Phishing: How The Monster Is Changing Its Shape and Size – Phishing Protection in a Post-COVID World

Cyber scams during COVID-19 have shaped a new term – scamdemic: a global epidemic of frauds and scams. There was an unprecedented rise in cybersecurity scams during the pandemic. Phishing emerged as the most frequent attack type. Read on to learn how malicious actors changed their tactics in 2022 and how you can protect yourself.

The COVID-19 pandemic changed how people live, including how all conduct business and social interactions and how work lives function. Regarding the latter, enforcement of social distancing and lockdowns resulted in an increasing number of people experiencing changed work habits. Some employees adapted – often even abruptly – to using messaging apps, digital platforms, and other communication channels for everyday activities. Thus, there was a worldwide shift from office to remote (home) work. The overlooked consequence of the change was the increase in cyber risks, which resulted in a rapid escalation of cyber-attacks.

The State of Phishing Report for 2022 by SlashNext highlights that traditional security strategies, including proxy servers, secure email gateways, and firewalls, no longer prevent phishing threats, especially as attackers increasingly launch these attacks from personal and messaging apps and trusted servers. Thus, phishing attacks are a rising concern, as the following statistics show.

Key Statistics

Here is a look at the key statistics which signify the rising phishing problem:

  • SlashNext analyzed numerous link-based URLs, messages, and attachments in email, browser, and mobile channels in 2022 and found over 255 million attacks – a 61% rise in phishing attack rates compared to 2021.
  • A Check Point Research (CPR) report found emerging social engineering scam trends shifting away from tech giants and shipping establishments toward social networking sites. In Q1 2022, social networks became the most targeted category, followed by shipping.
  • Zscaler pointed out that, from January to March 2020, COVID-19-themed phishing attacks increased by 30,000%.
  • APWG’s Phishing Activity Trends Report says that phishing attacks hit an all-time high in 2021. December 2021 recorded an unprecedented 300,000 attacks, signifying these incidents became over three times more common than they were two years before.
  • UK’s Cyber Security Breaches Survey 2022 signifies that phishing is the most common cyber threat that targets UK businesses and charities. 83% of them suffered a phishing scam.
  • 2022’s first quarter saw a dramatic rise in phishing attacks. CheckPoint revealed in its 2022 Q1 Brand Phishing Report that malicious actors planned phishing attacks impersonating professional social networking websites. Attacks related to LinkedIn alone comprised over half (52%) of all phishing attempts globally. 

Post-COVID Threat Landscape Isn’t Reducing – Threat Actors Are One Step Ahead

Once authorities lifted the COVID-19 restrictions, employees started moving back to their offices, and malicious actors adapted to the change again. While remote workers were their primary targets for 18 months, new phishing campaigns targeted those who were returning to the physical workplace. The following are some prominent examples:

  • Cofense observed an email-based campaign that targeted employees with emails impersonating their CIO and welcoming them back to the office. The emails appeared legitimate and contained the organization’s official logo and the CIO’s signature. The message outlined the organization’s new precautions and business operation changes connected with the pandemic.
  • India saw a surge in new phishing techniques after the government launched electric vehicle (EV) incentives.
  • Some phishing attempts preyed upon financial fear. For example, In a  scam,  bank customers were informed that their accounts were on hold due to suspicious logins or transactions. Users became victims when they attempted to resolve the issue by clicking on the embedded link.
  • The BazarBackdoor attackers send malware-free mail, bypassing email security and directing users to a website contact form. Once a user submits the form, the perpetrators send malware through a purported response file through a file-transfer service to avoid email security.
  • Some latest phishing attacks send malware links through QR codes embedded in emails or stickers in restaurants or public locations. The QR codes directly execute malware or redirect the users to credential-stealing websites.
  • Microsoft recently discovered a multi-stage phishing attack on businesses that don’t use multi-factor authentication. The first stage steals an employee’s email credentials, and the second stage creates a new Office 365 account in their name on a rogue device. After getting established on the new computer, the threat actors use the victim’s account to send internal phishing attacks to the organization or clients using legitimate email accounts.

Top 2022 Phishing Tactics Used By Malicious Actors

In 2022, phishing attacks exploited vulnerabilities unheard of earlier. Here are the year’s top tactics:

  • Typosquatting: Threat actors register domains that users can enter by accident. For example, instead of typing www.phishingexample.com, a user can type www.phishingexanple.com (hitting the ‘n’ key next to the intended ‘m’ key by mistake). If an attacker registers the www.phishingexanple.com domain, the user enters the attacker’s website instead of the legitimate www.phishingexample.com website. If the imposter website looks the same as the legitimate one, the user can easily get tricked into sharing their credentials.
  • Lookalike Domain Attacks: While typosquatting depends on the victim making a typo, lookalike domains exploit the difficulty of differentiating between words or similar characters. For example, an attacker can craft a phishing email with an uppercase “I” instead of the lowercase “l,” making www.iurethevictim.com look like Iurethevictim.com. Having end users targeted by what they think is a legitimate website opens various challenges, like loss of user confidence, theft, fraud, and reduced traffic (and business) to your website. Thus, if you can quickly discover and avoid scam sites, you can mitigate the risks linked to fraud and loss of brand reputation.
  • Executive Impersonation: Executive impersonation is an effective tactic. If malicious actors can spoof or compromise an executive’s email account, they can craft phishing emails to lure unsuspecting users to legitimate-looking phishing. If the user who suspects the fake email to be from their boss enters their credentials into the spoofed website, the attackers steal them and gain unauthorized access.
  • Credential Reuse Attacks: Unfortunately, credential reuse (using the same password, etc., across different platforms) is common among end users because it is inconvenient to create new credentials for every application. If a phishing attack retrieves a credential set successfully, the attackers can access other applications with the same information. Because of credential reuse, such attacks grant attackers access to multiple accounts across various platforms.
  • High-Level Employee Targeting: High-level employees can access sensitive, confidential, and proprietary information that other employees cannot. If attackers obtain their login credentials, they can access sensitive corporate data in the cloud (which organizations store within their network perimeter). Thus, these credentials are the keys to the domain, and stealing them makes threat actors capable of planning large-scale data breaches traditionally mitigated by network perimeter solutions.
  • Financial Scams: Sophisticated phishing campaigns target login credentials and aim to steal financial information from end users. In a financial scam-type phishing attack, the threat actors trick the user into visiting a phishing site, making them share personal or financial information and conduct financial transfers or transactions with it. For example, threat actors may design a site pretending to be a charity platform raising money for the pandemic victims. The unsuspecting users might get fooled into donating cash through it.
  • Business Email Compromise: In BEC, malicious actors spoof the email credentials of top officials of an organization, like the CEO. They then send orders to subordinates to make money transfers of massive amounts. The assistants follow the instructions thinking it to be their boss’s command. Business email compromise (BEC) is rising, and attackers exploit it to make money from fake wire transfer requests.
  • Spear Phishing on Small Businesses: In today’s growing threat landscape, there is nothing too small to become a phishing attack target. Small businesses get targeted frequently with cyberattacks because they often have less IT security than large organizations. Spear phishing is more dangerous than phishing because it is targeted and not generic. Threat actors deploy it in an attack using BEC.
  • Using Initial Access Brokers to Make Phishing Attacks More Effective: One-way threat actors make more money is by taking help from specialists called Initial Access. They are malicious actors who only focus on initially breaching the network or organizational accounts. The rising use of these experts in the field makes phishing attacks more threatening and difficult for end users to detect.

How To Redefine Cybersecurity in a Post-COVID World

Organizations’ strategies to counter the threats mentioned above will vary according to each organization’s cyber security maturity level. Generally, they must focus more on new cybersecurity models, including ‘zero trust.’ Following are ways individuals and organizations can remain protected:

  • Antivirus Protection: Employees must have an antivirus software license for their information systems. A good antivirus solution can eliminate many attacks.
  • Cybersecurity Awareness: Organizations must brief their staff on best procedures and practices to regulate sending emails or sensitive content to other parties or cloud storage.
  • Phishing Awareness: Employees must remain vigilant when receiving emails and check the sender’s addresses’ authenticity.
  • Home Network Security: Employees must ensure that their home Wi-Fi remains protected by a strong password.
  • Using VPN: Virtual private networks offer an additional protection layer to home internet use. They can remain a stringent barrier against cyberattacks.
  • Identifying Vulnerable Spots: Each IT system has vulnerabilities. Organizations must run tests to identify and patch them quickly. It can take the form of vulnerability scanning or penetration testing. Furthermore, businesses must perform hardening of technical infrastructure components.
  • Frequent Reviews: Organizations must evaluate cybersecurity risk exposure regularly and determine whether the existing controls are robust. The IT teams must consider new cyberattack forms during these reviews.
  • Renewing Business Crisis and Continuity Plans: Top managers must update their business continuity plans considering various cyberattack.

More advanced measures that users can take are:

  • Applying New Tools and Technology: IT teams can use advanced tools like host checking (which checks the endpoint’s security posture before authorizing access) to reinforce remote work security.
  • Intelligence Techniques: Businesses must encourage proactive cyber threat intelligence to identify indicators of attacks (IOC) and address them.
  • Risk Management: Organizations can apply GRC (governance, risk, and compliance) solutions to improve risk management. GRC solutions offer a detailed view of the organization’s risk exposure and help link various risk disciplines (cybersecurity, business continuity, and operational risks).
  • Prepare for Attacks: In today’s high-risk times, businesses must carry out frequent cyber crisis simulation exercises and prepare their response to a phishing attack.
  • Zero Trust Infrastructure: CIOs and CISOs must consider implementing the zero-trust framework for cybersecurity. It is a security model where only authorized and authenticated devices and users get access to applications and data.

