Hiring a Hacker

Security is not an option anymore. While operations in many IT organizations went against security (1)(2) for years, it is now obvious that security needs to be at the beginning of every process. A hacker is a serious threat.

Threats are on the rise. According to Symantec (3), the US is an easy target for ransomware hackers, and email is still the main weapon of choice. Phishing is on the rise (4), and MePush is seeing it everywhere. Social engineering is prevalent, as are scams. These pains are costing a lot of money. The costs of ransomware alone in 2017 are expected to exceed $5 billion (5). On average, a ransomware incident costs a small business $100,000(6). They are happening every day.

To deal with these threats: we hired a hacker.

About Our Hacker Michael

Michael was MePush’s forensic security expert. He hails from Bloomsburg University’s Digital Forensics program. Also in the military and involved in the cyber defense community, he would be white-‘ish’ hat hacking wherever he went. This guy lives and breathes exploits and vulnerabilities. He practices wireless cracking and competes is hacking competitions. He installs malware on virtual machines to see how it ticks. He’s young and full of energy (an asset to us, for sure), but he is also wired right for the security world.

Michael led a small team of security and forensics experts that dealt with PCI and HIPAA compliance, managed security, and any security consulting that we threw his way. Trained up as a Certified Ethical Hacker and certified as an AccessData Certified Examiner, we had him geared up to handle the threats that our clients are dealing with every day.

Serving most of the small- to medium-sized businesses in our region, we are seeing those threats every day. Most importantly: Michael and his team are helping our clients understand the threat landscape, and how it affects them.

Small Businesses as Targets

Malware doesn’t care whether you are a Fortune 500 company or the local widget shop. Fortune 500 companies usually have made the investments so that they can restore from a ransomware disaster, whereas the local manufacturer often faces of their data being corrupted and lost forever or paying a ransom and crossing their fingers.

Likewise, hackers who are scanning a block of addresses on the Internet are sometimes just looking for a vulnerable target. A small business tends to be years behind in security, unpatched, and easier to attack and hack than a larger, secured corporation.

Michael and his security team are trying hard to get appropriate solutions in place for these clients. Good disaster recovery options (and a plan), layers of solid backups, and management of the servers and data is a starting point. Managed security to make sure that threats are addressed on a regular basis is appropriate, even for small businesses, nowadays. For some clients, the added cost of the investment in security seems like a nuisance. Fortunately, the difference between a business-ending event and a blip in productivity is usually something that can be budgeted for.

Cybersecurity in Central PA

Michael has seen a lot of action this year. Leading up the cybersecurity team has its challenges. Keeping security usable, while secure-‘ish’ can be difficult, especially when business owners are demanding their status quo, which is often wide open and insecure. For the security-minded, these people can seem like they don’t care whether their business exists next week, so it takes a special set of skills to communicate the importance of heightened security.

These days, cybersecurity experts have a full plate. Michael keeps busy writing HIPAA & PCI audits and management plans, running vulnerability scans, and performing forensic post-breech investigations, cleaning up ransomware infections. He consults with clients to write policy one second, updates wireless security the next, and performs penetration tests before walking out the door. While keeping up with the latest and greatest in the security world and keeping his hacking chops up to date, Michael and his team are definitely busy these days.

The Friendly Hacker

Don’t be afraid of Mr. Michael. He’s serious and great at what he does, but he’s also very ethical and trusted enough to pass the State Police’s CLEAN checks and have a federal security clearance, so he’s one of the good guys. Although his capabilities may look scary like he has access to the launch codes, he tries to set our clients up with the best solutions. Plus, we trust him.

Our security team is now offering managed security and managed compliance (PCI & HIPAA) plans. Since audits and vulnerability scans and penetration tests are all labor intensive, we’ve built some packages to help our managed services clients to meet Michael. Contact us to learn more.

Sources:

(1) Woods, Dan (2013, Mar 11). Why Security Without Usability Leads To Failure. https://www.forbes.com/sites/danwoods/2013/03/11/why-security-without-usability-leads-to-failure/#61461d684533

(2) Alshamari, Majed (2016, Oct 25). A Review of Gaps between Usability and Security/Privacy. http://file.scirp.org/pdf/IJCNS_2016102515121298.pdf

(3) Symantec (2017, Aug 30). https://www.symantec.com/security-center/threat-report

(4) Phishlabs (2017 Aug 30) https://www.phishlabs.com/phishlabs-2017-phishing-trends-intelligence-report-hacking-the-human/

(5) Morgan, Steve (2017, May 23). Ransomware damages rise 15X in 2 years to hit $5 billion in 2017. http://www.csoonline.com/article/3197582/leadership-management/ransomware-damages-rise-15x-in-2-years-to-hit-5-billion-in-2017.html

(6) Larson, Selena (2017, July 27). Why ransomware costs small businesses big money. http://money.cnn.com/2017/07/27/technology/business/ransomware-malwarebytes/index.html