Artificial Intelligence (AI) is becoming a cybersecurity team’s best defense against hackers, reports suggest. Moreover, as we continue to progress with technology, the dependency on AI to help protect our personal and business technology is increasing. More and more businesses and cybersecurity companies are turning to artificial intelligence as a means of bolstering their defenses against cyber-attacks, and with ever-increasing positive results. According to Capgemini’s article, Reinventing Cybersecurity with Artificial Intelligence, artificial intelligence is becoming a necessary factor in a business cybersecurity defense. As much as 66% of cybersecurity firms believe that they would be unable to detect cyber-attacks without the assistance of their AI. As much as 75% of cybersecurity firms are beginning to test artificial intelligence. 60% believe that artificial intelligence has dramatically improved the accuracy and efficiency of cybersecurity technicians and analysists. With over half of all cybersecurity firms and businesses opting for AI for their cyber defense, artificial intelligence is not only becoming more sought after but also more dependable. With the globe becoming more dependent on technology each day, it should be no surprise that criminals would turn to technology as a means of exploiting and stealing from others. To protect your data, money, and sensitive information from criminals, ensure that your cybersecurity partner is using only the most advanced and up-to-date standards and practices. Hammett Technologies is well-versed in cybersecurity and can guarantee your information’s safety from hackers and criminals.
As businesses become more and more connected to the internet, the threat of a data breach only increases. A study conducting by the University of Maryland in 2017 discovered that, on average, computers with internet access are attacked every 39 seconds. While this figure may be worrisome, this should come as no surprise to most. As technology continues to progress, becoming more and more a part of not only businesses but individual’s lives as well, criminals will try harder and faster to obtain access to confidential information. These attacks are not cheap either. A study conducted by IBM found that on average, a cyberattack can cost $3.86 million. This number does not just reflect the damage the breach cost, but it also factors in loss of business, time spent on recovering, and damage to reputation. Taking steps to prevent an attack from happening is imperative. One must have the proper equipment and policies set in place in order to counter cyberattacks. However, attackers are becoming smarter, more resourceful, faster, more aggressive. Many of them are also playing the long game as well. Lying dormant in a companies, or individual’s computers or server, waiting for the perfect moment to attack. While cyber security specialists are doing there best to stay 1-step ahead of criminals, there is only so much that can be done. Therefore, instead of playing a game of cat and mouse with attackers, cyber security specialists should be turning their attention towards using machine learning and AI to aid them in this constantly evolving battle. Why Machine Learning and AI Should Be Recruited Cybersecurity usually relies on methods of created static rules and policies that act as barriers to attackers. These barriers, regardless of how strongly built, are susceptible to cracks and leaks, allowing for unwanted guests to enter. This creates a constant game of catch up, rather than enforcing constant protection. This is especially true since cyber criminals are constantly evolving their viruses, making them stronger and harder to detect. If rules are not kept up to date, and scheduled maintenance is not regularly done, disaster can strike at any moment. Machine learning and AI can help level the playing field. Even though cyber security specialists will remain as the last line of defense against attacks, AI and machine learning can be used as the first line of defense. AI and machine learning are constantly updating and learning, feeding off information from databases about cybersecurity and networking, as well as information from its experiences while deployed. AI and machine learning add automation to your cybersecurity team, aiding them in evolving and keeping your data safe from criminals. Hammett Technologies is specialized in cybersecurity, using only the latest cybersecurity software and hardware to keep your data safe. When you partner with Hammett Technologies, you hire a partner who learns your employees, your business, and your process.