The COVID-19 pandemic taught people that preparation is critical to limit the risks linked to cyberattacks. Malicious actors have been clever in changing their tactics to adapt to changing situations and executing sophisticated phishing attacks. The ability of a user to quickly react to unforeseen events helps lower the impact of a cyberattack. Today, organizations that benefit from secure remote work capabilities are better prepared to face the growing risk of phishing attacks. Consequently, businesses fearing risks must quickly assess their exposure to phishing attacks and prioritize initiatives to address cybersecurity gaps.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

References

  1. Al-Qahtani, A. F., & Cresci, S. (2022). The COVID-19 scamdemic: A survey of phishing attacks and their countermeasures during COVID-19. IET Information Security, 16(5), 324–345. doi:10.1049/ise2.12073
  2. Damcova, K. (2022, May 6). Phishing attack trends to beware of in 2022. Retrieved January 4, 2023, from IQ in IT website: https://iqinit.uk/news/phishing-attack-trends-to-beware-of-in-2022/
  3. Nabe, C. (n.d.). Impact of COVID-19 on cybersecurity. Retrieved January 4, 2023, from Deloitte Switzerland website: https://www2.deloitte.com/ch/en/pages/risk/articles/impact-covid-cybersecurity.html
  4. Ideal Integrations (2022, March 14). New phishing techniques to watch for in 2022. Retrieved January 4, 2023, from Ideal Integrations® website: https://www.idealintegrations.net/beware-these-new-phishing-techniques/
  5. McCurdy, R. (2022, November 8). The Biggest Phishing Breaches of 2022 and how to avoid them for 2023. Retrieved January 4, 2023, from Security Boulevard website: https://securityboulevard.com/2022/11/the-biggest-phishing-breaches-of-2022-and-how-to-avoid-them-for-2023/
  6. Over 255m phishing attacks in 2022 so far. (2022, October 26). Retrieved January 4, 2023, from Security Magazine website: https://www.securitymagazine.com/articles/98536-over-255m-phishing-attacks-in-2022-so-far
  7. Page, C. (2021, June 1). Hackers are targeting employees returning to the post-COVID office. TechCrunch. Retrieved from https://techcrunch.com/2021/06/01/hackers-phishing-post-covid-office/
  8. (2022, September 28). Webinar wrap-up: Cyber security in a post-COVID world: New challenges & opportunities. Retrieved January 4, 2023, from Simplilearn.com website: https://www.simplilearn.com/cyber-security-challenges-and-opportunities-post-covid-article

 

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO - CISSP, CCSP, CCNP, MCSA, MCITP:EA,SA

Unlocking the Benefits of Cloud Migration in Higher Education

Cloud migration modernizes an organization’s data, applications, and infrastructure from on-premises systems to the cloud. The initial process can be complex and time-consuming. Still, it can bring significant long-term benefits to universities and other educational institutions that allow them to focus on their core aims of providing quality education. One of the main benefits of cloud migration for universities is cost savings. On-premises systems require expensive investments in hardware, software licenses, and expensive skillsets to support the many diverse environments, as well as ongoing patching, maintenance, and support costs. In contrast, cloud-based solutions are typically subscription-based, which means that universities can pay for only the resources they use rather than upfront costs for hardware and software. This can result in significant cost savings for universities, especially those with large and complex IT systems.

Another benefit of cloud migration for universities is increased flexibility and scalability. The majority of CAG (Columbia Advisory Group) higher education customers only need their full compute performance a few weeks a year while the rest of the year their hardware runs at less than 20% of its capability. Cloud-based solutions can be easily scaled up or down on demand to meet these changing needs, which can be particularly useful for universities that only experience performance fluctuations during enrollment. Additionally, cloud-based solutions can be accessed from anywhere with an internet connection, which is beneficial for students, faculty, and staff to access University resources and collaborate remotely. The Covid pandemic magnified the significance of educational institutions needing to support this capability.

Cloud migration can also improve the security and reliability of IT systems for universities. Cloud providers have robust security measures in place, such as multi-factor authentication and data encryption, which can help to protect against cyber threats and data breaches. In addition, cloud-based systems can be more reliable than on-premises systems, as they are typically backed by the redundant infrastructure and 24/7 support and can also scale to full parity, dependent on the criticality of the replicated system.

Finally, cloud migration can enable universities to take advantage of the latest technologies, such as artificial intelligence and machine learning. These technologies can improve a range of educational and research activities, from grading assignments and analyzing student data to conducting research and developing modern technologies.

In conclusion, cloud migration is an important consideration for universities looking to improve the efficiency, cost-effectiveness, and flexibility of their IT systems. By moving to the cloud, universities can realize significant benefits, including cost savings, increased scalability, improved security and reliability, and access to the latest technologies.  With tailored support from Columbia Advisory’s cloud experts, universities can ensure that their transition is smooth and secure. By leveraging the latest cloud technology, universities can equip themselves for a digital future and unlock all the benefits that come with it.

Picture of Ernest Bricker

Ernest Bricker

Director of Infrastructure Practice, Columbia Advisory Group

Why is it a good idea for Higher Education to outsource its Cybersecurity Framework Assessments and consider hiring a fractional vCISO

There are several reasons why higher education institutions should consider outsourcing their Cybersecurity Framework Assessments (NIST Cybersecurity Framework, HIPAA, GDPR, etc.) and hiring a fractional virtual Chief Information Security Officer (vCISO).

