COLORADO SPRINGS, Colo., April 15, 2020 /PRNewswire/ --
Dear Colleagues & Customers,
R9B owes much of its roots to the military and intelligence communities, where mission success is imperative. Overnight, we have seen COVID-19 upend all aspects of cybersecurity operations and introduce new vulnerabilities across the enterprise. Staying true to our history, R9B remains mission-focused in helping clients navigate these current and future challenges. As always, when it comes to protecting our customers' global networks, information and systems, failure is not an option.
First and foremost, we want you to know that our level of service and business continuity remains unchanged.
The fact that over 80% of employees have shifted to remote network access due to COVID-19 is not lost on cyber adversaries who eye this period of rapid transformation as an opportunity to exploit an expanded attack surface. They know IT and cybersecurity teams had little to no time to prepare for the dangers this crisis presented and will not hesitate to act if organizations fail to remain vigilant.
Times like these require a renewed commitment to the fundamentals of cybersecurity. It's not just about having the right tools, but also the right knowledge and experience to protect your organization and employees from new tactics and entry points. With that in mind, our team has assembled 8 Key Security Threats and Insights to consider with today's expanded remote workforce:
- VPN Is Not Absolute Security for Remote Work. Having a "VPN solution in place" does not address the security requirements of operating on untrusted or unknown networks. Tip: Require employees to apply security updates, update anti-malware applications, protect system credentials and be vigilant against COVID-19 social engineering activities.
- Spear Phishing. Malicious actors use email campaigns to exploit fear and uncertainty. Tip #1: Train your teams to be extra vigilant regarding suspicious emails about COVID-19 cures, telehealth, medical supplies, or stimulus money and to avoid clicking on suspicious links or attachments -- just to name a few! Tip #2: Utilize trusted resources, anti-virus software, and secure DNS servers that automatically drop phishing domains.
- Watering Holes are a Threat. Adversaries use fake websites to steal Personally Identifiable Information (PII) or introduce malware. Tip: Proceed with caution and utilize free browser extensions for Adblock software and website security inspection tools.
- Credential and Access Management. The WFH paradigm has scaled credential and access management, introducing major security issues and possible unauthorized access to networks. Tip: R9B's ORKOS product evaluates these accesses and mitigates threats. We have a new limited 3-month license to help bridge the gap and take back control.
- Telework Security Processes. IT teams must make firewall and Remote Desktop Protocol (RDP) decisions to ensure business continuity, which might weaken network security. Tip: Require passwords that are strong and secure, use Multi-Factor Authentication (MFA) when possible and conduct security assessments against newly configured services.
- Database Security. As with Network Hygiene, IT teams may be forced to ensure business continuity by weakening database access control security. This may result in misconfigurations as teams rush to make corporate resources available. Tip: Understand methods of implementing proper security, especially if you are forcing deployment to cloud services, such as AWS, Google, or Azure.
- Supply chain vulnerabilities. "Shelter-in-place" mandates have created a massive demand on the supply chain where normal supply lines could be adversely affected. Deviations from typical procedures to maintain productivity and business continuity may unintentionally provide an attacker access to the network. Tip: IT teams must be mindful of potential attack vectors used to modify normal network software or hardware (i.e., firmware modifications to routers, firewalls, computers) with backdoors or malicious capabilities.
- Teleconference and other software vulnerabilities. As WFH demands increase, reliance on teleconferencing software has increased and exposed vulnerabilities in some of these tools. Tip: Stay up-to-date on the security posture of the software you are using and avoid making meetings, teleconferencing links, and screen sharing public. Also ensure software is up-to-date.
Our Response to Work from Home Risks: Take Back Control
Time is a luxury organizations can ill-afford when it comes to adapting cybersecurity for the WFH paradigm. R9B recognizes this urgency, and we want to help bridge the security gap and take back control of network security with a 90-day license of R9B's ORKOS. To learn more, click HERE or contact us at [email protected].
R9B has a unique status as the Mission Qualification Training provider for multiple U.S. Government cyber units, state governments, and the private sector where cyber qualifications are paramount. Part of our efforts to give back during this time is to provide two advanced training courses at a discounted rate.
We are recognized as the best-of-breed for our custom-designed training programs, approach to education, expert instructors, and live interactive, distance learning options. Our cadre of professional educators are dedicated to the art of educating operators and analysts from foundation-level skills to technical mastery of the most challenging operational environments.
Beginning May 4, 2020 through June 6, 2020, R9B is offering Certified Threat Intelligence Analyst (CTIA) and HUNT Operations and Windows End-Point Data Collection & Analysis online courses with 20% off for the first 50 registrants. These courses are critical to staying a step ahead of increasingly sophisticated adversaries. Class participants who successfully complete the courses are given an official certification.
Certified Threat Intelligence Analyst (CTIA)
This five (5)-day Instructor-Led Training course teaches network defenders to collect, analyze, and apply targeted cyber intelligence to defensive operations in order to proactively act on and adapt to sophisticated and dedicated attacks by cyber adversaries. Original Cost: $4,600. Discounted Rate: $3680. Click HERE to register!
HUNT Operations and Windows End-Point Data Collection & Analysis
The first of three courses in R9B's HUNT Certification program is designed to train cybersecurity professionals to actively defend critical Windows systems. The course exposes students to a "Think like the Adversary" mindset in order to actively detect sophisticated and tailored adversary attacks. Original Cost: $4,600. Discounted Rate: $3680. Click HERE to register!
At R9B, we stand with our community and the critical mission to safeguard networks and the newly expanded attack surface from cyberattack. From our executive leadership, security operators to our sales and marketing professionals, we recognize the value of brand assurance for you and your customers during this unprecedented time. There are many reasons why these men and women chose to join R9B, but I have found that in the most trying times, the vast majority demonstrate their character by putting others before themselves. The current crisis is no different. R9B and our employees are standing up now to continue our mission.
Email us at [email protected] or visit root9B.com for more information. We stand by ready to help.
Stay safe and stay secure,
Eric Hipkins CEO, R9B
Based in Colorado Springs, Colo., R9B is a leading provider of advanced cybersecurity products, services and training for commercial and government clients. Combining cutting-edge technology, tactics development, specialty tools, and deep mission experience, R9B personnel leverage their extensive backgrounds in the U.S. Intelligence Community to conduct advanced vulnerability analysis, penetration testing, digital forensics, incident response, industrial control system (ICS) security, and active adversary pursuit (HUNT) engagements on networks worldwide. R9B is a portfolio company of Tracker Capital Management, an early-stage investor focused principally on emerging technologies and companies with the potential to advance U.S. national security interests. For more information, visit www.root9b.com.