If you are in the health care business, chances are you have heard the phrase “HIPAA Compliance” before. However, what you may not know is how truly important HIPAA Compliance is for your business, or even what HIPAA Compliance is. No need to worry; Hammett Technologies is here to help! What is HIPAA Compliance HIPAA or the Health Insurance Portability and Accountability Act was is a set of rules and restrictions established to outline the lawful use and disclosure of Protected Health Information (PHI). *a more complex outline of HIPAA can be found here: https://www.hammett-tech.com/how-we-protect-you/hippa-compliance/ Why Being HIPAA Compliant Is Important If you are in the healthcare business, there are numerous reason you should be HIPAA Compliant. From lawsuits to fines from the government, HIPAA Compliance is to be taken seriously and followed completely. Some of the most important reason to be HIPAA Complaint are: Fines Fines for not meetings HIPAA Compliance have increased substantially. These caps on these fines have increased from $25,000 per year to $1,500,000 per year. Furthermore, if you ignore HIPAA Compliance and encounter a breach or receive a complaint, your business can be investigated for breaches, compliance failures, and other issues which can lead to further fines. Other Organizations Other organizations that work with you are most likely HIPAA Compliant themselves, especially if they are a larger corporation. Each Business Associate or Covered Entity your healthcare business works with must following HIPAA Privacy and Security Rules. This, in turn, means that if your business if not HIPAA Compliant you will lose their assistance, as well as, lose business in general. Blacklisted If a breach does occur, and the breach results in more than 500 individual’s Protected Health Information being affected, your business is required by law to report it to the Health & Human Services Department, as well as, the public and media. Other companies will not hold back comparing their HIPAA Compliant organization to yours, stealing both business in the present and future. If you are fearful that you do not meet all the HIPAA guidelines and regulations or are having trouble understanding HIPAA Compliance and how to become compliant, call Hammett Technologies! We have a devoted, professional IT team that can help you meet all HIPAA requirements stress free! HIPAA Compliance is essential for any business that handles Protect Health Information. Hammett Technologies will ensure that your business meets every requirement.
If you are like many users, you visit many different sites and have a plethora of passwords between those sites. The idea of creating a strong password consisting of letters, numbers, special characters, symbols, etc., can be quite daunting. Not to mention it is recommended that you have a different password for each site your register an account on. With all of this considered, it is no wonder many become overwhelmed when trying to think of a secure password. I mean, who can remember “J%^dh@udS!@#$”? Because of this, you may have fallen victim to using the same password for most, if not all, of the websites you hold an account on. This is not only a safety hazard, it also spells disasters if one of these websites gets compromised. Or perhaps you use numerous passwords, but they consist of simple words and numbers that relate to your life. These kinds of passwords are easier to guess than you can imagine. Maybe you do have long, complicated passwords, but in an attempt to remember them you have written them down and placed them next to your computers. This is dangerous as well, especially if other use your computer as well! However, with this guide, we hope to guide you down the right path to making safe, secure, and easy to remember passwords! First, to understand what a strong password is, we must understand what makes a password strong. The key features of a strong password are its length, a variety of letters (using both upper and lower case), symbols, and numbers. Make sure you leave all personal information out of your password. However, what is the use of a complicated strong password, if you cannot remember it? Not to worry, we will arm you with advanced password creating techniques that will not only keep your online identity secure! Your first strategy in creating a strong password is to make it easy to remember but hard to guess. Avoid the pitfalls of making your password “password”. This password is laughably weak. A password this simple is easily guessed by both humans and machines and will leave your online identity in shambles. Some of you may be asking, “Who on Earth is using “password” as a password?”. Well you would be surprised to know that it is one of the most commonly used passwords to date. There are also the passwords that use a persons last name and birth date. These kinds of passwords are also easy to crack by those who are close to you. I know your neighbor Bill seems like a nice guy, but maybe he’s too nice. However, perhaps you have been trying to make a strong password and have created “P0W3Rful”. First you must be aware of the length. Length of this password is far to short and the substitutions you have made are easily guessed by both human and machine as well. Now that we are aware of the numerous pitfalls, we can begin to discuss how to create a strong password! Here are a few examples of good passwords: G00D_2H4v3_$$: You could use this one for a bank account (Good to have money). 4sh00Ping_0NAMZ: This could be used for your Amazon account (4 shopping on amazon). Having now thought of a password that is perfect in length and randomness, you have begun your march down the correct path to internet safety. However, you are not safe yet. You must remember to not reuse the password, write them down anywhere, or share them. After spending all that time thinking of a good password, last thing you want is for someone to crack it by seeing it written down next to your computer. Or if you are to get hacked, at least you can rest easy knowing your other accounts are still locked away because you used a different password for each site! The last rule is extremely important but can also be given some slack. If you are to share your password, make sure that you only do so with someone you trust 100%. If you have even a shred of doubt that they do not take internet security as seriously as you, do not share your password with them. Another option for those who have too many accounts, or are too nervous to create their own passwords, is to use a password manager! Password managers like LastPass can generate completely random passwords up too 100 characters in length. All you must do is think of a super secure master password and you are ready to go! Now that you have been armed with the tools to create smarter, safer passwords, go forth and secure your defenses! If you have any questions about cyber security or want a partner that will take your businesses cyber security seriously, consider Hammett Technologies! At Hammett Technologies we put your online security as a top priority. Be with a team you can trust, become a Hammett Technologies Partner today!