First and foremost, outsourcing Cybersecurity Framework Assessments can provide higher education institutions with access to a greater level of expertise and experience. Cybersecurity Framework Assessments, such as NIST Cybersecurity Framework, HIPAA, GDPR, etc., are a comprehensive set of security and privacy controls used by many organizations, including higher education institutions, to ensure the confidentiality, integrity, and availability of their systems and data. However, conducting these assessments can be a complex and time-consuming process that requires specialized knowledge and skills. By outsourcing these assessments to a qualified third party, higher education institutions can leverage the expertise and experience of professionals who have a deep understanding of numerous Cybersecurity Frameworks and how to implement their controls effectively.

Another reason to outsource Cybersecurity Framework Assessments is to ensure that the evaluation is conducted unbiasedly and objectively. In organizations that perform internal assessments, the risk of bias or subjectivity creeps into the process. Unfortunately, this can lead to an incomplete or inaccurate measurement of the organization’s security posture; in turn, this can increase the chances of an incident, such as a breach or intrusion, that may result in the loss, damage, or disclosure of assets. By outsourcing the assessment to a third party, higher education institutions can ensure that the evaluation is performed unbiasedly and objectively, providing a more accurate picture of their security posture.

After a cybersecurity framework assessment has been conducted, it’s paramount that a Governance, Risk, and Compliance Program is put in place to manage risk moving forward. In addition, a security program and plan need to be developed to track and remediate deficiencies identified during the assessment. Therefore, CAG recommends hiring a fractional vCISO to guide higher education institutions through the Governance, Risk, and Compliance minefields. A fractional vCISO is a professional who works remotely part-time or on a contract basis, providing expert guidance and support to the organization’s security efforts. In addition, a fractional vCISO can offer a range of services, including conducting risk assessments, developing, and implementing security policies and procedures, and providing guidance on compliance with regulatory requirements such as NIST, GDPR, HIPAA, and FERPA.

In conclusion, there are several reasons why higher education institutions should consider outsourcing their Cybersecurity Framework Assessments and hiring a fractional vCISO. These approaches can provide higher education institutions access to greater expertise and experience, ensure that assessments are conducted unbiased and objectively, and build a robust Governance, Risk, and Compliance program through a fractional vCISO. In addition, by leveraging these resources, higher education institutions can strengthen their security posture and better protect their systems and data.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO - CISSP, CCSP, CCNP, MCSA, MCITP:EA,SA

Microsoft Patch Tuesday: Two zero-day flaws in Windows need immediate attention

Microsoft’s December Patch Tuesday update delivers 59 fixes, including two zero-days (CVE-2022-44698 and CVE-2022-44710) that require immediate attention on the Windows platform. This is a network-focused update (TCP/IP and RDP) that will require significant testing with an emphasis on ODBC connections, Hyper-V systems, Kerberos authentication, and printing (both local and remote).   Microsoft also published an urgent out-of-band update (CVE-2022-37966) to address serious Kerberos authentication issues. 

Known issues

  • ODBC: After installing the December update, applications that use ODBC connections through Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not connect. You might receive the following error messages: “The EMS System encountered a problem. Message: [Microsoft] [ODBC SQL Server Driver] Unknown token received from SQL Server”.
  • RDP and Remote Access: After you install this or later updates on Windows desktop systems, you might be unable to reconnect to (Microsoft) Direct Access after temporarily losing network connectivity or transitioning between Wi-Fi networks or access points.
  • Hyper-V: After installing this update on Hyper-V hosts managed by SDN-configured System Center Virtual Machine Manager (VMM), you might receive an error on workflows involving creating a new Network Adapter (also called a Network Interface Card or NIC) joined to a VM network or a new Virtual Machine (VM).
  • Active Directory: Due to additional security requirements in addressing the security vulnerabilities in CVE-2022-38042, new security checks are implemented on domain net join requests. These extra checks may generate the following error message: “Error 0xaac (2732): NERR_AccountReuseBlockedByPolicy: An account with the same name exists in Active Directory. Re-using the account was blocked by a security policy.”

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Picture of Brad Hudson

Brad Hudson

VP of Cyber Security | vCISO
CISSP,CCSP,CCNP,MCSA,MCITP:EA,SA

Cybercrime Expected To Skyrocket in Coming Years

Early today Statista’ published the following post Chart: Cybercrime Expected To Skyrocket in Coming Years | Statista.   According to estimates from Statista’s Cybersecurity Outlook, the global cost of cybercrime is expected to surge in the next five years, rising from $8.44 trillion in 2022 to $23.84 trillion by 2027. Cybercrime is defined by Cyber Crime Magazine as the “damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. ”As more and more people turn online, whether, for work or their personal lives, there are more potential opportunities for cybercriminals to exploit. At the same time, attacker techniques are becoming more advanced, with more tools available to help scammers. The coronavirus pandemic saw a particular shift in cyber-attacks, as Statista’s Outlook analysts explain: “The COVID-19 crisis led to many organizations facing more cyberattacks due to the security vulnerability of remote work as well as the shift to virtualized IT environments, such as the infrastructure, data, and network of cloud computing.”

