Tuesday, March 30, 2021

BBB Newsletter: CEO Bruce Steinfeld featured in Expert Blog for UpCity

CONTACT US
UpCity Looks to Bit by Bit CEO Bruce Steinfeld for IT Managed Services Advice in Expert Blog

Thanks to our customers, we're earning accolades as one of the Top Managed Service Providers in the United States on UpCity.

And, thanks to [...]

 
Security Awareness Training: 5 Benefits That Will Make You Happy You Did It

In age of COVID, cyber attacks continue to unleash at every turn, compromising your business and exposing vulnerable points in every

[...]

 
 
 
Spanning Webinar Recap | Backing Up Your Office 365 & Salesforce

If you're running Office 365 or Salesforce, there are nasty threats out there that could cause you to lose data and cripple your organization. [...]

 
Facebook
Twitter
LinkedIn
 
 

Questions?
Get in touch with us today!   

 CONTACT US   SUPPORT CENTER

 
FacebookTwitterLinkedIn
Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Wednesday, March 17, 2021

Protect Your Business From Third-Party and Supply Chain Cybersecurity Disasters



As was recently illustrated by the Microsoft hack, third-party and supply chain risk is a threat that every business is vulnerable to in our interconnected world. But not all of your vendors, service providers, or partners take information security seriously, and that creates risk for your business. 

Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third-party or supply chain risk. These businesses didn’t make a cybersecurity misstep themselves – another company created vulnerabilities for them. Often these are vulnerabilities that you won’t even know about until it’s too late.

Third-party and supply chain risk will continue to be a growing problem in 2021 and beyond. The data that cybercriminals glean from data breaches inevitably makes its way into dark web markets and data dumps, providing ample fuel for future cyberattacks. Data breaches exposed 36 billion records in the first half of 2020 alone, feeding plenty of cybercrime. 

Are you positioned to gain the kind of intelligence that helps you get a clear picture of how stolen data may put your business at risk? If you’ve got Dark Web ID, you are. Dark Web ID sends up a red flag to warn you when your company’s credentials make an appearance on the dark web, enabling your security team to take care of that vulnerability before cybercriminals can exploit it.

This is just one increasing risk factor in 2020. As the fallout from the global pandemic settles, more risk from dark web sources will become a problem for businesses. Even cybercriminals have to work a little harder these days to make ends meet. Don’t let them snatch your piece of the pie – add dark web monitoring today to stay in the know about your company’s risk.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Mitigating Supply Chain & Third-Party Risk Doesn’t Have to Be an Expensive Proposition

Lock Cybercriminals Out Fast


Secure identity and access management with Passly is the gift that keeps on giving when it comes to third-party and supply chain risk. Multifactor authentication (MFA) alone tops 99% of password-related cybercrime. Passly packs MFA into a neat package with all of the best tools to control access and permissions like sign-on (SSO), secure shared password vaults. Now it even eliminates a huge headache for IT teams with automated password resets. Get a huge amount of security for a very small price! LEARN MORE ABOUT HOW PASSLY FIGHTS CYBERCRIME>>


Do Your Homework


Study up on how third-party and supply chain risk has evolved through the pandemic to have an outsized impact on cybersecurity in 2021. In our new eBook Breaking Up with Third Party and Supply Chain Risk, we’ll take you on a journey into the heart of this threat and how it can impact every business – plus we’ll give you strategies and solutions that can be put into place quickly and affordable to secure systems and data.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Third-Party Data Breaches Bring Trickle Down Trouble



As another huge bomb hits the cybersecurity world in the form of the recent Microsoft Exchange hack, it’s a good time to take a look at third-party and supply chain risk to see how it can impact businesses and how it can be mitigated. Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third party or supply chain fault.

It’s important to prepare for this risk because it’s less of a possibility and more of an eventuality in today’s ever more connected world. Those connections are one of the reasons why it has ramped up so steadily. As more and more information about people and businesses accumulates in dark web markets and data dumps, that provides fuel for cyberattacks that perpetuate the cycle, feeding the market. More than 60% of the information available now on the Dark Web could damage businesses, and data breaches exposed 36 billion records in just the first half of 2020.  





More than 60% of data breaches are a result of exposure through third party or supply chain risk. Unfortunately, any business partner, supplier, or service provider with sloppy cybersecurity practices can put an innocent business at risk by doing things that make it easy for data to walk out the door, like the 17% of companies that have all of their sensitive files accessible to all of their employees – or the 41% of US companies that allow employees unrestricted access to sensitive data. 

Also included in that risk calculus, the siren song of making money on the dark web in a challenging economy has increased the possibility of data being snatched for nefarious purposes. An estimated 30% of data breaches involve internal actors with ill intent, including employees moonlighting by selling data or access on the Dark Web. 

2020 was not a friendly year for businesses when it came to cybersecurity, especially in the supply chain. About 80% of firms responding to a recent survey said that they’d experienced an increase in cyberattacks in 2020. Supply chain cybersecurity risk warnings increased right along with surging cybercrime, up by 80% in Q2 2020 alone. Two in five SMBs were impacted by a cyberattack in 2020.


Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Don’t Make a Date with Third-Party Risk!


