Strengthening Cybersecurity: The Imperative of Testing Controls against PRC State-Sponsored Cyber Attacks in Texas Mid-Market Manufacturing Firms

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an advisory (AA23-144A), underscoring the persistent threat posed by PRC state-sponsored cyber actors. This advisory detailed how these actors employ the Living off the Land technique, exploiting commonly used software, tools, and protocols, and blending their malicious activities within regular network traffic. Consequently, the threat is difficult to detect and can linger undetected within networks for extended durations.

Faced with such sophisticated threats, firms must proactively test their cyber controls. The importance of identifying system vulnerabilities susceptible to exploitation using the Living off the Land technique cannot be overstated. Testing controls also presents the opportunity to understand the modus operandi of these cyber actors, enabling firms to adopt proactive measures to counter these threats.

The mid-market manufacturing firms in the Defense Industrial Base (DIB) in Texas operate in a world of unprecedented cyber threats, with the People’s Republic of China (PRC) state-sponsored cyber actors being of notable concern. These malicious actors use a technique referred to as “Living off the Land,” leveraging legitimate processes and services within a system to infiltrate and evade detection. Understanding why these firms should robustly test their cyber controls in this context is crucial for national security and industrial resilience.

Today’s globalized marketplace has created interdependencies that significantly threaten national security. For example, Texas, a significant contributor to the U.S. DIB, has experienced the strategic focus of PRC’s cyber actors on mid-market manufacturing firms. These organizations, often less equipped to withstand sophisticated cyber threats than larger counterparts, are considered soft targets, and their compromise can negatively impact U.S. defense capabilities.

One primary reason to test cyber controls is the proliferation of the Living off the Land technique. This strategy sees PRC state-sponsored cyber actors exploit commonly used software, tools, and protocols, effectively masking their activities amidst regular network traffic. It’s an alarming prospect, given that these attacks are hard to detect and can persist in networks undetected for extended periods.

Thoroughly testing controls provides an opportunity to identify vulnerabilities within the system that may be exploited using the Living off the Land technique. It also allows organizations to understand how these actors operate, enabling them to take proactive measures to mitigate the risk of infiltration.

Moreover, the constant evolution of cyber threats necessitates the frequent testing of controls. The PRC’s cyber capabilities are evolving, continuously seeking new ways to exploit vulnerabilities in their targets. Staying ahead of these threats requires constant vigilance, regular review, and updating of cyber controls. The ability to anticipate and swiftly respond to these ever-changing threats hinges on a keen understanding of the landscape, which is only achievable through regular testing.

Additionally, the potential economic impact of a successful cyber-attack on mid-market manufacturing firms cannot be overstated. From production disruptions to the leakage of sensitive information, the financial repercussions can be crippling. Such firms play a significant role in the Texas economy, and the broader U.S. DIB, and their compromise could have a cascading effect on the economic and security landscape.

The regulatory environment necessitates robust testing of cyber controls. For example, regulations such as the Cybersecurity Maturity Model Certification (CMMC) require that DIB contractors demonstrate a level of cybersecurity maturity that matches the sensitivity of their work. Regular testing of controls helps meet these regulatory requirements but also helps create a cybersecurity culture within the organization.

All in all, testing cyber controls in mid-market manufacturing firms in Texas within the DIB is not a choice but a necessity. To remain resilient, these firms must adopt robust and frequently tested controls amid sophisticated PRC state-sponsored cyber threats. By understanding and preempting the techniques used by malicious actors, these firms can maintain the integrity of their networks and continue to contribute safely and securely to U.S. defense capabilities.

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Founded in Dallas in 2012, Columbia Advisory Group LLC (CAG) is an established IT consulting firm renowned for delivering cost-effective, meaningful, and practical IT solutions that solve complex business problems. Our seasoned teams offer comprehensive insight across diverse regulatory and economic environments, providing unbiased, straightforward analysis and recommendations. We pride ourselves on our deep understanding of IT while remaining software and hardware-agnostic. Regardless of your organization’s growth trajectory or economic landscape, we at CAG are adept at adapting to your unique needs and complexity, offering tailored solutions to drive your success.

Contact us at info@columbiaadvisory.com.

Why IoT Strategy Matters in Gas Pipeline Networks

The rapid expansion of the Internet of Things (IoT) has led to greater connectivity and improved efficiency across numerous industries, including the gas pipeline network. However, increased reliance on IoT devices also presents new cybersecurity challenges. In this blog post, we’ll discuss the Colonial Pipeline incident as a case study to highlight the importance of cybersecurity in IoT devices used in gas pipeline networks.

The Colonial Pipeline: A Wake-Up Call

In May 2021, Colonial Pipeline, one of the largest fuel pipelines in the United States, fell victim to a ransomware attack that forced a shutdown of its operations (The New York Times, 2021). This cyberattack led to gasoline shortages and price spikes across several states, emphasizing cybersecurity’s crucial role in maintaining the safety and security of gas pipeline networks.

IoT Devices: The Weakest Link?

