The major challenges businesses face when managing SAP ERP

Enterprises choose SAP because the product has the functionality they need for business operations. This is borne out in Software Review’s April 2021 Data Quadrant, which classifies SAP S/4HANA as a product innovator, thanks to its high ranking for product features and customer satisfaction. What keeps SAP S/4HANA from being classified as a Leader in Software Review’s April 2021 Data Quadrant is its fairly low rating for vendor experience and capabilities. 

This underscores an undeniable truth anyone who’s ever implemented an ERP system, like SAP S/4HANA (or SAP ECC previously), knows ERP functionality can only take you so far. Eventually, the capabilities of the implementer/service provider – whether that’s SAP or a third-party – have a significant effect on the success of the implementation. Here are five challenges we see most often in our work hosting instances of SAP S/4HANA: 

Challenge #1 – The instance of SAP is not customized for the enterprise

Just because you can customize an ERP application doesn’t mean it’s easy to do. This is especially true of a functional leader in the ERP space like SAP. In fact, the more customizable a solution is, the easier it is to misconfigure it, which can lead to application failures and IT security issues. And once configured, the system may need to be recalibrated to the needs of the business with every release of a new version or enhancement. 

Challenge #2 – SAP requires specific skills to architect, implement, and optimize

A mission-critical SAP business application will test every element of your IT from infrastructure, to application architecture, to cloud services, and beyond. It’s highly likely that your SAP implementation also includes other application dependencies, such as a third-party CRM or supply chain planning application, that will need to be accounted for during implementation and with every upgrade. 

Challenge #3 – SAP requires too many IT resources for day-to-day management

ERP systems have a lot of moving parts, and SAP S/4HANA is certainly no exception. Keeping up with the technical requirements of SAP S/4HANA can be a full-time job in itself. Then there are the day-to-day application requirements. For example, the very nature of the data housed in an ERP system makes it an attractive target for data thieves as well as other types of cyberattacks, including ransomware and Distributed Denial of Service (DDoS).  

Implementing patches as quickly as possible is one element of a defense-in-depth IT security strategy. Unfortunately, with so much on their plate, it’s easy for ERP systems administrators to delay patching while they’re handling “more immediate” challenges. 

Challenge #4 – Hardware obsolescence has an impact on SAP performance

Hardware plays a significant role in solution performance. Unfortunately for many enterprises, it’s challenging at best to gauge capacity requirements. They don’t want to tie up capital by overinvesting in hardware, but an IT team that’s stretched thin may not notice when SAP performance begins to degrade due to capacity issues. Just as detrimental to the business, your organization may not be able to scale up IT infrastructure fast enough to take advantage of a sudden, unexpected market opportunity. 

Challenge #5 – SAP doesn’t operate in a vacuum

When a mission-critical SAP system goes down, the company goes down. However, unplanned downtime isn’t always a function of the application or the vendor. It can be caused by the environment, such as when a provider loses connectivity, or an untested disaster recovery plan fails just when you need it. 

Managed SAP S/4HANA: The best of both worlds

At TierPoint, we have the skills and infrastructure to help you address all five of these challenges. We teamed up with NTT DATA Business Solutions, an SAP Global Platinum Partner, to provide an even deeper array of managed services for our enterprise customers. With the TierPoint and NTT DATA Business Solutions  Managed SAP S/4HANA solution, you’ll get: 

• A high-performing, secure private cloud environment
• Expert assistance implementing and configuring SAP to meet the needs of your business
• Ongoing monitoring of your SAP environment and instances to ensure optimal performance and availability 
• IT architectural expertise and regular hardware refreshes so you don’t need to worry about hardware-induced performance issues
• Day-to-day management of your SAP environment and instances (e.g., patching, updating, maintenance) so you can focus on more strategic IT initiatives 

To learn more about how our Managed SAP offerings can help your IT organization, reach out to one of our service representatives.

Almost all organizations today depend on their data backups, software, and the internet to conduct business. When those resources are unavailable, business grinds to a halt. Smart CIOs have disaster recovery and business continuity strategies and plan to quickly move business operations to a colocation data center during a disaster.

Colocation is safer by design

Colocation has become more popular as concerns over cyberattacks and climate change have grown. CEOs and CIOs want to achieve IT resilience, so their companies can continue to operate despite disruptions. IDC defines IT resilience as “the ability to protect data during planned disruptive events, effectively react to unplanned events, and accelerate data-oriented business initiatives.”

Colocation helps ensure IT resilience by providing disaster-resistant infrastructure and redundant IT systems, power, and networking. Many state-of-the-art colocation data centers also provide a backup workspace for customers impacted by a disaster.

Severe weather events and other disasters cost $155 billion globally in 2018. Likewise, cybercrime will cost the world $6 trillion annually by the end of 2021.

Moving a company’s primary IT equipment or data storage systems to a colocation facility is an attractive option for CIOs concerned about data loss and downtime. It reduces the need to invest CAPEX or financial resources to build, staff, and maintain an on-premises data center.

Having a colocation partner that is experienced in disaster preparedness can be a relief when a major event happens. Just ask Sam Bayer, CEO of Corevist, an eCommerce platform provider for manufacturers. Located in Raleigh, NC, the company has weathered several major storms in the past few years.

“Hurricanes in the area cause us and our customers a lot of stress,” noted Bayer.

When Hurricane Florence (a Category 4 storm) came ashore in 2018, Bayer was able to reassure customers that the IT systems were safe and secure in TierPoint’s Raleigh data center.

“We had confidence because [TierPoint’s people] were managing the situation,” said Bayer.

In fact, Corevist suffered no downtime at all, despite the storm causing $17 billion in damage elsewhere in the state.

3 reasons colocation is an effective disaster recovery solution

The biggest benefits of colocation for a disaster recovery strategy are:

Cost

For many businesses, maintaining an on-premises to manage data and applications can be expensive (think: internet connectivity, network equipment, real estate, power, etc.) One of the great advantages of colocation is that it allows multiple businesses to share in the cost of facility maintenance and operations.