Source: Statista Technology Market Outlook, National Cyber Security Organizations, FBI, IMF

One of the largest hurdles for cyber-security compliance is to develop and document a security program plan and measure that plan as it complies with a specific framework. Accomplishing this is our niche at Columbia Advisory Group. We have developed an approach where we document your current Security Program (what you have in place), assess your current state (define current maturity level), and then define a Plan (roadmap for the future). The best place to start is to perform vulnerability scanning and address weaknesses before they are exploited. We then evaluate current policies and procedures and recommend remediation and improvement. We can provide a Risk Register which is a tool utilized to track identified Information Technology Security risks and define potential solutions. We provide many services that help an organization achieve compliance with a variety of security frameworks (CSF, CMMC, NIST 800-52, TAC 202) or prepare for certification (SOC 2 Type 2, ISO 27001, PCI). We can also help an organization write many policies and procedures required for compliance.

About the Author:
Lori DeMello is Columbia Advisory’s Director of Risk and Compliance. Lori is an expert in areas of Risk Management, Compliance, Security, Regulatory Reviews, Security Assessments, Audit Preparation and Response, Security Services, Continuity of Operations Planning, Risk Assessments, Risk Management Planning, Disaster Recovery, and Change Management. Lead efforts in creating and maintaining critical process documentation for CAG internal and customers. She has 25 years of IT experience with Certifications in PMP, ITILv2 and ITiLv3.

About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many higher education institutions, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity, and A/V Services. CAG improves business outcomes with IT insights and expert technical support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. Contact us at .

Columbia Advisory Group Expands Availability of its Services via TIPS-USA Contract

IT issues are mission-critical, and we are glad to be able to help our education, municipal, county and state agency clients to respond to increased IT needs and tightening budgets.

DALLAS, TEXAS, UNITED STATES, August 29, 2022/EINPresswire.com/ — Columbia Advisory Group (CAG), the leading IT managed services and cybersecurity provider to public and private sector organizations, today announced the availability of its industry-leading services on The Interlocal Purchasing System (TIPS-USA).

The TIPS Program evolved to help streamline the procurement process and expedite purchases. As a co-op, both awarded technology vendors and public sector members – which include K-12 and private schools, colleges, universities, cities, counties, non-profits, and other government entities – can accelerate business transactions by requirements up-front.

Leveraging the TIPS-USA contract, higher-education and other government buyers can realize significant cost savings by reducing the overall time and expense of a cumbersome bid process. Because TIPS provides access to high-performance vendors, agencies can also achieve quick and efficient delivery of goods and services, particularly when it comes to cybersecurity and other IT services. In addition, TIPS provides access to state-of-the-art purchasing procedures to provide competitive contracts, bulk purchasing, and other efficiencies. For these reasons, TIPS has become a preferred purchasing vehicle for state and local entities.

The Interlocal Purchasing System currently serves entities such as state and local governments and non-profit organizations, including but not limited to K-12 school districts, Charter Schools, Colleges and Universities (State and Private), Cities/Municipalities, Counties/Parishes, State Agencies, Emergency Services Districts and Non-profit organizations as defined by the Internal Revenue Service, as well as many other entities with legislated purchasing/bidding requirements. TIPS-USA membership is free.

Now, with the addition of the CAG the TIPS-USA contract, members can realize digital transformation with a best-in-class IT services firm designed for public sector frameworks. CAG is trusted by multiple higher-education, government institutions, state agencies and school districts to manage their IT environments via cybersecurity services, digital optimization, and IT innovation.

“Our public sector clients appreciate the ability to secure our services via vetted contracts like that of TIPS-USA,” explains David McLaughlin, President and CEO of Columbia Advisory Group. “TIPS-USA will help our clients to move swiftly when they discover a need within their organization for our IT expertise. In today’s business age, IT issues are mission-critical, and we are glad to be able to help our education, municipal, county and state agency clients to respond to twin dynamics of increased IT needs and tightening budgets.”

For more than 10 years, CAG has helped leading public agencies to improve their cybersecurity postures and to improve their IT environment through managed service. CAG provides access to specialized practice teams, including cybersecurity, application support, IT governance, IT due diligence, project management, IT infrastructure and comprehensive audio-visual services.

To learn more about purchasing from CAG on the TIPS-USA contract, contact CAG.
About Columbia Advisory Group:
Columbia Advisory Group (CAG) is a leading Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many institutions of higher education, state agencies, and Fortune 50 customers. Practice specialty areas include Infrastructure, IT Service Management, Cybersecurity and A/V Services. CAG improves business outcomes with IT insights and expert technology support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com.

Columbia Advisory Group Adds Extended Detection and Response to IT Managed Service Portfolio with Abacode Partnership

"In this time of increasing global attacks, it is critical to have around-the-clock eyes on the network.”

DALLAS, TEXAS, UNITED STATES, June 13, 2022 /EINPresswire.com/ — Dallas-based Columbia Advisory Group (CAG), a leading provider of IT Managed and Cybersecurity Services, today announced the expansion of its services via a partnership with Abacode, a leading provider of managed Extended Detection and Response (XDR).