IoT devices, designed primarily for ease of use, can often be the weak link in the cybersecurity chain for gas pipeline networks (CISA, n.d.). Many of these devices are connected to the internet and possess limited processing power and memory, making it challenging to update their security features. In the Colonial Pipeline incident, hackers exploited the company’s IT infrastructure vulnerability to access its systems, underlining the need for robust cybersecurity measures for IoT devices within gas pipeline networks.

Addressing the Challenge: A Multi-Layered Approach

To ensure the security of IoT devices in gas pipeline networks, it is crucial to adopt a multi-layered approach that includes both physical and software-based security measures (CISA, n.d.):

        1. Physical Security Measures: Implementing firewalls, access control systems, and network segmentation can help limit the spread of potential cyberattacks, reducing the risk of hackers accessing sensitive information or compromising pipeline control systems.
        2. Software-Based Security Measures: Encryption, secure protocols, and regular software updates are critical for safeguarding IoT devices in gas pipeline networks. Encryption protects sensitive data from being intercepted or stolen, while secure protocols like SSL/TLS ensure communication between devices remains private and tamper-proof. In addition, regular software updates help address known vulnerabilities and enhance overall system security

The Colonial Pipeline incident is a stark reminder of the need for robust cybersecurity measures in the gas pipeline network. As IoT devices play an increasingly important role in monitoring and controlling pipelines, it is essential to protect them from cyberattacks by adopting a multi-layered approach to cybersecurity that incorporates physical and software-based security measures.

Sources:

The New York Times. (2021). A Cyberattack Forces Shutdown of a Top U.S. Pipeline. Retrieved from https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html

Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). Internet of Things (IoT) Security. Retrieved from https://www.cisa.gov/iot-security

Brad Hudson

Cybersecurity Practice Leader

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at info@columbiaadvisory.com.

How Can a Phishing Attack Lead to More Fatal Cybercrimes Like Ransomware, and How Can Educational Institutions Keep Them at Bay?

As phishing attacks continue to threaten individuals and organizations, educational institutions are particularly at risk due to the sensitive information they handle. This article will explore the connection between phishing attacks and ransomware and discuss practical strategies for educational institutions to protect themselves from such threats.

One of the biggest threats that all internet users face is phishing. Phishing schemes attempt to trick individuals into providing their personal information, such as login credentials and credit card numbers, to cybercriminals masquerading as legitimate sources. Not to mention, the consequence of falling for these schemes can be dire.

However, things can get much worse. Cybercriminals are also on the prowl for even more damaging attacks, such as ransomware hacks. Ransomware attacks can lock down critical information to prevent users from accessing it unless they pay the ransom demanded by the attackers.

Unfortunately, educational organizations are even more susceptible to these attacks due to the sensitive information they possess, such as student records, financial reports, and research data. This reality puts even more pressure on educational institutions to stay vigilant and proactive to avoid security breaches.

To ensure the safety and integrity of such sensitive data, educational institutions need to take proactive measures to avoid phishing and ransomware attacks. A robust security system is crucial in ensuring the confidentiality, integrity, and availability of sensitive data stored on the organization’s systems.

Reasons Phishing Attacks are Rampant

In 2020, phishing emails and websites were the most common entry points for ransomware, with over 610,000 unique phishing websites identified. The concerning trend has continued into 2023, highlighting the ongoing threat posed by phishing attacks in the current digital landscape. But how does phishing run rampant throughout the digital world? The following sections have an answer.

1. Use of AI-ML-based Tools by Attackers
Phishing attacks have become increasingly sophisticated with attackers’ use of AI-ML-based tools. These tools allow attackers to automate and personalize their attacks, making them more convincing and harder to detect. For instance, attackers use machine learning algorithms to create compelling phishing emails that mimic the writing style and language used by the victim’s contacts, making it easier to dupe the victim to fall for the scam. And with the advancement of AI-related tools widely available on the market, the malicious attacks of threat actors have become more efficient, effective, and profitable.

2. Availability of Phishing Kits
Phishing kits have empowered threat actors by providing them with professionally written, pre-built tools that enable them to launch phishing attacks with minimal effort or expertise. These kits, available for purchase on the dark web, contain thousands of lines of code and can be easily configured based on the attacker’s campaign. Following such an approach allows threat actors to launch campaigns quickly and effortlessly, making it difficult for defenders to keep up with the rapidly changing threat landscape.

3. Inadequate Security Awareness
The most significant vulnerability malicious actors exploit is the inadequate employee training on security awareness in some institutions, particularly in phishing and ransomware. This deficiency is the primary reason why such attacks continue to succeed. It can severely undermine employees’ ability to recognize phishing attacks and respond appropriately, resulting in devastating consequences. Failing to address this training and security gap leaves organizations vulnerable to threat actors who are too eager to exploit it.

Understanding the Connection Between Phishing and Ransomware

Phishing has emerged as the primary vehicle for delivering ransomware, making it the most significant cyber threat to organizations in recent years. 78% of organizations experienced at least one ransomware attack in 2021, with 68% attributing the cause to direct email payload or second-stage malware delivery. In addition to that, IBM’s Cyber Resilient Organization Study identified the top three causes of ransomware as phishing (45%), malicious websites (22%), and social media (19%). Phishing and ransomware are closely related because phishing is one of the root methods for delivering ransomware.