Physical resilience

A colocation facility will be much better equipped to protect IT systems and data in a natural disaster than the average company can afford to be. It should also have redundancy built throughout the IT infrastructure. Read more about modern data center infrastructure must-haves. Depending on your geographic region, look for evidence it is built to withstand local disasters, such as a Category 4 or 5 hurricane and EF4 or 5 tornadoes.

The provider should be certified on IT industry standards such as:

• ISO 22301, an international standard for business continuity management for natural and man-made disasters, environmental accidents, and technology failures.
• The Uptime Institute’s Tier certifications for Tier IV-fault tolerant site infrastructure or Tier III-concurrently maintainable site infrastructure
• Trusted Site Infrastructure (TSI) – a list of requirements on ten different areas of a data center including areas such as environment, construction, fire-handling, security, cabling, energy, air, organization, and documentation.

Advanced security

Good colocation data centers have advanced security features. Physical security should include 24-hour electronic monitoring with onsite staff, locked cages for customer equipment, and access controlled by two-factor authentication. Two security standards that providers should meet are:

• The Center for Internet Security best practices on privacy and security.
• ISO 27001 — Information Security Management System (ISMS) for managing sensitive company information.

A colocation provider may also offer managed security services to protect against large-scale cybersecurity attacks. Managed security services can help IT departments stop cyberattacks before they do major damage to prevent and mitigate threats.

Improve your resilience against disasters

IT resilience is a critical factor in business success. Downtime can cost a company lost revenues as well as loss of customer trust and damage to the brand image. IT resilience and business continuity are driving businesses to colocation services as a key element of their disaster recovery plan.

Originally published in March 2019, this post was updated on June 1, 2021, to reflect changes in stats and to add more information on colocation and disaster recovery trends.

Where do I start?

My role requires me to keep an eye on the ever-changing cybersecurity threat landscape. Every night I go to bed reading about new attack vectors, and every morning I wake up to new threat feeds from Israel and the Department of Defense. There are a lot of things that could keep me up at night – if I let them. Read my recent Forbes Tech Council article to understand how conquering fear is vital to a successful IT strategy.

In this post, I’ll share my greatest cybersecurity threat concerns as well as some of the things that I think are less of an issue.

The cybersecurity threats I worry about

Might as well get the bad news out of the way. My greatest concerns have to do with bots and layer 7 application attacks. There are a couple of reasons for this.

The first is that there are a lot of bad bots out there, and they’re getting more sophisticated. First generation bots were designed to perform a single function such as scraping websites for information or filling out forms. These bots are still around, but they’re pretty easy to stop with validation procedures like identifying the text in a graphic and retyping it or just clicking a box to confirm that the user is human.

Also read: Forbes – Can 5G Networks Stand Up To 4th-Gen Bots?

Over the years, successive generations of bots have gotten even more sophisticated. Third generation bots are capable of operating in full browser mode, so they can perform the same functions as a human user. You can stop most of these bots with a good Web Application Firewall (WAF) because, while they pretended to be human, they didn’t quite act human.

We are on the precipice of a new generation of bots that is capable of mimicking even the randomness of human behavior. Stopping these bots is going to require an even more sophisticated next generation of good bots. Researchers are working on them. Let’s hope they can work fast enough.

The second reason bots and layer 7 attacks are my greatest concern has to do with the unfair advantage the bad guys (or bots) have in this fight. A hacker can launch a bot attack against your systems and make millions of attempts to gain access. Even if they fail, they can overwhelm your systems in a denial of service (DDoS) style attack. And, to reach their ultimate goal – gaining access to your systems, they only need one correct guess. Given the sorry state of password management protocols in many organizations, this is easier than it sounds.

As an IT Security professional, there isn’t a lot you can do about the evolution of bots other than ensure your internal processes are sound. For example, performing regular vulnerability scans can tell you where your greatest weaknesses are given the current exploits. Follow up network penetration testing can also tell you how severe the vulnerability is. This allows you to focus your efforts on the greatest threats to your business.

You can also mitigate your risks by keeping applications and systems up to date. Hackers watch for patch announcements, knowing that a large percentage of organizations won’t implement a patch right away. The announcements tell them which vulnerabilities they’re most likely to be successful exploiting.

The cybersecurity threats I don’t lose sleep over

The good news is that there are a number of things I don’t lose sleep over. Okay, I still lose some sleep over these things, but not as much as some of my peers in this industry.

Securing the server

This is an area where my philosophy differs from a lot of my peers. Many of the CSOs I talk to focus their investments on securing their servers from attack. If they can do that, they argue, why spend any money on securing the edge?

My philosophy is the opposite. The less I need to worry about a bad actor getting into a server in my data center, the better I sleep. At TierPoint, we invest in robust next-generation firewalls, WAFs, DDoS mitigation, etc., with the strategy of blocking 99% of malicious traffic before it gets to our clients’ servers.

That said, we still need to protect the server. Since no server is 100% secure, we follow what’s called a defense in-depth model in which we deploy multiple tools that work in different ways and at different layers.

Whose tools I use

Speaking of tools, I’d estimate that 99% of the calls I get are from IT security salespeople telling me their company has developed the best tool on the market, and if they could only get 30 minutes of my time, they’d be able to convince me that their tool is better than everyone else’s.

Maybe they’re right, but I could invest millions in today’s tools with no guarantee that my infrastructure will be secure. The tools I used ten years ago don’t even exist now. We use tools, of course, but I really push my team not to get too focused on the name brand of the tool. Just keep adopting tools that best fit our security profile and objectives.

Drive-by hackers

Given our current cultural climate, many people are talking about the dangers of hacktivists, i.e., hackers looking to spread their ideology through targeting organizations they see as “the enemy.” Sometimes, these hackers don’t have an identifiable ideology per se, so much as they’re looking to create chaos.

