Cyber Security Questions & Answers
We surveyed our clients and these were the top questions they had for us in Cyber Security
Or Jump To The Questions...
We all remember the first email we received from a entity we have never messaged or heard of before offering us a ridiculous sum of money or prize in exchange for paying a small amount of taxes, clicking on random links, and downloading files. Needless to say, the online threat landscape has evolved into a much more sophisticated, global issue, affecting people and companies of all shapes and sizes. If you are a client of the Millennium Group Computing then you have likely heard us speak on the importance of network security, and server coverage to help prevent an attack, as well as indemnify you after an attack.
It's important for business owners and entrepreneurs to understand the current threats that may affect their businesses. I’d like to give you more guidance on prevention, and what to do if you have accidentally clicked on/downloaded something.
​
After hearing our current clients questions and concerns regarding the increasingly sophisticated threat landscape, we have decided to venture out in even greater prevention and warn businesses and entrepreneurs of the target on their back. Tony DiDonato is owner of The Millennium Group Computing, a national leader in security and data protection solutions for various industries and businesses nationwide. He lives and breathes content security, networking application delivery, and data storage/disaster relief response, see his expertise below.
Q+A
What is the top cyber threat a business owner faces today?
The threat landscape is sophisticated and ever changing. New headlines pop up daily about the latest security breach or data theft. These attacks leave business owners scrambling to determine the best way to cost effectively keep their users, networks, and data safe.
Ransomware is top of mind with everyone today. In 2017 ransomware profits reached $1 billion... In 2024, ransomware attacks reached new financial impacts. The average extortion demand per ransomware attack was over USD 5.2 million, with some individual payments reaching up to USD 75 million. Overall, ransomware costs were estimated to be around USD 42 billion for the year.
Innovative, entrepreneurial criminals who look to profit from infecting a victim are fueling this activity, using media such as email links, email attachments, website exploits, social media campaigns, compromised business applications, and USB drives for offline infection. Additionally, spear phishing and cyber fraud are rapidly becoming significant security threats. Countless individuals and organizations have unwittingly wired money, sent tax information, and emailed credentials to criminals who were impersonating their boss, colleague, or a trusted customer. These attacks are highly targeted and personalized. They work because they are built on trust and typically do not contain any malicious links or attachments that might get stopped with existing email security solutions. This latest attack takes an equally novel approach to effectively protect an organization.
Could you walk us through a recent real life scenario of how a business was hit with ransomware?
In November of 2023, the company we [now] service experienced a well-coordinated ransomware attack known as Black Cat. This attack infected hundreds of thousands of accounts, locally and the corporate environment alike. In a period of 48 hours, attackers managed to encrypt all the data stored on the company's hard drives with the promise of decrypting the data upon the receipt of a monetary payment via the e-currency platform Bitcoin. This attack targeted aging computer operating systems and exposed the vulnerabilities of using outdated software. This prompted the company to reach out to us and help to solve the issue of their ransom.
We’re are seeing a sharp increase in the number of attacks on Office 365. One is an Office 365 account compromise, or account takeover attacks, where attackers attempt to steal login credentials and gain access to launch attacks from within an organization. If the spear phishing attack is successful and the attacker is able to get control of the account, we’ve seen a few different scenarios for what happens next.
Attackers are getting smarter and are being patient for a while before making their move. First, the attackers can set up forwarding rules to observe the user’s communications patterns to use as leverage in future attacks such as ransomware. Another common scenario is where attackers use the compromised account to send messages to other employees inside the organization in an attempt to collect additional credentials or other sensitive information, or attempt to get a fake wire transfer sent to a fraudulent account.
Do smaller businesses face the same cyber risks as larger businesses?
Absolutely, smaller businesses face the same security risks as large enterprises, and often do so with fewer people and technology resources to appropriately handle. While the use of cloud applications and the internet as a whole has tremendously benefitted businesses looking to efficiently scale, it’s also leveled the playing field and created much easier access to business infrastructure through a multitude of threat vectors. The amount of information individuals make available to public online forums such as social media, and profiles combined with the readily available exploitation kits sold on the dark web, promise that anyone can instantly launch an attack without sophisticated coding.
How can my business avoid cyber threats like ransomware and phishing attacks?
At The Millennium Group, we recommend a layered approach in stopping advanced threats from reaching your employees and data – across every threat vector. For example:
​
Email remains the top business communications tool and, thus, one of the most easily exploitable areas. With ransomware and spear phishing on the rise, businesses must take steps to keep email secured. This includes a comprehensive security strategy designed to prevent ransomware attacks from infiltrating your network. Any effective strategy will include a plan for data protection and backup – particularly important with today’s rampant ransomware attacks and making sure you can easily and quickly recover without having to pay the ransom.
For the more targeted and personalized spear phishing attacks, businesses should look to solutions that leverage advanced technologies like artificial intelligence rather than rules-based detections. The Millennium Group Computings artificial intelligence engine learns organizations’ unique communications patterns to predict future attacks. Using AI, we’re able to identify and block real-time spear phishing attempts, offer domain fraud visibility and protection, and provide simulation training to high-risk individuals within the organization to protect against monetary and data fraud. We also offer free powerful detection tools to run scans across customer networks looking for vulnerabilities already lurking on your systems. Upon diagnosis, remediation tools are available from your dedicated staff member to secure the network and clean up the expressed threats.
Network
We advise implementing a cloud-ready next-generation firewall, designed to secure on-premises, cloud-hosted, SaaS-based, and mobile elements, as well as third-party applications. They enable secure network connections for your remote workers, improve site-to- site connectivity, and ensure secure, uninterrupted access to cloud-hosted applications.
Web
Web traffic requires web security gateways leveraging advanced threat protection to let you safely use online applications and tools without exposure to web-borne ransomware and other threats. Granular access policies give you maximum control, and powerful reporting tools provide total visibility.
Applications
Web applications secured via a web application firewall continuously monitor your outward-facing websites and applications. By automating security audit procedures, it can dramatically accelerate your application development cycles while removing risks.
The Millennium Group’s threat intelligence network includes massive amounts of diverse threat information giving us the most comprehensive view of the global threat landscape in the world. We’re able to leverage this intelligence to create actionable data that protects organizations from the most sophisticated security threats.
​
You Just Read Cyber News Questions and Answers From
The Millennium Group Computing
You might also like..
2024 Recap in Technology
From the rise of quantum computing to significant strides in artificial intelligence, this year has been marked by innovations that are reshaping industries and enhancing everyday life.
Free Business Analysis
Unlock the potential of your business with our 'Free Analysis' offer. Dive into a comprehensive evaluation of your technology and network security to identify opportunities for enhancement and protection.
