August 01
0 comments
Join seasoned cybersecurity professionals, as they take you on a captivating journey through the world of cyber threats. Often when we talk about cybersecurity, we end up with a series of cautionary tales of what can go horribly wrong. Today, we talk about success stories. What can happen when all the right people and tools are in place to prevent a cyber attack?
.
Will Slappey: Welcome to Technology Simplified. Tech talk everyone can understand. I am your host, Will Slappy, CEO of IT Voice. Today, I am joined by Tina Forrest, who is one of our directors who has a unique passion for cybersecurity. Tina loves serving her customers and helping them achieve their goals. But even more importantly, making sure their businesses are well protected from all the nasty cyber threats out there.
Often when we talk about cyber security, we end up with a series of cautionary tales of what can go horribly wrong. Today, I want to talk about success stories. What can happen when all the right people and tools are in place to prevent a cyber-attack?
Tina welcome to our podcast today. In all your years of experience, I'm sure you've got a lot of stories, a lot of war stories.
Tina Forrest: Absolutely.
Will Slappey: What's one that you can share with us where there was maybe a potential breach? That you and your team, the customer were able to prevent from turning into one of those disasters that we all have unfortunately heard too frequently on the news.
Tina Forrest: Absolutely. Um, last September we had an incident that happened on a Friday afternoon. We think now it was totally targeted towards this company and for specific employees, but there was 127 bad emails sent to our clients with bad links in them so that if the employee clicked on it, it would take them to a fake Microsoft page, use their cached credentials to get accessed into any of their SharePoint, OneDrive, any of that kind of stuff.
We had a link clicked and all of a sudden we get alerts and we're on top of it and we stop the attack while it's in progress. That was right there. That's a big success just knowing that we can get through that. What we found out was that because there were 127 emails sent, each of those links were unique to that user, and so it could go target individual users to get into access data that they had.
Will Slappey: Gotcha. So, what did you and the team do? The first step for everybody to kind of think about out there is your users being trained not to click on those links, not to put in username and passwords and that kind of thing. I know we'll probably talk about that a little bit later, but onto the story.
So, you know, y'all got the alerts. And then how did y'all prevent that compromised user credentials from turning into a disaster?
Tina Forrest: Yeah, we absolutely knew the user that clicked on the link. We called and made sure that it was him that did it and changed his credentials immediately.
And then we use some of our technology also to go in and pull those 127 emails out of all the inboxes before anybody else could see them thereby thwarting it and then we're able to block emails after that from those particular sites. It took them to a Microsoft logo page looked exactly like the Microsoft login page.
And because people had already entered their multi factor authentication The hackers would get the key out of the crash credentials, and they were able to just go right in. It's really difficult sometimes to tell what's a legitimate email, what's not an email, and they're really smart about putting, oh, this has to do with an ACH payment or, you know, things that are specifically targeted to that user's job role, because they can use LinkedIn to go and find out what job role that they have.
Will Slappey: Right, right. Yeah, as much as people love some of the social media out there, people can find out who the user is, what their role is, what they do, what kind of pizza that they like to eat for lunch and, uh, you know, be able to have a very sophisticated attack. So, even though something may sound familiar, may look like the person, you know the logo may look right, all those things you gotta be extra careful.
So on that point, like, you know, if you're an end user and let's kind of dive into that story, and I get an email, right? And, you know, at first glance, it looks right. Like, what are the things that you teach users to look out for to try to avoid? You know, something that might be a phishing email compared to something that's legit.
Tina Forrest: Yeah, of course, we teach them first off to look and see where it's sent from because a lot of times it's just a mild misspelling of a name. For instance, IT Voice could be IT Voices. And it's not legitimate. In addition to that, the links usually if you hover over them, but do not click them, it'll tell you where it's really going.
And it says anything different than the link says. It's also not legitimate.
Will Slappey: Right, I think that's a great point because when it's a URL you can have the display could look like Microsoft.com but the underlying link now takes you to, you know, you know, BRXY94.com or whatever that it is now.
But they have the Microsoft logo and all those things, you know, that's there and set out properly. After you click on a URL bar to make sure that you're at the right place. Now I know that sometimes users, you know, you and I, we do this kind of stuff all the time. We kind of can pick up on those kinds of things.
But you know sometimes your average user is not that great at maybe looking at some of that stuff. So, are there any sort of email tools or other things out there that can kind of assist a user with maybe doing a little bit of some of that analysis? That you and I might know a little bit more easily ourselves.
Tina Forrest: Yeah, I highly recommend cyber security training for just people that are using computers, they don't have to be in IT, but just the basics of what the landscape is out there. It's commonly known that the biggest gap in cybersecurity are the people that are using the technology, because we can be a little bit fooled here and there.
The more we know about how we're using the technology, and the more we know to look for things that might be illegitimate then the better off the whole company is.
Will Slappey: Right. The human element is one layer to a kind of security. I know you always love to talk about layers, and it's one of the many layers, right?
Don't worry about trying to have some perfectly impenetrable, I mean, you wanna have a perfectly impenetrable piece of armor, but if you have multiple layers, if it gets through one layer, then you've got some other fail safes in place as well.
What are some of the different layers that you always like to talk to your customers about having?
Tina Forrest: Yeah, absolutely. I think of security kind of like bulletproof glass. It's not just one pane of glass. It may be 10 panes of glass and they're all different strengths and they do different things, and they will keep different things out.
