The cyber security spotlight has been directed firmly at ransomware in recent times. Yet a recent report in the United Kingdom highlights the fact phishing remains a real headache for businesses, government organisations and not-for-profits. The Cyber Security Breaches Survey 2019, conducted by the Department for Digital Culture, Media and Sport, found nearly one third of businesses (32%) and about one fifth of charities (22%) experienced cyber-security breaches in the previous 12 months. Of these, 80% of businesses and 81% of charities experienced phishing attacks – a considerably higher percentage than those that experienced viruses, spyware or other malware, including ransomware (27% of these businesses and 18% of these charities).

So what are the key differences between phishing attacks and ransomware attacks – and why are phishing attacks a deep concern for businesses? A phishing attack generally involves a malicious person using social engineering techniques to trick a person into supplying sensitive personal or business information, whereas a ransomware attack (that can be delivered through a phishing communication such as an email) aims to extract a ransom from a victim by locking their files and demanding payment for a key to regain access.

Phishing messages often direct victims to fake websites – that may include branding and information copied from legitimate websites to appear authentic to enter their details.

How do you limit the risk to your business – including your people – of being compromised by a phishing attack? The answer is a combination of education, awareness, technologies and processes. The Australian Government’s Stay Smart Online website includes a list of steps your people and your business can take to minimise the risk presented by phishing. These include advising your people to avoid clicking on links or opening attachments in unexpected or suspicious emails and contacting senders to verify concerning emails, using details sourced from a legitimate website or location. Your business should also install and update spam filters and other anti-malware products to help minimise risk.

Firstwave’s Cloud Email Security product provides advanced, feature-rich and configurable cloud email security services for businesses – powered by its cloud email content security and analytics platform technology. If you would like to learn more, please contact sales@firstwavecloud.com.

Businesses beware: ransomware is back and the attacks are more complex and costly than ever. Ransomware campaigns targeting businesses rose in January-March 2019, compared to October-December 2018. Businesses also typically paid out more to the groups behind ransomware to retrieve their files, while infections caused more downtime, on average than during the previous quarter.

These trends  – highlighted in research from a range of vendors – represent a continuation of worrying circumstances identified in a Telstra report released last year. The report found ransomware was on the rise and was increasingly targeted. Nearly one third – 31%  – of Australian respondents whose businesses had been interrupted by a security breach in the past year were experiencing ransomware attacks on a weekly or monthly basis. This was the highest of all countries surveyed.

These findings highlight the importance of vigilance and preparedness in protecting networks and data. This means educating your workforce and working with partners, customers and participants in your supply chain to avoid clicking on suspect email links or attachments. Ransomware groups often incorporate text in these emails that aim to trick people into clicking quickly on these malicious links or attachments.

Other steps your business should take include ensuring anti-malware products are implemented and up to date and taking regular backups that are then stored in isolated locations. Your business should also document the steps to be taken and the responsibilities of individuals and teams in the event of a ransomware infection. These measures will help minimise loss and disruption.

At FirstWave, we provide email and web security solutions featuring advanced malware protection to help businesses avoid falling victim to ransomware and other attacks. For example, our Cloud Email Security product provides advanced, feature-rich and configurable cloud email security services for businesses – powered by our cloud email content security and analytics platform technology. If you would like to learn more, please contact sales@firstwavecloud.com.

​The global cybersecurity insurance market is growing quickly and is expected to reach more than $20 billion within the next few years. Businesses are increasingly seeking insurance coverage as the number of breaches affecting sensitive customer or corporate data or disrupting systems and operations, increases. Rising reliance on technology to connect with consumers, partners and other stakeholders, the takeup of cloud, mobile, Internet of Things and other models, and the growing sophistication of cyber attacks are all combining to increase cybersecurity risk.

In this environment, board members and senior management teams are shouldering greater responsibility – and in many cases liability – for cybersecurity. For directors and managers, this means dumping traditional perspectives that cybersecurity is the province of the technology team and taking a proactive, organisation-wide approach to minimising cyber risk.

Discharging this responsibility means implementing a comprehensive cybersecurity program that incorporates a range of measures to reduce risk. According to the Australian Government’s business.gov.au website, these measures may include updating all passwords to passphrases that swap letters for symbols and use different spelling; using password managers to securely store and generate passwords; using business-grade cybersecurity software; backing up systems and files to portable hard drives; and seeking help from IT professionals if systems are infected by malware such as ransomware.