Third-party and supply chain risk is growing more dangerous for every business as cybercriminals maximize on past breaches to create new ones. Find great ways to reduce third-party and supply chain risk in our new eBook “Breaking Up with Third Party and Supply Chain Risk”. You’ll discover:

  • Examples that demonstrate third-party and supply chain data risks to businesses
  • A winning formula for solutions to secure companies
  • Statistics about how and why threats are heating up in the third-party and supply chain risk landscape

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

Breached Companies



United States – Molson Coors

https://edition.cnn.com/2021/03/11/tech/molson-coors-cybersecurity-hack/index.html

Exploit: Hacking

Molson Coors: Brewing Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe 

Molson Coors told regulators that they’ve experienced a serious cybersecurity incident. The hack has taken its systems offline, delaying and disrupting parts of Molson Coors’ operations, including its production and shipments.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing. 

Customers Impacted: Unknown

How it Could Affect You: Hacking that disrupts production is a big problem, and reassessing cybersecurity training is a good idea after a serious incident like this.



United States – Premier Diagnostics

https://www.infosecurity-magazine.com/news/utah-company-unsecured-server/ 

Exploit: Unsecured Database

Premier Diagnostics: Medical Testing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

Utah medical testing company Premier Diagnostics has exposed the sensitive information of more than 50,000 customers by storing personally-identifying information on an unsecured server. The breach at Premier Diagnostics was discovered by researchers and contains sensitive customer data including scans of passports, health insurance ID cards, and driver’s licenses. Patients affected are from Utah, Nevada and Colorado.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.612 = Severe

Patients should be aware of this information being used for identity theft and spear phishing.

Customers Impacted: 50,000

How it Could Affect You: Sensitive PII requires stong protection, esopecially in the medical sector, because failure to keep it safe incurs huge fines. 



United States – University of Texas at El Paso

https://www.infosecurity-magazine.com/news/hackers-target-texas-university/

Exploit: Hacking

University of Texas at El Paso: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.212 = Severe

The computer network of the University of Texas at El Paso had to be shut down as technicians discovered a significant cyberattack in progress. Email and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via Blackboard. The cyber-attack has also led to the closure of the university’s walk-up COVID-19 testing sites.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing. 

Customers Impacted: Unknown

How it Could Affect You: Hackers can disrupt large parts of an operation fast, leaving businesses scrambling to get back to work and causing lost revenue.



United States -Cochise Eye & Laser

https://www.infosecurity-magazine.com/news/ransomware-attack-on-arizona/

Exploit: Ransomware

Cochise Eye and Laser: Optometry

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe 

A ransomware incident at an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. In a recent breach notice, Cochise Eye and Laser informed regulators that the practice has been hit by ransomware, encrypting the office’s patient scheduling and billing software.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.603 = Severe 

Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers. There is no evidence that data was exfiltrated, but customers of this practice sjould be ready for potential identity thefy or phishing. 

Customers Impacted: Unknown

How it Could Affect You: This is a tremendous problem for businesses of every size, and even without confirmation that data was stolen the practice will be dinged with a substantial fine. 





Canada – Canada Revenue Agency (CRA)

https://www.ctvnews.ca/canada/experts-call-on-cra-to-get-serious-about-cybersecurity-after-800k-users-locked-out-as-a-precaution-1.5346546

Exploit: Hacking

Canada Revenue Agency (CRA): National Taxation Authority

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme 

The CRA has locked down 800,000 online taxpayer accounts following an internal investigation that found user logins and other sensitive information may have been hacked. The agency noted that it could take until March 22 for the issues to be resolved.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing. 

Customers Impacted: 800,000

How it Could Affect You: Reports say that this hack was likely discovered by dark web monitoring, preventing a potential cybersecurity disaster.






United Kingdom – West Ham Football Club

https://www.infosecurity-magazine.com/news/west-ham-supporters-personal/

Exploit: Unsecured Database

 West Ham Football Club: Professional Sports Team

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate 

English Premier League football club West Ham United appears to have accidentally leaked personal data of supporters on its official website. Cybersecurity experts believe it is likely the problem was caused by an internal error.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate 

Details of fan account profiles including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into the club’s ticketing website.

Customers Impacted: Unknown

How it Could Affect You: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.



Scotland – University of the Highland and Islands (UHI) 

https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/

Exploit: Ransomware

University of the Highland and Islands (UHI): Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe 

The University of the Highlands and Islands (UHI) in Scotland has been hit with a suspected ransomware attack that has shut down its campuses. All 13 locations across were impacted as well as its Brightspace virtual learning environment. 

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing. 

Customers Impacted: Unknown

How it Could Affect You: Ransomware is almost always part of a phishing attack. Brush up on the latest phishing lures to spot and stop phishing in our eBook Phish Files. GET THIS BOOK>>


Spain – State Public Employment Service (SEPE)

https://www.cyberscoop.com/spain-ransomware-employment-agency-sepe/

Exploit: Ransomware

State Public Employment Service (SEPE): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.020= Severe

The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments. The suspected ransomware attack disrupted operations at the authortity for unemployment assistance snarling progress for for hundreds of thousands of unemployed Spainiards. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect You: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.






1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5831

What is SOC-as-a-Service?