The success of a ransomware attack often depends on the attackers’ ability to deliver the malware to the victim’s system, which is why they frequently use phishing emails as a delivery method. The social engineering schemes, carefully crafted to appear legitimate and customized to specific targets, making them difficult to identify, and the sheer volume of emails received by individuals, especially students, has made it challenging for them to scrutinize incoming emails and note suspicious red flags, increasing successful phishing attacks.

Why are Educational Institutes Easy Targets for Phishing and Ransomware Threat Actors?

With limited IT resources, some educational institutes may be unable to keep up with patch management and other maintenance processes that keep systems safe from exploits. The inadequacy of cybersecurity countermeasures limited IT resources, and the pressure to deliver educational services make schools and educational systems an attractive target for malicious actors.

All educational institutes are not adequately immune to phishing and ransomware attacks, as revealed by an 18-year-old student named Bill Demirkapi at the recent Def Con hacker conference. Demirkapi revealed that his school’s software, including Blackboard’s Community Engagement software and Follett’s Student Information System, contained multiple vulnerabilities that could be exploited using SQL injection and XML inclusion attacks to steal PII (Personally Identifiable Information) or even manipulate grades.

Here are some recent ransomware attacks on school districts to showcase how all educational institutes are not safe:

    • Louisiana Schools: Three school districts in Louisiana were targeted by a ransomware attacker in July 2019. It crippled several phones, IT systems and the state-activated emergency cybersecurity powers to bring in the National Guard and cyber experts.
    • Columbia Falls School District: The school district was threatened by malicious actors with a data lockup expecting a ransom of $150,000. The attackers declared they would expose student names, addresses, and grades if they didn’t receive the demanded amount.
    • Syracuse: The New York City schools were hit with a ransomware attack that locked down one of their computer systems. The district paid the ransom, partially covered by insurance, but they were still locked out of their servers even after paying the ransom.

How Can a Phishing Attack Lead to More Fatal Cyberthreats Like Ransomware?

A phishing attack is a common and effective method used by threat actors to gain unauthorized access to sensitive data in educational institutes by tricking victims into disclosing personal information or downloading malware. While phishing attacks seem independent, they could be a first step to more severe cyber threats such as ransomware, malware, data theft, and more.

Malicious actors often use phishing attacks to deliver ransomware or malware payloads because they can customize phishing emails to target specific individuals. In a successful phishing attack, the attacker can introduce ransomware into the victim’s system, rendering their data inaccessible unless a ransom is paid, causing significant harm to the victim.

Strategies for Preventing Phishing and Ransomware Attacks in Educational Organizations

Here are a few practical strategies for preventing phishing and ransomware attacks in educational institutes:

    • Leveraging AI-Based Anti-Phishing Solutions: One vital strategy to prevent phishing and ransomware attacks in educational institutes is leveraging AI-based anti-phishing solutions. These solutions use machine learning algorithms to detect and block phishing emails before they reach their targets. They can also analyze email content and metadata to identify suspicious patterns and behavior, such as unusual IP addresses or domain names, and flag them for further investigation.
    • Engaging a Trusted Vendor or Managed Security Service Provider (MSSP): Engaging a trusted vendor or MSSP is critical in preventing phishing and ransomware attacks in educational institutes. These providers have the expertise, experience, and resources to provide comprehensive security solutions, including threat intelligence, risk assessments, vulnerability management, and incident response. They can help educational institutes implement security best practices and provide ongoing support.
    • Educate Faculty, Staff, and Students: Among the most effective ways to prevent phishing and ransomware attacks is educating everyone in the educational institution on the risks of such attacks. Conduct regular training sessions that help them identify and avoid suspicious emails, attachments, and links. This way, they can recognize phishing emails and report them to the IT department before any damage is done.
  • Implement a Strong Security Policy: The first step is establishing a robust security policy. School networks should block access to potentially risky sites, and student app downloads should be monitored and restricted. Educational institutions must also include mobile security in their cybersecurity strategies since threat actors often use mobile IoT devices, such as laptops, desktops, smartphones, or tablets, to gain access to the network. IoT device testing and implementing end-to-end encryption can significantly reduce the risk of attackers.
  • Access Control Implementation: Given that educational institutions have a vast network of students, teachers, and staff, it is crucial to implement access control measures that limit individuals’ access to only the required programs. IAM (Identity and Access Management) systems working on the ‘least-privilege’ and ‘need-to-know’ principles are found to be efficient in preventing malicious infiltration significantly. Access control offers two critical advantages. Firstly, it prevents unauthorized individuals from accessing sensitive information. Secondly, it limits attackers’ ability to cause harm if they compromise someone’s account.

Higher Ed must prioritize investing in modern and effective cybersecurity technologies to protect themselves against the constantly evolving threat of cybercrime.

Educational institutions face a significant threat from phishing attacks, which can escalate into more dangerous cyber threats like ransomware. To safeguard against such risks, educational institutes must proactively implement practical strategies for preventing and mitigating the damage caused by phishing attacks and other related cyber threats. It can be achieved by raising awareness among staff and students, implementing strong security measures, and working with experienced cybersecurity experts. Education institutes can ensure their systems and data safety and security by taking concrete steps, such as adopting AI-based anti-phishing solutions to keep their information assets secure from malicious actors.

