Blog

The latest in Dark Rhino Security news

How To Keep Work Efficiency Up With A Remote Workforce

How To Keep Work Efficiency Up With A Remote Workforce

 

In this time of social distancing, it is essential to have high efficiency with a remote workforce. Central to the success of a remote workforce is that employees are self-reliant. Employee enablement has been a term that has been extensively sited in much business literature. If you have to enable employees by definition it means they are not enabled and thus, may not be as self-reliant. The following are some ideas that stem from my personal experience in running an organization that has a substantial amount of its’ function performed with remote operations.

In the cybersecurity business most of the adversaries, we are entrusted by our customers to protect against, operate remotely. As evidenced by the many articles in the press, these adversaries, do it with an efficiency leading to devasting legal, financial, and reputational losses. This is asymmetric electronic warfare and it is mind-boggling to people how very large organizations with numbers of experts in IT Cybersecurity get hacked. Unfortunately, the answer would take a book and is left better for another day.

However, one central theme we can take from the hacker's guide is to have a solid tangible outcome in mind. Hackers, for the most part, want money and secondarily to operate with impunity. This outcome drives all aspects of their behavior and makes them efficient in the exploitations of vulnerabilities. Translated to all of us, all the employees must know and understand the tangible outcomes expected of them, in the short term. In military speak, it is known as the commander's intent. All members of the team know the intent and can fulfill the mission, even if some members of the team are incapacitated.

Re-organize and re-distribute job functions and responsibilities so that they form a layered redundancy for critical functions. In our firm, Dark Rhino Security, one of the key items is ensuring that all clients are made aware of any potential cybersecurity-related incident. Normally, we would have several analysts in our securities operations center (SOC) monitoring a plethora of screens. The Coronavirus epidemic has forced us to reduce the numbers of the people in the physical SOC and enable secure remote access and verification protocols.

These protocols ensure that remote employees can connect securely in a verifiable manner into the SOC and support the customer environments and supplant personnel that may become incapacitated. We are further training up our existing team members to become cross-functional and more generalized from specialized to ensure all critical functions maintain continuity. In your own companies look at establishing multi-layered cross-functional redundancy for critical operations.

Over-communicate, with social isolation, in-office communications are greatly reduced or stopped altogether. It is essential to hold small daily team meetings. This promotes a strong sense of team. A strong sense of team is essential to understanding and fulfilling the commander's intent. Also, over-communicate with your clients. Make sure they know you are continuing to accomplish for them as you work remotely. This may seem obvious, but it is often "the obvious" that gets overlooked. Leverage the technologies of virtual groups to create channels in which your customers and employees can communicate on general needs and topics in near real-time.

 If you do the above you will likely discover gaps in your customer and employee engagement processes. Gaps that may not otherwise have been noticed or addressed. Closing these gaps will make for better customer and employee experience. It will increase the efficiency of delivery and thus revenue. It provides a lasting competitive advantage long after the Coronavirus has faded into memory.

Healthcare Companies & MSSPs: Achieve Your Goals

Healthcare Companies & MSSPs: Achieve Your Goals

Healthcare organizations can utilize MSSPs like Dark Rhino Security to achieve business goals while also reducing legal, reputational and financial risk. This can be done through the prevention of ransomware, assistance with certification requirements and protection of valuable data.

About two years ago, we began working with a healthcare data analytics firm. We implemented our security solutions and part of that suite was Next-Gen Anti-Virus (NGAV) protection. Within two weeks, we received an alert from our NGAV tool; a user attempted to download a file that matched the behavior characteristics of ransomware. Within minutes, our analysts confirmed the file was blocked outright on the user’s device. Additionally, we ensured the cyber threat was quarantined from the rest of the organization and reported the incident to the CEO.

Due to our efforts, the threat was blocked. However, if we had not stepped in, the healthcare firm could have been at the mercy of cybercriminals. They may or may not have recovered from the attack. 

Healthcare companies also leverage MSSPs to fully comply with needs such as HIPAA and Hi-Trust certifications. Based on our past experience, achieving the Hi-Trust certification leads to more business and more incentives from Blue Cross and Blue Shield. I personally assisted one of our healthcare partners to utilize our security offerings and meet the necessary Hi-Trust controls. I also provided written proof of where our technologies met the necessary control. After achieving Hi-Trust, our client said the incentives they’ve received have helped shape their business drastically.

Moreover, Healthcare companies can utilize MSSPs to protect company data and client/patient information. The most interesting case I had experienced with a healthcare partner was an insider threat. One of the company’s employees was attempting to exfiltrate company data. Although in this scenario the data in question did not include any patient information, any attempt made to leak company secrets poses a huge risk to a company’s reputation. Luckily, with our data loss tool, I was able to see the exact data being exfiltrated. I was also able to see the exact USB drive that was conducting the data extraction. We worked with the company’s legal representatives and HR department to send the necessary documentation to the user and recover the designated corporate files. We also informed the user that if this company’s intellectual property ever showed up at a future employer in a product offering, a cease and desist would be sent to the user and to the new employer. After the whole fiasco, we conducted a full recovery of all the extracted files and the user never posed as a threat to the healthcare firm at their future employer. 