It’s finally time to say goodbye to our old friend. In a few months, January 14, 2020, to be exact, Windows 7 will officially no longer be receiving security patches and updates from Microsoft. Therefore, if you are one of the many still calling Windows 7 your home, it may be time to think about moving to Windows 10. Why is this Important to Me? Many of you are probably thinking, “Why should I worry about moving to a new operating system?”. The answer is security. When Microsoft pulls the plug on the extended support (January 14, 2020) that means Windows 7 will no longer receive any critical updates. Updates that would fix security holes and exploits. This means that the longer you wait to move to Windows 10, the more at risk you are of an attack. Why Not Move to Windows 8? If you are looking for an Operating System similar to Windows 7, you should look no further than to Windows 10. Windows 10, while there are differences between them, is more similar to Windows 7. Windows 8, on the other hand, is, for lack of a better term, a mess. The desperate attempt to mix the mobile and PC platform was a disaster and will ultimately leave you with a sour taste wishing for anything else. The other reason to make the jump to Windows 10 and not 8 is because Windows 8 will also cease support soon. In January 2023 the extended support for Windows 8 will end, and with it will come the same security risks of Windows 7. As we said earlier, for those of you looking to fill the void left from your goodbye to Windows 7, Windows 10 is there. If you find yourself needing assistance in migrating yourself or your company to Windows 10, please give us a call! We will be more than happy to assist you in the transition to Windows 10! To learn more about what we can do to assist your company’s growth, click here!
As technology continues to progress, security on a global scale becomes a larger concern for all. For any country, one of the largest concerns is a cyber attack that could cripple the power of multiple cities. The United States, however, has begun to take steps to counteract this potentially catastrophic situation. After multiple, unsuccessful attacks on the US power grid, the United States government has begun to look at other, older, methods to secure the power grid. The United States has decided that, instead of using updated technology to secure the power grid, the use of older, analog, manual technology is the best way to secure the nation’s power. The United States hopes that, by using manual techniques, the threat of a larger-scale attack will diminish significantly. Furthermore, manual technology means that only direct, physical access will allow access to the power grid, potentially eliminating cyber attacks entirely. As technology continues to advance on a global scale, cyberattacks become more potential and more dangerous. It is interesting to see the United States, instead of contributing higher-tech to securing the power grid, is instead opting for older, retro-styled tactics of security. After all, the best security against a cyberattack is to eliminate the cyber aspect! Are you worried your business may be vulnerable to cyber-attacks? Contact Hammett Technologies today for a free assessment of your network! To find out more about what we can do to help your business grow, click here! (9/10/19) Update ZDNet has reported that the US power grid has just been struck by a cyber attack! Security researchers have discovered that the attack occurred due to an unpatched firewall, allowing hackers to use a DoS attack on the firewalls located in a power grid operator. You can read more about the incident on ZDNet!
