Web apps have made it easy for just about anyone to start a service business. All you have to do is buy a subscription to the software and off you go. Along with the latest software, you’ll get access to tutorials and tech support, and you can even join an online forum where you can interact and learn from others in the same business. Sounds great, doesn’t it?
Yes, it’s great except this is not what it seems. This is the cyber-criminal ecosystem and the improvements that have allowed business technology to evolve so quickly are the same kind of developments that have allowed cybercriminals to continually up their game.
No matter what software they’re using, the goal is the same. Cybercriminals want to find and exploit unlocked doors and windows to your data. These days, they don’t just want to get into your network, they want to move around unseen, collecting and analyzing activity and information so they can get the biggest payoff. Here’s how this can happen.
Cyber Criminals Look for Bigger Targets
Let’s say a remote worker clicks on a link in a phishing email. The link takes them to a website that’s been compromised. The website downloads malware to the worker’s laptop. This creates a door where cybercriminals can go in and out. In fact, the criminal who gained access to the computer might sell that access to another criminal who has a different set of software tools.
The next step is to exfiltrate information such as credentials to accounts like your executive’s email. They also may want to learn who your customers and vendors are so that they can figure out how they can best monetize their efforts.
Then one day they make their big hit and your whole company network is encrypted, or your vendor payments have been diverted, or you find out that a customer had a huge data breach it happened because of their connection to you.
The way to defend against modern cyber threats like this is to have a cybersecurity strategy that includes different layers that work together to establish the legitimacy of all the traffic in your network. Managed Detection and Response is one of those layers.
What is Managed Detection and Response?
Managed Detection and Response (MDR) is a cybersecurity tool that has 24/7 eyes on all the computers and servers connected to your network. It looks for suspicious activity and responds immediately to possible threats and shuts them down before they have the chance to cause immediate damage or move deeper into your IT systems.
If you don’t have MDR, it could take hours, days or even months before an intruder is discovered. MDR works in minutes and that could mean the difference between business as usual, or business failure.
How MDR Works
The MDR program includes a small piece of software that is installed on every Windows computer. The program looks for signs of cyber-criminal activity like:
- Credential dumping – the harvesting of account login and password information.
- Persistence mechanisms – anchors that allow malware to stay on a computer.
- Malware downloads – software that will corrupt, expose or capture data.
- Lateral movement – movement to other computers and network connections.
An alert is triggered when the program detects and responds to an intrusion. The alert is categorized at a level of importance that ranges from informational to critical. The alert might be followed by a phone call from the Security Operations Center (SOC) to see if the suspected activity is actually legitimate. If it’s critical, MDR will take the affected system offline to prevent further spread of malware or movement.
Our Red Team Test of MDR
Here at Bellwether, we vet every technology tool that we use and when we were choosing an MDR provider we did our own test to see if the promised response time was true.
We had our top cybersecurity engineer red team MDR solutions by trying out different cyber-criminal techniques to see if he could get in and move around like a cyber-criminal would. The engineer did all the stuff that a bad guy would do, and his activity was blocked in just a few minutes.
The red team activity was detected, the system was quarantined from the network. The alert also triggered a phone call from the MDR Security Operations Center (SOC) and they didn’t stand down until we clued them in on the source of the activity.
The Price of Cyber-Criminal Stealth
If you don’t have MDR in your cybersecurity strategy, you’re giving cyber-criminals a foot in the door. You need to go beyond the basics if you’re going to avoid the drastic impacts of cyber-crime. Impacts that look like:
- $200,000 – the average cost of a data breach for companies of all sizes
- $42,000 – the average ransomware payment for a small to midsize business (SMB)
- 193 days – the meantime to identify a data breach
- 39 days – the meantime to contain a data breach
Bellwether Cybersecurity Services for New Orleans Businesses
Here at Bellwether, we help New Orleans companies manage cyber risks by creating and implementing cybersecurity strategy that stands up to evolving threats. If you’re not confident that your IT team is doing what they need to do to protect your company from cyber-crime, or if you just want an outside perspective on what a modern cybersecurity strategy looks like, contact us for a Cybersecurity Assessment.