While these hacker types exist, they aren’t well-funded, and the tools on the market today are pretty good at defending against this type of attacker. I am much more concerned about attacks launched by nation states with virtually unlimited resources whose sole goal is to undermine our institutions and economy.

State-sponsored cyber attacks

Given that last statement, it may seem odd for me to include state-sponsored cyber attacks on my list of things that don’t keep me up at night. And, I’d be lying if I said I didn’t occasionally lose sleep over these guys, but I’m pretty confident in the perimeter we’ve established around our systems and those belonging to our clients.

One of the tactics we’ve deployed is to collaborate with partners around the world. We’ve developed tools that allow us to geo-locate attacks on critical infrastructure so we can tell whether they’re coming from China, Ukraine, Russia, etc. If we see attack traffic coming from China, we can work with our partners to block it in Europe before the exchange hands the bad traffic over to the U.S. and our data centers. We can do the same thing for our partners, blocking malicious traffic from the U.S.

What cybersecurity threats concern you?

As a managed security provider, we help businesses address their biggest cloud and security concerns with our secure, reliable, connected IT infrastructure solutions and a nationwide network of 40+ data centers. Contact us today for more information on how we can help you get a good night’s sleep by securing your systems and data.

The value managed services providers offer for SaaS applications

Here are the six ways managed services are driving SaaS company success.

1. Enable multicloud environments

There are any number of reasons why a SaaS company might leverage multiple cloud types for its applications. One of the most common is to ensure the resiliency of their applications and services. Many SaaS companies house their data in a hosted private cloud and then leverage AWS or Azure as a backup solution.

Other times, there are various functions in your applications that may work better in one cloud environment than another. Or you may have pockets of customers that have a strong preference. For example, your government sector customers might prefer Azure while the pharmaceutical companies you serve might prefer a robust private cloud.

Just because your staff knows one type of cloud environment does not make them an expert across the cloud. You could hire additional staff to manage your various cloud environments. Or, you could work with a managed cloud provider to fill in the gaps.

Also read: The Four Pillars of Provider Multicloud Management

2. Help to lower costs

The most obvious way a multicloud managed service provider can help lower costs is by allowing you to get rid of the overhead of maintaining an on-premises or private data center. This includes the cost of the building and all that entails (security, HVAC, rent, energy, etc.). It includes the cost of the hardware (regular refreshes and maintenance). And it includes the cost of the personnel required to run the data center (IT, janitorial services, security, etc.). All in all, a private data center is a pretty expensive proposition.

But outsourcing your data center needs to a managed service provider can also help you spot overspending in the cloud. It’s not uncommon for a SaaS company’s developers to spin up a cloud environment to use for development purposes – and then forget to spin that instance down again when it’s no longer needed. These resources then sit idle even though you’re still paying for them.

Poor utilization of resources can happen for other reasons as well, but with so much on their plate already, many IT departments in SaaS companies find they don’t have time to keep an eye on infrastructure utilization the way they should. A managed service provider can keep an eye on utilization rates and identify underutilized cloud resources.

3. Ensure SaaS application compliance

By definition, SaaS companies are responsible for the handling and storage of their customer’s data. Sometimes that data is covered by an existing regulation such as PCI DSS (retail), FERPA (education), HIPAA (healthcare), etc. At other times, the information is simply personal and not something the user would want listed on the dark web.

According to McAfee’s Cloud Adoption & Risk Report, enterprises have an average of 14 misconfigured cloud infrastructure and platform instances running at any one time. Most notably, 5.5% of all AWS S3 buckets used to store data are misconfigured, making the data they contain publicly accessible. Whether anyone sees the data or not, this is a compliance violation that can lead to some pretty hefty fines in many regulated industries.

4. Power SaaS system security

The internet is filled with bad actors with malicious intent, but not all of these actors are human. We’ve seen a progression from first-generation bots that were designed to perform functions like scraping websites for information or filling out forms to fourth generation bots that can mimic human behavior.

These bots are capable of more than just stealing data. They can encrypt your customer’s data and demand payment, usually in bitcoin, in an attack known as ransomware. According to CyberEdge Group’s 2020 Cyberthreat Defense Report, 62% of organizations were victimized by ransomware last year, up from 56% in 2018 and 55% in 2017. The same report found that of those that paid the ransom, only 67% were able to recover their data. This type of attack can destroy a SaaS company’s reputation.

Bad bots can also overwhelm your systems in a Distributed Denial of Service (DDoS) attack. This is just as bad for the SaaS company because the end result is similar. Your customers can’t access their applications and data.

It’s hard for many SaaS companies to keep up with the latest threats. Because companies like TierPoint are in the business of IT security, we can afford to stay abreast of the latest threats as well as tools and strategies to combat them. We can help keep your systems secure and your customer’s data safe.

5. Make the IT staff more agile

If your business is software, not infrastructure, you’re probably already asking your IT staff to wear a lot of hats. Chances are, you could sit down and list at least a dozen IT-related tasks and responsibilities that take you away from your core business: providing great apps and superior service to your customers. Outsourcing these tasks and responsibilities to a qualified managed service provider can free up time, allowing you to focus on the things that move the business forward.

6. Improve up-time

I’ve already alluded to many of the ways that a managed multicloud provider can improve up-time. By managing the security of your environment, you can limit your risk of downtime due to ransomware, DDoS, and other cyber threats. A managed service provider can design a well-architected disaster recovery strategy that minimizes downtime and data loss in the event of a disaster. A managed services provider can keep a watchful eye on your environment and identify potential issues, such as over utilization of resources or malfunctions in the system, that can affect up-time and performance.