A new malware strain has begun to attack IoT devices, wiping their firmware and rendering them useless. As of the writing of the article the malware has been live for a day and has already claimed a confirmed 2,000 victims in about 3 hours. Reports state that, Silex, the name of this malware, will continue to grow in scale and destructive nature. How Does Silex Work Reports state that Silex operates by destroying an IoT’s devices storage, removing the devices network config, dropping firewall rules, and ultimately ending by halting the device’s ability to operate. It does this by logging into the system using know default login credentials. In terms of destructive capabilities, this strain of malware is extremely threatening. If infected by the malware, the only option is to reinstall the device’s firmware, an operation many users will find to difficult to do. Experts believe this malware will lead to infected users throwing their devices away, thinking they were malfunctioning, rather than suspecting malware to be the case. For now, Silex appears to only be targeting Unix-like systems with default login credentials, but the malware also has a Bash shell version as well, meaning it could also be used to target systems running Unix like operating systems. This could spell disaster for Linux servers that have unsecured Telnet ports and poor admin or user credentials. At the time, the malware uses Iranian hosting services to operate, which has already been blacklisted by URLhaus. However, it is still recommended that you make sure your passwords are up to date and are anything but the default.
Across the United States, hackers have been targeted cities through the use of ransomware. Ransomware is a malicious attack on a computer system which completely locks the user out of their computer until a “ransom” is paid (usually in bitcoins). For those who think paying the ransom will be the easiest option should be aware that there is no guarantee that, upon payment, a decryption key will be provided. What makes ransomware especially threatening is the timer that not only counts down how many days left the user has before all files are deleted but also increases the price of decryption each passing day. Ransomware attacks should not be news to residents of Maryland. A similar attack has plagued Baltimore’s city government for a while, and the price of recovery has skyrocketed to $18 million. As of today, Lake City, Florida, another US city infected with ransomware, has decided to pay the ransom in order to regain access to their technology network. Despite Lake City’s technology department successfully disconnecting all infecting computers within a matter of minutes the virus was able to snake its way through the entire government’s network, with the police and fire departments being the exception. Lack City, Florida government officials have agreed to pay a ransom of $500,000. Upon payment, Lake City was granted a recovery key after paying the ransom, something other cities should take note of. Baltimore and Lake City are not the only two cities to have been plagued with the attack. Other cities such as Lynn, Massachusetts, Cartersville and Jackson County, Georgia have also been faced with this serious cyber-attack. These attacks, while expensive to fix, are a wakeup call to local governments. Ransomware is often targeted and successful on outdated systems, something each of the cities listed had. In order to combat these issues, and ensure they do not happen again, regular maintenance, updates, and patches are not only necessary but required. These attacks not only cripple the state government, but they also hurt the general public.
A new adware exploit has been discovered recently. Named “Cavallarin” after its founder, the exploit allows for the unwarranted download of various ads onto the users Mac device, all while being trusted by Apple’s macOS Gatekeeper. How the Cavallarin Exploit Works The exploit takes advantage of Mac’s Gatekeeper protection service, allowing for malicious apps to trick the Gatekeeper into thinking they are Apple-certified applications, granting them elevated access to the device. This is a serious concern that Apple has yet to address, even after Filippo Cavallarin approached them with the discovery. When the Gatekeeper is operating properly, it will prompt the user, informing them that the application they are attempting to install is not Apple-certified and could be hazardous. However, if the application takes advantage of the exploit, this prompt will never occur, and the device will become infected. How to Prevent Your Mac Device from Exploitation For now, the easiest method of prevention would be to only download applications that are 100% known to be Apple-certified. Even then, it is smart to remain vigilant regarding any application you are download, always airing on the side of caution. For now, with no comment from Apple regarding the exploit yet, it is hard to say when a patch will be created and pushed to users. If you are still worried about the potential exploitation of your device, Intego’s free VirusBarrier Scanner is able to check your system for apps using the exploit. These threats will appear as “OSX/Linker.”
