using the cloud; you just might not know it yet.
An excellent example is Google Docs. Even just a few years ago, if you wanted to create a text document, you would likely open up Microsoft Word. That meant that if you wanted to start on a document using your desktop at work, then review it at home later you would have to either save the document to a USB drive and physically bring it home or email it to yourself, make any changes, and then either resave the edited document to your USB drive or re-email it to yourself.
Google Docs works a lot like Microsoft Word, but the documents you create are stored on the cloud, not your local machine. That means that if you start a document on one computer and then switch to another machine, you don’t have to bring your document with you. Instead, you simply log into your Google account from the new machine, access your Google Drive (where your Google Doc is stored), and continue working. This also means that multiple people can view, comment on, and edit the same document in real-time from different locations.
Cloud Isn't the Future It's the Now

What Are the Benefits of Using the Cloud?

The cloud has many benefits beyond conveniently sharing and editing documents that update in real-time.

No Special Software

Before the cloud, if you wanted to use a program, you would need to purchase and install specialized software to do so. Now, all you need is an internet connection and an account. This makes it easy to work remotely, either from home or while away on business, and ensure that everyone is working with the most up to date version of each document or item.
It also means that you, and your company, can easily access a variety of more specialized programs without the need to physically purchase and install them.

No Data Backups

Since your data is stored remotely on a server, instead of on your computer, you don’t need to worry about backing up your data. The company that runs the servers handles all of that for you, freeing you, your staff, and your physical resources up for other tasks and lets you rest easy knowing that if an incident occurs at your organization, your data is protected.

Cost Savings

Purchasing and installing computer programs can be both costly and time-consuming. While some cloud-based programs require monthly fees to access, these are still typically less expensive than purchasing the program outright would be.
Cloud-based programs also require less IT support from your company since you don’t need to pay a professional to install software or network computers to a server, and any problems with the software are handled by the company that provides it, not your IT personnel.
The cloud also allows employees to work remotely more effectively, which can cut down on your infrastructure costs by reducing the amount of office space your organization requires. It also means that you no longer require brand new computers almost every year to support the latest software, since even older models can easily access cloud-based programs.

Automatic Updates

One of the most important things you can do from a cybersecurity perspective is to ensure all your software is up to date. With cloud-based software, the company that created and maintains the software handles all updates for you, freeing up employees for other tasks.

Scalability

Using the cloud means that your organization can quickly and easily scale your operations or storage needs up and down depending on your current situation. Any new software or upgrades can be accessed quickly and easily, and may not even require upgrading your account.

Minimize Disruptions

Storing your data in the cloud means that if something happens to your office, such as a fire or a power outage, you can more easily resume normal operations. Data on the cloud remains safe and secure, and can easily be accessed remotely if necessary.
Cloud Isn't the Future It's the Now

Increased Cybersecurity – If You’re Prepared

A type of malware called ransomware (such as the famous Wannacry and Petya ransomware attacks) targets companies by encrypting their data and holding it hostage until the ransom is paid. Unfortunately, too many organizations are forced to cave because they don’t have proper backups of their data, and they can’t continue with normal business operations while their data is inaccessible. Storing your data on the cloud drastically reduces the effectiveness of ransomware attacks targeting your specific organization.
However, though the cloud has many benefits, it also brings with it unique cybersecurity considerations that you should discuss with your Managed Security Services Provider (MSSP). Your MSSP can help you identify potential vulnerabilities and address them effectively to safeguard your cloud-held digital assets better.
The cloud has already changed how we work, streamlining a lot of processes, making it easier to adjust our storage and operations quickly to better suit our needs, and making collaboration easier than ever. Though it has brought with it new cybersecurity concerns, these can be safeguarded against, and their potential impact mitigated, with flexible, robust, and tailored cybersecurity solutions.

Hacked? Here's What to Know (& What to Do Next)

Whether criminals are posting inappropriate or illegal content on your company website, sensitive data, and emails have been accessed by unauthorized users, or your data is being held hostage by ransomware, being hacked is every organization’s worst nightmare.
Though there’s nothing you can do to ensure a breach never happens, there are a lot of things you can do to minimize the likelihood of a breach occurring and, if one does happen, a lot you can do to contain and mitigate the damage and disruption associated with the incident. 

Contact Your MSSP

A good Managed Security Services Provider (MSSP) will help you respond quickly to a breach once you let them know a cybersecurity incident has occurred. A great MSSP will have been monitoring your systems closely and already know a breach has occurred, possibly even before you do. 
If, for some reason, your MSSP doesn’t already know about the breach, the first thing you should do is contact them for advice. Your MSSP will assess the situation and offer expert advice and support to help you repair the breach, minimize damage, alert users and relevant authorities, and assess the situation afterward so you can strengthen your cybersecurity defenses. 
Learn More: What is a Managed Security Services Provider?
What to Do When You Get Hacked

Find Out How the Incident Occurred

Before you can respond effectively to the incident, you need to know exactly what happened. Was software not kept up to date? Did an employee click on a suspicious link in a phishing email? Was a company laptop left unattended and stolen? Was your organization targeted with ransomware?
Once you know exactly what happened and what systems and files were accessed, you can work quickly to address the incident, thoroughly assess the damage, and take the necessary next steps.