We can help you manage your cloud applications

Whether you’re adopting multiple cloud platforms, improving the security and compliance of your environment, looking to save on facility costs, or just looking to free your IT staff from day to day management of your cloud environment, a provider can help your business gain the competitive edge. As a managed services provider, we can help. We operate over 40 data centers across the U.S. and offer cloud, colocation, security, network and disaster recovery solutions that work for your business. Contact us today to see how we can help you address your IT challenges.

What are Bots?

Bots are pieces of code used to perform repetitive tasks faster and more effectively than humans. Also called web crawlers and spiders, they’ve been around pretty much since the internet began. For example, search engine bots continually search the web for new information, evaluating and indexing it so relevant information can be served up to users.

Bots can also be instrumental in the functioning of your internal systems. For example, ever-more sophisticated bots are being used to automate tasks such as spinning up and spinning down resources as the needs of the business chance. Bots like these are vital to maintaining performance and controlling costs.

But as the good bots have become more sophisticated, so have the bad bots. To understand this progression, let’s take a look at how bad bots have evolved over the years.

The Four Generations of Bots

Many IT security professionals separate the evolution of bots into four generations. However, it’s important to understand that while bots have evolved, many older generations are still around and can do damage to your systems if the proper defenses are not in place.

First-generation bots

These are single-task bots that perform functions such as scraping websites for information or filling out forms. Because these bots are pretty simple-minded, defending your systems against them isn’t all that complex. For instance, they can’t do things like affirming that they are not a robot, identifying the text in a graphic and retyping it, or clicking on all the images that contain a street sign, usually in a CAPTCHA.

Second-generation bots

The next generation of bots operate in a “headless browser” mode. That is, they can execute JavaScript and maintain cookies (something first-gen bots cannot do), to automate control of a website. In addition to the scraping and other types of attacks performed by first-gen bots, second-gen bots are also used to execute DDoS (Distributed Denial of Service) attacks.

Effectively stopping these bots requires other bots that can sniff out suspicious-looking activity and block it. Because of the good bot’s ability to recognize patterns faster and better than humans, they can do the job more efficiently and far more cost-effectively than an army of IT specialists.

You may also like: The Increased Role of Artificial Intelligence in Data Security

Third-generation bots

These bots are capable of operating in full browser mode and can perform the same functions as a human. They’re used to launch attacks similar to those launched with bots in generations one and two, but because third-gen bots are more sophisticated, they are more difficult to detect and block.

Luckily, while they can perform the same functions as a human, they don’t perform them in the same way. (Who knew our random approach to tasks would be a good thing?) However, the bots needed to detect this generation of bots also need to be more sophisticated with the ability to distinguish actual human behavior from simulated human behavior.

Fourth-generation bots

Cybercriminals are now beginning to produce bots that can mimic the random movement of a human, making them even harder to detect and block. The only defense against this generation of bots is going to be even smarter bots, with the ability to sniff out even the slightest hint of non-random movement. Unfortunately, this is likely to lead to many real users being identified as bots, so vendors will need to find ways to help organizations minimize customer service issues while protecting customer data. This also opens new technologies, like 5G networks, to 4^th gen bot attacks.

What you can do about bot attacks

Today, about half of all internet traffic is generated by bots, and about 20% of that is estimated to be malicious bot traffic. The first percentage will certainly go up as more and more of our daily internet-related tasks are automated. It remains to be seen whether the percentage of traffic from bad bots will go up right along with it.

But even if the ratio remains relatively consistent, next-generation cybersecurity tools (like DDoS Mitigation services and Web Application Firewalls) will need to be able to tell humans from bots and good bots from bad so that information continues to flow freely. Want to learn more about these tools? Contact us today.

In a recent article for Forbes, I looked at the risks 4G bots present to 5G networks and the advancements that are being made in cybersecurity. You can find the article here: Can 5G Networks Stand Up to 4^th Gen Bots?

Top cybersecurity threats to look out for this holiday shopping season

Phishing attempts via email

Phishing, the sending of an email under false pretenses designed to get the recipient to do something such as open an attachment or click on a file, should be top of mind for security experts. It’s one of the primary ways cybercriminals carry out their schemes, from malware injections, to stealing credentials, to DDoS attacks.

According to Symantec’s 2019 Internet Security Threat Report, almost one in every 400 emails is malicious. The average office worker may receive a hundred or more emails a day. So, chances are good that every single one of your employees will receive at least one malicious email sometime this week. If they’ve been visiting shopping sites more than usual (even on their personal devices connected to your network), perhaps even providing their work email address to receive a coupon or get a deal, that rate is only going to go up.

To stress how important it is to control this attack vector, bear in mind that as much as 92.4% of malware is distributed via email. (Verizon) That’s because it works. A 2018 research project which simulated phishing attempts found that 62% of campaigns captured at least one set of credentials. Unfortunately, this level of success wasn’t because of a single uninformed employee skewing the results. Almost a quarter of recipients clicked on the phishing links, and half of them entered credentials into a fake web site. (Duo)

Fake emails that include ransomware too

According to one recent study, 75% of verified phishing emails involved credentials phishing schemes. (CoFense) But, perhaps more worrisome this year is the potential for ransomware attacks.

In a ransomware/phishing attack, the recipient either opens an infected attachment or visits an infected website. Once the malware is on their system, its first goal is to spread throughout the network. Once in, it encrypts the organization’s data. These two actions don’t always happen in rapid succession. Ransomware code can stay dormant until triggered by the attackers or a specific event.

The attackers promise to turn over the encryption key once the company pays the ransom. ZDNet reports that about 96% of the time, this works, so it’s no surprise that so many companies take this route despite the FBI’s warning that it just encourages more ransomware attacks.

Ransomware attackers also know to attack organizations with the most to lose. Right now, their two favorite targets seem to be healthcare organizations and government entities, especially city governments. But, as the holiday shopping season comes closer, they’ll have their pick of desperate targets, e.g., the small manufacturer, distributor, or retailer that does most of their business from November through December.