The partnership between CAG and Abacode will allow clients to one-stop-shop for specialized IT Managed Services, Governance, Risk Management, and Compliance (GRC), Virtual CISO services and managed XDR services to analyze data breaches as they occur.

As organizations face increasing threats of ransomware, data breach, and phishing, they must simultaneously upgrade their governance and compliance activities to minimize risk while simultaneously detecting and responding to breaches as they arise to understand, contain and prevent them. This capability requires increasingly scarce competent cybersecurity leadership and specialized, virtual Security Operations Center (vSOC) services that can investigate problems in real-time and provide visibility across the enterprise of controls compliance.

“Our many public-sector, educational, manufacturing, and health care clients already rely upon CAG for cybersecurity guidance and IT expertise. CAG is pleased to bolster our leading Cybersecurity practice by offering 24x7x365 SOC 2 Type 1 and 2 XDR services via our partner, Abacode. In this time of increasing global attacks, it is critical to have around-the-clock eyes on the network,” said David McLaughlin, President and CEO of Columbia Advisory Group.

“Abacode is constantly striving to push the technology industry forward by partnering with top-notch leaders in the MSP space,” said Greg Chevalier, Senior Vice President – Partners and Sales Strategy for Abacode. “Partnering with Columbia Advisory Group ensures that clients not only have their information technology operations humming along at peak efficiency with their managed services but now includes Abacode’s Managed Detection and Response and Security Operations Center support.”

About Columbia Advisory Group:

Columbia Advisory Group (CAG) is a well-respected Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many institutions of higher education, state agencies, and Fortune 500 customers. By focusing on practical solutions and straightforward analysis, CAG’s team supports many regulatory and economic environments and organizations of all sizes. Practice specialty areas include Cybersecurity, Infrastructure, IT Service Management, Application Management and A/V Services. Whether a client is high-growth or economically challenged, CAG can improve business outcomes with IT insight and support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com.

About Abacode

Abacode combines leading technologies and professional services to implement Cybersecurity and Compliance programs for clients throughout the world. Abacode enables clients to implement a Cyber Capability Maturity Model and benefit from our expert Extended Detection and Response capabilities. Offices in the Americas and Europe. Learn more at Abacode.com or connect with us at insight@abacode.com

Log4J: Neutralizing the latest global cybersecurity threat

 

Every day we see news about cybersecurity attacks, exploits, and hacks to the point that we are relatively immune to what feels like sensationalized news about the latest and most devastating threat no matter how legitimately concerned we should be.
And on December 6th when we were getting ready to go to the office holiday party and a weekend of shopping, the world was read-in on a significant security vulnerability known as LogJ4.

What is Log4J?

Log4J is a widely used open-source Java code library from the Apache Software Foundation used by many servers across the world to record a log of activity and send it to a centralized server. It is integrated into thousands of software applications, services, and systems, and websites from Fortune 100 firms down to small providers.

What is the new vulnerability?

It was discovered that some common versions of Log4J are vulnerable to being forced to execute code via specially crafted URLs (web address) that pass through the logs. This address passes through the system and is used to download and execute code that can provide remote access to the machine or perform other malicious tasks. Having information pass through the logs can be done from a chat, submitting an online form, sending an email that is processed by a system that uses Log4J to log emails, or any other means in which data enters the logs, effectively allowing someone with nefarious intentions to see sensitive user data, install malware and spyware, or even take over machines for nefarious purposes.

How widespread is this?

As noted on Wired.com, Twitter users have experimented with changing their display names to trigger the vulnerability, users in the game Minecraft triggered it through the in-game chat, and an iPhone user changed their device name to trigger the vulnerability (and did notify Apple). Cloud service providers, such as Cloudflare, rolled up temporary fixes for their customers while heavily used systems from companies such as VMWare, Oracle, Adobe, RedHat, and others have worked to update to the latest release of Log4j released by Apache that addresses the remote code execution vulnerability and downgrading the risk to moderate.

What do I need to do?

Your institution’s IT departments and security teams should be assessing their catalog of systems and software that use Apache with Java libraries to determine which systems may be vulnerable. Initial focus should be on public-facing systems, most likely to be ERP and SIS systems used by the institution. They should also be working with those vendors on obtaining patches and scheduling updates to the systems as soon as practical.

In addition, it is important to make sure that faculty, staff and students are aware of the exploit and how it can impact their personal BYOD (Bring Your Own Device) devices such as iPhones and share best practices such as using 2-Factor Authentication and keeping their devices up to date with the latest security patches.

If your IT department and security teams are unsure of a system’s potential vulnerability, they should check with the vendor to validate those systems have the latest security patches. If your institution does not have a security team, check with your managed security services provider. If you do not have a managed security service provider, reach out to Columbia Advisory Group as part of E&I contract CNR01469 to engage our team of experts to ensure your institution adheres to appropriate NIST standards and can manage, detect and respond to Log4j and other threats.

