What You Probably Don't Know About Your Cyber Security Vulnerabilities?

Client Spotlight: Eric Rockwell, President/CIO, centrexIT

Who is centrexIT?

Founded in 2002, centrexIT is San Diego's leader in IT management. Our locally-based technology professionals provide outsourced IT service, support, security and leadership for small and medium-sized businesses in the greater San Diego area. centrexIT manages entire IT environments for more than 65 companies, ranging from 10- 2500 staff.

Where do computer viruses come from?

Over 90% of current cyber security threats come from websites like Adult, Gambling, Gaming and Phishing websites, or Spam Email and Phishing Email with attachments or links to phishing websites, like fake versions of IRS, bank, eBay, PayPal, Walmart, Facebook notifications, etc.

One example of this is Cryptolocker (and other crypto variants) which is ransomware. Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Spearfishing attacks are common too – someone registers a domain name almost identical to yours, and then tries to trick you into completing a wire transfer to them seemingly authorized by their CEO. They go to LinkedIn to find out more about the company, send them an email in the CEO’s name, and then ask for payment on a fake PO that goes to their overseas bank account.

See examples of scams please click here.

Why are companies becoming more vulnerable today verses last year? 

The new risks coming out are not your traditional viruses.  Hackers are getting more sophisticated every day and most IT security systems protected with strategies that are 10+ years old. Modern cyber security attacks go around firewalls and traditional anti-virus software, which is one reason why cyber security incidents have been increasing rapidly year over year. There have been more cyber-attacks reported this year than last year or any year in history, and they’re still increasing. Even large well-known companies that have data cyber security plans and systems are not safe from attacks.  A couple of examples are Target and Sony, but we can expect many more.

 IT industry analyses are estimating that more than 80,000 breaches will be reported by the end of 2015.  You can see there has been a steady climb over the years and it’s not stopping.

What is the industry doing about this increasing threat?

Unfortunately, the industry is being reactive instead of proactive. We need to find a better approach to this before the government makes unnecessary regulations on the industry. Government is still approaching this with an old methodology. It’s highly likely regulations would require small businesses to spend money on requirements that won’t even help them to be secure.

 What can companies do to protect themselves from modern cyber security scams?

• Anti-Virus System
• Server enforced anti-virus, mandatory on every computer
• Monthly or quarterly anti-virus gap analysis performed to ensure no systems slip through the cracks
• Firewalls
• Enterprise level firewalls with modern IDS/IPS, SPI and threat analysis features
• Firewalls that can talk to anti-virus and content filtering to warn those systems about threat traffic that’s been detected
• Content Filtering
• Perimeter-based content filtering linked with content filtering software running on all company computers
• This software can prevent users from going to specific types of websites that are not work related and cause a potential HR threat like pornography
• This software can also block traffic going to or coming from known-infected websites, and even block the phone-home encryption signal that some known cryptolocker variants use
• Email Anti-Spam, Anti-Virus and Continuity System
• Offsite email filtering service that scans every email message sent and received that is not hosted by or on the same platform hosting the corporate email system
• This service will block most known spam and emails with viruses attached, as well as block the links in the emails that go to know spam and malware pages
• CyberSecurity Awareness Training
• Quarterly, bi-annual or annual mandatory all-staff training on what the new cyber security threats are, where they’re coming from, and what new tricks and tactics the cyber criminals are now using

One of the most important thing companies can do is annual cyber security training with your staff. It is a very important part of properly defending your company.  The more employees are aware and knowledgeable to what Cyber-attacks looks like they are less likely to fall for the trips and scams that can devastate a business. It only takes one wrong download or attachment open to create a data breach or case a major production challenge and unnecessary down time for the company.

To speak with Eric and his team at centrexIT, you can contact them at 619.651.8750 or learn more at www.centrexIT.com.