In Q1 2019, the average ransom was just over $12K, so it’s easy to understand why so many businesses pay. That’s a drop in the bucket compared to the cost of losing access to systems for days, if not weeks. But, as previously mentioned, successful attacks simply breed more attacks. Cybersecurity Ventures predicts that there will be a ransomware attack on businesses every 14 seconds by the end of 2019 and every 11 seconds by 2021. (Cybercrime Magazine)

One of the trends that has cybersecurity experts most concerned is the availability of ransomware for hire. Using these services, a disgruntled customer, employee, or just someone with an axe to grind can carry out a ransomware attack with no technical knowledge. Some illegal operations are so sophisticated they even offer help desk support for their customers.

DDoS attacks on eCommerce sites & critical systems

Like ransomware, a Distributed Denial of Service (DDoS) attack cripples the business with the intent of extorting money. Cybercriminals are now combing the two into a type of attack called a Ransom Distributed Denial of Service attack (RDDoS). In an RDDoS, attackers use bots to flood a company’s website or servers with more traffic than they are designed to handle, crippling the organization’s website or systems. Then, they demand a ransom to call off the attack.

This year, 56% of shoppers expect to do at least some of their holiday shopping online. (National Retail Federation) This includes shopping at local retailers. In the same NRF study, 48% said they would buy online and pick up in store. Many local and regional retailers rely on the business their ecommerce site brings in over the holidays, making them more likely to pay a small ransom than risk losing sales.

Site sabotage

In another variation on the DDoS attack, some cybercriminals are using bots to sabotage retail sites. These bots fill carts and lock up inventory – all with the purpose of sabotaging their competition and stifling that brand’s ecommerce sales during the attack. The ecommerce site appears to have no inventory remaining, allowing the competition to charge higher prices and appear more appealing to search engines and shoppers.

Bot traffic to ecommerce sites continues to rise, and bad bot traffic is rising faster than good bot traffic. (A good bot might be simply comparing prices, whereas a bad bot has malicious intent.) In 2017, bad bots accounted for 21.8 percent of all website traffic, a 9.5 percent increase over the previous year. (Retail Insider) As with ransomware, non-technical users can launch DDoS, RDDoS, and Site Sabotage attacks by hiring bot services on the dark web.

4 ways to curb cybercrime during the Holiday shopping season

Recovery from a cyberattack is never simple. For example, even if paying the ransom nets the encryption key, a ransomware incident still puts an incredible strain on the business. At the very least, there’s always going to be some downtime as the organization decides how to respond and then puts that plan into action. And while ransomware isn’t data theft per se, there’s always the chance that data can be destroyed by the attack.

To prevent ransomware or other cyberattacks from ruining your holiday season, here are four actions you should take right away:

1. Educate your employees

More than half of all security breaches are the result of human error. (Disaster Recovery Journal) If you haven’t conducted a recent refresher on cybersecurity protocols for employees, schedule one ASAP. They need to understand the dangers and how to spot a suspected phishing scheme. (No, that isn’t the CEO asking you to buy 20 Google Play gift cards on his behalf.)

2. Install email security filters

In 2018, one in every 3207 emails was a phishing attack, and 7.8% of URLs included in emails were malicious. Email attachments also remain a popular attack vector, with Microsoft Office files accounting for 48% of malicious attachments. (Symantec) With this sort of onslaught, educating employees can only get you so far. From spam to malware, email security filters can prevent malicious emails from getting through to your employees.

3. Review your WAF implementation

With so many attacks on websites and ecommerce sites this holiday season, all businesses need a WAF, or Web Application Firewall. A WAF stands between the internet and your internal systems, detecting and quarantining potentially malicious traffic. Unfortunately, only 57% of businesses say they’ve deployed a WAF. (NGINX)

If you already have a WAF, it’s equally important to review your implementation regularly to ensure it is up to date and providing the coverage you need. For example, since DDoS, RDDoS, and Site Sabotage attacks are executed by malicious bots, you need the good bots found in mitigation tools to mount a proper defense. Like watchdogs for your systems, these tools sniff out incoming traffic and filter out anything that looks suspicious. WAF vendors continue to enhance their bot technology to address the latest threats.

4. Create a security plan

A comprehensive security plan includes three main components.

• A security policy outlines the organization’s IT security threats and objectives and provides guidance to employees on expectations.
• A security framework specifies how systems will be kept secure. Many organizations leverage the NIST Special Publication 800 Series when creating their framework. Designed to support the security and privacy requirements of the U.S. federal government, this framework provides a comprehensive foundation for businesses across industries.
• An incident response plan will help everyone (IT professionals as well as those in non-IT-related roles) know what to do in the event of a cyberattack, speeding time-to-remediation and lessening the damage to your systems, reputation, and bottom line. Unfortunately, a 2018 study found that only 23% of organizations have a cybersecurity incident response plan that is consistently applied across the enterprise. (Ponemon/IBM)

Finally, remember that every aspect of your security plan should be documented and tested regularly to ensure that it works as designed in the event of an actual attack.

Don’t Let Your Holiday Season Become a Total Disaster

Knowing how you’ll recover your systems and data is a vital part of any incident response plan. Even if you have a disaster recovery plan in place already, it’s important to revisit it every year. Perhaps there’s no better time than right before your busiest time of year. Read: 10 Steps to Write a Better Disaster Recovery Plan.

One aspect to consider is whether your recovery objectives still meet your needs. Perhaps you first put the plan together during the slow summer months when the business could handle a few extra minutes of downtime. However, now that your busy season is fast approaching, you’ve realized that every minute could cost you tens of thousands of dollars.

Cloud-based disaster recovery is one way to address the variability in needs. Depending on the needs of the workload, you might set up a temporary failover site in AWS or Azure. One of the greatest advantages to this approach is cost. You’re not paying for duplicate resources you never use, and it’s easy to spin down resources you no longer need.