Summary

The Log4J vulnerability has been patched by Apache with the introduction of Log4j 2.17.1, yet the threat is being actively exploited across the globe and still poses one of the largest security threats to date. The National Institute of Standards and Technology (NIST) that maintains a database of vulnerabilities has listed this at its highest severity classification. Due to the widespread use of the open-source Log4J application by vendors from small software applications to large enterprise systems and cloud services, there is a high-likelihood most organizations will have some risk to mitigate.

While the risk associated with Log4J has concrete solutions, the next cyber exploit will present a danger to your university’s operations.

CMMC: What It Is and Why It Is Important

The Cybersecurity Maturity Model Certification (CMMC) is a security framework implemented by the US Department of Defense (DoD) to improve protection of the defense industrial base. Like other security frameworks, the CMMC has a collection of controls for processes and practices with the goal of achieving a certain level of cybersecurity maturity. The main purpose of the CMMC is to provide assurance to the DoD that a company holding federal contracts has the appropriate measures in place to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), and to account for how that information flows. It’s also a powerful framework that can apply to anyone looking to boost their security posture.

If the University uses Federal funds for research with the Department of Defense, you may want to consider CMMC certification. CAG can help with a pre-assessment to ensure the University passes the certification.

CMMC is a scalable framework, so dependent upon the sensitivity of data involved, a federal contract will require specific CMMC controls be in place. Currently, the CMMC has five levels. The higher the level, the more controls required. And because they are cumulative, CMMC Level 3 would demand implementing everything in the preceding two as well.

  • CMMC Level 1: Basic cyberhygiene—focused on safeguarding Federal Contract Information (FCI)
  • CMMC Level 2: Intermediate cyberhygiene—serve as a transition step in cybersecurity maturity
  • CMMC Level 3: Good cyberhygiene—protect Controlled Unclassified Information (CUI)
  • CMMC Level 4: Proactive—protect CUI and reduce risk of advanced persistent threats (APTs)
  • CMMC Level 5: Advanced/progressive—protect CUI and reduce risk of APTs

How Is CMMC different from other security frameworks?

The biggest difference is that it does away with self-attestation. With standards like NIST 800-171, you could self-attest you were following the appropriate controls and standards and win a federal contract. CMMC changes this by requiring that anyone seeking a federal contract with the DoD must receive certification from an approved CMMC third-party assessment organization (C3PAO).

You can easily perform self-assessments by leveraging resources made available by the Office of the Under Secretary of Defense for Acquisition & Sustainment. However, you will still need to engage a C3PAO to receive CMMC certification of the appropriate level to win a federal contract. During the audit by a C3PAO, they should be able to help identify any gaps that will prevent receiving certification. If you or your research entities are subject to CMMC, engaging with a C3PAO is going to be inescapable. The earlier you start, the more flexibility you will have in implementing any recommendations.

There is currently a grace period to allow CMMC to become fully implemented, but in the future federal DoD contracts will not be awarded without the appropriate certification.

Why is CMMC important to universities?

For Universities, CMMC is no different than any other set of standards or frameworks—it contains an established baseline of best practices, and controls and processes that must be implemented. In fact, most of the controls in CMMC are mapped directly to NIST 800-171. So, if you have already been building your cyber program around NIST 800-53 and NIST 800-171, you should look at CMMC as an opportunity to help you stand apart.

For Universities that have not traditionally implemented NIST or other security frameworks because it wasn’t a requirement for your stakeholders, this is an opportunity to own risk and reap the rewards. If you decided to implement the controls within CMMC Level 3—even if you don’t receive certification—you will have a more mature cybersecurity posture, a larger portfolio of services you can offer within your research, and improved scalability.

If you have made it this far and think CMMC doesn’t apply to you since you don’t support these types of projects, you may be interested to know that CMMC has the potential to work down the hierarchy from federal to state and local governments. When NIST 800-53 was originally released in 2005 as recommended security controls for federal information systems, it was intended for federal information systems. In August 2017, federal was removed to indicate that it may be applied to any organization. Many state governments, local municipalities, insurance providers, and public and private entities of all types have required NIST 800-53 controls and processes be followed for years.

One day, CMMC, or an evolution of it, may be just as prevalent as NIST 800-53. With the heightened public awareness concerning the risk cybersecurity threats pose, it’s likely we may eventually see self-attestation as a relic of the past.

CAG Performs Policy Assessments and Controls alignments according to the following standards

  • Gramm–Leach–Bliley Act (GLBA)
  • NIST 800-171
  • NIST 800-53
  • PCI Compliance
  • HIPAA
  • FERPA
  • TAC 202 or other state standards

If you would like to learn more about how CAG can advance your organization’s cyber security maturity, please contact info@columbiaadvisory.com.

ABOUT CAG:

CAG is a highly experienced IT consulting firm. With 100+ years of combined technology experience and business acumen, CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments. By focusing on simple, meaningful, and practical solutions combined with straight-forward analysis and recommendations, CAG’s team has experience in many regulatory and economic environments with companies and organizations of all sizes. CAG not only offers a deep understanding of IT, but its solutions are software and hardware agnostic. Whether a client is high growth or economically challenged, CAG can adapt to the complexities and nuances of that business. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit columbiaadvisory.com

Ransomware Incident Response Planning

Ransomware attacks are ever-increasing globally. Here’s how to evaluate your cyber security partners and be resilient, when preparing for the worst.