Implement Your Incident Response Protocols

If you don’t already have incident response protocols in place, you should start crafting some right away. Each protocol is a plan that allows you to respond effectively to a specific threat or incident, sort of like safety plans for cybersecurity. Just like a fire safety plan outlines, in detail, what everyone in the building should do if there is a fire, a well-crafted incident response protocol should outline who should do what in the event of a cybersecurity incident.
However, having an incident response protocol is only useful if everyone involved knows exactly what their role is and how to carry out their duties effectively. To help everyone get familiar with the plan, you should have all critical personnel work through tabletop scenarios regularly.
Tabletop scenarios are like fire drills: they pose a hypothetical scenario and let your employees work through and refine their response in a no-stakes environment. When the scenario is complete, your team then sits down, preferably with someone from your MSSP, to review your response, look for weaknesses, and further strengthen your current protocols.
Though scheduling a tabletop scenario now won’t help with the current situation if you have already experienced a breach or other cybersecurity incident, you should begin drafting robust incident response protocols and conducting tabletop scenarios as soon as the current situation is resolved.
What to Do When You Get Hacked

If Necessary, Go Into Lockdown Mode

Depending on the nature of the incident, you may need to go into lockdown mode. If a company laptop has been infected with malware, that device needs to be isolated from the main network to avoid spreading the virus. If a particular area of the network has been compromised, that section should also be isolated from the larger network to prevent cybercriminals from accessing other systems.
One way to prevent cybercriminals from easily accessing multiple systems if they can hack into your system is to follow the zero trust architecture model. Zero trust makes lateral moves within the system more difficult by automatically assuming every user is unauthorized, even if they have already verified their identity and limits access to each area to employees who truly need it to perform their duties. 
If your firewall and other perimeter defenses are the security guard at the front desk, zero trust architecture acts more like the RFID badges your employees wear as they move about the building. Once someone has moved beyond the security guard at the front desk, they still need to verify their identity before they can access restricted or sensitive areas, typically by swiping their keycard to unlock doors. This extra layer of security ensures that even if a cybercriminal gets past your firewall and other perimeter defenses (sneaks past the security guard), their access is limited to non-critical systems where they aren’t able to cause as much damage before they are discovered by security and removed.

Inform Your Users & the Relevant Authorities

Once you have contained the breach, isolated any infected systems or devices, and begun to repair the damage done by the cybercriminal, you need to inform your users or customers as well as the relevant authorities. 
For example, GDPR (which applies to all organizations and companies whose customers include EU citizens) requires breaches are disclosed within 72 hours of their discovery, and US law requires that organizations notify affected individuals if their personally identifiable data may have been compromised
Depending on which states you conduct business in, your organization will likely also be subject to other reporting laws. If you are unsure what is required of you in the event of a cybersecurity incident under state laws, your MSSP can help you review the relevant state laws and ensure that you comply with them fully.

Review What Happened & Improve Your Cybersecurity Protocols

Once the cybersecurity incident has been resolved, it is time to review your current protocols, identify which weaknesses were exploited, and craft flexible yet robust protocols to strengthen your cybersecurity posture.
This task may sound daunting, but that is where your MSSP comes in. Not everyone is a cybersecurity expert, and that is alright. Your MSSP’s job is not just to monitor your systems and help you respond to breaches. They are also there to provide expert advice and suggestions and help you avoid or minimize the impact of cybersecurity incidents going forward. 

Practice What You’ve Learned

Once your current cybersecurity protocols have been strengthened or updated, it’s vital that your employees understand what has changed, why those changes were made, and how they should respond to various cybersecurity incidents moving forward. Make sure any changes or updates are clearly communicated to all employees and relevant outside contractors, and that all concerned parties are given the chance to ask questions and seek clarification if necessary.
Once everyone has been brought up to speed, you should contact both a tabletop scenario and, if relevant, a pen (penetration test). A pen test involves hiring an ethical hacker to stress test your current cybersecurity protocols and try to access sensitive data. Once the test is done, the hacker then sits down with your organization and details what systems they were able to gain access to and how they managed to get past your defenses. They can also then provide you with suggestions for strengthening your cybersecurity posture. 
A cybersecurity incident may be every organization’s worst nightmare, and when they happen, the consequences can be devastating. Having a great MSSP can help you recover quickly and effectively from a cybersecurity incident and strengthen your defenses to avoid future incidents. With 24/7/365 monitoring and a 15 minute guaranteed response time, VirtualArmour can help you craft robust yet flexible cybersecurity protocols so you can better safeguard your organization’s digital assets.