Brad Hudson

Brad Hudson

VP of Cyber Security

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Phishing: How The Monster Is Changing Its Shape and Size – Phishing Protection in a Post-COVID World

Cyber scams during COVID-19 have shaped a new term – scamdemic: a global epidemic of frauds and scams. There was an unprecedented rise in cybersecurity scams during the pandemic. Phishing emerged as the most frequent attack type. Read on to learn how malicious actors changed their tactics in 2022 and how you can protect yourself.

The COVID-19 pandemic changed how people live, including how all conduct business and social interactions and how work lives function. Regarding the latter, enforcement of social distancing and lockdowns resulted in an increasing number of people experiencing changed work habits. Some employees adapted – often even abruptly – to using messaging apps, digital platforms, and other communication channels for everyday activities. Thus, there was a worldwide shift from office to remote (home) work. The overlooked consequence of the change was the increase in cyber risks, which resulted in a rapid escalation of cyber-attacks.

The State of Phishing Report for 2022 by SlashNext highlights that traditional security strategies, including proxy servers, secure email gateways, and firewalls, no longer prevent phishing threats, especially as attackers increasingly launch these attacks from personal and messaging apps and trusted servers. Thus, phishing attacks are a rising concern, as the following statistics show.

Key Statistics

Here is a look at the key statistics which signify the rising phishing problem:

  • SlashNext analyzed numerous link-based URLs, messages, and attachments in email, browser, and mobile channels in 2022 and found over 255 million attacks – a 61% rise in phishing attack rates compared to 2021.
  • A Check Point Research (CPR) report found emerging social engineering scam trends shifting away from tech giants and shipping establishments toward social networking sites. In Q1 2022, social networks became the most targeted category, followed by shipping.
  • Zscaler pointed out that, from January to March 2020, COVID-19-themed phishing attacks increased by 30,000%.
  • APWG’s Phishing Activity Trends Report says that phishing attacks hit an all-time high in 2021. December 2021 recorded an unprecedented 300,000 attacks, signifying these incidents became over three times more common than they were two years before.
  • UK’s Cyber Security Breaches Survey 2022 signifies that phishing is the most common cyber threat that targets UK businesses and charities. 83% of them suffered a phishing scam.
  • 2022’s first quarter saw a dramatic rise in phishing attacks. CheckPoint revealed in its 2022 Q1 Brand Phishing Report that malicious actors planned phishing attacks impersonating professional social networking websites. Attacks related to LinkedIn alone comprised over half (52%) of all phishing attempts globally. 

Post-COVID Threat Landscape Isn’t Reducing – Threat Actors Are One Step Ahead

Once authorities lifted the COVID-19 restrictions, employees started moving back to their offices, and malicious actors adapted to the change again. While remote workers were their primary targets for 18 months, new phishing campaigns targeted those who were returning to the physical workplace. The following are some prominent examples:

  • Cofense observed an email-based campaign that targeted employees with emails impersonating their CIO and welcoming them back to the office. The emails appeared legitimate and contained the organization’s official logo and the CIO’s signature. The message outlined the organization’s new precautions and business operation changes connected with the pandemic.
  • India saw a surge in new phishing techniques after the government launched electric vehicle (EV) incentives.
  • Some phishing attempts preyed upon financial fear. For example, In a  scam,  bank customers were informed that their accounts were on hold due to suspicious logins or transactions. Users became victims when they attempted to resolve the issue by clicking on the embedded link.
  • The BazarBackdoor attackers send malware-free mail, bypassing email security and directing users to a website contact form. Once a user submits the form, the perpetrators send malware through a purported response file through a file-transfer service to avoid email security.
  • Some latest phishing attacks send malware links through QR codes embedded in emails or stickers in restaurants or public locations. The QR codes directly execute malware or redirect the users to credential-stealing websites.
  • Microsoft recently discovered a multi-stage phishing attack on businesses that don’t use multi-factor authentication. The first stage steals an employee’s email credentials, and the second stage creates a new Office 365 account in their name on a rogue device. After getting established on the new computer, the threat actors use the victim’s account to send internal phishing attacks to the organization or clients using legitimate email accounts.

Top 2022 Phishing Tactics Used By Malicious Actors

In 2022, phishing attacks exploited vulnerabilities unheard of earlier. Here are the year’s top tactics:

  • Typosquatting: Threat actors register domains that users can enter by accident. For example, instead of typing www.phishingexample.com, a user can type www.phishingexanple.com (hitting the ‘n’ key next to the intended ‘m’ key by mistake). If an attacker registers the www.phishingexanple.com domain, the user enters the attacker’s website instead of the legitimate www.phishingexample.com website. If the imposter website looks the same as the legitimate one, the user can easily get tricked into sharing their credentials.
  • Lookalike Domain Attacks: While typosquatting depends on the victim making a typo, lookalike domains exploit the difficulty of differentiating between words or similar characters. For example, an attacker can craft a phishing email with an uppercase “I” instead of the lowercase “l,” making www.iurethevictim.com look like Iurethevictim.com. Having end users targeted by what they think is a legitimate website opens various challenges, like loss of user confidence, theft, fraud, and reduced traffic (and business) to your website. Thus, if you can quickly discover and avoid scam sites, you can mitigate the risks linked to fraud and loss of brand reputation.
  • Executive Impersonation: Executive impersonation is an effective tactic. If malicious actors can spoof or compromise an executive’s email account, they can craft phishing emails to lure unsuspecting users to legitimate-looking phishing. If the user who suspects the fake email to be from their boss enters their credentials into the spoofed website, the attackers steal them and gain unauthorized access.
  • Credential Reuse Attacks: Unfortunately, credential reuse (using the same password, etc., across different platforms) is common among end users because it is inconvenient to create new credentials for every application. If a phishing attack retrieves a credential set successfully, the attackers can access other applications with the same information. Because of credential reuse, such attacks grant attackers access to multiple accounts across various platforms.
  • High-Level Employee Targeting: High-level employees can access sensitive, confidential, and proprietary information that other employees cannot. If attackers obtain their login credentials, they can access sensitive corporate data in the cloud (which organizations store within their network perimeter). Thus, these credentials are the keys to the domain, and stealing them makes threat actors capable of planning large-scale data breaches traditionally mitigated by network perimeter solutions.
  • Financial Scams: Sophisticated phishing campaigns target login credentials and aim to steal financial information from end users. In a financial scam-type phishing attack, the threat actors trick the user into visiting a phishing site, making them share personal or financial information and conduct financial transfers or transactions with it. For example, threat actors may design a site pretending to be a charity platform raising money for the pandemic victims. The unsuspecting users might get fooled into donating cash through it.
  • Business Email Compromise: In BEC, malicious actors spoof the email credentials of top officials of an organization, like the CEO. They then send orders to subordinates to make money transfers of massive amounts. The assistants follow the instructions thinking it to be their boss’s command. Business email compromise (BEC) is rising, and attackers exploit it to make money from fake wire transfer requests.
  • Spear Phishing on Small Businesses: In today’s growing threat landscape, there is nothing too small to become a phishing attack target. Small businesses get targeted frequently with cyberattacks because they often have less IT security than large organizations. Spear phishing is more dangerous than phishing because it is targeted and not generic. Threat actors deploy it in an attack using BEC.
  • Using Initial Access Brokers to Make Phishing Attacks More Effective: One-way threat actors make more money is by taking help from specialists called Initial Access. They are malicious actors who only focus on initially breaching the network or organizational accounts. The rising use of these experts in the field makes phishing attacks more threatening and difficult for end users to detect.

How To Redefine Cybersecurity in a Post-COVID World

Organizations’ strategies to counter the threats mentioned above will vary according to each organization’s cyber security maturity level. Generally, they must focus more on new cybersecurity models, including ‘zero trust.’ Following are ways individuals and organizations can remain protected:

  • Antivirus Protection: Employees must have an antivirus software license for their information systems. A good antivirus solution can eliminate many attacks.
  • Cybersecurity Awareness: Organizations must brief their staff on best procedures and practices to regulate sending emails or sensitive content to other parties or cloud storage.
  • Phishing Awareness: Employees must remain vigilant when receiving emails and check the sender’s addresses’ authenticity.
  • Home Network Security: Employees must ensure that their home Wi-Fi remains protected by a strong password.
  • Using VPN: Virtual private networks offer an additional protection layer to home internet use. They can remain a stringent barrier against cyberattacks.
  • Identifying Vulnerable Spots: Each IT system has vulnerabilities. Organizations must run tests to identify and patch them quickly. It can take the form of vulnerability scanning or penetration testing. Furthermore, businesses must perform hardening of technical infrastructure components.
  • Frequent Reviews: Organizations must evaluate cybersecurity risk exposure regularly and determine whether the existing controls are robust. The IT teams must consider new cyberattack forms during these reviews.
  • Renewing Business Crisis and Continuity Plans: Top managers must update their business continuity plans considering various cyberattack.

More advanced measures that users can take are:

  • Applying New Tools and Technology: IT teams can use advanced tools like host checking (which checks the endpoint’s security posture before authorizing access) to reinforce remote work security.
  • Intelligence Techniques: Businesses must encourage proactive cyber threat intelligence to identify indicators of attacks (IOC) and address them.
  • Risk Management: Organizations can apply GRC (governance, risk, and compliance) solutions to improve risk management. GRC solutions offer a detailed view of the organization’s risk exposure and help link various risk disciplines (cybersecurity, business continuity, and operational risks).
  • Prepare for Attacks: In today’s high-risk times, businesses must carry out frequent cyber crisis simulation exercises and prepare their response to a phishing attack.
  • Zero Trust Infrastructure: CIOs and CISOs must consider implementing the zero-trust framework for cybersecurity. It is a security model where only authorized and authenticated devices and users get access to applications and data.