Colonial Pipeline, Kaseya, Solar Winds, Microsoft… the list goes on and on. In the past 12 months alone, more than one third of all organizations globally have faced some type of ransomware incident, according to a recent survey by research firm IDC.

The ransomware industry has evolved in sophistication. Malicious actors even subscribe to Ransomware as a Service (RaaS), whereby criminal organizations lease ransomware variants the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service.

RaaS kits allow malicious actors, lacking these skills or time, to easily develop their own ransomware variants that can be up and running quickly and affordably. Such RaaS kits are easy to find on the dark web. A RaaS kit may include 24/7 support, bundled offers, user reviews, forums, and other features identical to those offered by legitimate SaaS providers. The price of RaaS kits ranges from $40 per month to several thousand dollars – trivial amounts, considering that the average ransom demand in Q3 2020 was $234,000.

A threat actor doesn’t need every attack to be successful in order to become rich. RaaS is big business, with total ransomware revenues in 2020 of around $20 billion—up from $11.5 billion in 2019.

Clearly, ransomware incidents are not going away any time soon. In fact, they are accelerating. It is vital to create a digitally resilient institution that can absorb the impact yet not be crippled by the attack, in order to recover quickly without significantly impacting students, faculty, and research. Digital resilience represents the ability to continue to operate through an impairment and stay in business while minimizing institutional harm, reputational damage, and financial loss.

Resilient organizations:

  • know their networks and data
  • set targets, measurements, and goals for cybersecurity
  • employ best practices in change management
  • prioritize risks and intelligence for better decision-making
  • respond rapidly to incidents while maintaining operational readiness, reducing the risk of data loss, and preventing additional harm

Given this “new normal,” what attributes should you consider when selecting a partner to help you minimize your risk and create a ransomware playbook to maintain resilience?

Not all cybersecurity services are created equal. Consider this checklist as one way to evaluate cybersecurity partners:

1. As the old adage says, “You cannot determine where you are going until you know where you are.”

Select a partner that is able to baseline and assess your current information security program. Typically, reputable cybersecurity services begin with a detailed policy assessment AND vulnerability assessment. What do we mean by that? A policy assessment analyzes your organization’s cybersecurity controls and its ability to remediate vulnerabilities. These risk assessments should be conducted within the context of your organization’s objectives, rather than in the form of a checklist as you would for a cybersecurity audit.

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates whether the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and when needed.

Any cybersecurity service that doesn’t include both assessments will leave your institution exposed and more vulnerable to ransomware attacks. Vulnerability scans are like a photograph and show a snapshot in time, and that picture can change daily. Therefore, vulnerability scans should be provided continuously (e.g., daily, weekly or monthly).

2. Ask your cybersecurity partner…

…how they will assist in improving cyber hygiene in the form of patch management, to prevent ransomware attacks from having an access point into your network.

3. Hire a partner to help you create and routinely update your risk register in cooperation with your Board and Office of Risk Management.

Access control and governance issues must be scrutinized by all involved parties. Cybersecurity risk management is comparable to other forms of risk management and is therefore a Board-level issue. For example, did you know an institution can lose access to federal financial aid if it’s found to be out of compliance with national standards, such as National Institute of Standards and Technology (NIST) 800-171?

4. Find a partner who will assist your institution in creating your unique ransomware incident response playbook.

Think of this as your ransomware crisis plan. Off-the-shelf playbooks are fine for understanding concepts, but since your organization’s network architecture, data, and faculty requirements are unique, your institution needs a customized playbook handy should the need arise.

5. Ensure your vendor partner performs or arranges for an annual third-party penetration test.

This “pen test” includes scanning your network for weaknesses and, optionally, attempting to exploit any vulnerabilities that can enable attackers to gain entry. This is critical as new vulnerabilities are discovered every day, and what was thought to be secure may no longer be.

6. An effective partner will audit your security controls against relevant cybersecurity frameworks…

…like TAC § 202 or NIST 800-53 R5, in addition to your state-specific frameworks that may govern data security. This is a regulatory environment that is constantly changing, and your partner should proactively provide you with compliance requirements and discrepancies.

7. Partner with cyber staff who routinely communicate with governmental and law enforcement agencies…

…to provide relevant alerts and trends to your CIO for remediation.

8. Every capable vendor should also be auditing your organization randomly…

…to confirm its compliance with your cybersecurity plan.

“Organizations face a clear and present danger, but the more salient truth is that boards and C-Suite leaders face a clear and present certainty since they bear liability for the failure.” Digital Resilience: Is Your Company Ready for the Next Cyber Threat? Ray Rothrock, 2018.


Via the E&I Columbia Advisory Group (CAG) contract, CAG is available to assist your institution with cybersecurity services, audits, planning, and to help with your ransomware incident response playbook.