Operational Technology vs. Information Technology: Differences, Similarities, & How the Intermix With Industrial Control Systems

Though traditionally operational technology and information technology were kept separate, these two worlds are becoming increasingly intertwined, and both forms of technology are becoming more likely to connect to the internet.

What is Operational Technology?

Operational technology (OT) refers to the hardware and software used to change, monitor, or control physical devices, processes, and events within a company or organization. This form of technology is most commonly used in industrial settings, and the devices this technology refers to typically have more autonomy than information technology devices or programs.
Examples of OT include SCADA (Supervisory Control and Data Acquisition), which is used to gather and analyze data in real-time and is often used to monitor or control plant equipment. Industries such as telecommunications, waste control, water control, and oil and gas refining rely heavily on SCADA systems.
Many types of OT rely on devices such as PLCs (Programmable Logic Controllers), which receive information from input devices or sensors, process the data, and perform specific tasks or output specific information based on pre-programmed parameters. PLCs are often used to do things like monitor machine productivity, track operating temperatures, and automatically stop or start processes. They are also often used to trigger alarms if a machine malfunctions.
Access to OT devices is typically restricted to a small pool of highly trained individuals within an organization, and these types of devices may not be updated or changed for months or even years. Since these devices are highly specialized, they rarely run on standardized operating systems (like iOS or Windows), and instead, generally, require custom software to function.
Operational Technology vs. Information Technology: Differences, Similarities, & How the Intermix With Industrial Control Systems

What is Information Technology?

Information technology (IT) refers to anything related to computer technology, including hardware and software. Your email, for example, falls under the IT umbrella. This form of technology is less common in industrial settings, but often constitutes the technological backbone of most organizations and companies. These devices and programs have little autonomy and are updated frequently.
Access to IT programs and connected devices are typically less restricted than to OT devices, and many, if not all, employees at a given organization may be granted access.
The main difference between OT and IT devices is that OT devices control the physical world, while IT systems manage data.

What are Industrial Control Systems?

Industrial control systems (ICS) are a type of OT and consist of any systems that are used to monitor or control industrial processes. This could include a mining site’s conveyor belt or an alarm that lets employees know if a piece of equipment is getting dangerously close to overheating.
ICSs are often managed by SCADA systems, which may provide users with a graphical user interface. This interface allows the user to observe the system’s current status, enter system adjustments to manage the process, and observe any alarms that indicate something is wrong.
Operational Technology vs. Information Technology: Differences, Similarities, & How the Intermix With Industrial Control Systems

How to Intermix Operational & Information Technology with Industrial Control Systems

At first glance, IT and OT may not seem compatible. OT systems are isolated and self-contained, designed to run autonomously, and rely on proprietary software. On the other hand, IT systems are connected by nature, have little autonomy, and generally run using readily available operating systems. However, incorporating IT into your OT operations can have many benefits.

IT Can Improve OT Operations

In the past, most OT devices were utterly cut off from not only the internet but even most internal networks, and could only physically be accessed by a select few authorized employees. However, it’s becoming increasingly common for OT systems (including ICSs) to be monitored and controlled using IT systems.
While inputs on many OT devices may have traditionally been limited to a physical panel or keypad that required workers to input commands or data physically, more OT systems and devices are now being controlled and monitored remotely via the internet.
IT can be used to make operating an ICS or other OT device easier. IT can be used, for example, to monitor parts and alert employees when a component is failing, allowing the employees to procure and install the spare part before the damaged part fails. By replacing the damaged part before it fails, employees can not only help ensure that production isn’t disrupted but can also prevent a cascading effect if the damaged part’s failure could lead to more extensive damage. A damaged part may not only cause a machine to fail, but that failure could also have serious consequences for the health or safety of employees working nearby.
IT can also provide employees with real-time reports on the state of the OT device, and allow them to respond and correct system errors in seconds. This means that if an alarm goes off to let employees know that a piece of equipment is malfunctioning, they can either shut down the device remotely (reducing the chances of an industrial accident) or otherwise address the situation right away before it becomes more serious.

Don’t Forget to Secure Your Connected OTs

IT systems can be a huge boon for ICS and other OT systems; it can also leave OT systems vulnerable to cybersecurity attacks if appropriate precautions aren’t taken. Any time a device is allowed to connect to the internet, or even to a network that can be accessed via the internet, there is a chance that a cybercriminal could gain unauthorized access.
A cyber attack against an OT device could have catastrophic consequences. Not only can specialized equipment be damaged (resulting in costly repairs), but the damaged equipment could pose a health or safety hazard.
Before you integrate IT into any OT system, it’s vital that you create and implement appropriate cybersecurity protocols. A good MSSP (Managed Services Security Provider) can help you do a thorough audit of your current systems, and help you ensure that adding IT to your ICS or other OT device won’t compromise your cybersecurity.