Overall, more and more small to medium-sized healthcare firms are becoming larger targets for cybercriminals. Therefore, the need for cybersecurity continues to grow. This dilemma gives healthcare companies two options, they can either invest $250,000 - $500,000 in cybersecurity professionals and security software or utilize an MSSP to serve as a cost-effective means to achieve a solid cybersecurity posture. If you’re interested in reducing company risk and optimizing your business, feel free to email me back at This email address is being protected from spambots. You need JavaScript enabled to view it.

Cyber Basics: Training the End-User

Cyber Basics: Training the End-User

 

Imagine you invest millions in cybersecurity technology. Then, an untrained employee clicks on a link in an email. He just rained on your cyber parade and completely negated every measure you implemented. This scenario would be awful. However, it is not uncommon.

The most vulnerable part of any organization is its end-user.  “Knowing is half the battle,” says Nathan Horne, a senior security engineer.” If you properly train your users, a decent portion of your concern goes away.

Typically phishing or malware occurs because an employee opens an email or goes on a website a CIS admin didn’t block. Unfortunately, you cannot stop the employee from checking their emails or surfing the web on their time off. There is no 100 percent block.

“You can’t protect people from themselves,” Horne says. “Honestly what a good portion of these appliances do is attempt to protect the end-user from themselves, but there is no such thing; You need to train,” he continues.

Start strategically training and watch the incidents drop. People that have the ability to control or direct funds are the most targeted. Therefore, they should be at the top of the training priority list.

Training comes in several forms; To start you can add cybersecurity to yearly corporate compliance training. Tyler Smith, a senior software engineer, recommends educating users that violate company policy.

For example, Smith was previously the head of a DLP program for an enterprise and he would see 200-300 hits on violation of policy. His co-workers suggested staying quiet because the violators were very important and busy people. Smith did the opposite and within 90 days that number dropped by two thirds.

Smith says most of the people violating the company policies were doing so because of broken business practices.

“People want to do the right thing. They just need to know what that is,” Smith says.

The Rundown on Ransomware

The Rundown on Ransomware

 

Tyler Smith, a senior security engineer, was on his way to Kentucky when he received an urgent phone call – one of his clients suffered from a ransomware attack. The backup files. The network storage files. Everything was encrypted. The client was backed into a corner and had to pay the ransom.

Less than two weeks later, the same client was hit again. The attackers humorously offered them a discount because it was their second attack. Luckily, Smith and his team were able to find the key in the code to decrypt all the files. His client would not have to pay the ransom fee again. It took such a horrific set of incidents to get the client to finally take cybersecurity much more seriously.

This occurred in the early 2010s. Since then, ransomware attacks have only become more sophisticated.

Essentially, a ransomware attack happens when a team member clicks on a bad link and their machine becomes compromised. The virus jumps from machine to machine and encrypts the team’s files. Typically, a sum of money is demanded in exchange for the return of the files.

“Paying the ransom is never recommended,” Tyler says. It does not guarantee that it will solve your problem. For example, there could be bugs in the malware, causing the data to be unrecoverable. 

However, there are certain scenarios in which there is no choice but to pay the ransom. For example, companies working in areas such as health care cannot afford to have the patient data lost or compromised. When vital information or millions of dollars are at stake, paying the ransom feels as if it is the only way out.

The best defense is to train the end-users in an organization. 

“Human beings are notorious for overcoming all security efforts because they don’t understand the why behind the security measures,” Tyler says.

You can also detect these attacks by ensuring that next-generation end-point detections and response software is deployed on all the endpoints of users in your cyber environment; You should segment the networks and limit the connects between the segments in a way that makes sense for your business.

With ransomware it does not matter what line of business you are in. Ransomware is not going away. Rather it is advancing quite rapidly. Companies are even built upon customizing attacks for clients.

The Danger Of Cybersecurity Burnout

The Danger Of Cybersecurity Burnout

Burnout from working too much is something every working person needs to worry about. But in some fields, the danger is magnified. Doctors, lawyers, and executives are common victims of the negative health effects of overworking.

And now, cybersecurity professionals have bene added to the mix.

Thanks to stressors like advanced malware and zero-day vulnerabilities, cybersecurity professionals are joining the ranks of the most burnt out professionals in the workforce. On top of regular on-the-job stressors, a shortage of cybersecurity professionals in the marketplace means in many cases, lone employees are doing what should rightly be the work of two or three people.

This kind of burnout has real world consequences; mental health concerns like depression and anxiety are on the rise for cybersecurity professionals, affecting their life at home as well as at work.

What should I do to keep myself from getting burnt out?

Keeping yourself from becoming burnt out in cybersecurity is the same as keeping yourself from becoming burnt out in any other profession.

