May 2021 Update From CEO

I previously wrote about the importance of Multifactor Authentication and critical need of deploying such technology to protect your business. This still is one of the most important technologies a business can utilize to defend against the constant and growing threats.

In light of the most recent attack on the Colonial gas pipeline, it is again another reminder of how vulnerable technology can be if companies do not take responsible actions to protect their assets.
In 2020 the rise in ransom demands increased by 60% with an average cost of $178,000, of which 1 out of every 4 companies paid to recover their data. This payment is in addition to the cost of remediation, downtime, reputation, and compliancy violations. In the end, some are left with no guarantees that the data would not be held hostage from being released on the Dark Web a second or third time. No longer is this something just big businesses must worry about. In fact, it is the complete opposite. As enterprise organizations pump billions of dollars into protecting their infrastructure, the hackers do not just go away. Instead, they move to softer targets with less security, and there are plenty of small businesses in the crosshairs. Over the past two years there has been an alarming number of small businesses that have been compromised and there are no signs of it slowing down.

Great Matt, “now what” you ask? The first step in stopping an attack from happening is to secure the perimeter as best you can with technology like Multifactor Authentication, VPN access, and employee training to name a few. But what happens when a breach gets past this first line of defense? For this, I will explain at a high level what a hacker’s timeline looks like and what they do when first gaining access to your network.

There are many ways for a bad actor to gain access to a network. Most common are phishing emails, insider threats or zero-day exploits. This is referred to as the Intrusion Stage. Once they gain basic access into the network, they move to the Enumeration Stage. During the Enumeration phase the hackers use their tradecraft to identify where they are, who’s network is this, where they can go, and whom do they need to pretend to be. These two phases can take weeks, months or in some cases years. All happening while the company is none the wiser. Now that the intruders have mapped out the network’s landscape using commonly available tools, they pounce. This is called the Lateral Spread Stage and it is when the compromise is in full gear. During Lateral Spread they do just that- spread throughout the network. They identify data to steal, establish persistence footholds, hunt down user accounts, and distribute malware. It is often a few weeks or months after this stage is completed when the company discovers a breach happened but at this point the intellectual property has been stolen, the network has been damaged, and most of the time, ransomware is deployed.

Is there a solution? In full disclosure, there is not one technology that is 100% effective against hackers, and what works now will likely not work at some future point. We are always at the disadvantage of playing the defensive role. Security should always be implemented in layers and the newest layer available is utilizing the expertise of a SOC (Security Operations Center). A SOC is a combination of advanced, intelligent software managed and monitored 24/7/365 by a team of experts that have only one job- to stop the threats in real time with an immediate and effective response. This combination of technology and services is specifically, with pinpoint accuracy, designed to identify the compromise at the start of the Enumeration Stage. It catches the intruders the moment they poke their heads up, to quickly detain and sever the connections, stopping the attack in its tracks with minimal damage.

I hope you found this article helpful to understand a little more about the anatomy of a hack and give you insight into what Pegasus feels is the new “must have” to protect your network from attacks that grow more sophisticated and common every day. If you would like to know more or see the technology in action, please contact our office.

-Matthew Tucker, CEO