Cloud-based disaster recovery is also relatively quick to set up, especially if you know what you’re doing. We’ve helped hundreds of customers strengthen their resiliency with disaster recovery solutions.

Cybersecurity solutions to help you protect your business

As an IT security services provider, we specialize in the development, implementation and management of comprehensive IT security strategies. Contact us today to learn more and see how we can help you.

You May Be Also Interested In

Holiday Shopping Season Leads to Increased Cybercrime

In this interview, Dustin gives us some background on what a web application firewall (WAF) is, what types of applications a WAF protects, and the types of attacks a WAF blocks.

What is a web application firewall?

Interviewer: In your own words, can you explain to us what is a web application firewall?

Dustin: A web application firewall, or WAF, protects your web applications by inspecting HTTP and HTTPS traffic for indications of malicious activity. A WAF is specifically designed to block web application attacks such as cross-site scripting attacks, SQL injection, cross-site request forgeries, and other vulnerabilities as outlined in the OWASP Top 10 and other security frameworks. Basically, a WAF is a hardware appliance or cloud solution that sits in the middle of your web traffic and provides a level of inspection and protection.

Interviewer: How does a WAF do that? What are the parts of a web application firewall?

Dustin: A typical WAF deployment would consist of these six components:

1. A reverse proxy for inspecting SSL and non-SSL traffic. This server sits between the user’s browser and your server infrastructure. It decrypts and encrypts all HTTPS traffic so the traffic can be inspected, and it controls network traffic destined for the web application.
2. A security engine that inspects, analyzes and takes action on the traffic.
3. A signature database, which is built into the web application firewall and can identify known attack techniques and vulnerabilities
4. An IP reputation database, which recognizes IP addresses associated with bots and malicious activities
5. A rule management interface where you can tune your WAF, fix false positive blocks, and apply new security rules
6. A reporting interface where you can pull reports on attacks, including what was allowed or blocked, and get statistics about attacks

What types of applications can a WAF protect?

Interviewer: What are the typical applications that can be protected by a web application firewall?

Dustin: Any web application has a use case for a web application firewall. In the past, enterprises focused on protecting only their most important applications with a WAF, but in today’s security landscape, it makes sense to put a WAF in front of every web application. Even though a marketing website might not contain valuable intellectual property or data that could be breached, it could be used by someone for drive-by downloads, that is, to distribute malware to your customers. Or someone could deface the website to damage your brand.

A content management system such as WordPress, which has plugins that aren’t as well maintained as the core code, has a larger attack surface. Those plugins could be exploited, and a web application firewall is a big help in mitigating the threats.

Other types of web applications, such as enterprise portals, Software as a Service (SaaS)-based applications, and application programming interfaces (APIs) all need to be protected. It’s simply a good idea, an IT security best practice, to put a WAF in front of anything on the internet that you are using for business purposes.

What types of attacks can a WAF block?

Interviewer: What kind of attacks are pushing the need for web application firewalls?

Dustin: As a web application firewall administrator, I’ve observed that attacks are becoming more complex, and traditional mitigation techniques are no longer effective. That’s driving the need for web application firewalls and good WAF vendors. Low and slow attacks and other attacks that slip under the radar are good examples. Such attacks can be incredibly low bandwidth, they don’t create a lot of noise, and so they can easily slip through the cracks without a WAF.

Another type of attack is denial of service. Bots using automated scripts are a huge part of application layer 7 denial of service attacks in this modern era. Threat actors harvest systems for use in their botnets to launch large distributed DoS attacks.

SQL injection, which is often enabled by simple programmatic mistakes, is one of the most dangerous forms of attack that a WAF can protect you from. If someone (or a bot) can use malicious SQL query language on your website to do an SQL injection attack, they could breach an entire database and dump all its data, which is a huge risk and negative outcome for any business.

Many types of legitimate processes are also used in attacks. For example, Selenium scripting: here a legitimate quality assurance process, a script that is used to QA a website, is used to conduct malicious activity against a web application. Or as another example, someone may load up an e-commerce shopping cart so full of items that they crash the database and exhaust the server. Or a bot may hammer a form to generate tons of spam or another malicious load.

All these are the types of attacks that a web application firewall is used to stop.

Interviewer: What’s the motivation behind web application attacks?

Dustin: Different threat actors have different motivations: hacktivism, organized crime and foreign government-sponsored activity, for example.

Let’s start with hacktivists. These are people who have a cause, who want to cause your organization pain or are trying to make a political statement. They might be out for blood because of something your company has done.

Some are in it for the money. If organized crime can get into your website, they can use your site to deliver malware as part of a larger breach campaign. In this case a user could come to your website, download malware without realizing it, and in this way the criminal organization gains a foothold in your customer’s network. Breaches in financial and healthcare sectors are lucrative.

Another motivation might be state-sponsored. Higher-end threat actors are engaged in advanced persistent threats (APT) sponsored by foreign governments. They might have a huge interest in an enterprise portal that contains proprietary information, intellectual property or product design information.

More on cybersecurity and web application firewalls

In the second part of this blog post Q&A series, we’ll take a look at who needs a WAF and why, and the challenges enterprises face in using web application firewalls.

Interested in learning more about cybersecurity? Read our Strategic Guide to IT Security. Are you ready to discuss your approach to protecting vital applications and data? Contact us.

Symantec’s 2019 Internet Security Threat Report says:

• Web attacks are up 56%
• Enterprise ransomware attacks are up 12%
• Mobile ransomware is up 33%

Many organizations are aware of the increasing threats, but don’t know how to prepare or respond. Just over half (53%) of the respondents to a study conducted by the Ponemon Institute in 2019 felt equipped to quickly detect a cyberattack. Even fewer (49%) felt equipped to quickly contain a cyberattack.