The COVID-19 pandemic taught people that preparation is critical to limit the risks linked to cyberattacks. Malicious actors have been clever in changing their tactics to adapt to changing situations and executing sophisticated phishing attacks. The ability of a user to quickly react to unforeseen events helps lower the impact of a cyberattack. Today, organizations that benefit from secure remote work capabilities are better prepared to face the growing risk of phishing attacks. Consequently, businesses fearing risks must quickly assess their exposure to phishing attacks and prioritize initiatives to address cybersecurity gaps.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

References

  1. Al-Qahtani, A. F., & Cresci, S. (2022). The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19. IET Information Security, 16(5), 324–345. doi:10.1049/ise2.12073
  2. Damcova, K. (2022, May 6). Phishing attack trends to beware of in 2022. Retrieved January 4, 2023, from IQ in IT website: https://iqinit.uk/news/phishing-attack-trends-to-beware-of-in-2022/
  3. Nabe, C. (n.d.). Impact of COVID-19 on cybersecurity. Retrieved January 4, 2023, from Deloitte Switzerland website: https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html
  4. Ideal Integrations (2022, March 14). New phishing techniques to watch for in 2022. Retrieved January 4, 2023, from Ideal Integrations® website: https://www.idealintegrations.net/beware-these-new-phishing-techniques/
  5. McCurdy, R. (2022, November 8). The Biggest Phishing Breaches of 2022 and how to avoid them for 2023. Retrieved January 4, 2023, from Security Boulevard website: https://securityboulevard.com/2022/11/the-biggest-phishing-breaches-of-2022-and-how-to-avoid-them-for-2023/
  6. Over 255m phishing attacks in 2022 so far. (2022, October 26). Retrieved January 4, 2023, from Security Magazine website: https://www.securitymagazine.com/articles/98536-over-255m-phishing-attacks-in-2022-so-far
  7. Page, C. (2021, June 1). Hackers are targeting employees returning to the post-COVID office. TechCrunch. Retrieved from https://techcrunch.com/2021/06/01/hackers-phishing-post-covid-office/
  8. (2022, September 28). Webinar wrap-up: Cyber security in a post-COVID world: New challenges & opportunities. Retrieved January 4, 2023, from Simplilearn.com website: https://www.simplilearn.com/cyber-security-challenges-and-opportunities-post-covid-article

 

Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO - CISSP, CCSP, CCNP, MCSA, MCITP:EA,SA

Unlocking the Benefits of Cloud Migration in Higher Education

Cloud migration modernizes an organization’s data, applications, and infrastructure from on-premises systems to the cloud. The initial process can be complex and time-consuming. Still, it can bring significant long-term benefits to universities and other educational institutions that allow them to focus on their core aims of providing quality education. One of the main benefits of cloud migration for universities is cost savings. On-premises systems require expensive investments in hardware, software licenses, and expensive skillsets to support the many diverse environments, as well as ongoing patching, maintenance, and support costs. In contrast, cloud-based solutions are typically subscription-based, which means that universities can pay for only the resources they use rather than upfront costs for hardware and software. This can result in significant cost savings for universities, especially those with large and complex IT systems.

Another benefit of cloud migration for universities is increased flexibility and scalability. The majority of CAG (Columbia Advisory Group) higher education customers only need their full compute performance a few weeks a year while the rest of the year their hardware runs at less than 20% of its capability. Cloud-based solutions can be easily scaled up or down on demand to meet these changing needs, which can be particularly useful for universities that only experience performance fluctuations during enrollment. Additionally, cloud-based solutions can be accessed from anywhere with an internet connection, which is beneficial for students, faculty, and staff to access University resources and collaborate remotely. The Covid pandemic magnified the significance of educational institutions needing to support this capability.

Cloud migration can also improve the security and reliability of IT systems for universities. Cloud providers have robust security measures in place, such as multi-factor authentication and data encryption, which can help to protect against cyber threats and data breaches. In addition, cloud-based systems can be more reliable than on-premises systems, as they are typically backed by the redundant infrastructure and 24/7 support and can also scale to full parity, dependent on the criticality of the replicated system.

Finally, cloud migration can enable universities to take advantage of the latest technologies, such as artificial intelligence and machine learning. These technologies can improve a range of educational and research activities, from grading assignments and analyzing student data to conducting research and developing modern technologies.

In conclusion, cloud migration is an important consideration for universities looking to improve the efficiency, cost-effectiveness, and flexibility of their IT systems. By moving to the cloud, universities can realize significant benefits, including cost savings, increased scalability, improved security and reliability, and access to the latest technologies.  With tailored support from Columbia Advisory’s cloud experts, universities can ensure that their transition is smooth and secure. By leveraging the latest cloud technology, universities can equip themselves for a digital future and unlock all the benefits that come with it.

Ernest Bricker

Ernest Bricker

Director of Infrastructure Practice, Columbia Advisory Group

Why is it a good idea for Higher Education to outsource its Cybersecurity Framework Assessments and consider hiring a fractional vCISO

There are several reasons why higher education institutions should consider outsourcing their Cybersecurity Framework Assessments (NIST Cybersecurity Framework, HIPAA, GDPR, etc.) and hiring a fractional virtual Chief Information Security Officer (vCISO).