Get a hobby

Allowing your whole day to become consumed by cybersecurity is a quick path to burnout. To prevent this, include other activities in your life. Start learning a skill you've always wanted to learn, practicing a new language, or playing a new sport.

Take regular breaks from work

Make sure to take regular breaks from work to do nothing in particular. If there's nothing pressing that needs to be done, leave work on time (and don't work from home). Take a day off when your schedule allows. Plan regular vacations -- and shift your work to team members, so you aren't working while you're on your vacation.

Spend time with friends and family

Humans are social animals. The best way for us to refuel and feel good about life is to spend time with other humans we love and care about. Remember to spend time with your friends, family, and loved ones.

Remember to put your phone and computer away while you take this quality time -- time spent split between another person and a screen is not quality time.

Keep work in perspective

Ultimately, work is just work. It's just a way to get money so you are able to live the kind of life you want. Work concerns should be kept in perspective, not made into the center of your world.

What should I do to keep my employees from getting burnt out?

There's only so much employees can do to keep themselves from getting burnt out. As an employer, you bear a special resopnsibility toward your employees to create an environment for them that is conducive to their health, not destructive. Some ways you can create that environment are:

Add more team members

Cybersecurity is an industry known for it's lack of qualified professionals. Often, cybersecurity employees are doing the work of two or three men. People who are working double or triple rarely put in quality work. Hire more team members so your current ones can share the load.

Create a restful space

Our environment affects our performance. If your workplace is a dark, chaotic, stressful environment, employee performance will suffer. Create an employee workspace which is calm, peaceful, and welcoming so that employees can relax into work.

Encourage team members to take breaks

Nobody can work continuously. Encourage employees to take regular breaks when necessary so that when they are working, they are giving their best work.

Give employees autonomy

The person who knows how to make your employees perform best are the employees themselvs. Give them freedom to do what will make them the most effective employees. Instead of trying to get results by controlling their every move, allow them the freedom professional adults deserve.

Cyber Criminals Using New Browser 'Linken Sphere'

Cyber Criminals Using New Browser 'Linken Sphere'

Every day, e-commerce and financial organizations around the world are targeted by cybercriminals. These criminals are often looking for customer information to use to steal the identities of customers, or looking for information they can use to blackmail companies. Companies typically combat these cyber criminals using a technology called digital fingerprinting, a process designed to identify each unique device and browser that visits their websites. This enables them to verify the identity of any visitors and block malicious actors.

Historically, cyber criminals get around digital fingerprinting using technology like virtual machines, proxies, and VPN servers. However, anti-fraud systems are becoming sophisticated enough to identify suspicious IP addresses even if they are using these tactics.

As a result, cyber criminals have started using the Linken Sphere browser for criminal activity. Linken Sphere changes web browser configurations dynamically, generating an unlimited number. This enables them to imitate the activity of legitimate users.

According to Tenebris, the creators of Linken Sphere, it was created for legal, legitimate purposes such as:

  • penetration testing
  • social media market research
  • keyword research
  • bonus hunters (online gambling and other purposes)
  • privacy-minded users
  • people operating multiple accounts simultaneously for work

However, it was announced to the world via underground forums such as Exploit, Verified, Korovka, and Maza, places known for enabling cyber criminals. The user who announced Linken Sphere on these forums is a verified member of the Tenebris team, the creators of Linken Sphere.

About Linken Sphere

According to Tenebris, here are the general features of Linken Sphere:

  • Linken Sphere is based on the Chromium web browser: its developers used its source code and removed all tracking functions enabled by Google
  • Operates in the “Off-the-Record Messaging” mode
  • Does not use any hidden Google services
  • Encrypts all saved data using the AES 256 algorithm
  • Connects to the internet via various protocols, including HTTP, SOCKS, SSH, TOR, TOR + SSH, and DYNAMIC SOCKS
  • Each session creates a new configuration and users do not need multiple virtual machines
  • Allows working with different types of connections in multi-thread mode at the same time
  • Includes built-in professional anti-detection with regular updates of configurations of the user’s agents, extensions, languages, geolocation, and many other parameters, which are able to change in real time
  • Saves fingerprints and cookie files after every session, allowing the use of a saved session by multiple users without needing to switch between virtual machines
  • Does not require specific settings to start working proactively, anonymously, and securely
  • Contains a built-in license with a location database GeoIP2 MaxMind, allowing users to configure time and geolocation immediately
  • WebEmulator, called “Прогреватор” in Russian, is an option created to “warm up” websites in an automated mode. This function allows collecting needed cookie files automatically between websites before working with a new account. WebEmulator operates in the background with multi-thread mode allowing the set up of parameters for visiting websites such as the number of visited pages, time spent on each page, pauses, and delays between visits. WebEmulator enables alerts after task completion. 

News

Subscribe to Our Newsletter

Image
Image

Address (United States)

5695 Avery Road
Dublin, OH 43016

Address (United Kingdom)

31 Sapphire Rd
Bishop's Cleeve
Cheltenham
Glos GL52 7YT

Talk to us

+1 (614)-401-3025

Support