One of the challenges is the nature of the attacks. In a recent interview with TierPoint’s CSO, Paul Mazzucco, he estimated that 51% of the traffic on the internet is bot traffic and has described this as the ‘battle of the bots’. He goes on to explain how the good bots’ machine learning algorithms are competing with similar machine learning algorithms that the bad bots are using. Good bots are on defense – strengthening, protecting and updating the infrastructure, while bad bots are on offense – finding and exploiting weaknesses in that same infrastructure.

It can get very confusing. No wonder so many businesses can’t keep up. Nevertheless, failure to account for increased cybersecurity needs in your digital transformation budget can mean exposing your initiatives – and your company – to great risk.

Also read: How Edge Computing Amplifies Security Challenges (Data Center Knowledge)

Benefits of IT security strategies

To combat the cybersecurity threat, IT security needs to be a strategic initiative, and IT security leadership needs to be involved early in your digital transformation initiatives. Aside from the obvious – a strategy for protecting your data and applications – marrying IT security strategy with digital transformation has multiple benefits:

#1: Risk management

While your business leaders are busy dreaming up ways of transforming the business, they probably aren’t thinking deeply about the security risks. Contrary to how it may seem at times, your average IT security professional probably isn’t thrilled about coming in at the 11^th hour to explain why an idea would violate HIPAA, PCI, GDPR, or some other regulation. By involving them early in the discussions, they can help steer ideas toward solutions that won’t unnecessarily expose the business to risk.

#2: Roll out projects faster

With security issues already ironed out, projects can be implemented faster. In addition, your IT security professional can help ready your IT infrastructure for any increased demands the transformation initiative will place on it. TierPoint CSO, Paul Mazzucco says, “I can’t tell you how often we’ve heard of initiatives unnecessarily delayed because no one bothered to tell IT what was in the works until the last minute.”

#3: Decrease risk of failure

It can be tempting to launch a project without IT’s blessing, but with DDoS attacks and ransomware on the rise, it’s not a good idea. Nothing derails a digital transformation initiative quite like a cyberattack that shuts down your website or takes over your systems completely.

#4: Lower costs

As the above three benefits have already illustrated, involving IT security professionals early in your digital transformation means less backtracking. And, less backtracking means potentially lower costs.

The cost of remediation after a security event can also be monumental. Last year, the city of Atlanta was hit with a ransomware demand of $51K. That paled in comparison to the $2.6 million they paid to clean up the damage.

Need to revisit your IT security strategy?

To successfully digitally transform your business, you must have the right IT security strategy. Are you positioned to succeed? Organizations need to have a good understanding of the threat landscape and a plan to protect their vital data and applications. We understand that many businesses may seek expert help. As an IT security services provider, we specialize in development, implementation and management of comprehensive IT security strategies. Contact us today to learn more and see how we can help you.

You May Be Also Interested In

3 Ingredients for an effective IT Security Policy

Cyber criminals use a diverse mix of technologies and tactics. Many conventional attacks, such as phishing emails designed to trick users into sharing sensitive information, are still in use. Newer tactics include file-less malware, which is capable of evading anti-virus filters, making it extremely difficult to detect.

To help IT managers and business executives understand the variety of cybersecurity threats that their organizations face, we explain the different types of cyber attacks below.

Botnets

Botnets are networks of “bots,” or computers and devices that have been infected with botnet malware. Bots and botnets are remotely controlled by the cyber attacker, who may command the bots to send a flood or spam, malware, phishing emails or denial-of-service attacks to the target organization.  One of the best-known botnets, Mirai, knocked out internet service throughout the Eastern U.S. in 2016. Mirai had an estimated 100,000 infected internet-of-things (IoT) devices, which launched a denial-of-service attack on Manchester, NH-based internet service provider Dyn (now part of Oracle).

Botnet developers can easily infect unsecured IoT devices, such as security cameras, smart thermostats, medical devices and network routers. As there are currently 26+ billion IoT devices in use worldwide, with more than 75 billion projected by 2025, there is no shortage of material for botnet makers. .

Distributed Denial of Service (DDoS) attack

A denial-of-service (DoS) attack sends excessive amounts of traffic to a targeted web site or IT network with the aim of overwhelming the system. A distributed denial of service (DDoS) attack employs botnets of distributed PCs and IoT devices to flood a victim with junk traffic. A DDoS attack can last for minutes or–if the victim has poor cybersecurity defenses–for hours. In 2018, software development site GitHub was attacked by a flood of DDoS traffic that peaked at 1.35 Tbps of traffic. However, GitHub quickly rerouted incoming traffic to Akamai Prolexic, a traffic filtering service, which blocked the DDoS attack within a few minutes.

Also read: 5 Key Types of DDoS Attacks & How to Mitigate Them

Web application attacks

Web application attacks exploit vulnerabilities in web browsers and application components. They’re among the oldest of cyber attacks and remain popular with hackers. Symantec’s Internet Security Threat Report (ISTR) 2019 found 1 in 10 URLs to be malicious, up from one in 16 in 2017. A vulnerability in a web browser or application can enable a hacker to upload malware, execute code or even gain access to back end servers.

Many web browser attacks are script- or SQL-based. Two common ones are cross-site scripting and SQL injection. Both types take advantage of unsecured input fields on a web site to execute malicious code. The goal may be to infiltrate back-end systems or to infect the browsers of visitors to the web site.

With cross-site scripting, a hacker inputs a script into a contact or message form on a web site. When the recipient opens the message, the script executes. The goal might be to bypass access controls to the system, hijack the user’s session, post messages on their behalf, capture the user’s keystrokes or conduct other malicious activities.

A SQl injection attacks the database behind a web site by typing in malicious SQL code instead of the expected database query. Depending on the query input, an attacker might be able to delete the database, change data, access all usernames and passwords or take other unauthorized actions

Most recently, a web site attack called “form-jacking” has been targeting ecommerce sites. Form-jacking inserts malicious code into the check-out page, which enables the attacker to steal credit card information.