As technology continues to advance, so do those who aim to use it to exploit others. According to Accenture, when a business suffers a cybersecurity attack, an estimated $2.4 million is spent on recovery, and it takes an estimated 50 days to recover from the attack entirely. On a global scale, the average business can expect to spend on recovery is estimated to be as high as $3.86 million, with another attack within 24 hours with a 27.9% chance (via 2018 Ponemon Report). It is essential that businesses understand this threat, and that investing in preventative measures, such as automation, is important to maintaining a business’s security. What is a Data Breach? According to the 2018 Cost of a Data Breach Study, to classify an event as a “data breach” an individual’s medical record, financial record, and/or debit card information must be placed at risk. This type of information can become exposed due to malicious or criminal attack, system glitch, and even human error. How Does a Business Avoid Data Breaches? In order to prevent a data breach from occurring, a business must invest in a strong cybersecurity team. With the support of a robust cybersecurity team, a business has a better chance of staying ahead of malicious hackers. Furthermore, extensive pressure testing can also aid in prevention. Pressure testing a businesses network environment can reveal vulnerabilities, as well as aid in innovation, keeping your cybersecurity ahead of the attackers. However, one of the most important defenses a business can invest in is automation. What is Automation and How Can It Improve Cyber Defense? When it comes to cybersecurity, automation is your best defender. According to 2019 Study on the Cyber Resilient Organization, automation, in the cybersecurity field, refers to investing and enabling in cybersecurity technologies that assist or replace human intervention in the identification and containment of cyber exploits or breaches. Furthermore, for these technologies to function correctly and efficiently, artificial intelligence and machine learning, must be appropriately implemented. Automation creates a symbiotic relationship with businesses cyber resilience. It reduced the chances a business has of encountering a data breach, as well as the frequency of them occurring. Investing in automation allows for a business to feel more confident in its ability to track, prevent, and contain potential cybersecurity incident. However, while automation does remove humans from the identification and containment procedure, it does not mean that cybersecurity professionals are irrelevant. A business should keep a full staffed cybersecurity team to assist in training, as well as regular maintenance of the automation processes. Furthermore, a fully staffed cybersecurity team can develop a Computer Security Incident Response Plan (CSIRP), which significantly assists in detection and containment. Automation is a necessary part of a company this wished to keep their client’s information save and save money. According to the 2018 Cost of a Data Breach Study, on average, the losses of a company that has fully and effectively implemented automation to their cybersecurity defense, are $2.88 million, while a company that has decided to skip on automation suffers $4.43 million in losses. Automation is an essential tool for any business looking to improve its cybersecurity and cyber resilience. What Other Steps Should a Business Take to Continually Improve its Cyber Resilience? Automation is a crucial component to any businesses cybersecurity detail, but businesses cannot overlook other key personnel and details either. Security intelligence systems can save a company as much as $3.7 million. Companies that take full advantage of encryption and effectively use it can save as much as $1.4 million annually. Properly implementation of a firewall can prevent 2.5 million in losses yearly as well. Perhaps the most often overlooked factor is maintaining a sufficient budget for cybersecurity, which can save a company $2.8 million annually when appropriately maintained. As stated earlier, keeping a fully staffed cybersecurity team crucial to maintaining the network, leading to $2.1 million in savings for the company; however, no team is without its leader. Hiring a Chief Information Security Officer (CISO) can further improve security, as well as save a company $2 million yearly. Lastly, and an added measure as to what automation cannot accomplish is proper training and cybersecurity awareness meetings. Training and informing employees on cybersecurity not only helps to prevent human error, but it also saves a company $1.5 million every year. Automation is crucial, but implementing other cybersecurity personnel and details in equally important in maintaining a proper network. As technology continues to progress, the threats do as well. Therefore, it is up to businesses and cybersecurity teams to implement the proper tools necessary to defend against attacks that can wreak havoc and cause data breaches. At Hammett Technologies we understand the importance and can help evaluate and develop a plan to help train employees and prevent data breaches, ensuring your company’s data remains secure.
- 1
- 2