First and foremost, outsourcing Cybersecurity Framework Assessments can provide higher education institutions with access to a greater level of expertise and experience. Cybersecurity Framework Assessments, such as NIST Cybersecurity Framework, HIPAA, GDPR, etc., are a comprehensive set of security and privacy controls used by many organizations, including higher education institutions, to ensure the confidentiality, integrity, and availability of their systems and data. However, conducting these assessments can be a complex and time-consuming process that requires specialized knowledge and skills. By outsourcing these assessments to a qualified third party, higher education institutions can leverage the expertise and experience of professionals who have a deep understanding of numerous Cybersecurity Frameworks and how to implement their controls effectively.

Another reason to outsource Cybersecurity Framework Assessments is to ensure that the evaluation is conducted unbiasedly and objectively. In organizations that perform internal assessments, the risk of bias or subjectivity creeps into the process. Unfortunately, this can lead to an incomplete or inaccurate measurement of the organization’s security posture; in turn, this can increase the chances of an incident, such as a breach or intrusion, that may result in the loss, damage, or disclosure of assets. By outsourcing the assessment to a third party, higher education institutions can ensure that the evaluation is performed unbiasedly and objectively, providing a more accurate picture of their security posture.

After a cybersecurity framework assessment has been conducted, it’s paramount that a Governance, Risk, and Compliance Program is put in place to manage risk moving forward. In addition, a security program and plan need to be developed to track and remediate deficiencies identified during the assessment. Therefore, CAG recommends hiring a fractional vCISO to guide higher education institutions through the Governance, Risk, and Compliance minefields. A fractional vCISO is a professional who works remotely part-time or on a contract basis, providing expert guidance and support to the organization’s security efforts. In addition, a fractional vCISO can offer a range of services, including conducting risk assessments, developing, and implementing security policies and procedures, and providing guidance on compliance with regulatory requirements such as NIST, GDPR, HIPAA, and FERPA.

In conclusion, there are several reasons why higher education institutions should consider outsourcing their Cybersecurity Framework Assessments and hiring a fractional vCISO. These approaches can provide higher education institutions access to greater expertise and experience, ensure that assessments are conducted unbiased and objectively, and build a robust Governance, Risk, and Compliance program through a fractional vCISO. In addition, by leveraging these resources, higher education institutions can strengthen their security posture and better protect their systems and data.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO - CISSP, CCSP, CCNP, MCSA, MCITP:EA,SA

Microsoft Patch Tuesday: Two zero-day flaws in Windows need immediate attention

Microsoft’s December Patch Tuesday update delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network-focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).   Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. 

Known issues

  • ODBC: After installing the December update, applications that use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. You might receive the following error messages: “The EMS System encountered a problem. Message: [Microsoft] [ODBC SQL Server Driver] Unknown token received from SQL Server”.
  • RDP and Remote Access: After you install this or later updates on Windows desktop systems, you might be unable to reconnect to (Microsoft) Direct Access after temporarily losing network connectivity or transitioning between Wi-Fi networks or access points.
  • Hyper-V: After installing this update on Hyper-V hosts managed by SDN-configured System Center Virtual Machine Manager (VMM), you might receive an error on workflows involving creating a new Network Adapter (also called a Network Interface Card or NIC) joined to a VM network or a new Virtual Machine (VM).
  • Active Directory: Due to additional security requirements in addressing the security vulnerabilities in CVE-2022-38042, new security checks are implemented on domain net join requests. These extra checks may generate the following error message: “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: An account with the same name exists in Active Directory. Re-using the account was blocked by a security policy.”

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO
CISSP,CCSP,CCNP,MCSA,MCITP:EA,SA

Cybercrime Expected To Skyrocket in Coming Years

Early today Statista’ published the following post Chart: Cybercrime Expected To Skyrocket in Coming Years | Statista.   According to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. Cybercrime is defined by Cyber Crime Magazine as the “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. ”As more and more people turn online, whether, for work or their personal lives, there are more potential opportunities for cybercriminals to exploit. At the same time, attacker techniques are becoming more advanced, with more tools available to help scammers. The coronavirus pandemic saw a particular shift in cyber-attacks, as Statista’s Outlook analysts explain: “The COVID-19 crisis led to many organizations facing more cyberattacks due to the security vulnerability of remote work as well as the shift to virtualized IT environments, such as the infrastructure, data, and network of cloud computing.”

Source: Statista Technology Market Outlook, National Cyber Security Organizations, FBI, IMF

One of the largest hurdles for cyber-security compliance is to develop and document a security program plan and measure that plan as it complies with a specific framework. Accomplishing this is our niche at Columbia Advisory Group. We have developed an approach where we document your current Security Program (what you have in place), assess your current state (define current maturity level), and then define a Plan (roadmap for the future). The best place to start is to perform vulnerability scanning and address weaknesses before they are exploited. We then evaluate current policies and procedures and recommend remediation and improvement. We can provide a Risk Register which is a tool utilized to track identified Information Technology Security risks and define potential solutions. We provide many services that help an organization achieve compliance with a variety of security frameworks (CSF, CMMC, NIST 800-52, TAC 202) or prepare for certification (SOC 2 Type 2, ISO 27001, PCI). We can also help an organization write many policies and procedures required for compliance.