Hackers may also exploit the vulnerabilities of browser extensions or web application components to gain a foothold into an IT system. For example, a vulnerability in the Cisco WebEx Browser Extension reportedly allows  remote attackers to execute arbitrary code on an affected system. While these vulnerabilities are typically fixed in future updates or patches, an IT department may be slow to incorporate them, leaving the system vulnerable.

Multi-vector attacks

These attacks use a combination of several exploits. Typically, none of the exploits would, by themselves, catch the notice of an IT security application. But in a multi-vector attack, they can implant back doors into servers, copy data, create fake accounts and even take control of a system. Multi-vector attacks often employ trusted system tools to do their dirty work. For example, Windows PowerShell and Windows Management Instrumentation (WMI) are often used in multi-vector attacks because they are legitimate programs and their processes are rarely suspect.  (It’s no doubt for that reason that the use of malicious PowerShell scripts increased by 1,000 percent in 2018, according to the Symantec ISTR.)

A multi-vector attack might also have multiple goals, such as to plant malware, steal data and spread ransomware to other computers on the network.  Occasionally, one attack is used as a red herring to cover up another, more serious attack. A DDoS attack might distract an organization’s IT staff, so they don’t notice a hacker downloading data or planting malware.

Insider threats

Not all cyber attacks are done by outside hackers. Employees, contractors and business partners are also frequently guilty of cybersecurity breaches.  CA Technologies 2018 Insider Threat Report found that 53% of organizations experienced one or more insider attacks during the prior 12 months. An “insider” might be a disgruntled, former employee who sabotages a database or a contractor who steals a customer list.  Some insider threats are unintentional, due to ignorance or laziness. Sharing passwords, falling victim to phishing emails, visiting compromised web sites or working remotely over public WiFi are all non-malicious, but potentially damaging, insider threats.

How we could help you

Advanced cybersecurity technologies and services, such as those provided by TierPoint, can greatly improve an organization’s chances of stopping an attempted cyber attack before it can do any damage. Training employees and IT staff in cybersecurity best practices will also greatly help to reduce your organization’s odds of being hacked.

Cybersecurity is an ongoing effort that requires continuous updating of applications and security technologies to stay one step ahead of cyber attackers. IT departments that neglect to quickly install the latest security patches or to warn employees about new types of phishing emails are providing criminals with a significant advantage. Protecting applications and data from cyber attacks requires a combination of advanced IT security services and basic due diligence in security practices.

You May Be Also Interested In

The Future of Web Application Firewalls: AI, Clouds, and IoT

Unlike traditional firewalls which provide basic packet and URL filtering, Next-Generation firewalls have multiple security features such as network intrusion detection, malware filtering, website blocking, and web application protection. For the small- to mid-sized business that lacks the resources for an enterprise security solution, a Next-Generation firewall can provide all-in-one cybersecurity protection. For large enterprises, Next-Generation firewalls are valuable components of a comprehensive cybersecurity solution.

Unfortunately, some IT professionals fear that Next-Generation firewalls are too feature-rich for their needs or too sophisticated to deploy easily.  Instead, they make do with a traditional firewall or create a piecemeal solution out of standalone cybersecurity products.

That is a mistake, say cybersecurity experts Bob Pruett and Vincent Delbar.

The next step in the firewall services evolution

Pruett, field security solutions executive at SHI and Delbar, technical partner manager at Fortinet, spoke on Best Practices when Deploying Next Generation Firewalls. The webcast, moderated by Darren Carroll, director of products at TierPoint, explained the features of Next-Generation firewalls and the best practices for implementing them.

Today’s Next-Generation firewalls are easier to deploy and configure than earlier versions from several years ago. In addition, most provide the ability to activate the different security features as needed, so an organization can start with basic traffic monitoring and add capabilities when ready.

“For instance, once you see what kinds of web sites people are going to, you can start blocking certain categories or limiting certain kinds of applications,” explained Delbar.

Another benefit is the ability to monitor and manage all the cybersecurity features from one interface. That saves time and provides greater visibility into the overall threat status of the organization.

Next-Generation firewalls do all the things that traditional firewalls do–packet filtering, network and port address translation, URL filtering and stateful inspections—along with other, more advanced capabilities. These include:

• integrated intrusion detection and protection to identify and block attacks based on behavioral analysis or threat signatures.
• application awareness, which provides the ability to set policies that block ports or services on an application by application basis.
• identity awareness, which enables IT to manage users, groups and applications through customized, identity-based policies
• anti-malware protection, so that malware can be detected and blocked before it can enter the network

Watch the webinar,
“Harnessing Artificial Intelligence & Emerging Technologies for Data Security”,
to learn more about the next frontiers in attack mitigation.

Tools for next-gen firewall success

An example of an next-generation firewall is TierPoint’s CleanIP which has all the features above as well as several others. These include web application vulnerability patching and DDoS mitigation; content filtering to block web pages and e-mails that violate company policy; support for VPNs with multi-factor authentication, SSL inspection of encrypted content; regularly updated threat intelligence for IP reputation and malware signature filtering.

The ability to inspect encrypted content will be increasingly critical. Analysts estimate that 70 percent of malware will be encrypted by 2020. A firewall that lacks the ability to analyze encrypted traffic will soon be unable to detect the majority of malware.

Likewise, regularly updated threat intelligence for IP reputation and malware signature filtering is important as attackers routinely change their attacks to make them harder to detect. These new “zero day” attacks can only be identified and blocked by firewalls that are continuously updated with the latest threat signatures.

The bottom line is that most organizations would benefit from an Next-Generation firewall, which can fend off multiple types of cybersecurity threats and can be managed and monitored thorough a single interface. It’s a far easier solution than a piecemeal collection of standalone security products.

Watch our recent webinar, “Best Practices when Deploying Next Generation Firewalls”, with TierPoint’s Darren Carroll, SHI’s Bob Pruett, and Fortinet’s Vincent Delbar to learn more.