The website also recommends businesses talk to insurance brokers or insurers about options for reducing cybercrime risk.

However, businesses should not only tighten their defenses against external attacks. Internal attacks and employee errors can also threaten the integrity of customer and corporate data, as well as key systems. Boards and senior management teams should also become aware of these risks and ensure comprehensive plans are in place to mitigate them. Some issues that may be covered by these plans include implementing role-based access to systems and data – meaning workers only access what they need to do their jobs – and educating workers about how to manage data securely. Adopting these plans can further help businesses reduce risk and consequently lower their cybersecurity insurance premiums. In addition, these plans can also minimise the likelihood of incurring the regulatory and reputational penalties of a cybersecurity breach

opEvents is used in many organizations as a valuable tool to monitor their networks, it gives valuable insights into the network, it gains information from everywhere and also delivers a consolidated view to ensure you aren’t flooded with notifications.

The update to opEvents v2.4.3 adds the ability to add editable ‘Event Status’ tags to events. These are status updates that will turn opEvents into an effective technical service desk for you. To help demonstrate how this process works we simulated a network outage in our office, don’t worry nobody was hurt during this event.

In the above image, you will be able to see that this is the synthetic event that was created for a customer outage for Opmantek. Currently, there is no status that has been assigned to the event, this is because the default status is Undef.

If you would like to set a new default status, it can be set by opevents_event_status_values in the opCommon.nmis file. There are three options that are shipped with opEvents are Ingested, Investigating and Resolved.

Every team operates differently so if you would like to customize these values they are defined in opevents_event_status_values in the opCommon.nmis file.

Back to the task at hand, I have been assigned to begin investigating this outage, to ensure that no other members of my team start to troubleshoot this issue, I update the event status to read ‘Investigating’ and begin the troubleshooting steps; this will save your team from having two people trying to solve one issue. This is made even easier because the first troubleshooting steps have already been executed, it is now a matter of interpreting the results and deciding the next steps.

We can see from the above output, the traceroute command was executed when the event started, it has returned with no information, there seems to be a local issue.

After testing the local network and seeing that our local network was working as expected, I was able to isolate the issue to be a problem with an ethernet cable unplugged;

The cable was plugged back in and the issue was resolved, the event status was changed to Resolved and we can close this issue.

Although this was a contrived issue the troubleshooting process exemplifies the power of using opEvents as a technical service desk, all the troubleshooting information that is required to resolve this issue is at your fingertips.

If you would like to see how easily this can be integrated into your environment or to test out the functionality yourself, we offer a free POC for your company and also a free 20 node license of opEvents, start today.

The most successful IT projects that I have been involved in are those where change management and user acceptance  have been recognised as a top priority.  With research organisations citing that up to 47% of jobs will be lost to robotisation it has never been more important to have user support for an automation project.

At the recent Automate 2019 conference, many of our customers and partners shared their experiences in introducing automation to their organisations and it seems that no matter the size or complexity of the organisation, one key response always emerged when this type of project was announced to staff and management.  FEAR.  People were terrified that in supporting an automation project, they were potentially putting their job at risk of being taken over by robots.

Whilst businesses are going to see automation create new ways of working and creating value, what needs to be clearly communicated to staff and stakeholders prior to undertaking an automation project is that it is more than likely that process automation will enhance their performance in their current position, rather than take the position away.

When introducing process automation to a business, it is the ongoing, repeated, time-consuming TASKS that will yield the best outcomes for automation and these are the processes that will be replaced.

To get your staff thinking more positively about the benefits of automation, ask them to think about the time that is spent each day on running and analyzing reports, making configuration changes across multiple machines, recording change and maintenance requests – they will soon realise that these tasks that will likely be automated are actually the preliminary steps that must be taken in order for them to complete a job.  So by automating these tasks, your staff can actually complete their job more efficiently and effectively!

It is not the tasks that are completed but the outcomes that are produced that indicate a job well done.  If your staff see their value as their ability to input or output data, they will lose to robots.  If they understand that their value comes from the other creative and intangible skills that they bring to a role, they will realise that there is little to fear.

To take a look at some of the ways that Opmantek customers have used automation to enhance their network operations, improve efficiencies and to move from a responsive rather than a reactive operation model, contact us and we can show you how we have successfully implemented this for other organizations.