About the Author:
Lori DeMello is Columbia Advisory’s Director of Risk and Compliance. Lori is an expert in areas of Risk Management, Compliance, Security, Regulatory Reviews, Security Assessments, Audit Preparation and Response, Security Services, Continuity of Operations Planning, Risk Assessments, Risk Management Planning, Disaster Recovery, and Change Management. Lead efforts in creating and maintaining critical process documentation for CAG internal and customers. She has 25 years of IT experience with Certifications in PMP, ITILv2 and ITiLv3.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Columbia Advisory Group Expands Availability of its Services via TIPS-USA Contract

IT issues are mission-critical, and we are glad to be able to help our education, municipal, county and state agency clients to respond to increased IT needs and tightening budgets.

DALLAS, TEXAS, UNITED STATES, August 29, 2022/EINPresswire.com/ — Columbia Advisory Group (CAG), the leading IT managed services and cybersecurity provider to public and private sector organizations, today announced the availability of its industry-leading services on The Interlocal Purchasing System (TIPS-USA).

The TIPS Program evolved to help streamline the procurement process and expedite purchases. As a co-op, both awarded technology vendors and public sector members – which include K-12 and private schools, colleges, universities, cities, counties, non-profits, and other government entities – can accelerate business transactions by requirements up-front.

Leveraging the TIPS-USA contract, higher-education and other government buyers can realize significant cost savings by reducing the overall time and expense of a cumbersome bid process. Because TIPS provides access to high-performance vendors, agencies can also achieve quick and efficient delivery of goods and services, particularly when it comes to cybersecurity and other IT services. In addition, TIPS provides access to state-of-the-art purchasing procedures to provide competitive contracts, bulk purchasing, and other efficiencies. For these reasons, TIPS has become a preferred purchasing vehicle for state and local entities.

The Interlocal Purchasing System currently serves entities such as state and local governments and non-profit organizations, including but not limited to K-12 school districts, Charter Schools, Colleges and Universities (State and Private), Cities/Municipalities, Counties/Parishes, State Agencies, Emergency Services Districts and Non-profit organizations as defined by the Internal Revenue Service, as well as many other entities with legislated purchasing/bidding requirements. TIPS-USA membership is free.

Now, with the addition of the CAG the TIPS-USA contract, members can realize digital transformation with a best-in-class IT services firm designed for public sector frameworks. CAG is trusted by multiple higher-education, government institutions, state agencies and school districts to manage their IT environments via cybersecurity services, digital optimization, and IT innovation.

“Our public sector clients appreciate the ability to secure our services via vetted contracts like that of TIPS-USA,” explains David McLaughlin, President and CEO of Columbia Advisory Group. “TIPS-USA will help our clients to move swiftly when they discover a need within their organization for our IT expertise. In today’s business age, IT issues are mission-critical, and we are glad to be able to help our education, municipal, county and state agency clients to respond to twin dynamics of increased IT needs and tightening budgets.”

For more than 10 years, CAG has helped leading public agencies to improve their cybersecurity postures and to improve their IT environment through managed service. CAG provides access to specialized practice teams, including cybersecurity, application support, IT governance, IT due diligence, project management, IT infrastructure and comprehensive audio-visual services.

To learn more about purchasing from CAG on the TIPS-USA contract, contact CAG.
About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many institutions of higher education, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity and A/V Services. CAG improves business outcomes with IT insights and expert technology support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com.

Dwight Moore Named Senior Vice President of Technical Services at Columbia Advisory Group

“We are pleased to have a leader of Mr. Moore’s caliber on our leadership team. I am confident that his integrity and experience will help us attract and grow our operational team to meet the needs of our existing and future clients.”

DALLAS, TEXAS, UNITED STATES, July 20, 2022/EINPresswire.com/ — Dwight Moore is an Information Technology executive with more than three decades of experience with IT delivery and strategy. As Senior Vice President of Technical Services, Mr. Moore will assure that CAG service delivery teams are optimized to excel at serving customer needs. Mr. Moore will also assume operational planning to support CAG’s continued business growth, especially in the higher education sector.

Prior to Columbia Advisory Group, Mr. Moore spent 14 years at Accenture leading technical implementations and serving customer-facing roles with Fortune 500 clients, including leading a global web application technologies practice. Mr. Moore also previously worked as a leading consultant providing thought leadership and delivery experience in areas of AI and process automation. As a former CIO himself, Mr. Moore has experience balancing IT strategy and technology with budgetary and operational needs.

“We are pleased to have a leader of Mr. Moore’s caliber on our leadership team. I am confident that his integrity and experience will help us attract and grow our operational team to meet the needs of our existing and future clients,” said David McLaughlin, President and CEO of Columbia Advisory Group. “Our business growth trajectory demands that we continue to hire leaders who have the experience and vision to partner with clients to improve their business outcomes.”

Mr. Moore brings CAG a strong background in data centers, architecture, operations, application development, and project management. His experience spans industries including hospitality, retail, healthcare, insurance, telecom, and retail in addition to significant roles with two startup companies.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Haley Rose
Columbia Advisory Group