So that's kind of how we look at security. Even five years ago, we would have firewalls out there. So then there came all the security product to let the firewalls let in. Data to the network that should be in there, but also keep out what doesn't need to be in there. That's one layer email.
Security is a big deal right now because that's, that's what everybody uses. We've got things to help prevent phishing and spam and all kinds of just bad emails that might come into our inboxes. I think spam is probably the most underrated protection that we have. But you know, like if you've got a Yahoo box or something like that, you might see like a hundred and fifty emails and you might have two that are legitimate.
There are things in place like for Office 365 and other email systems that we use for business these days that will actually combat that so that we only get the legitimate one.
Will Slappey: I love some of the, the email tools that, that we have now too, where it'll, I think my favorite one that's like super smart where it'll be like, you know, we know who Tina Forrest is, but we've never seen her email from this email address.
And so, you know, it's like it kind of, you know, because I see, oh, Tina Forrest is saying, you know, I know who Tina is, you know, and all of a sudden I'm about to click on that link or open that attachment or whatever, but then it puts, you know, that bar calls us out. Hey, we know that you know Tina Forrest.
Because a lot of people have had that external email piece for a long time, which is super helpful of knowing, Hey, this came externally so you don't get confused from somebody internally, but when you're emailing your accountant or attorney or somebody like that, that's not in your organization, you just get, Oh, yeah, of course, it's supposed to say external emails.
I really love that new feature. That's like, Hey, we know that person and we know their external, you got that banner, but also like, you don't normally email them with that name. You know from whatever this address and then you can kind of look at the address like you talked about, did they have some sort of spelling change to, you know, the domain or something along those lines where they're trying to trick you.
I thought that was a cool feature out there. So, this company that you're talking about, there was there compromised or even other companies, you know, what's the normal size? I mean, I'm assuming from what I see on the news, these are big multinational companies that we're talking about here, right?
Tina Forrest: Yeah, this particular company had about 500 employees scattered across the southeastern region. We see the same things happen in smaller companies too, and larger companies for that matter. It doesn't matter.
Will Slappey: What’s the smallest company you've seen with some sort of breach or potential breach?
Tina Forrest: Um, I think they have about 15 users.
Will Slappey: I hear sometimes smaller companies, that they don't see themselves as a target for a cyber-attack, what would you say to a business owner like that? That's like, oh, you know, I'm only 10 employees, nobody's going to come after me.
You know, I don't have anything anybody wants. What would you tell?
Tina Forrest: Yeah, well, I think one of the more famous breaches that we've ever come across was the Target breach. It was back in 2013, 2014, somewhere around there, but it exposed 40 million credit card records. Target lost 46% of their profits for going into the holiday season in Q4, and then also lost business the next following year for reputation damage and that kind of thing.
The hackers got in through a local HVAC company that didn't have very many people using the technology, but they were able to get in through the HVAC company into Target and then get to the real money.
Will Slappey: Wow. So it's the network of people that are connected together and they want to get inside of its supply chain.
And so they went, they get in, in one way and all of a sudden next thing you know, they're in all the pockets. I heard when one person cybersecurity world, this was a couple of years ago, but I thought it was a really good response that said, you know, it kind of answering the question of like, I don't have anything that anybody would want.
His response was always, well, do you have anything that you would want? And if you do, if somebody steals it from you, encrypts it, ransomwares it, how much money would you pay to get it back, right? You're the only buyer and now they become the seller to sell your own data back to you.
I thought that was another kind of good angle when somebody's like, yeah, I don't have anything of value that to somebody else. But if it has value to you, then it then that has value to them.
Tina Forrest: Yeah, I picked up a statistic I think just yesterday online where in 2022 ransomware attacks went down just a little bit.
But already in 2023, we've almost surpassed the 2022 mark. They're having an uptick of ransomware and it's I think people have paid on range of 500 million to get their data back.
Will Slappey: Yeah, it kind of reminds me of some of the NFL statistics. The NFL amount scored per year kind of fluctuates up and down and the offenses get really good.
And then the defenses catch up to the new schemes and the scores start coming back down, but then the offenses evolve, and they start. It's the same thing in cyber security. We get all these new tools and help combat it and you've got to have those in place. And then they come up with new things.
What's a constant war that's out there. We're constantly trying, trying to get better. So last question, this particular company, obviously for confidentiality reasons, we don't want to know who they are, but when they realized how bad the event could have been, what was their reaction to what happened?
Tina Forrest: They were very much grateful for what we had done for them, because who knows what they would have done with any kind of financial account information, bank access information, that kind of thing. So that they were just incredibly grateful. They now really take security seriously, like we all should at this point.
We were able to make some recommendations to even further proof them from additional attack vectors.
Will Slappey: Yeah, that's great. It helps them. Well, thanks for joining us here today, Tina. Appreciate your thoughts and expertise for all of our listeners out there.
That's it guys here for today's episode of Technology Simplified.
We hope that you enjoyed the stories we shared today. Unfortunately, cyber-attacks are a routine part of doing business these days. When you have the right tools and the right team in place, it doesn't have to always be a disaster. So, if you have any questions or topics that you would like for us to cover in future episodes, feel free to reach out to us on social media or through our website.
We're always excited to hear from our listeners. Don't forget to subscribe to Technology Simplified wherever you get your podcasts so that you never miss an episode. Hope everyone has a great week.
Watch the Full Episode Here:
