Ostra Cybersecurity

From the Inside Out: A Mental Health Note to Our Cybersecurity Community

/in , , /by

In cybersecurity, we deal in threats, vulnerabilities, breaches—things we can quantify and contain. But there’s a different kind of threat that doesn’t show up on a dashboard. It creeps in quietly and tells you you’re not good enough, not smart enough, not as polished as the person next to you on LinkedIn. It’s imposter syndrome. And it’s rampant in our industry.

We judge our insides by other people’s outsides. We scroll through highlight reels—promotions, keynotes, “just closed a funding round”—and wonder if we even belong in the room. But here’s the truth: the room is full of people who feel the same way. You are not alone.

I know, because I struggle with this too.

Even with years of experience, some days I still wonder if I’m doing enough. If I’m leading well enough. If I really belong in the spaces I’m in. And I’ve learned the hard way—those thoughts don’t just go away. But talking about them helps. So does remembering that behind every confident voice and polished profile, someone else is wrestling with the same doubt.

So, what do we do?

Connection. Conversation. Community. And we stop pretending we’ve all got it figured out. We talk about the hard stuff.

Here are a few ways to start:

  • Message someone you haven’t talked to in a while and just ask how they’re doing.
  • Schedule a quick coffee catch-up with a peer—no pitch, no pressure.
  • Be honest with your team when things are tough. That honesty creates space for others to do the same.
  • And if you’re feeling stuck or overwhelmed, say so. “I’m not okay” is a powerful sentence.

And here’s something that’s helped me: gratitude. It doesn’t magically solve anything, but it helps reframe things. Gratitude for the people in my corner. For the work I get to do. For the ability to learn, grow, and keep showing up. Some days, it’s as simple as being grateful for five minutes of quiet or a strong cup of coffee.

We work in a high-stakes, high-stress industry. But we’re human first. And there’s strength in admitting we don’t have it all together.

This work is important. But you matter more.

Stop comparing your real life to someone else’s highlight reel. Give yourself credit. And if you’re struggling, say something. You’re not alone.

You belong here. We all do. And we’re in this together.

Ostra Cybersecurity

The SMB Executive’s Guide to Navigating the Cyber Wild

/in , /by

Executives who lead a small or medium-sized business (SMB) rely on technology to grow and succeed. But anytime technology is in the mix, there is the inherent risk of dealing with hackers, data breaches, and online scams. Cybersecurity is essential to keeping your business, your customers, and your data safe.  

If that sounds overwhelming, there’s good news: you don’t have to be a tech expert or understand everything about cybersecurity to be a great leader. Just a few simple measures can make a big difference in helping you deal with key threats and take practical steps to protect your company. 

If you are looking for ways to make your company more secure in the cyber wild, the journey starts here. 

Surveying the Scene: Why Cybersecurity Matters for SMBs 

Small and medium-sized businesses are prime targets for cyberattacks because they often lack the resources of larger enterprises. Despite 43% of cyberattacks targeting SMBs, many believe they’re too small to be at risk. A single breach can cause severe financial, reputational, and operational damage. 

Cybercrime is on the rise, with global costs expected to reach $10.5 trillion annually by 2025. Automated bots frequently target SMBs, exploiting vulnerabilities. Ransomware-as-a-service (RaaS) has made cyberattacks more accessible to criminals, while advanced phishing campaigns bypass traditional defenses. 

The Consequences of a Cyber Breach 

There are various ways that SMBs pay the price when data is breached. Here are four main areas of risk: 

  • Financial Impact: SMBs face an average breach cost of $4.35 million globally, including lost revenue, remediation, fines, and legal fees. 
  • Operational Impact: Malware or ransomware downtime can cripple operations, with many businesses never fully recovering. 
  • Reputational Damage: Loss of customer trust and brand credibility often leads to long-term revenue losses. 
  • Regulations and Compliance: Governments and industries increasingly mandate cybersecurity standards (e.g., GDPR, HIPAA), and non-compliance can put you at risk for fines and lost contracts. 

Cyber Basecamp Basics 

Executive leaders can start by ensuring basic steps are in place to protect their SMB operations and data from cyber threats. Essential measures include: 

  1. Strong Passwords & Multi-Factor Authentication (MFA): Your employees should be using unique, complex passwords for all accounts and enabling MFA for an extra layer of security against unauthorized access.
  2. Regular Software Updates and Patching: Systems, software, and devices need to be up to date, with the latest patches applied to fix vulnerabilities and minimize exploitation risks.
  3. Secure Wi-Fi Networks: Protect your Wi-Fi with a strong password and enable security features like encryption. Avoid default router settings to prevent easy hacking. Use a firewall to block unwanted access and safeguard your business.
  4. 24/7 Monitoring and Threat Hunting: Employ continuous monitoring tools and threat-hunting services to identify and respond to potential attacks in real-time, reducing downtime and damage to your business.
  5. Anti-Virus and Endpoint Protection: Install reputable anti-virus software and ensure endpoint protection is in place to detect and block malicious activity.
  6. Consistent Risk Assessments and Management: Conduct regular cybersecurity risks assessments to identify vulnerabilities and address them with a proactive management plan.

Mapping Your Approach: Cybersecurity Frameworks for SMBs 

Cybersecurity frameworks, like the NIST Cybersecurity Framework, provide SMB leaders with a structured approach to protecting their business from cyber threats. These frameworks outline key steps, such as identifying risks, protecting assets, detecting threats, responding to incidents, and recovering operations. 

Adopting a framework starts with understanding your business’s unique risks and needs. Begin by assessing your current cybersecurity practices, then align them with the framework’s guidelines. Be sure to prioritize implementing the most critical protections first, such as securing data and systems. To ensure your business stays resilient and protected, review and update your approach on a regular basis. 

Understanding the evolving threat landscape and building proactive defenses is the first step toward staying safe in the digital age. By championing these protection strategies, SMB executives can create a strong cybersecurity foundation to protect against evolving threats and ensure business continuity. 

 

Need a no-nonsense guide to help you navigate cybersecurity for your SMB? Access our Cybersecurity Field Guide for SMBs for more insights and tips! 

Ostra Cybersecurity

Creating a Cybersecurity Culture in Education

/in , /by

Fostering a strong cybersecurity culture in education is crucial for protecting against growing cyber threats. While advanced cybersecurity technology plays a key role, human behavior remains the most vulnerable point in an institution’s security.

Studies show that human mistakes—such as falling for phishing scams or using weak passwords—contribute to most data breaches. According to Verizon’s 2023 Data Breach Investigations Report (DBIR), about 74% of data breaches involve some form of human error.

Technology Alone Isn’t Enough

Deploying cybersecurity tools and secure technology solutions is essential for protecting educational records, private data, and information systems. However, technology alone cannot prevent cyber threats. Training teachers, administrators, and staff to recognize risks and take proactive measures is key to building a resilient cybersecurity strategy.

Educational institutions need a multi-layered approach to cybersecurity—one that includes proactive threat prevention, staff training, and a commitment to ongoing security awareness. There is no quick fix or single solution that offers complete protection.

Promoting a Culture of Shared Responsibility

Educators and staff serve as the first line of defense in educational cybersecurity. They should be equipped to:

  • Recognize phishing attacks and malware threats
  • Report suspicious activity promptly
  • Follow best practices for secure data handling and password management

A positive, proactive cybersecurity approach empowers faculty and staff to take ownership of security, creating a collaborative defense strategy.

Key Steps to Building a Cybersecurity Culture

  • Provide Regular Training – Educate teachers, administrators, and staff on cyber threats, including phishing emails, malware, and social engineering attacks.
  • Encourage Best Practices – Promote strong password policies and consider offering password managers to staff.
  • Simulate Threats – Conduct phishing tests and mock cybersecurity scenarios to help staff recognize and respond to threats.
  • Establish Clear Policies – Develop well-defined technology use policies and cyber incident reporting procedures.
  • Simplify Reporting – Offer user-friendly, non-punitive methods for staff to report security concerns.
  • Lead by Example – Ensure school leadership actively demonstrates cybersecurity best practices and emphasizes the importance of cyber awareness.

Maximum Impact Action Plan

Educational institutions can take immediate action to strengthen security while fostering a culture of cybersecurity awareness. Work with your Information Security team or a trusted cybersecurity partner to address these four essential areas:

1. Data Security

  • Assess current data storage practices and limit access to sensitive information.
  • Encrypt student records and other sensitive data on school servers and devices.
  • Implement automated backups in secure, segregated locations.

2. Email Security

  • Provide phishing awareness training and periodic security quizzes.
  • Enable SPF, DKIM, and DMARC settings in your email security policies.
  • Deploy email filtering and monitoring tools to block malicious emails.

3. Network Security

  • Audit and update firewall settings to block unauthorized access.
  • Use intrusion detection tools to monitor for suspicious network activity.
  • Segment the school network to create controlled access zones for students, teachers, and administrators.

4. Incident Response

  • Develop a cyber incident response plan and test it with simulated attacks.
  • Assign clear roles and responsibilities for incident management.
  • Conduct regular tabletop exercises to refine response strategies.

From Awareness to Action

A cybersecurity-aware school environment empowers educators, staff, and students to act as an institution’s first line of defense. When everyone understands the risks and how their actions impact security, the entire system becomes more resilient against cyber threats.

By embedding cybersecurity best practices into everyday school operations, educational institutions can create a safer digital learning environment where students and staff can focus on teaching and learning without disruption.

Need help creating a cybersecurity culture in education? Get our Cybersecurity Field Guide for Education to learn how to safeguard your institution.

AI-driven cyber attacks graphic
Chris Pridemore

AI-Driven Cyber Attacks: A Guide for Users 

/in , /by

Safeguarding Your Organization Against AI-Driven Cyber Attacks

Artificial Intelligence (AI) is reshaping industries. However, it also presents new cybersecurity challenges that businesses must address. AI-driven cyber-attacks, particularly through advanced tools like WormGPT, have made phishing, social engineering, and Business Email Compromise (BEC) more sophisticated and dangerous. This guide explores how AI is being weaponized, the specific threats businesses face, and essential cybersecurity strategies to protect your organization. 

AI-driven cyber attacks graphic

The Evolution of AI-Driven Cyber Attacks

AI has revolutionized cybersecurity by automating threat detection and response. However, cybercriminals are now leveraging AI to enhance their attacks. Tools like WormGPT enable attackers to create highly convincing phishing emails and BEC scams, increasing their success rates against even the most cautious employees. 

What is WormGPT?

WormGPT is an AI tool based on the GPT-J language model, designed to mimic AI assistants like OpenAI’s ChatGPT but without ethical constraints. Cybercriminals use it to craft grammatically correct, highly persuasive phishing emails. These emails deceive employees into revealing sensitive data or making fraudulent payments. 

For example, a test using WormGPT generated an email designed to trick an employee into transferring money to a hacker-controlled account. The result was disturbingly convincing, illustrating AI’s potential to enhance cybercriminal tactics. 

AI-Powered Phishing and Social Engineering

AI-driven cybercrime extends beyond simple email attacks. Attackers can craft messages that are contextually relevant, highly personalized, and difficult to detect. 

The Shift in Phishing Tactics

Traditional phishing emails were often easy to spot due to poor grammar and generic messaging. AI-generated phishing emails, however, are highly sophisticated. 

  • Increased Realism: AI tools analyze publicly available data to personalize phishing emails, referencing social media activity or professional milestones to appear authentic.
  • Adaptability and Learning: Modern AI models adjust phishing techniques based on user responses, improving effectiveness over time.
  • Human created vs AI created phishing examples:

Business Email Compromise (BEC) Attacks 

BEC attacks are among the most financially damaging cybercrimes today, costing businesses billions of dollars annually. Hackers impersonate senior executives or vendors to trick employees into transferring funds. AI-powered tools enhance these scams by automating the creation of highly targeted and convincing emails, making them harder to detect.

Data Exfiltration Through AI Tools 

AI technology introduces new risks for data loss and leakage:

  • Unintentional Disclosure by Employees: Employees may unknowingly enter sensitive information into AI-powered tools for assistance with reports, emails, or code debugging, potentially exposing proprietary data.
  • AI as a Proxy for Data Collection: Cybercriminals can use AI-powered chatbots or compromised AI accounts to extract organizational data while bypassing traditional security controls.

How to Protect Against AI-Driven Cyber Attacks 

While AI-driven attacks are becoming more common, there are steps that end users and organizations can take to protect themselves. The following strategies can help mitigate the risks posed by AI-powered phishing and BEC attacks: 

1. Employee Awareness and Training

A well-trained workforce is the first line of defense against AI-driven cyber threats. Employees should be trained to recognize phishing and social engineering attacks.

  • Interactive Simulations: Hands-on phishing simulations improve detection skills and boost employee confidence.
  • Relating Training to Business Impact: Employees are more likely to engage when training connects directly to financial loss, reputation damage, and job security.
  • Gamification: Rewarding employees who identify phishing emails (e.g., with incentives like gift cards) fosters vigilance and engagement.

2. Implement Multi-Factor Authentication (MFA)

MFA significantly reduces the risk of unauthorized access by requiring additional verification steps beyond passwords. Ensure that all critical accounts, including financial and email systems, are protected by MFA.

3. Adopt a Zero Trust Security Model

Zero Trust is a security model that requires strict identity verification for every user and device attempting to access resources, minimizing potential threats. Every access request is verified, reducing the risk of internal and external threats.

4. Strengthen Endpoint Security

Protect business devices with robust endpoint security solutions:

  • Application Whitelisting: Restrict system access to approved applications only.
  • Email Attachment Sandboxing: Analyze attachments in a secure environment before allowing them to execute.
  • Behavior-Based Threat Detection: Monitor user activity for signs of phishing responses or unauthorized data downloads.

5. Deploy Strong Email Security Measures

Email security tools can filter and block malicious messages before they reach employees:

  • AI-Driven Email Filtering: Detects and prevents sophisticated phishing emails.
  • DMARC, DKIM, and SPF Authentication: Reduces the risk of email spoofing and impersonation attacks.

The Future of AI in Cybercrime 

As AI technology evolves, so do cybercriminal tactics. Businesses need to stay proactive by continuously updating their security measures and leveraging AI-driven defenses. Businesses must stay informed, adapt their cybersecurity strategies, and leverage AI-driven security solutions to counteract emerging threats.

Conclusion 

AI-driven cyber-attacks pose a significant risk to businesses, making phishing and BEC attacks more convincing and scalable. However, with strong security measures, employee training, and AI-driven defenses, business owners can protect their organizations from these evolving threats.

 

Ostra Cybersecurity is committed to helping our network of consultants, IT firms, and Managed Service Providers enhance value for their small to medium-sized business clients by delivering Fortune 100 tools, tech and talent. As your trusted cybersecurity team, Ostra’s ecosystem allows for true remediation and resolution — not just alerts. Learn more about our unique approach to Managed Cybersecurity solutions, or reach out to us anytime to start a conversation on how to partner with us.

Ostra Cybersecurity

Cyber Liability Insurance for SMBs: Why It’s Essential for Protection

/in , /by

Why Cyber Liability Insurance Matters

Cyberattacks are an ever-present threat to businesses of all sizes. More than 40% of cyberattacks target SMBs, and the average cost of a data breach for SMBs is around $43 million. Even with strong cybersecurity measures in place, no business is completely immune.

Cyber liability insurance provides financial protection and support to help businesses recover from cyber incidents. It ensures your business can manage the financial and operational fallout of an attack, minimizing impact and aiding in recovery.

Key Coverage Areas

1. Data Breach Response Costs

A cyberattack can lead to significant financial and reputational damage. Cyber liability insurance helps cover:

    • Customer notifications
    • Credit monitoring services
    • Forensic investigations
    • Public relations efforts to protect brand reputation

2. Legal Fees and Regulatory Fines

Cyberattacks can lead to legal action or fines for non-compliance with data protection regulations like GDPR or HIPAA. Cyber insurance helps cover:

    • Attorney fees
    • Regulatory fines
    • Settlement costs

3. Business Interruption and Ransomware Payments

Cyberattacks often lead to downtime and lost revenue. Cyber insurance can provide coverage for:

    • Lost income due to downtime
    • Certain ransomware payment costs (though strengthening defenses is always the best approach)

How to Choose the Right Cyber Liability Insurance Policy

Not all policies offer the same level of protection. When evaluating cyber liability insurance, consider:

  • Your business’s risk profile – What data do you handle, and how sensitive is it?
  • Existing cybersecurity measures – Do your protections meet industry best practices?
  • Policy coverage details – Does it cover legal fees, PR costs, and business interruptions?
  • Industry-specific considerations – Does this provider understands your unique risks?

Aligning Insurance with Cybersecurity Strategy

Cyber liability insurance is a critical safety net, but it should complement, not replace, your existing cybersecurity efforts. To ensure coverage eligibility and reduce risks, businesses should:

  • Conduct regular risk assessments
  • Implement employee cybersecurity training
  • Maintain strong access controls, such as multi-factor authentication (MFA)
  • Align security practices with insurance policy requirements

Protect Your SMB with a Multi-Layered Approach

Managing cyber risk requires a comprehensive strategy that includes both preventative security measures and cyber liability insurance.

Take the next step in securing your business. Schedule a Cybersecurity Journey Review with Ostra to assess your risks and strengthen your defenses.

Ostra Cybersecurity

Scouting Cost-Effective Solutions for Education

/in , /by

Budget constraints often challenge educational institutions, but effective cybersecurity doesn’t have to break the bank. Below are some tips to help educational organizations of all sizes—including large school districts, individual K-12 schools, technical education programs, private colleges or large universities—with the important task of safeguarding their data and systems in a cost-effective way.

Prioritize the Essentials 

Start by prioritizing essential tools like firewalls, endpoint security, and monitoring systems. Many cybersecurity providers offer scalable solutions tailored for educational institutions, allowing schools to pay only for what they need.

Consider Managed Security Services 

Managed services are another cost-effective option, providing comprehensive cybersecurity solutions that include automated updates, real-time threat detection, and 24/7 monitoring. These services reduce the need for in-house IT expertise while ensuring systems remain secure and up to date.

Funding Cybersecurity 

Additionally, explore grants and programs specifically designed for educational institutions to access discounted or subsidized cybersecurity tools. By carefully evaluating needs and available resources, you can build a strong security foundation while staying within your budget.

Investing in the right tools is about more than protection—it’s about enabling a safe and uninterrupted learning environment in today’s digital age.

Leverage Technology Effectively 

Selecting the right cybersecurity tools is critical to safeguarding educational operations and sensitive student data. To combat increasing threats that target the education sector, below are key tools and approaches to help educational institutions operate more confidently in today’s high-risk environments:

1. Secure Wi-Fi Networks 

  • What it does: This is your first line of defense that protects your network with advanced security features like WPA3 encryption.  
  • Key steps: Use a strong password, avoid using default router settings, and enable firewalls to protect classrooms and administrative systems. 

2. 24/7 Monitoring and Threat Detection 

  • What it does: Provides real-time alerts for unusual activities and proactively searches for vulnerabilities. 
  • Key steps: Employ continuous monitoring tools to minimize learning disruptions and prevent damage. 

3. Anti-Virus and Endpoint Protection 

  • What it does: Detects and blocks viruses, malware, and threats across all devices for students and staff, ensuring comprehensive security. 
  • Key steps: Install trusted software and ensure coverage for all devices. 

4. Regular Risk Assessments and Management 

  • What it does: Identifies vulnerabilities in educational systems and ensures adaptive defenses. 
  • Key steps: Conduct regular assessments and implement proactive solutions. 

5. Security Awareness Training and Phishing Simulations 

  • What it does: Equips staff to identify/avoid cyber threats like phishing. 
  • Key steps: Provide initial and ongoing training for staff, simulate phishing tests. 

By carefully evaluating your needs and options, you can build a strong cybersecurity foundation that protects your educational institution without exceeding your budget. 

Ready to embark on a smarter cybersecurity journey without breaking the bank? Schedule your Cybersecurity Journey Review to see how Ostra can help. 

woman on laptop computer
Michael Kennedy

Data Privacy Isn’t a Luxury; It’s a Necessity

/in , /by

Let’s Get Real About Data Privacy

As a Gen Xer, I remember growing up in a time when your privacy was your business. People didn’t know where you were unless you told them, and “data sharing” meant borrowing a library book.

Fast-forward to today, where every app on your phone wants to know what you’re doing, where you’re going, and sometimes even what you’re thinking. It’s an understatement to say things have changed—but what hasn’t changed is the need to guard your privacy.

Data privacy isn’t some abstract tech buzzword. It’s your *life*, packaged into ones and zeros, sold to the highest bidder, or worse, left exposed for hackers to grab. And it all starts with understanding how your personal information is being used, shared, and sometimes abused.

Read the Fine Print 

Here’s the unvarnished truth: those “Agree” buttons you click without reading? They matter. App developers, social platforms, and even some “free” email providers thrive on the assumption that you’ll blindly accept their terms. That’s how your location, browsing habits, shopping history, and even private conversations end up in places you never intended.

I’ll admit it—reading privacy and data use policies isn’t exactly thrilling. They’re often long, jargon-heavy, and designed to test your patience. But if you’re not reading them, you’re essentially handing over a blank check to your personal data. And once it’s out there, getting it back? Good luck.

Parenting in the Age of Privacy Threats 

As a founder of a cybersecurity company, I know all too well what can happen when data privacy is compromised. That’s why, in my house, data privacy is part of parenting.

When my two teenage sons decided they *had* to have Snapchat, they weren’t just handed a green light. Instead, I gave them homework: they had to read and understand Snapchat’s privacy and data use
policies before the app made it onto their phones.

I’ll never forget watching them sift through the legalese. “Wait,” one of them said, “so they can collect location data even if the app isn’t open?” Bingo. That’s the kind of stuff buried deep in the details.

By the time they’d finished, they didn’t just understand how Snapchat uses their data—they also knew the risks of oversharing and the importance of privacy settings. It wasn’t just a lesson about a single app; it was a life lesson.

Simple Steps to Protect Yourself 

So, what can you do? Here are a few friendly tips to keep your data where it belongs:

1. Read Before You Agree

Yes, it’s boring. Yes, it’s worth it. Even skimming the key sections about data sharing and permissions can give you a clearer picture of what you’re signing up for.

2. Lock Down Permissions

Many apps request more access than they actually need. Does that flashlight app really need to know your location? (Hint: it doesn’t.) Adjust your app permissions in your phone’s settings.

3. Use Privacy-Focused Tools

There are plenty of apps and browsers designed with privacy in mind. DuckDuckGo for search and Signal for messaging are great places to start.

4. Talk About It

Whether it’s with your kids, your spouse, or your coworkers, bring data privacy into your conversations. The more aware people are, the less likely they are to make careless mistakes.

5. Keep It Updated

Software updates often include important security patches. Don’t ignore them; they’re your first line of defense against known vulnerabilities.

Why It Matters 

Privacy isn’t just a personal preference—it’s a right. And in today’s digital world, where companies (and criminals) profit from mining your life for data, protecting that right takes effort.

The good news? A little vigilance goes a long way. Take it from someone who’s seen what happens when privacy is ignored: it’s easier to prevent problems now than to fix them later. Whether it’s your phone, your kids, or your business, make data privacy a priority. Because in the end, if you don’t take control of your privacy, someone else will.

Contact us to learn more about what it means to be powered by Ostra Cybersecurity.

computer screen covered in green 1s and 0s with RANSOMWARE spelled out in red
Ostra Cybersecurity

25 Ways to Avoid Becoming a Victim of Ransomware in 2025

/in , /by

The threat of ransomware is a growing concern for businesses of all sizes. Large corporations invest heavily in cybersecurity, but it isn’t just the big companies that must be prepared to protect their sensitive data.

This Is Not a Drill 

Despite significant advances in cybersecurity, recent statistics paint a grim picture:

  • In 2024, ransomware attacks increased by an alarming 44% ¹
  • The average ransom demand in 2024 was more than $3.5 million, with $133.5 million in confirmed payments to ransomware groups ²
  • The average ransom payment was $9,532,263 ²

Small and medium-sized businesses, along with their employees, must take steps to protect themselves from ransomware attacks or risk losing valuable data and revenue. Cybercriminals are constantly evolving their techniques to exploit vulnerabilities and hold data hostage, demanding hefty ransoms for its release.

What is Ransomware? 

Ransomware is malicious software designed to encrypt files on a victim’s computer or network, rendering them inaccessible until a ransom is paid.

Cybercriminals employ various tactics to infect systems, such as phishing emails or exploiting compromised websites or software vulnerabilities. Understanding the gravity of this threat is essential to better protect yourself and your digital assets.

The Cost of Inaction 

A recent Forbes article titled “Massive Health Care Data Breach Threatens Millions” highlights the alarming reality of ransomware attacks in the healthcare sector. The article details a significant data breach at Ascension, a healthcare company operating 140 hospitals and 40 senior care facilities, which affected 5,599,699 patients and employees.

The breach, which occurred through a social engineering email from a ransomware gang, resulted in the theft of extensive personal and medical information. The compromised data included medical information, credit card details, bank account numbers, insurance information, Social Security numbers, and other personal data. This breach underscores the severe consequences of ransomware attacks, particularly in the healthcare industry.

The Forbes article emphasizes the far-reaching implications of such breaches. For instance, health insurance information stolen in these attacks can be sold on the Dark Web for $350, compared to just $10 for credit card information.

Moreover, the use of stolen health insurance information by identity thieves can lead to corrupted medical records, potentially resulting in dangerous medical errors such as incorrect blood transfusions.

An Ounce of Prevention . . . 

In light of the sobering truths presented in the Forbes article, it becomes evident that prevention and proactive measures are paramount in the fight against ransomware and data breaches. Organizations can significantly reduce their susceptibility to such attacks by implementing robust safeguards.

Investing in comprehensive cybersecurity practices, staying informed about the latest threats, and establishing thorough incident response plans are crucial to mitigating the devastating impact of ransomware attacks and data breaches.

To safeguard your business and avoid falling victim to ransomware attacks and data breaches, it is necessary to adopt proactive measures and stay well-informed. Below, we list 25 effective ways to protect yourself from ransomware and preserve the security of your valuable data:

1. Install and Update Reliable Antivirus Software

One of the best defenses against ransomware is robust antivirus software. Choose a reputable antivirus program that provides real-time protection against malware, including ransomware. And make sure you or your security team regularly updates the software to ensure it can detect and neutralize the latest threats effectively.

2. Keep Your Operating System(s) Up to Date

Operating system updates often include crucial security patches that address vulnerabilities cybercriminals exploit. Set your system to automatically install updates or regularly check for updates manually. By keeping your operating system up to date, you fortify its defenses against ransomware attacks.

3. Enable Automatic Software Updates

In addition to your operating system(s), enabling automatic updates for all your software applications is equally vital. Popular software, such as web browsers, office suites, and media players, frequently release updates to enhance functionality and security. Enable automatic updates to ensure you have the latest versions installed, equipped with robust defenses against ransomware.

4. Exercise Caution When Opening Email Attachments

Phishing emails are a common delivery method for ransomware. Exercise caution when opening email attachments, especially those from unknown or suspicious senders. Verify the sender’s authenticity before opening any attachments, and if in doubt, refrain from opening suspicious emails altogether.

5. Beware of Suspicious Links

Similar to email attachments, ransomware can also be delivered through malicious links. Be cautious when clicking on links, especially those received via email, social media messages, or unknown websites. Hover your cursor over the link to preview the URL before clicking. If it seems suspicious, avoid clicking to mitigate the risk of a ransomware infection.

6. Implement a Robust Firewall

A firewall acts as a barrier between your computer or network and the internet, monitoring and filtering incoming and outgoing network traffic. Configure a robust firewall on your system to establish an additional layer of protection against ransomware and other cyber threats.

7. Secure Your Wi-Fi Network

Securing your Wi-Fi network is crucial to prevent unauthorized access and potential ransomware attacks. Change the default administrator credentials of your router, use strong WPA2 encryption, and regularly update the firmware to ensure the network remains secure.

8. Create Strong, Unique Passwords

Using strong, unique passwords is fundamental to protecting your digital assets. Avoid using easily guessable passwords, and consider using a password manager to generate and store complex passwords securely.

9. Implement Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring users to provide additional verification, such as a temporary code sent to their mobile device, in addition to their password. Enable 2FA whenever possible to enhance your defenses against ransomware attacks.

10. Regularly Backup Your Data

Regularly backing up your data is crucial in mitigating the impact of a ransomware attack. In the event of an infection, having up-to-date backups allows you to restore your files without paying the ransom. Automate the backup process and ensure backups are stored securely and frequently.

11. Store Backups Offline or in the Cloud

It is essential to keep backups separate from your primary system to prevent ransomware from encrypting them. Consider offline storage options like external hard drives or cloud-based backup services that offer robust security measures.

12. Use Encryption to Protect Sensitive Data

Implementing encryption for sensitive data adds an extra layer of protection, even if it falls into the wrong hands. Utilize encryption tools or software to encrypt files and folders containing valuable or confidential information.

13. Educate Yourself and Your Team

Education is key in the fight against ransomware. Stay informed about the latest threats, attack techniques, and preventive measures. Implement a security awareness training program to consistently educate yourself and your team about the best practices to identify and avoid potential risks.

14. Stay Informed About the Latest Threats

The landscape of ransomware threats is continually evolving. Stay informed by regularly visiting reputable cybersecurity websites like CISA and subscribing to their newsletters. You can adapt your security practices accordingly by staying up to date with the latest threats.

15. Limit User Privileges

Granting administrative privileges to all users increases the risk of ransomware spreading throughout your network. Limit user privileges to ensure only authorized personnel can access critical system functions and sensitive data.

16. Disable Macros in Office Documents

Ransomware can exploit macros in office documents to infect your system. Disable macros by default in programs like Microsoft Word and Excel, and only enable them when necessary and from trusted sources.

17. Use a Virtual Private Network (VPN)

When accessing the internet, especially on public Wi-Fi networks, use a VPN to encrypt your internet traffic and protect your data from potential eavesdroppers. A VPN adds an extra layer of security and anonymity, reducing the risk of ransomware attacks.

18. Implement Intrusion Detection and Prevention Systems (IDPS)

Intrusion Detection and Prevention Systems monitor network traffic, looking for suspicious activity and potential ransomware threats. Implement an IDPS to proactively identify and neutralize threats before they can compromise your systems.

19. Monitor Network Traffic

Regularly monitor your network traffic to identify any anomalies or suspicious activities. Unusual patterns or unexpected connections may indicate a ransomware attack in progress. Implement network monitoring tools to detect and respond promptly to potential threats.

20. Perform Regular Vulnerability Assessments

Regular vulnerability assessments help identify weaknesses in your systems and infrastructure that ransomware attacks could exploit. Engage the services of a reputable cybersecurity firm to conduct comprehensive vulnerability assessments and remediate any identified vulnerabilities promptly.

21. Employ Data Loss Prevention (DLP) Solutions

Data Loss Prevention solutions help detect and prevent the unauthorized transmission of sensitive data, providing additional protection against ransomware attacks. Implement DLP solutions tailored to your organization’s specific needs and industry regulations.

22. Develop an Incident Response Plan

Preparing an incident response plan is essential for effectively responding to a ransomware attack. Define roles, responsibilities, and procedures to follow in the event of an incident. Regularly review and update the plan to account for changes in the threat landscape.

23. Implement Network Segmentation

Network segmentation is the practice of dividing a computer network into smaller subnetworks to improve performance and increase security. By separating critical systems from less important ones, you can limit the impact of ransomware attacks, preventing them from spreading throughout your entire network.

24. Conduct Regular Security Audits

Regular security audits are crucial in identifying and addressing any weaknesses or vulnerabilities in your system’s security. Work with a reputable cybersecurity firm to conduct comprehensive security audits regularly to ensure you have robust defenses against ransomware attacks.

25. Engage Managed Cybersecurity Services

We get it. This list looks overwhelming. While many of these measures can be implemented with minimal technical skill, there is a steep learning curve to proficiency in protecting against the threat of ransomware. As new threats and vectors emerge, the need for skillful cybersecurity professionals increases.

Most SMBs lack the technical resources to implement these measures in-house. To ensure your systems and data are secure, consider engaging the services of a managed cybersecurity service provider (also referred to as “Security as a Service” or “SECaaS.” They employ trained experts with the experience and resources to provide comprehensive protection against ransomware attacks.

Investing in managed cybersecurity services will help ensure your data stays safe and secure. A managed cybersecurity solution can provide advanced monitoring, detection, and response capabilities to strengthen your defenses against ransomware attacks and ensures that new threats are identified quickly and addressed–even as they evolve.

Take Action Now to Protect Your Business 

Don’t wait until it’s too late to safeguard your valuable data from the growing threat of ransomware. Implement the 25 effective ways listed in this article to fortify your defenses and avoid becoming a victim.

Ostra Cybersecurity is here to help. Our managed cybersecurity services provide comprehensive protection against ransomware attacks. Our expert team will monitor, detect, and respond to threats, ensuring your data stays safe and secure.

Take the proactive step towards a secure future. Contact us today to learn more about how Ostra Cybersecurity can empower your business and keep you protected from ransomware. Don’t let cybercriminals hold your data hostage – act now!

FAQs (Frequesntly Asked Questions) 

Q: What is ransomware?

A: Ransomware is a form of malicious software that encrypts files on a victim’s computer or network, demanding a ransom for their release.

Q: How can I protect myself from ransomware?

A: You can protect yourself from ransomware by installing reliable antivirus software, keeping your operating system and software up to date, exercising caution with email attachments and suspicious links, implementing a robust firewall, securing your Wi-Fi network, creating strong passwords, and regularly backing up your data.

Q: Are automatic software updates important?

A: Yes, automatic software updates are crucial as they often include security patches that address vulnerabilities exploited by ransomware and other malware.

Q: What is two-factor authentication (2FA)?

A: Two-factor authentication is a security measure that requires users to provide two verification forms, such as a password and a temporary code sent to their mobile device, to access an account or system.

Q: Should I pay the ransom if I get infected by ransomware?

A: Paying the ransom is not recommended, as it encourages and funds cybercriminal activities. Instead, focus on restoring your files from backups and implementing preventive measures to avoid future attacks.

Q: Can professional cybersecurity services help prevent ransomware attacks?

A: Professional cybersecurity services offer expertise, advanced tools, and proactive monitoring to effectively detect and mitigate ransomware threats.

Conclusion 

As ransomware attacks continue to pose a significant threat to individuals and organizations, taking proactive measures to protect your digital world is imperative. By implementing the 25 ways to avoid becoming a victim of ransomware discussed in this article, you can significantly enhance your security posture and minimize the risk of falling prey to these malicious attacks. Stay informed, stay vigilant, and safeguard your valuable data against the ever-evolving threat of ransomware.

Contact us to learn more about what it means to be powered by Ostra Cybersecurity.

 

cybersecurity jargon
Ostra Cybersecurity

Decoding the R-words of Cybersecurity Jargon

/in , /by

Cybersecurity Jargon – Tips to consider when investigating “XDR” solutions

Over the past few years, it has become apparent that many cybersecurity vendors are experts at blurring the lines of meaning in their carefully crafted descriptions of their solutions. Unfortunately, this has only increased confusion while reducing cybersecurity effectiveness for customers.

We are bombarded with terms like Web 2.0, XaaS, Cloud, SASE, Zero Trust, and endless other vague marketing jargon — but who is spending the money and effort to shape our vocabulary in this way? Well, it’s primarily coming from vendors touting their capabilities in EDR, MDR, XDR, and other variations of this service.

The problem is that none of these “XDR” terms really have an actual, singular definition. Each vendor can create their own meaning to suit their go-to-market objective and capabilities.

However, the one letter that consistently appears in all these acronyms is “R” for response. Unfortunately, this word is often the most misleading part of the service description since vendors can interpret what “response” looks like differently.

Title slide

As showcased above, many vendors have only added to the confusion of the overwhelming cybersecurity landscape with the vague use of these R-related cyber terms. This approach raises several concerns:

Visibility

Vendors can only respond to what they can see.

For many cybersecurity providers, visibility is created by deploying sensors, agents, and scanning tools in the relevant customer environment, typically at the endpoint. The problem with this process is the service vendor can only see what is sent back by those monitoring tools.

Frequently, systems get missed or are outside of the service scope, which creates more risk exposure. Items that can be easily missed include operational technologies such as a control system in a manufacturing environment or an IoT device providing physical security or environmental controls. Or it could be as common as a server running a legacy application that wasn’t addressed in the scoping definition for “XDR.”

A complete security assessment, asset inventory, and scan must be completed before purchasing any “XDR” vendor’s solution to determine fit and coverage.

Response

A vendor’s response to the event doesn’t actually correct or counteract anything.

At best, computing devices can be isolated from the network when a threat is identified. However, the actual investigation, remediation and resolution of that quarantined device are still left to the client or their service provider — putting the burden of remediation back on internal teams without enough time, resources, or expertise to address the problem adequately.

Action

A vendor only provides vulnerability and security operations recommendations.

With few exceptions, the “XDR” vendor is only providing guidance through voluminous reports and dashboards notifying the customer’s IT team of remediation items to address. The vendor is typically not providing any hands-on work for the significant fees charged, draining resources from an already depleted staff and budget. That means the day-to-day staffing and knowledge burden, which is by far the biggest cost and most challenging need, is still left unresolved for the customer to address.

Questions to Ask Your Vendors

Despite these trends, XDR services are often advertised as “end-all, be-all” solutions that offer full protection from cyber risk protection. Unfortunately, no such solution exists (and no, not even Ostra can be your all-in-one solution). Building a comprehensive cybersecurity strategy involves more than installing the right products or working with the right partners.

To be clear, there are many great services and solutions on the market (including MDR, EDR, and XDR platforms). But it’s up to the IT service providers and the clients they serve to ask the right questions — especially SMBs who have limited budgets and resources to utilize and zero to waste. When investigating ways to fill your operational and technical needs through a cybersecurity program, ensure that these questions are answered to your satisfaction:

  • Is your solution built on proven and reliable security platforms and tools?

    • The cybersecurity landscape is constantly evolving. Find a provider with vast industry knowledge and one that continuously evaluates the marketplace to ensure their products are updated with the latest and best features to protect clients in a scalable way.

  • Does your solution cover the critical categories of cybersecurity?

    • Cybersecurity is a very broad category with several sub-specialties. When picking a security partner, make sure their services cover the most critical elements at a minimum. A layered solution should include cyber risk protection from the firewall and VPN all the way to endpoints, including email and mobile devices.

  • Have ALL cybersecurity components been integrated and orchestrated to optimize efficiency?

    • Vendors often have either an endpoint-centric approach or a limited integrated solution through a hodgepodge of agents, scanners, and sensors with limited correlation and intelligence. Make sure your provider takes a comprehensive approach to guarding the clients’ entire environment.

  • Is the solution utilizing advanced analytics and data collection 24 hours a day, 365 days a year?

    • It requires significant resources to actively monitor, respond, AND resolve (with hands-on resources) any suspicious security events on behalf of the partner and customer. These resources include advanced information correlation and analysis and the actual security analysts with the right cybersecurity skills — whether they are members of the vendor’s team, the customer’s internal IT/Security Operations team, or both.

Although these points seem nuanced, they highlight some critical differences in the marketplace. Decoding the R-words in cybersecurity jargon can help you choose a holistic solution that protects clients from devastating cyber risks versus the over-sold capabilities of the alternatives advertised on airport billboards and the sides of race cars.

Ostra Cybersecurity is committed to helping our network of consultants, IT firms, and Managed Service Providers enhance value for their small to medium-sized business clients by delivering Fortune 100 tools, tech and talent. As your trusted cybersecurity team, Ostra’s ecosystem allows for true remediation and resolution — not just alerts. Learn more about our unique approach to Managed Cybersecurity solutions, or reach out to us anytime to start a conversation on how to partner with us.

women in technology blog slide
Michael Kennedy

The Alliance of Channel Women: Empowering Women In Tech

/in , /by

*This blog post is a guest contribution by Ostra’s founder Michael Kennedy, originally published on the Alliance of Channel Women (ACW) blog.

As someone who’s worked in IT and cybersecurity circles for 20+ years, I know the gender gap persists in all areas of tech — especially cybersecurity. Why is that, exactly?

No, I don’t think the “cyber-sarcasm” vibe is scaring women off. The female contingent in our office regularly humbles me. They are tough and intelligent, and I don’t want to think about the shape our company would be in without their formidable presence.

Yet a 2023 report by Women in CyberSecurity (WiCySrevealed women face two times more exclusion than men in the workplace. Debating whether this exclusion is accidental or on purpose is not the point. This problem needs to be confronted and remedied as soon as possible, and that’s one of the reasons why being a sponsor of the Alliance of Channel Women (ACW) is so important to me as a leader.

Why ACW?

Being an ACW sponsor is one tangible way to help create more opportunities for our female employees. At Ostra, we strive to be a place that proactively recruits, retains and advances opportunities for women in our field. We are passionate about doing our part to close the gender gap by building a strong and gender-diverse workforce in the cybersecurity industry. But we can’t do it alone.

Recognizing the importance of diversity and inclusion isn’t just “the right thing to do.” At Ostra, we have also found it to drive our innovation and success. We’re focused on actively recruiting and retaining women in the IT channel because their contributions make us stronger.

ACW plays a crucial role by serving as a platform for networking, mentorship and advocacy for the women on our team. Collaborating with ACW enables us to build a more inclusive workplace and secure Ostra’s future in the channel. The culture at ACW also aligns closely with Ostra’s approach to building authentic relationships with potential channel partners and strategic vendors (as opposed to using aggressive sales tactics).

The Minnesota Connection

Ostra’s involvement with ACW began in 2023 after a few of our women joined. As a Minnesota-based company, there was no local chapter for Minnesota. In April 2023, Mel Kolinski (Channel Development Director) and Stacey Kusnier (Marketing Director) decided to change that and started the ACW Minnesota Chapter.

As co-moderators, Mel and Stacey have grown the ACW Minnesota Chapter over the past year and put together many valuable events focused on networking, collaboration and thought leadership. These events are designed to support women in the tech industry in overcoming obstacles—such as the recent Bring Your Ally panel, which has inspired other chapters to do similar events.

Starting the ACW Minnesota Chapter has been a game-changer for Ostra. It’s given us a local platform for our female employees to connect, collaborate, and support each other. After seeing the success and the value our women were getting from ACW, becoming a sponsor in 2024 was a no-brainer.

I encourage my industry colleagues to support ACW in any way they can. Help inspire others as a member, attend an event, become a sponsor, or find ways to hire or recommend the women from this incredible network.

About Michael Kennedy

Michael Kennedy is recognized as a cybersecurity industry trailblazer. He founded Ostra Cybersecurity, a company that provides holistic, multi-layered, fully managed Security as a Service to protect businesses of all sizes. Previously, Kennedy led, built and scaled security platforms for Fortune 5 companies before setting out on a mission to protect SMBs.

The idea for Ostra came from his insights gained during 20+ years of working for the world’s largest healthcare provider. Michael was responsible for integrating complex data systems and protecting private data during business acquisitions. He oversaw over 75 acquisitions and supported over 350,000 global employees, protecting sensitive health data and business functionality at each integration.

ransomware
Ostra Cybersecurity

Why SMBs are hot targets for Ransomware (and how to avoid becoming a statistic)

/in , , /by

As we come to the end of Cybersecurity Awareness Month, we’d like to shine a light on the growing threat of ransomware, particularly for small and medium-sized businesses (SMBs). These enterprises often face unique vulnerabilities that make them prime targets for cybercriminals. Understanding these risks is the first step toward effective protection and resilience against such attacks.

SMB Vulnerability to Cybercrime

Although today’s businesses of every size are busy navigating data security issues, cybercriminals know that small and medium-sized businesses (SMBs) are even more vulnerable.

There are 33.3 million small businesses in the U.S. alone, defined as having fewer than 500 employees. They comprise about 99.9% of all U.S. businesses (Small Business Administration, 2023). For cybercriminals, that’s a wide-open field of prime targets for ransomware.

Why are SMBs more vulnerable? There are several factors, including:

  • Smaller IT/security staff and infrastructure
  • Lack of awareness or knowledge about how to protect themselves
  • A false sense of security (e.g., “criminals only target huge companies”)
  • Belief they cannot afford to implement the same robust safety measures as larger firms

Some SMBs rely on consumer-grade, off-the-shelf solutions to protect their data. But SMBs deserve a better approach to protecting one of their most valuable assets—their data, and their customers’ data.

Know Your Risk

Consider these alarming statistics about the impact of cyberattacks on SMBs:

SMB Ransomware Statistics Graphic

1IBM Data Breach Action Guide (2024). 2 Cobalt Top Cybersecurity Statistics for 2024.3 IBM Cost of a Data Breach Report (2024). 

Here are a few additional facts that show why it’s important for SMBs to protect their data: 

  • 43% of small businesses were targeted by internet criminals in 2023. Source: Embroker 
  • 300,000 thousand new pieces of malware are created daily. Source: TechJury 
  • Globally, 30,000 websites are hacked every day. Source: TechJury 
  • The World Economics Forum said respondents ranked cyberattacks as the fifth largest global risk concern. Source: WEF Global Risks Report 2024  

The Safety Disconnect

In a recent report by Devolutions, they found that 80% of SMBs view themselves to be “well-protected” against cyber-attacks, but less that 60% are actually using tools like passwords managers, 2FA, and cybersecurity training to stay protected. 

After their 2023 global ransomware survey: The Risk Perception Gap, Open Text stated: 

“A majority of SMBs (90%) […] feel extremely or somewhat concerned about ransomware attacks. […] Despite concerns, there is a serious disconnect as a surprising 65% of SMBs […] either don’t believe or aren’t sure they are ransomware targets.” 

Awareness Inspires Prevention

Many ransomware perpetrators try to gain access to data through human error, weak or compromised passwords, or even by attempting to get a company insider to assist them. That’s one reason that Ostra advises SMB clients to raise awareness among employees about data security. Staff who are trained, aware and committed to data privacy can provide an invaluable layer of defense against ransomware. 

The Ransomware Attack that Sparked Ostra

Cybersecurity trailblazer Michael Kennedy started Ostra Cybersecurity after a ransomware attack wreaked havoc on his friend’s small business. Read the full story here.

Ostra was founded with the belief that SMBs should be able to access the robust, layered data protection tools and strategies that the world’s largest companies rely on. Ostra’s managed cybersecurity solutions offer Fortune 100-caliber, 360-degree protection that allows companies of all sizes to protect their most valuable asset—their data.

Ready to learn more about how to prevent ransomware and other cyber threats from impacting your company or your clients? Contact Ostra today.

Michael Kennedy

Let’s Get Real: Transparency in the Cybersecurity Community 

/in , /by

Over the past couple of years I have spoken with a lot of MSPs at various industry events about trust and transparency—or, frankly, the lack of it—within the cybersecurity community.

Lately I’ve been talking about transparency even more, especially surrounding the recent website launch of a cause that I’m super excited about: the Truth In Cyber movement 

Those who know me are well aware of my sense of urgency around this topic, as well as my frustration with some of the cybersecurity culprits that continue to rely on mystery and smokescreens as a means to sell more solutions.

So, based on the positive feedback I have received from colleagues who don’t mind getting real in order to solve problems, I’d like to unpack how “transparency” and cybersecurity can work better together in the future.  

THE FEAR OF TRANSPARENCY

Unfortunately, transparency is much harder to find than it should be in the cybersecurity industry. In my opinion, fear is at the root of that problem.  

There are a few reasons that it may be tempting for organizations to hide their cybersecurity incidents, whether internally or externally. For example, this article on Forbes.com explores why cyber incidents often go unreported, as well as some tips on what to do about it.  

If we want transparency to flourish within the cybersecurity community, fear-based beliefs need to be replaced with solution-oriented thinking. Below are 3 examples:

With over 20 years of leadership in network infrastructure, security, program management, and M&A integration, I have come face-to-face with the lack of transparency in the cybersecurity industry.

Most of my career was spent helping Fortune 500 and large enterprises navigate various cybersecurity challenges and building effective policies and frameworks to solve them.

Then in 2018, after a friend’s experience with ransomware revealed how much I identify as a “corporate misfit on a mission,” I founded Ostra to make cybersecurity simple, effective, and accessible for businesses of all sizes. At the same time, Ostra strives to lead by example in promoting more transparency in the industry at large.  

WHY TRANSPARENCY MATTERS

Trust is eroded when organizations try to hide things. This is especially true when it comes to cybersecurity capabilities, prevention efforts, or incident reporting. Saying everything is fine (when it’s not) will only delay the inevitable.

If an organization (or team member) is trying to cover up or minimize a data breach, for example, why should anyone believe what they say about other matters that impact their reputation—such as product quality, workplace culture, financial health, or delivery timelines?  

Admittedly, folks in cybersecurity are notorious for making things sound more mysterious and complicated than they need to be.

Demanding that clients decipher our cyber jargon to understand where the gaps are in their systems and how their tools interact is not okay. It can be intimidating to ask questions in the presence of other tech egos—as I have personally experienced!    

Recipe for Transparency in Cybersecurity

A transparency revolution would benefit MSPs as well as end-user clients and the cybersecurity community at large. So, how can we ALL step up, keep learning, and do better?

Here are 4 key ingredients that result in the kind of transparency we need in this industry:  

Honesty

  • Avoid hiding behind jargon. Use plain, everyday language that all user levels can understand.  
  • Be transparent in sales and marketing practices. It’s not okay to sell cybersecurity solutions that promise the moon but don’t deliver. Clients shouldn’t have to find out the hard way that their newly deployed solution doesn’t work—or that it just creates more to-do lists for them.  
  • Stop chasing contracts and money. Instead, focus on solutions. What are clients already doing right, and how you can support them if they have cybersecurity gaps?  
  • Use non-predatory practices. Instead of using fear tactics, build trust.  
  • Create a safe space to report incidents. Implement reward-based (vs. shame-based) security awareness training and promote a growth mindset (vs. perfection).  
  • When we really care about our clients, we will prioritize building long-term relationships and earning their trust through problem-solving.  

Self-Awareness

  • Openly recognize that no organization/solution is perfect or ideal for everyone. Cybersecurity gaps leave clients compromised, and one single provider may not be able to do everything you need done.  
  • Stay committed to constantly growing, learning, and improving. It’s essential for security professionals and it’s good for our clients.  
  • Embrace your role as an advocate for your clients. Educate them on cybersecurity tools, resources, and execution best practices that can keep their data safe.  

Accountability

  • Take ownership and solve it. No more finger-pointing at other providers (or clients) when things go wrong.  
  • Culture matters. Curate a talented, dialed-in team that cares about clients.  
  • Collaborate with industry partners and peers. Consider donating your time, talents, and other resources to bettering the industry as you prioritize service vs. sales quotas.  

Transparency

  • Give and receive constructive feedback. None of us should be too strong (or fragile) to admit when a new approach might be in order.  
  • Build trust with outside vendors and even “competitors.” Hoarding information does not help us serve and protect our clients—work with multiple partners and use referrals as needed to find the best solution.  
  • Be clear about your solution’s strengths as well as its limitations. Since there is no “catch-all” solution for cybersecurity, be sure your clients know who is responsible for solving and remediating any cybersecurity issues that come up.   

TAKE THE TRUTH IN CYBER PLEDGE

As I mentioned at the start of this article, my colleagues and I recently launched an independent movement called the “Truth In Cyber” Initiative.  This movement is designed for IT leaders and vendors who are tired of the status quo and want to join us to help change the industry. Please consider visiting TruthInCyber.org to learn more, take action by signing the Pledge, and spread the word.  

Bottom line? As a cybersecurity community, let’s work on becoming more transparent with each other and our clients. It won’t happen overnight; changing habits and building trust takes time. But in the interest of fighting cybercrime more effectively on every front, I hope you’ll join the Truth In Cyber movement. 

Cybersecurity Solutions for SMBs
Ostra Cybersecurity

10 Tangible Cybersecurity Solutions for SMBs During Cybersecurity Awareness Month

/in , /by

As we observe Cybersecurity Awareness Month 2024, small and medium-sized businesses (SMBs) must acknowledge the complexity of cyber threats, move beyond awareness, and implement practical cybersecurity solutions. At Ostra Cybersecurity, we understand that SMBs need more than just a list of issues—they deserve real, actionable solutions that offer genuine protection.

The SMB Cybersecurity Challenge

Many SMBs find themselves overworked and alert-fatigued when it comes to cybersecurity. The constant barrage of threats can be overwhelming, especially for businesses with limited resources. According to a recent National Cyber Security Alliance study, 60% of small businesses that suffer a cyberattack go out of business within six months. This statistic underscores the critical need for robust cybersecurity measures.

Ostra’s Approach to SMB Cybersecurity

Multi-Layered Protection

At Ostra, we believe in a holistic approach to cybersecurity. Our multi-layered Security-as-a-Service model is designed to protect your business from cyber criminals on multiple fronts. This comprehensive strategy ensures that no stone is left unturned when safeguarding your digital assets.

Simplified Managed Cybersecurity

We understand that cybersecurity can be complex and overwhelming. That’s why we’ve made it our mission to simplify managed cybersecurity, making it more accessible to businesses of all sizes. Our solutions are designed to streamline your operations while providing robust protection.

Full-Service Resolution

Instead of just highlighting problems, we are focused on delivering solutions that offer real resolution. Our team works tirelessly to address cybersecurity issues head-on, providing peace of mind and allowing you to focus on your core business activities.

10 Tangible Cybersecurity Solutions for SMBs

  1. Implement Automated Threat Detection and Response: Utilize advanced threat detection systems that automatically identify and respond to potential security breaches. This proactive approach significantly reduces the risk of successful cyberattacks and minimizes response times.
  2. Enhance Security Awareness Training for Employees: Develop comprehensive training programs to educate your staff about the latest cybersecurity threats and best practices. An informed workforce is your first line of defense against cyber threats. Regular training sessions and simulated phishing exercises can dramatically improve your overall security posture.
  3. Adopt a Security Information and Event Management (SIEM) Solution: Implement a SIEM solution that provides real-time analysis of security alerts generated by your network hardware and applications. This allows for quick identification and response to potential security incidents, giving you a holistic view of your security landscape.
  4. Conduct Regular Security Assessments: Perform periodic security assessments to identify system vulnerabilities. These assessments should include penetration testing, vulnerability scanning, and risk assessments. Use the results to prioritize and address security gaps.
  5. Develop and Maintain an Incident Response Plan: Create and regularly update an incident response plan. This ensures that your team is prepared to act swiftly and effectively in the event of a security breach. The plan should outline roles, responsibilities, and step-by-step procedures for various types of security incidents.
  6. Implement Multi-Factor Authentication (MFA): Deploy MFA across all critical systems and applications. This additional layer of security significantly reduces the risk of unauthorized access, even if passwords are compromised. According to industry studies, MFA can prevent over 99% of account compromise attacks.
  7. Adopt a Managed Cybersecurity Solution: Consider leveraging a managed security solution that offers scalable, flexible protection that grows with your business. These solutions are particularly effective for SMBs with limited IT resources, providing enterprise-grade security without the need for extensive on-premises infrastructure.
  8. Implement Network Segmentation: Divide your network into smaller, isolated segments to limit the spread of potential breaches and protect your most sensitive data. This approach contains threats and minimizes the impact of a successful attack on your overall network.
  9. Establish Continuous Monitoring and Threat Intelligence: Implement 24/7 monitoring services and up-to-date threat intelligence to protect your business around the clock. This proactive approach helps identify and mitigate threats before they cause significant damage.
  10. Ensure Compliance Management: Stay informed about and compliant with relevant industry regulations and standards such as GDPR, HIPAA, and PCI DSS. Implementing compliance measures not only helps avoid penalties but also strengthens your overall security posture.

The Ostra Advantage

Clearly, it takes a great deal of intention and effort to secure a business against current levels of threat exposure and sophistication. It can overwhelm SMBs, leaving them uncertain if they are doing enough.

Ostra’s multi-layered approach to SMB cybersecurity provides holistic protection against cyber threats while simplifying the process for businesses of all sizes.

At Ostra, we pride ourselves on offering a unique and highly effective approach to SMB cybersecurity. Our managed cybersecurity solutions are designed to provide tangible results and address the specific needs of small and medium-sized businesses.

Some key advantages of partnering with Ostra include:

  • Expertise: Our team comprises experienced cybersecurity professionals well-versed in the latest threats, trends, and best practices.
  • Affordability: We understand that SMBs have limited budgets. That’s why we offer cost-effective solutions that don’t compromise quality or security.
  • Simplicity: Our goal is to make managed cybersecurity as easy and hassle-free as possible for our clients. We handle everything from setup to maintenance, allowing you to focus on your core business activities.
  • Flexibility: Ostra offers scalable solutions tailored to your specific needs. As your business evolves, we can adapt our services to ensure ongoing protection.
  • Peace of Mind: With Ostra by your side, you can rest assured that your business is protected against cyber threats, which will give you peace of mind and allow you to focus on growth and success.

As Your Trusted Cybersecurity Team(TM), Ostra is committed to breaking down industry silos and simplifying complex subjects with transparency. We’re not just a service provider; we’re your partner in the fight against cyber threats.

Our Channel Partner Program allows us to work closely with Managed Service Providers (MSPs), consultants, and other IT professionals to deliver best-in-class managed cybersecurity solutions.

This collaborative approach ensures you receive comprehensive protection as part of a broader IT services strategy.

Conclusion

This Cybersecurity Awareness Month, take the step from awareness to action. With Ostra’s smart, simplified managed cybersecurity solutions, you can protect your SMB from cyber threats while streamlining your operations. Don’t just acknowledge the importance of cybersecurity—implement tangible solutions that offer real protection and peace of mind.

Ready to secure your business with enterprise-grade cybersecurity tailored for SMBs? Contact Ostra today for a free consultation and discover how our managed security services can safeguard your digital assets.

Related articles:

Eunice Asemnor

Cybersecurity Best Practices: 4 Risky Mistakes to Avoid From a SOC Expert

/in , /by
As a SOC analyst, I am trained to spot the trouble that lurks online. It’s my daily mission to monitor, detect, and respond to cybersecurity threats on behalf of our clients. In our digitally-focused society, most people now spend a significant amount of their time online—whether for work, play, or just staying in touch with loved ones. Therefore, cybersecurity is becoming increasingly crucial as our mistakes, lack of awareness, or momentary lapses in judgment leave us vulnerable to dangers online.

While stopping 100% of security incidents is impossible, our team runs into quite a few threats and incidents that could have been prevented through more public awareness of some simple best practices.

Following are four common mistakes we see people making every day, along with some tips on how to avoid them. These suggestions are simple but very important steps anyone can take to better protect themselves and their organizations online.

1. Use Strong (Not Recycled) Passwords

One of the most frequent mistakes individuals make is using weak or recycled passwords. This is done mostly because it can be difficult to remember complicated passwords for numerous accounts. It is tempting to use an easy password such as “123456,” a birthday, or even a high school graduation date on multiple sites for convenience. However, this approach is just what hackers are hoping for. If a hacker cracks that one password, they can use it to access multiple accounts.

Recently we saw a real-life example of this with a user who used the same simple password for email and social media accounts. Unfortunately, a hacker accessed one social media account through that password and quickly tried the same one on an email account. The hacker gained access to even more sensitive information like bank details and personal files. When this happened, we immediately reset all passwords, enabled multi-factor authentication (MFA), and closed out all active sessions running on the account as a precautionary measure.

Using strong passwords for each account (each with a unique combination of letters, numbers, and symbols) is essential for protecting your online presence. Using a reputable password manager app is another way to safely keep track of passwords, ensuring protection without the need to memorize them all.

2. Take Action on Updates

We’ve all experienced that moment when a pop-up reminds us to update our phone or computer, but the timing feels off, or we’re too busy, so we click “Remind me later” (again and again). This small act of procrastination might seem harmless, but it can open the door to serious cyberattacks.

Most updates contain critical security patches that fix vulnerabilities in a device’s software or operating system. By continually postponing them, you may expose your devices to potential threats that could have easily been prevented.

As the saying goes, “An ounce of prevention is worth a pound of cure,” and this couldn’t be truer in the digital world. To avoid unnecessary risks, enable automatic updates for your devices and make it a habit to update apps, software, and systems as soon as they are available.

3. Recognize Signs of Phishing Scams

Cybercriminals have become more sophisticated in their phishing tactics. By sending bogus emails or messages that appear to be from reputable businesses or even people you might know, they make their scams more difficult to detect.

At Ostra, we fight against phishing very heavily. We once had a client who reached out to us when their spouse almost fell victim to a phishing scheme targeting their home computer. After receiving an email warning that the computer had viruses and that she needed to take immediate action, the client’s spouse got on a call with the threat actor. Things even got to the point where the cybercriminal persuaded her to download Remote Desktop Manager (RDM) software. Luckily, the client walked into the room and overheard what was happening before any credentials or machine access was shared. The user immediately contacted us and we took the necessary steps to remediate the situation.

Phishing scams are known for urging people to “act fast” or take advantage of deals that are too good to be true, which should immediately raise red flags. The idea is to deceive people into disclosing important information like login passwords, credit card data, or social security numbers. To protect yourself, be wary of unsolicited emails or communications—especially those asking for personal information or payment. Further, verify the source by checking the sender’s email address or looking on the company’s official website to find a contact number and call it directly for verification.

If you think you accidentally clicked on something you shouldn’t have, report it to your IT team or service provider immediately. The faster your security team can be aware of an issue, the faster they can work to contain it. Security professionals understand that everyone is human, and we’ve all clicked on things that later turned out to be a bad idea. At Ostra, we infuse security awareness training into our culture through security awareness training, phishing testing, and encouraging users to report all possible issues. And we encourage our clients and partners to do the same within their organizations. This approach helps ensure continuous learning as we all strive to make our organizations safer.

4. Protect Your Privacy on Social Media

Sharing our lives online can be fun, but oversharing personal details can turn us into easy targets for cybercriminals. Posting information such as your full birthdate, location, or answers to common security questions—such as your first pet’s name or where you grew up—can give hackers the tools they need to access your accounts. Cybercriminals often use this information for social engineering, manipulating their targets into revealing even more personal data or tricking companies into granting them access to personal accounts. To stay safe, be mindful of what you share online, review and adjust your privacy settings on social media often, and think carefully before posting anything that could potentially be used against you.

In conclusion, it is critical to understand the risks and take proactive measures to protect ourselves from cyber threats. While it’s easy to develop security-compromising habits, making simple changes can drastically lower your chances of a cyberattack. Strengthening your passwords, upgrading your software, remaining attentive to phishing schemes, and being cautious while using social media are foundational actions we can all take to be more secure online.

Remember, cybersecurity is more than just avoiding threats; it is about developing habits that protect personal information. Contact Ostra to learn more about creating a strong cybersecurity strategy and educating your employees so they can navigate the digital world with confidence.

 

Ostra Cybersecurity

FTC Safeguards Rule: Essential Guide for Business Compliance

/in , /by

With the updated Federal Trade Commission (FTC) Safeguards Rule in effect as of May 2024, you may be wondering: How will your firm find the extra time to check all the boxes necessary for FTC compliance? Are there any shortcuts? It’s a fair question, given all of the other demands on financial institutions, MSPs, and other service providers. 

FTC Safeguards Rule

As a quick refresher, the updated Federal Trade Commission Safeguards Rule is legislation designed to protect the availability, confidentiality, and integrity of customer data. This impacts nearly any business that handles or maintains nonpublic personal information.  

Assuming your business touches this kind of data, you may benefit from a cybersecurity provider with the capacity to support you in your compliance efforts—as either an active participant or as an advisor. (Tip: If you don’t have a clue about whether you need to worry about the FTC Safeguards Rule, your service provider can probably answer your questions about that as well.) 

8 Avenues of Support 

Here are 8 ways a cybersecurity partner can support your journey to FTC Safeguards Rule compliance: 

  1. Act as a trusted liaison for all cybersecurity operations. This includes working with the designated client security officer or owner in the security solution planning, setup and operation, and coordinating communications and reporting as appropriate with that designee. 
  2. Partner with risk consultants to fix system vulnerabilities. Your cybersecurity team should be able to work with your preferred information security risk consultancy or recommend a qualified provider to perform periodic risk assessments of your environment. Based on that information, your cybersecurity provider can add value by working with that respective firm to remediate any in-scope vulnerabilities. 
  3. Proactively prevent threat access. Your cybersecurity partner needs to be continuously monitoring for access rights escalation/modification, unknown or undefined network devices, and applicable data encryption and data exfiltration activities. One benefit of using a SOC-as-a-Service is the opportunity to receive real-time threat detection as well as historical/trend analysis to ensure any potential threats are identified proactively. Additionally, the right SOC team will follow strict processes for change management, multi-factor system access, and secure data destruction of expired logs. 
  4. Test and report on the effectiveness of safeguards. Make sure your cybersecurity provider participates operationally in both planned and unannounced client testing activity, and validates the effectiveness of the safeguards. Reporting can then be made available to measure the consistency and effectiveness of the systems and processes in place. 
  5. Elevate security awareness. Comprehensive information security and awareness training is an integral part of any serious effort to safeguard data. Your training program should cover periodic and scheduled activities, as well as detailed compliance reporting. 
  6. Measure security compliance. Ask your provider to help you continually measure and improve your safeguards while monitoring your compliance with information security policies and procedures. 
  7. Identify threats and remediate incidents. This includes containing, eradicating, recovering, and documenting threats as they are identified. If a significant or extended outage occurs, your cybersecurity provider should be able to support your Incident Response plans and policies as an active participant throughout the incident lifecycle. 
  8. Improve transparency with stakeholders. Your cybersecurity partner can provide system reporting and service activity details to the designated security officer for periodic board reporting. 

At Ostra, we enable our partners and clients to execute many Safeguard Rule requirements by directly supporting them and other service providers. If you have questions about navigating compliance, please reach out to our team today. 

Ostra Cybersecurity

Ostra Cybersecurity Expands – Hires Jackson Buelow

/in , /by

Jackson Buelow hired as Account Executive to serve Ostra’s growing base of SMB clients

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for businesses of all sizes, recently welcomed Jackson Buelow as an Account Executive.

This new addition to the business development team is the latest example of Ostra’s growth while furthering its mission to protect small and medium-sized businesses (SMBs). 

As an Account Executive, Jackson will focus on understanding and addressing the unique needs of Ostra clients to provide managed cybersecurity solutions they can rely on.

With a background in IT services and data protection, Jackson will work closely with clients to identify and address their cybersecurity gaps while also supporting customers referred by Ostra’s growing Channel Partner network.  

“We are thrilled to welcome Jackson Buelow to this role that is integral to Ostra’s growth,” said CEO Andrew Tewksbury. “With his extensive experience in the cybersecurity sector, we are confident in Jackson’s ability to help our clients achieve superior protection for their businesses.” 

With a focus on being the Trusted Cybersecurity Team for its clients and partners, Ostra’s market niche is ensuring that top-notch data security solutions are accessible for SMBs. Its fully managed cybersecurity solutions fill cybersecurity gaps with a holistic approach for today’s business owners and IT leaders. 

Jackson graduated from the University of St. Thomas Opus College of Business with a degree in Entrepreneurship. Before joining Ostra, he worked as a Channel Account Manager for a data protection and business continuity solutions company, overseeing 300 MSP accounts and driving growth opportunities across multiple regions. He looks forward to building authentic relationships while serving as a trusted resource for Ostra’s growing base of SMB clients. 

“My previous experience ignited my passion for cybersecurity,” Jackson said. “I am excited to contribute to Ostra’s ongoing success by helping our clients achieve optimal security.” 

Connect with Jackson on LinkedIn or email him at jackson.buelow@ostra.net

Ostra Cybersecurity

Ostra Cybersecurity Launches “Truth In Cyber” Initiative 

/in , /by

Ostra Cybersecurity is proud to announce the launch of a new initiative conceived by our founder, Michael Kennedy: the Truth In Cyber Pledge. This movement is designed for IT leaders and vendors who are tired of the status quo, and want to join us to help change the industry.

What Inspired this movement? 

Throughout his career as a cybersecurity industry trailblazer, Michael Kennedy noticed a growing problem with service providers in the cybersecurity space: a lack of transparency.  

Thanks to a highly saturated and competitive market, Michael saw that many technology providers and MSSPs are losing sight of their core purpose—which is to help clients prevent and recover quickly from cyberattacks.

“Some providers have resorted to promoting a particular product or service—even when they know it’s not the right solution for a customer,” Kennedy said. “As a result, we are all losing the war on cybercrime.” 

To change this narrative, Kennedy and Ostra Cybersecurity decided to sponsor a new movement that calls on technology, IT, and cybersecurity solution providers to be intentional about collaborating and working transparently with clients, peers and competitors. Visit TruthInCyber.org to learn more and sign the Truth In Cyber Pledge. 

What’s in the Truth In Cyber Pledge?

The Truth In Cyber Pledge seeks to establish a culture of accountability and transparency within the cyber community that will help us create a united front to win the war on cybercrime. 

Key attributes of the Pledge include:

Honesty 

  • Using plain, everyday language that all user levels can understand 
  • Using transparent sales & marketing practices 
  • Using non-predatory practices (no fear tactics) 

Self-awareness 

  • Openly recognizing their organization/solution is not perfect or ideal for everyone 
  • Commitment to constantly growing, learning, and improving for the good of clients 

Transparency 

  • Being open to giving and receiving constructive feedback 
  • Sharing critical information with competitors and other vendors in the interest of serving and protecting clients 

Accountability 

  • Educating others as the first priority (over sales) 
  • Seeking collaboration with industry partners 
  • Donating time, talents, and other resources to bettering the industry 

 

Sign the Truth In Cyber Pledge:

Join other committed cybersecurity leaders and sign the Truth In Cyber Pledge! Take a stand against the shadows of cyber-confusion in our industry—and let’s win the cyber war through a united front of transparency. 

About Michael Kennedy

Michael Kennedy led network infrastructure, security, program management, and M&A integration teams for over two decades. But then a defining ransomware event changed his focus forever—when his friend’s small business was the target of a cyberattack.

Building on his experience building multi-layered cybersecurity solutions for some of the world’s largest corporations, Michael founded Ostra Cybersecurity in 2018 to protect SMBs — a historically marginalized community in our industry. 

Do you have questions about the Truth In Cyber movement? Reach out to Michael Kennedy on LinkedIn

Are you ready for a refreshingly honest approach to cybersecurity? Connect with Ostra to see how we can make a difference for your firm or your SMB clients today. 

Ostra Cybersecurity

Deb Peterson Joins Ostra Cybersecurity Operations Team Expansion

/in , /by

Deb Peterson will champion the client experience and streamline operations as the company scales. 

Deb Peterson joins Ostra

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for small and medium-sized businesses, is thrilled to welcome Deb Peterson as Senior Program Success Manager.

This latest hire confirms our commitment to operational excellence during a season of rapid growth for the company. Ostra’s Operations Team is the force behind its multi-layered, fully managed cybersecurity solutions.

With a focus on being the Trusted Cybersecurity Team for its clients and partners, Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small to medium-sized businesses (SMBs) and the network of consultants, IT, and Managed Service Providers (MSPs) who serve them.

Deb’s association with Ostra is not entirely new; she previously worked with Ostra Founder Michael Kennedy in an IT role at Optum, one of the world’s leading healthcare companies.

“Having had the pleasure of working together in the past, I know firsthand the exceptional skills and dedication Deb brings to the table,” stated Kennedy. “Her wealth of experience will undoubtedly enhance our efforts and drive our mission forward; I look forward to the incredible achievements we will accomplish together.”

This hire demonstrates that in addition to being an innovator in the industry, Ostra is maturing as an organization. In this role, Deb will ensure processes are in place as we continues to scale, in order to keep client protection and satisfaction at the center of what we do. She looks forward to applying her deep cybersecurity industry experience and IT program management skills in this dynamic environment.

“I’ve always had a passion for finding ways to streamline complex initiatives and technology concepts, so Ostra’s approach to simplifying cybersecurity really resonates with me,” Deb said. “I’m honored and excited to be part of Ostra’s mission to protect SMBs.”

Deb earned her Bachelor of Science degree in Business Administration from Metropolitan State University in Minneapolis. Some of the skills she brings to this role include her ability to communicate effectively at all levels—whether translating complex technology concepts to champion the client experience or problem-solving with technology teams to optimize operations.

Before joining Ostra, Deb spent more than 20 years managing retail, healthcare, and banking programs across infrastructure and security platforms for Fortune 100 and privately owned companies.

Her experience includes an international cybersecurity AI proof of concept project, implementing various new security technologies, creating security processes, and tightening security controls following major security breaches.

Welcome to the Ostra team, Deb!

Connect with Deb on LinkedIn.

Title image with woman holding coffee cup imprinted with "The Real Deal with Authenticity In Cybersecurity Sales accross the bottom
Mel Kolinski

The Real Deal: Building Authentic Relationships in Cybersecurity Sales

/in /by

The Current Landscape of Cybersecurity Sales

As a sales leader in the IT channel, my LinkedIn feed is constantly flooded with posts from colleagues touting the latest buzzwords and themes. We’ve all seen topics like AI-assisted cold calling, tips for shortening the sales cycle through automation, and many other ways to remove humans from the sales process or move deals through the pipeline faster and easier. Another thing I see is posts by vendors showing off the amazing (in other words, very expensive and over-the-top) excursions or trips they are planning for their partners and clients.

But here’s one thing I don’t see too often in my feed: people being authentic. It’s rare to read a vulnerable post by a leader who is sharing a real struggle; or an account manager who understands that trust is the key to growing relationships; or an industry veteran who talks openly about how the IT industry is impacting our mental health. These topics are less sexy and probably don’t get as many impressions, likes, or comments. Yet these glimpses of reality are more likely to help you positively impact your partners or clients.

Why Authenticity Matters

Whether you’re aiming to strengthen your relationship with team members or deepen your connection with clients, below are some things I’ve learned as a sales leader that could help you become a more authentic and effective communicator—especially as an MSP delivering cybersecurity services.

Say YES to Authenticity in Sales

One of the most powerful, yet often overlooked, strategies is to lead with authenticity. In sales, authenticity isn’t just a buzzword or something you can “fake;” it’s a fundamental approach that can transform your relationships, boost your credibility, and drive sustainable success.

In the managed service provider (MSP) industry, where long-term client relationships and trust are paramount, the role of authenticity in sales leadership cannot be overstated. The MSP partners I meet and work with are not just selling a service; they are offering a partnership based on reliability, expertise, and mutual growth. In such a dynamic and service-oriented field, leading with authenticity is key to differentiating your business, retaining clients, and fostering a motivated, loyal team.

Authenticity means being genuine, transparent, and true to your values. As a cybersecurity sales leader, demonstrating authenticity can foster trust, inspire loyalty, and create a positive work culture. Clients and team members can sense when a leader is genuine, and this makes all the difference in building strong, lasting connections—not to mention loyal and happy clients.

Know Your Team

Working in technology, especially cybersecurity, I see the toll our work takes on my co-workers daily. At Ostra, our team works tirelessly to protect our clients’ networks 24/7/365 as we must navigate the constant stress of preventing an incident. The thought that one unseen anomaly or one missed red flag that could impact thousands or cause financial strain or ruin to the SMBs we strive to protect keeps our team on edge and up at night. Additionally, many of our teammates volunteer their time to participate in events such as hackathons, to help bring human traffickers to justice.

Our sense of mission drives our team to strive for perfection, but at a cost. Don’t get me wrong—much of this comes with the territory, as anyone working in cybersecurity knows. At Ostra, our leaders recognize this, and they are intentional about providing support. Read more about how IT leaders can prioritize mental health in this blog by our founder, Michael Kennedy.

One of the ways I personally stay connected with our team is by checking in with co-workers, making sure that they are taking care of themselves and feeling supported in whatever they are going through. Our team understands the importance of maintaining their mental and physical wellness and building the positive culture that we thrive in.

I see so many IT leaders struggling to manage not just the complexities of cybersecurity, but the added mental stress that comes with it. At Ostra, we can take that burden off you. (If this sounds like you and you’d like to talk through strategies, contact us anytime.)

Tips for Authentic Communication in Cybersecurity Sales

1. Stop Cold Calling

No one likes being the recipient of cold calls. I tend to block and delete those that make it to my inbox or voicemail. I’m a little disappointed every time someone connects with me on LinkedIn and then immediately sends me a poorly crafted pitch that often doesn’t relate to me or my company.

Of course, a lot of companies and reps are able to successfully deploy cold calling tactics. But when it comes to selling the protection of a business and its employees from digital predators (i.e., cybersecurity), the chances of folks buying this extremely personal service from someone they don’t know or trust over the phone are extremely unlikely.

In cybersecurity sales, these tactics are antiquated and ineffective—not to mention a big waste of everyone’s time. Using this method could negatively impact your personal brand, in addition to your company.

If you must “cold call,” take the time to actually research your prospect (beyond just their name and job title) and offer ways to add value before you start diving in with your pitch.

2. Leverage Trusted Associations

You can build credibility by networking organically through industry-specific groups, attending events, and volunteering to support the community you work in. Engaging in these activities allows you to meet potential clients and partners in a more relaxed and genuine setting, where you can showcase your expertise and passion without the pressure of a sales pitch.

When you actively participate in industry events and community initiatives, you demonstrate your commitment to the field and to the people within it. This involvement helps you to establish a reputation as a knowledgeable and reliable professional, fostering trust among your peers. This trust is the foundation of an authentic relationship with a prospective partner or client.

People are more likely to do business with those they trust and respect. By building your network through genuine connections and community support, you lay the groundwork for partnerships based on mutual respect and shared values. These authentic relationships are not only more satisfying but also more sustainable, leading to long-term success in the MSP industry.

3. Tell the Truth (and Be Patient)

It takes time to build and nurture authentic relationships. This progress can easily be undone when we are less than truthful.

There are thousands of cybersecurity tools and vendors out there. If you lined us all up and asked us what we do, you would hear a lot of different answers. In our industry, many people misuse words, whether intentionally (to confuse people) or unintentionally (because they don’t fully understand what they are talking about). A great example of this is the misuse of the word “remediation.” For more on this topic, check out this blog.

In my experience, some will use misleading terms to give a prospect the impression they are receiving more services than they are paying for. By doing this, the “mystery” of cybersecurity is perpetuated and SMBs will continue to be leery of cybersecurity services they need. We need to lead the way in being authentic, honest, and transparent with each other and with our clients.

Trust is eroded when people or organizations try to hide things. This is especially true when it comes to cybersecurity capabilities, prevention efforts, or incident reporting. Saying everything is fine (when it’s not) is only going to delay the inevitable. If an organization or team member is trying to cover up or minimize a data breach, for example, why should anyone believe what they say about other matters that impact their reputation—such as product quality, workplace culture, financial health, or delivery timelines?

At Ostra, we value transparency and honesty in our sales approach and we train our partners to do the same. We’re here to help our MSPs sell the right solutions—which means we will NOT sell your client something they do not need.

Conclusion

In summary, effective sales leadership starts with building relationships based on mutual trust and transparency. Once this foundation is established, you can build an organic network through authentic communication, shared community or industry interests, and a reputation for telling the truth.

If you would like to strike up a genuine connection or discuss this topic in more detail, please reach out to me on LinkedIn.

QR code with a pith helmet on it on a jungle background
Eunice Asemnor

Welcome to the QR Code Jungle

/in /by

Heading into the unknown takes some preparation. For example, how many of us would head out to camp overnight in a jungle without protection from the elements, insect bites, or even wild animals? While the prospect of scanning QR codes may not seem that adventurous, it’s a prime example of the tension we see between security and convenience.

The Ubiquity of QR Codes

With only a brief scan, QR codes offer instant access to information and services, making them an indispensable component of our lives. Case in point: Have you ever used a QR code to quickly pull up a restaurant menu, enter a prize drawing, or purchase tickets to a sporting event? QR codes are just about everywhere.

Potential Dangers of QR Codes

But in addition to their ease of use, QR codes could be dangerous for our online safety. We must be extra vigilant and take precautions against threats related to QR codes. Below are some useful tips to keep you safe while entering the QR code jungle.

Pause & Verify

Before scanning any QR code, it is essential to ensure your security by pausing to verify its source. Pay close attention, particularly to QR codes received via email, text, or social media from unfamiliar sources. Threat actors frequently use these channels to distribute malicious QR codes intended to compromise devices or gather personal information.

By being on guard and validating the source of QR codes before scanning, you can mitigate your risk of becoming a victim of a cyberattack.

Use a Legit Scanner

It is crucial to utilize a trusted QR code scanner to mitigate potential security risks. Use a reputable app to ensure reliability and safety. Avoid downloading QR code scanners from third-party platforms or unfamiliar developers. They might harbor malware or pose other security threats.

By adhering to this best practice, you can safeguard your device and personal information against potential vulnerabilities. Prioritize security by choosing a QR code scanner from a trusted and verified source.

Scrutinize Short URLs

When encountering QR codes containing shortened URLs, exercise caution due to the inherent difficulty in discerning their destination websites immediately. These shortened URLs can potentially lead to phishing websites or malicious content, posing security risks to users.

To mitigate these risks, it is advisable to use a URL expanding service that allows you to preview the full URL before directing to the website. By taking this proactive step, you can assess the legitimacy of the site and make informed decisions regarding accessing it. Prioritize your online safety by remaining vigilant when interacting with QR codes containing shortened URLs.

Conclusion

Even though QR codes are handy, venturing into uncharted territory can be risky. But if you follow some simple tips, you can stay safe. Make sure to use trusted QR code scanners, check for any strange signs, and be careful with short URLs and redirects. Stay updated about new threats and trust your gut feeling. By doing these things, you can enjoy using QR codes without sacrificing your security.

If you have questions regarding the safety of specific QR codes or websites, it’s wise to consult your local IT department or Managed Service Provider (MSP). To learn more about how to level up your organization’s data protection through a multilayered approach, contact Your Trusted Cybersecurity Team™ at Ostra.

Ostra Company News
Ostra Cybersecurity

Ostra Cybersecurity Secures $4M in Series A Funding: A Game-Changer for Business and Tech Security

/in , /by

Amplifying Our Commitment: How Investment Translates to Enhanced Cyber Defenses

When it comes to your business’s cybersecurity, one thing is for certain—there’s no standing still. Cyber threats evolve with technology, and as a business owner or IT leader, your resourceful ally in this persistent battle is a managed cybersecurity service that’s dynamic, dependable, and ahead of the threat graph. 

Enter Ostra Cybersecurity, a trailblazer in digital protection, now backed by a significant achievement—the successful closure of our Series A funding round, securing over $4 million led by Rally Ventures.

Why This Matters

This funding milestone signifies more than just financial growth. It signals a seismic shift in our approach to managed cybersecurity. With this influx of capital, Ostra is doubling down on its mission to fortify your business defenses proactively, preempting risks before they breach your systems. 

Enhancing Our Team

As part of our expansion efforts, Ostra is bolstering our customer-facing teams. From customer success to support and account management, every interaction with our clients is strategically aimed at not just resolving issues but anticipating and preventing them altogether. Readiness, agility, and coordinated responses are all benefits you can expect from our Cybersecurity-as-a-Service (CSaaS) offerings. 

Expanding Our Network

Simultaneously, Ostra is ramping up efforts in channel partner development, rallying like-minded organizations to join forces with us. Our expanding channel ecosystem ensures comprehensive coverage across the business landscape, amplifying your defense capabilities at every turn. 

Leadership That Listens

Under the guidance of Andrew Tewksbury, Ostra’s new CEO, we are focused not just on technological tools but also on human-centric approaches to security. Andrew’s vision aligns technology with human foresight, ensuring our solutions remain agile, intelligent, and oriented towards the long-term success of your enterprise. 

Commitment to Excellence

This investment underscores our unwavering commitment to customer excellence. Funds are being allocated to elevate our customer-facing teams to unprecedented levels, ensuring seamless integration of our solutions and round-the-clock support. 

Cultivating Partnerships

Ostra’s spirit is one of collaboration and success, driven not just by funding but by a shared purpose with our clients. This investment allows us to deepen partnerships, tailor solutions, and inject resilience and intelligence into the core of your enterprise architecture. 

Beyond Numbers

Our Series A funding is more than just a statistic; it’s an endorsement from industry leaders and investors who recognize Ostra’s pivotal role in cybersecurity. It empowers us to innovate and deliver on promises backed by collective intelligence and tenacity. 

Building Trust

Trust is the cornerstone of cybersecurity, and Ostra is committed to fostering transparency and integrity in all our partnerships. Our expanding teams and unwavering dedication testify to this commitment. 

The Road Ahead

Looking forward, Ostra is focused on integrating emerging technologies, expanding its industry footprint, and deepening client resilience. Partnering with Ostra isn’t just availing a service; it’s embarking on a journey of continuous evolution and security enhancement. To learn more about how to lean on Ostra as Your Trusted Managed Cybersecurity Team, Contact Us

Full Press Release:

 

CYBERSECURITY POWERHOUSE OSTRA ANNOUNCES LARGEST ROUND OF FUNDING TO DATE BRINGING AN ADAPTIVE SOLUTION TO SMBs

Funding led by Rally Ventures will further accelerate Ostra’s rapid growth with investments in numerous customer-facing areas of the business.

MINNEAPOLIS, MINN. / April 09, 2024 / — Ostra Cybersecurity, a company whose holistic and fully managed Security as a Service is revolutionizing how cybersecurity is delivered to small and mid-sized businesses, announced the completion of its Series A funding.

The Series A funding, of more than $4 million in total, was led by Rally Ventures, with participation from founding investor Jeff Cowan. To date, Ostra has raised $10 million from investors, with most funds coming in the past 18 months based on the rapid rise in demand for a complete managed offering tailored to small and mid-sized businesses (SMBs).

This latest funding news follows on the heels of Ostra’s recent announcement that Andrew Tewksbury is the company’s new CEO. Together, these developments will enable Ostra to accelerate its growth while leveraging a channel first model to fulfill its mission of protecting SMBs.

“Today, it’s no longer optional for businesses of all sizes to secure their systems and data,” Tewksbury said. “This latest funding will help us fast-track some key business development and operational initiatives to expand our quickly growing channel partner program and protect a gaping hole in cybersecurity for all SMB clients.”

The most recent round of funding will help fuel Ostra’s go-to-market engine. The company plans to nearly double its customer-facing teams in areas such as account management, channel marketing, customer success, and support. Ostra will also continue to build its US based team in channel partner recruitment and support, based on the momentum generated by ongoing initiatives to attract MSPs and others within the partner community.

“The addition of Andrew Tewksbury strengthens an already exceptional executive team with decades of experience in cybersecurity and strategic operations,” said Michael Jennings, Venture Partner at Rally Ventures. “Ostra fills a crucial gap in the industry for SMBs at a time when change is not just necessary, but inevitable. We’re excited to continue supporting Ostra’s journey and confident their platform will be the go-to solution for SMBs seeking to keep their systems and data secure from cybercriminals.”

About Ostra Cybersecurity

As Your Trusted Cybersecurity TeamTM, Ostra makes cybersecurity simple and accessible to businesses of all sizes. Ostra provides its partners and their clients with multi-layered, comprehensive, and fully managed Security as a Service. Ostra’s proprietary solutions combine Fortune 100-caliber tools, tech, and talent to ensure threats are not only detected and hunted, but also fully remediated.

With a mission to simplify cybersecurity for small to mid-sized businesses, Ostra believes everyone deserves best-in-class data protection—not just big business. For more information, visit www.ostra.net.

About Rally Ventures

Rally Ventures invests exclusively in early-stage business technology companies, focusing on entrepreneurs creating major new markets or bringing transformative approaches to existing ones. Since 1997, Rally Ventures’ partners and venture capital industry veterans have invested in or run early-stage enterprise business-to-business technology companies with a proven ability to deliver superior returns regardless of the overall market environment. For more information visit rallyventures.com.

Read the full Press Release

Andrew Tewksbury, CEO, Ostra Cybersecurity
Michael Kennedy

Embracing New Leadership with Andrew Tewksbury

/in , /by

A Message from Our Founder

Introducing Andrew Tewksbury, CEO, Ostra CybersecurityI am thrilled to share some exciting news with our partners, clients and supporters. Today marks a significant milestone in our journey as we welcome Andrew Tewksbury as our new Chief Executive Officer—leading us into a new era of success.

Andrew’s arrival represents more than just a change in leadership; it symbolizes our commitment to continuous growth and innovation in the cybersecurity landscape.

With his wealth of experience and strategic vision, Andrew is poised to propel Ostra to new heights, solidifying our position as a trailblazer in safeguarding small and mid-sized businesses (SMBs).

Our decision to embrace a collaborative leadership model underscores our dedication to remaining a mission-driven company while driving sustainable growth. Together with Andrew and our seasoned executive team, including myself, we are poised to accelerate our growth strategy and advance our mission of protecting SMBs.

Andrew brings a wealth of experience and expertise in the cybersecurity industry, along with a proven track record of Go-To-Market leadership and strategic vision. His passion for technology, commitment to excellence, and mission-based values resonated deeply with me and the entire Ostra team, making him the perfect fit to guide us through our next phase of continued growth. I am eager to partner with him in strengthening our market position and delivering exceptional protection to our partners and clients.

As I take a moment to look back on the remarkable journey Ostra has embarked on since we started in 2018, I am filled with anticipation for the future under Andrew’s leadership. With him at the helm as CEO, I am genuinely excited about the prospect of dedicating more time to what I am most passionate about – educating others via speaking engagements, forging strategic partnerships, and finding innovative solutions to cybersecurity challenges. These are the things that fuel my spirit, and, most importantly, hold the potential to yield the greatest impact for our company and the communities we serve.

As we write the next chapter of Ostra’s success story, I am confident that with Andrew’s leadership, combined with the dedication of our amazingly talented team, we will continue to revolutionize cybersecurity for SMBs and the partners who serve them.

Thank you to our entire community of clients, partners and supporters for your belief in our mission, with special appreciation for the Ostra team. Your commitment to protecting our clients fuels our journey, and I’m endlessly grateful for each of you as we embark on this exciting chapter together.

-Michael

Read the official press release. 

laptop with tax scam alert on fishing hook
Eunice Asemnor

4 Tips to Avoid Online Dangers During Tax Season

/in , /by

Stay Safe From Cyber Threats This Tax Season.

As tax season approaches, both individuals and businesses must prepare to file their returns. Since threat actors ramp up their efforts to exploit vulnerabilities and launch cyberattacks during this time, it’s important to make sure you are safeguarding sensitive financial information.

How do you prevent your company, your clients, or your employees from falling victim to identity theft, financial fraud, and other cyber threats over the next several weeks? In this blog, we will walk through some very simple and practical tips to navigate through cyber threats and effectively protect your data during tax season.

Note: In case you missed Ostra’s blog published around this time last year, be sure to check it out: Spot The Signs Of Tax-Time Phishing Scams.

Tip #1: Choose Powerful Passwords

The first step to safeguarding your data during tax season is updating and strengthening your passwords. This is one of the simplest yet most effective ways to enhance your security. Don’t make it easy for attackers to guess your credentials and harvest your data.

Here are some best practices when it comes to passwords:

  • Opt for a combination of letters, numbers, and special characters.
  • Steer clear of using easily guessable information such as your name or birthday.
  • Don’t use the same password in multiple places—I know, I know—easier said than done right?

To help you create passwords that meet these criteria, consider using a reputable password manager app—there are many options such as 1Password, LastPass, or RoboForm. A password manager allows you to generate and store complex passwords securely and conveniently—which means you won’t need to sacrifice security for convenience.

Tip #2: No Easy Access

Another way to enhance your overall cybersecurity posture and keep sensitive financial information safe is by enabling Multi-Factor Authentication (MFA). With MFA, users are required to provide two forms of identification before accessing an account. It typically involves a verification code sent via text, email, or through a dedicated application.

By implementing MFA, the risk of unauthorized access to financial accounts is significantly reduced. Enabling MFA provides an additional layer of security during tax season and beyond.

Tip #3: Spot the Fakers

During tax season, it is crucial to BEWARE OF PHISHING. According to Cloudflare, 90% of successful cyberattacks start with email phishing attempts. Threat actors frequently send fake emails masquerading as legitimate tax authorities or financial institutions.

To mitigate risk, always verify the sender’s email address and refrain from clicking on any links or downloading attachments from unknown sources. Be assured that legitimate institutions DO NOT request sensitive information through email. By remaining vigilant and skeptical of unexpected or suspicious communications, individuals and businesses can better protect themselves from phishing scams that could compromise their financial data.

Tip #4: Inspect Your Statements

The final tip to help you avoid tax-time cyber threats is to monitor your financial statements regularly. By carefully checking your bank and credit card statements for any unauthorized or suspicious transactions, you can keep an eye on cyber threats and take action before things get out of hand.

If you detect any inconsistencies or irregularities, promptly report them to your financial institution for investigation. Early identification of fraudulent activity is crucial in minimizing potential financial losses and mitigating the impact of cyber threats. Stay proactive and attentive to your financial statements so you can effectively protect your accounts and assets from unauthorized access.

Prevention is the best policy

As tax season approaches, prioritizing cybersecurity is essential to safeguard your financial well-being. By following these tips and remaining vigilant, you can reduce the risk of falling victim to cyber threats, ensuring a secure and stress-free tax season. Remember, staying informed and adopting proactive security measures are the keys to protecting your sensitive financial information in today’s digital age.

Do you want to implement a more proactive approach to cybersecurity? Contact Ostra to learn more about our best-in-class, fully managed cybersecurity services.

title slide
Ostra Cybersecurity

Fireside Chat: Building Your Community in the Cyber Wild

/in , /by

Round Two…

How does one go about building a community in the cyber wild? It starts with networking and connecting with like-minded individuals in the industry. 

In our latest “Fireside Chat,” Ostra Founder and CEO Michael Kennedy chats with Evan Francen, CEO of SecurityStudio, and Frank Gurnee, SecurityStudio’s Channel Director, on the topics of AI and Cybersecurity Marketing. 

There’s lots of great information in the wisdom of these industry thought leaders, from their views on AI to thoughts on the importance of authenticity and honesty in marketing. Listen in and learn from the best on how to build a community in today’s cyber wild. 

AI and Technology 

The conversation begins with AI (artificial intelligence) and its impact on technology. While AI is still in its infancy, tools like Chat GPT have made this powerful technology available to anyone with a computer or a laptop. 

Our panel discusses both the upside and shortcomings of AI in output accuracy and whether it can (or should) integrate into automated processes in information technology and cybersecurity. 

Marketing and Community Building 

The discussion then shifts to marketing and community building. Michael and Evan devote a lot of time to the key elements that form the basis of any technology solution’s marketing strategy. 

Both cite honesty and relational sales methods focused on solving clients’ issues and/or providing quantitative value as the core properties of a sound marketing ethos. 

View The Entire Conversation 

Click on the video link below to watch the entire video chat or scroll down to read the full transcript. 

Resources:

Video Transcript

Frank Gurnee (00:25):

So thanks for joining us again today, guys. We are excited. A lot of what we’re gonna be talking about today was based on your feedback from the last fireside chat we had. So with that, I want to introduce our my esteemed co-hosts here. So first and foremost, we have Michael Kennedy, who’s known as Kennedy. So Michael Kennedy runs Ostra, and Ostra is a managed Security-as-a-Service company. And so done a ton of amazing things in the industry. Been around a long time. As you can see, we all have the gray hair, and we’re just talking about our ages here. So their beards are a little longer than mine though, so I, I gotta catch up guys. So Michael Kennedy, and we’ll call you Kennedy, going forward here. How are you doing today?

Michael Kennedy (01:13):

I’m good, thank you. Thanks for having me. A little, a little cooler here in the office with a big fire back there, but then if I, I have a bright light shining on top of me, so you might get a little bit of that every once in a while, but

Frank Gurnee (01:24):

Yeah, we’ll have to figure out the name. Is it still fireside chat during the summer, right? What the change?

Michael Kennedy (01:29):

Yeah,

Frank Gurnee (01:31):

So also we have Evan Francen. So Evan is the, well, you’re the CEO of SecurityStudio. You are the founder of FRSecure. And just kind of changed spots there as, as CEO to step down, but still a integral part of the whole thing. And man, Evan Francen’s been doing amazing things in this industry for many, many years. And and we’re really excited to have you on as well. Evan, how are you doing today?

Evan Francen (02:01):

Doing well. I’m in Mexico. Looks, it’s good. Yeah.

Michael Kennedy (02:05):

Looks beautiful behind you.

Evan Francen (02:07):

Yeah, it’s good.

Frank Gurnee (02:09):

Yeah, look at those flowers, man. That’s awesome.

Evan Francen (02:11):

Yeah, my wife does those. She did the other ones too. So many flowers. Flowers and throw pillows.

Frank Gurnee (02:18):

Yeah. Love that. <Laugh>.

Evan Francen (02:21):

Not digging the throw pillows, flowers.

Frank Gurnee (02:23):

Well, awesome guys. So, you know, what we heard a lot in the last fireside chat was you know, guys are, are really wondering or wanting to pick your brains around things in the sales and marketing side of things. So we’re gonna get into a little bit of that today. But anybody have any opening remarks? Anything you guys have been seeing out there? Anything you want to talk about that’s kind of hit in 2024 where we kind of jump into those things?

Evan Francen (02:53):

That’s an open, that’s such an open-ended question, right? Yeah.

Evan Francen (02:57):

I don’t know. I was talking to a professor friend of mine this morning from the University of Minnesota, Master’s or whatever, and he got me started on AI and that, that led to a whole long discussion. Yeah, I mean, you could take this anywhere. I don’t even know where to start.

Frank Gurnee (03:19):

Yeah, well, what what Elon just just turned on a new link, so we heard that Right. And we heard obviously AI, man, that’s, that’s kind of going crazy these days, so you’re right. What impacts do you think some of that stuff’s gonna have this year?

Evan Francen (03:36):

Well, it’s like anything, you know, there’s nothing wrong with the tool. It’s are you using the tool? Right. You know it’s about being responsible with the tool. You know, there’s nothing wrong with a table saw, you know, but I wouldn’t give a table saw to a toddler, you know, so I wouldn’t get Yeah. AI is the same way, you know it. So what I use AI for, other than, you know, stuff that other people probably shouldn’t, but is you know, create ideas a lot. I’ll use AI. You know, I’m working on the latest curriculum for securing complex environments. And so I asked, you know, just work with Chat GPT to give me some ideas on what I can create for an exercise for this course. You know, stuff like that. And I was talking to a friend about bias and, and people don’t, and an un an irresponsible way to use AI is to, is to not be discerning with the input, with the output, to not understand where it comes from.

Evan Francen (04:44):

One of the things my father taught me as a child that was, thank God, was always considered the source. And so people, you know, will argue that, well, AI is not biased or whatever. But, so I, I did a demonstration where I asked AI to, if God exists, you know, let’s see the bias. And when you ask a yes no question, and this is a tip for anybody, when you ask a yes no question, the only unbiased response, valid responses are yes, no, I don’t know. Anything else is bias. And so, you know, this long discussion with AI before you finally get to a point where, and it’s talking about its beliefs, and I didn’t ask you about your beliefs. I mean it all the way to the point where it finally admitted it didn’t know. But I think somebody who’s not discerning and doesn’t think critically would’ve taken the first answer that AI would’ve given it, given them and just gone with it, you know? Yeah. And so that led to a whole discussion to this morning about, you know, where AI is going and what I think it’s gonna do to us.

Frank Gurnee (05:54):

Yeah, I think that’s a good point. The source, right? I mean, I mean, because it’s trained, so it’s trained on something from something. And, you know, how accurate was that information that it was fed? You know, what was it provided? That sort of thing. So that makes, makes a ton of sense. Yeah. As far as something that should be a concern to everyone, right? Because especially as you lean more and more on the validity, the information, you know, the, the, is, is this true? Is this not? Or, or you’re just blindly sending it out, right. Which I think a lot of people are using it for content and things like that, that you know, could essentially be completely wrong at the end of the day. And so, you know, that’s put out there and lives on Google and everywhere else as the truth, as fact, and it very well may not be. Yeah.

Evan Francen (06:42):

So go ask AI if God exists and, and play around with it. That’s one of, that’s one of the great questions because us as humans, you know, still debate that all the time, right? Yeah. Belief, belief in faith. But it’s, it is a yes no question. And so the, it’s yes, no, or I don’t know. And anything, you know, beyond that, and the same use, the same thing when you’re talking with people with humans,

Frank Gurnee (07:05):

Prospects, right.

Evan Francen (07:05):

You know, identify, you know, the places where there’s bias and, and then you get to choose which one to do with it. ’cause There’s nothing necessarily wrong with bias, but what’s wrong is bias, ignorance, where you ignore the fact that there is bias. Yeah.

Michael Kennedy (07:20):

Or the, the false narratives. Yep.

Frank Gurnee (07:22):

Yeah. And I, you know, so what’s interesting about this topic, and, and we’re just kind of, kind of talking here, is you know, I, we go to these shows, we go to events, we’re hearing lots about cybersecurity. And man, the buzzword in the industry is AI. I mean, every cybersecurity solution out there is touting some type of AI. We AI this, we AI that, right? So is that just a buzzword or is that, is it truly something that they’re building into these platforms that is good for cybersecurity or I know I know your, your guys take Kennedy as, as people, right? A lot of, a lot of eyes on, on things. So, you know, what’s, what is the difference there? And, and, you know, how would you guys differentiate those two things when we hear this buzzword about AI and cybersecurity so much?

Evan Francen (08:12):

You get to go

Michael Kennedy (08:13):

First, I think. I think I do. Oh, I think there’s a couple per, so it, it got overused in the beginning, especially last, I would say before the Chat GPT and all the different LLM models. Everybody was in AI, AI, AI. And when you look, when you would peel that back, it never really, there wasn’t really anything true, like in, and, you know, as AI stands for and differentiated intelligence, right? So what the way that we look at it is, and why, where we wanna apply it or apply it, is around patterns, noise reduction kind of more of the data analytics, automation, running scripts and putting scripts together, and then automating those scripts to have it look at to help us reduce the noise for our SOC team. I, I, I think that like what Evan was talking about with the Chat GPT and, and how people use it is really going to be where we see some of that, that differentiator of, are they using it for as a tagline, or are they actually trying to use it for a specific initiative?

Michael Kennedy (09:34):

And I think a lot of companies started with it as a tagline and to machine learning and AI, and really but most of it is, is kind of in that, that l lms, the, the language models, the putting, you know, Chat GPT on top of it. But for us it’s, I it’s gonna be probably, it’s gonna be a and it’s, I dunno, it’s like all of those, I think about it is operationally. So IUI use it, I use Chat GPT, you know, to figure out what kind of I itinerary, I want to go on a trip, you know, going down to Mexico, what do I want to do? What are the things that I can do? I look at it to talk about if I, if I’m struggling to write something, then use it as an outline. And it’s the same with the way we as an organization try to use those tools of it’s only as good as the information you put in. And it’s not, it’s not I don’t, I don’t know, I I don’t call it intelligence because it doesn’t, it’s not sentient to me. So I, I call it you know, a bunch of automation scripts that scroll through everything and then help you decide on different parameters that are set. So

Frank Gurnee (10:56):

Yeah, it seems like, it seems like that, you know, AI, at least in my mindset, when all of these vendors, you know, tout AI, it, to me, it, it, it’s almost like, I think of it like, like that’s doing the analyzing or it’s looking at things and it’s, it’s a person which, you know, both, both Ostra and Security Studio, I think think of their services as professional services with people. And people are doing the analyzing and asking the questions and doing all of those things where, you know, it seems like a lot of vendors out there are, you know, again, touting this, this AI type of thing, which makes me think of like a person almost sitting there analyzing or doing these things, which, you know, maybe it’s a misconception. Maybe it’s, we’re just thinking of it wrong. But that’s, that’s how I envision it. Is that how you guys see it as well? Like from a marketing standpoint, what they’re essentially doing?

Michael Kennedy (11:55):

Yeah. And then also from a, well, the way I look at it is, oh, sorry, I’m gonna keep talking. It’s

Evan Francen (12:01):

Operation mean What they’re doing is they’re doing their job, man. Their job is to sell. Yeah, yeah, yeah. And so, yeah.

Michael Kennedy (12:06):

Oh, you almost can’t

Evan Francen (12:07):

Blame them for, you almost can’t blame them for doing it.

Michael Kennedy (12:10):

Yeah.

Evan Francen (12:11):

But it’s, you know, it goes back to the buyer beware too, right? Why would I buy something if I don’t know how to use it, if I don’t know how to use it properly? So why would I even give two craps about AI if I don’t understand how AI would actually benefit me? Right? So, you know, it’s not only do you have to deal with the bias in any AI, any AI, every single AI ever will have bias. ’cause It was written by human beings, right. The, the algorithm. And the second thing about AI that, that I think we often overlook is the, the number of bugs. Mm. That in AI, right? On average, seven to 10 errors per KLOC. A KLOC is a thousand, a thousand lines of code. My truck that I just bought, I was telling you guys about today, has 150 million lines of code in it.

Frank Gurnee (12:58):

Yeah.

Evan Francen (12:59):

You know, and so a security guy like me being a weirdo like me, which, you know, it’s sad that it’s weird ’cause it shouldn’t be weird, is I’m thinking through as I’m driving this truck, like, what happens if the accelerator sticks? What happens if, you know, I don’t know what all the things that these, that the code controls, but I’m trying to think of things that I, I’m gonna do when it goes sideways.

Frank Gurnee (13:24):

Yeah. No longer. Is it just a, you know, a cable that attaches to a, a carburetor and you go, right. Yeah. Especially

Evan Francen (13:31):

Especially something like with AI, when you sell it early on, like they were doing in, in the marketing, that should tell you that there’s a, a rush to production. (Yeah.) Right. There’s a rush to get it out. Well, when you do that, you cut corners. So if in fact it is AI, which it probably isn’t, but let’s say, you know, benefit of the doubt it is AI it’s probably buggy as hell,

Michael Kennedy (13:54):

Right?

Frank Gurnee (13:56):

Yeah.

Evan Francen (13:57):

I don’t like buggy, I don’t like buggy stuff on my network.

Michael Kennedy (14:01):

No.

Frank Gurnee (14:02):

Yeah. It’s something, you know, we combat a lot in the risk management side of things is the automated tools, the AI kind of thing, you know, people out there, oh, you know, you just run this on the network and you have a risk assessment done. And the reality is like, you know, I’m, I’m, I always kind of bring it up, like that’s all well and good. It might tell you there’s a backup on your network, but does it tell you how often it’s backed up when the last time you tested it? No automated tool can tell you that. So you have to ask questions, you have to have that professional approach and talk to people. And I imagine that’s the same, you know, when we talk about AI. So no, that’s fantastic. So down the marketing road, guys, like, you know, one of the things that came up in the last call we had you know, a lot of these businesses want more help in, in marketing and understanding in, in sales and all that good stuff. And you guys have both built, built, successful businesses. And so with that you know, what, what do you guys think are some things you’ve learned over the years marketing your businesses, maybe some failures, some things that you’ve run into that, you know, lessons learned, if anything. Do you guys have any of those? So I don’t, why don’t we start with Kennedy?

Michael Kennedy (15:20):

Oh, I got lots of them. The two or three things that hit the top of my mind is honesty and authenticity is, is the first one. When we are authentic, we go in and we’re transparent in our conversation and, and, and what we’re talking about then then, like our internally, we, if we don’t, we don’t lie. We don’t have to remember the lie, because it’s a lot easier to remember the, the honest truth. The, the other side of it too is I think where we, where we’ve struggled in the past is understanding who our buyer is in the business instead of, you know, we, we talk about, I’ve been in tech industry for quite a while, and where I’ll always end up going is very technical. Start talking about the packets and the widgets and, you know, the, the network design and the security tools.

Michael Kennedy (16:15):

Instead of and like Evan talked about, I think last time, it, it really, it’s pulling that back and it’s understanding the business drivers, understanding the business initiatives. How is that bus, where does security fit into their business plan? And then looking at it in that way, look, working with them as a a business entity rather than someone that’s just, just buying a widget. (Yeah.) And, and when we can, when we can get into that more of that thought leadership and that conversation with them around their business, then we seem to, we do better in that marketing and that, that stream, we get more adoption, we get more interest as well.

Frank Gurnee (16:59):

Yeah. I think that’s a good point, Kennedy, because the, the idea that we’re all kind of tech minded, right? And we, we love the tech side of things. We love everything we’re doing, and we tend to, if we’re the ones in charge of marketing, right? We’re, we’re usually like trying to drive the conversation around the tech and the, the high tech stuff and thinking about our product or our solution and what we do instead of thinking about the customer, what their needs are, who they are, do they even care about the tech, right? All of those things. And I think that’s, that’s one place where a lot of businesses, you know, have a, have the wrong focus or, or have bad, you know, spend money on bad marketing around the tech side of things sometimes. So That’s a good point.

Michael Kennedy (17:46):

I was gonna say, I was gonna say even to check a box too. (Yeah.) And they, they think they need an EDR, so they go buy an EDR, and then they, like we were talking about, they don’t, they don’t know what to do with it. Yeah. And now they have, and, and then they, it’s not configured, it’s not patched, it’s not updated, you know? Anyway, so, sorry, I’ll Yeah,

Frank Gurnee (18:04):

No, no, that, that totally makes sense. How about you, Evan? Any, anything that that comes to mind as far as failures in marketing or, you know, lessons learned things that you’ve done in the past with, with the couple companies that you have?

Evan Francen (18:17):

Yeah. Well, I’m not one, I mean, recognizing my own strengths and weaknesses. I mean, I’m not, I’m not a marketing guy.

Frank Gurnee (18:24):

Yeah.

Evan Francen (18:25):

You know, so, and it, it is funny ’cause when, when I started Security Studio, I, I had a call with Stu Sjouwerman KnowBe4, he’s the guy who started KnowBe4, people who don’t know. And I asked him, look, man, you’ve had so much success before. Where should I spend my next dollar? You know, gimme some advice. And he said, without hesitation, he said, marketing. I was like, marketing, what the hell would I spend money on marketing? That doesn’t make any damn sense to me. So I didn’t, and I think, you know, on, you know, I like, I know better than just do. I’m gonna do what I do <laugh>. And so that was one, what it reminded me is that there is value in marketing for sure. Right? And so then how do you create the right boundaries? And I think FRSecure, you know, on that side, they’ve done a fantastic job at marketing, you know, and they’ve grown enough to have a dedicated marketing team.

Evan Francen (19:22):

Same thing, you know, at, at Security Studio. And I think if you’re, if you’re a mission driven organization, it’s easier to market. (Yeah.) (Sure.) Because there’s things that we will never do. And if I find out about it I don’t know. I never had to, I don’t know what I would do, but it would be bad. And so you never lie to a customer. You never take advantage of a customer, right? (Yeah.) So there’s, there should be value in your service or in your product that you don’t need to exaggerate, that you don’t need to lie, you don’t need to take advantage. I’m, you know, this, this entire industry, the entire information security industry is a service industry. This is not a product industry. And so, keep that in mind when you’re selling products. If nobody knows how to use your damn product, or if it takes five people to, you know, to, to manage your product, weigh that against the value you’re getting out of the product.

Evan Francen (20:17):

I mean, go through this logical thought process because it, you’ll never, you’re never gonna be able to solve the people problem with technology. (Mm-Hmm.) (Yeah.) You won’t be able to solve AI won’t be able to solve it with any kind of spam filtering any other crap you’re putting, putting in place. You know, this is really a, a life issue. So from a marketing standpoint, it’s just tell people the truth. And we found that it only takes three things. I like simple, right? Don’t overcomplicate crap. It takes three things to get a customer trust, credibility, and likability. That’s it.

Frank Gurnee (20:51):

Right?

Evan Francen (20:52):

If they trust you, you’re credible and you’re not a jerk, chances are pretty good. You’re gonna get them as a customer.

Frank Gurnee (20:59):

Yeah. There, you know, there’s a few things that come to mind too in this conversation for me specifically around the business angle and, and marketing. You know, first and foremost, like you said, it’s, it’s, it’s not our wheelhouse, right? As business owners out there, as you know, tech-minded guys, you know, though, though, we’d love to do everything in the business, it’s probably something that we should either bring someone in or hire out to do. The second thing…

Evan Francen (21:29):

I don’t wanna do meetings. No meetings.

Frank Gurnee (21:30):

Yeah. (Right?) Yeah. I mean, and, and, you know, so many, so many business owners get caught up in the, in the little details because again, we’re, we’re tech-minded and focused. The color right? Or the (Right.) Or this you know, font or whatever. But that’s not getting your message out there. And the longer you sit on stew on that kind of stuff, the, the, you know, you’re not going very far while you’re doing that. But you know, another thing. So, so there’s that. Get outta your, get outta your own way, you know, hire someone to do it. The other failure I’ve seen a lot in business is you know, going out and hiring the wrong people and based on on promises, we’re gonna get you this many leads. We’re going to buy this date, have this, right, these, these promises of, of marketing and leads and, you know, generating X amount of business.

Frank Gurnee (22:21):

And you guys, I’m sure have run into this over time in both of the businesses where you’ve sank money into something and it just didn’t come to fruition. And of course, there’s no guarantees, right? They might tell you (Right.) there are, but so you, you really have to be careful there. I’d I’d say, you know, from that, that side, you know, going out and, and doing your research and making sure that, you know, you’re, you’re talking to people who can refer that, you know, a company to you that that’s gonna do a good job for you, I think is, is really important. The last thing I wanna mention, I’ll let you guys both comment on, on these, these things. But the last thing that I wanted to mention was just in that same kind of realm of things, the going out and spending that money and doing that is all well and good.

Frank Gurnee (23:12):

But there is not a guarantee, at the end of the day, you’re, you’re not gonna be guaranteed new business. So where you can almost guarantee business, especially in the MSP world, is your existing customer base. They’re the ones that are gonna refer 90 plus percent of your new business. So go back out to those guys and take care of your existing customers. It’s easy for MSPs to jump, always be looking for the next customer, but there’s so much that you can do with the existing ones. And especially as we build into this cybersecurity realm of things, that’s an area where you really can go back out to those existing customers and, and educate them on what’s going on out in the world. So…

Evan Francen (23:56):

Well, and I can promise (Any takes on that?) I can promise you, I can promise to any customer, and I can promise to any friend. I can promise to anybody that I’ll tell you the truth (Right.) (Mm-Hmm.) you know, and so value the truth, you know, the, you know, that’s why mission is so important to me. It keeps me honest. You know, if you focus on the mission, you’ll make money. If you focus on the money, you won’t make the mission. It’s that simple. And so, and you, you know, you live in a place like this, you know, it’s paradise and, you know, just bought a truck, you know, I mean, money’s not really a, it’s never been a focus for me either, but, but the, the coolest thing about it is I go to bed every single night knowing I never took advantage of somebody.

Evan Francen (24:36):

I didn’t sell them something they didn’t need. I didn’t lie to them to, to get them to buy some service that they didn’t need. I mean, and if I did, it was unintentional, and I need to know about it. You know what I mean? And that’s an open invitation to anybody at any time, because it goes against what I’m trying to be, you know, in the, in this, in this world. So you can always do that. You can always tell people the truth. You know, there’s always times when, yeah, can you do this one thing? No, I can’t do that. Or can I do this one thing? I think I can do, do it, but I’ve never done it before. You know, people love that. I’ve never had a project ever taken from me. I don’t do projects anymore, which is, well, I do projects, but, you know, weird shit.

Evan Francen (25:19):

The but it’s cool because I’ve never had a customer not take me up on that offer before when I was just honest. Like, I was asked to do an FDA validation. Have you guys ever done an FDA validation? Who the hell would ever want to do an FDA validation? But I was asked to do an FDA validation. I was like, so I read about it, I was like, I think I can do it, but I’ve never done it before. And they hired us, you know, and I think I did all right, you know, they still do business with us. But, you know, it’s stuff like that where I think we have to put up this facade like we’re something that we’re not in order to get customers, you know, we focus so much on our competition without realizing that 80% of the market ain’t even doing shit.

Evan Francen (25:58):

So rather than focusing on the competition and trying to beat them out all the time, why don’t you focus on yourself, be the best you can be, market that, and then then you’re not intimidated by your competition, right? Because I’m not competing against you. What I’m trying to do is partner with you so that we can go get the 80% that’s not doing anything, rather than fighting over the 20% that is. So, you know, I think so much of marketing is just, you know, trying to one up each other and it’s all, it’s all bullshit.

Frank Gurnee (26:26):

Yeah. Yeah. That makes sense. That makes a ton of sense. So yeah, with that, I mean, I think, you know, one of the things, so we talked about failures and, and things you shouldn’t do. And I think Evan, your advice to, to someone from a marketing perspective would be to tell the truth. So that, (Always.) that makes, you know, that makes a ton of sense. And I think you absolutely should.

Evan Francen (26:49):

And just to clarify on that too, really quick. ’cause There’s two types of lies. There’s lies of commission and there’s lies of omission. A lie of commission is something that I told you that was outright untrue, right? And then there’s lies of omission. That’s me not telling you something that I should have told you.

Frank Gurnee (27:06):

Yeah.

Evan Francen (27:07):

And so it’s on both sides, the commission, I have the lies of commission, I have like zero patience for. None. (Right.) And you get fired for that. You know, it’s, it’s our number one core value you can’t compromise ever. And then the second one, the lies of omission, I’m a little less of a hard ass on that one, you know? ‘Cause I do that to my wife. I mean, she would’ve left me on that stuff. But, but the lies of commission and, and it, and it’s, so you have to live it out. It has to be part of your being. Like I told I’ll give you an for example. Oscar, Oscar Minks over at FRSecure, he asked if I could run this query for him of on this database right? To get a whole bunch of data for reporting and whatever.

Evan Francen (27:50):

And I told him, yeah, for sure. And then he checked in like a week later, he is like, so, you know, where’s it coming? I’m like, I sent the email off to the developers, you know, I’ll I’ll check in again. And, and then I realized this went on for like a couple weeks. And then I realized on Sunday that I never actually sent the damn email to the developers. And so I called him up on Sunday night. I’m like, dude, I never sent the email. It’s like, oh, that’s all right. And I’m like, yeah, but I gave you the impression that I did. You know, and in my opinion, that’s a lie of omission. I need to come clean on that shit. So, but I mean, you have to have that, that fabric of integrity, I think. And, and if you, unless you want to be, unless you’re in this business to just take advantage of people and make a shitload of money which makes you a target for people like me, which is fine too. I mean, I’m probably not gonna do anything, you know, outright, but I don’t know how you can sleep well at night knowing that you just took somebody’s money and you didn’t provide any value. Value that was commensurate with that money. So,

Frank Gurnee (28:56):

Yeah. Yeah.

Evan Francen (28:57):

It’s gotta start at the top, man.

Frank Gurnee (28:58):

No, that’s great advice. And, and Kennedy, you know, thinking about, you know, our audience here, MSPs, IT business owners, cybersecurity consulting firms, you know, when, when we’re talking about for them going out and marketing to businesses, you know, what advice would you have to, to those guys? As far as, from a business standpoint, from a business owner, like, you know, getting out of their own way kind of thing. What, what, what’s your advice?

Michael Kennedy (29:24):

I mean, honestly, everything we’ve talked about, you know. Tell the truth. Getting out and doing QBRs, understanding the business, asking the questions of, you know, where is the business going? Where are they growing, what new systems they’re buying and, and then working, you know, do they have a compliance, really, they’re trying to win a contract for compliance. So I, I, I always kind of look at this, you know, you talk about the mission before money. I also kind of think of it as, you know, we talk about like servant leadership. It’s also kind of, we’re here to serve our, our customers or our partners and then their, their customers. So that that end business user or that client that gets the emails that does the day to day, that’s the one I’m trying to take care of. And if we, when we go in with that mindset and our, and our partners, MSP partners that have that same kind of mindset of they’re there to help make it easier for that business to do their job you know, really that’s when that net net revenue, net revenue retention just skyrockets, when you carry that mission, mission in.

Michael Kennedy (30:39):

So I mean, it’s, it seems like it should be common sense. I mean, again, going back to telling the truth, you know, I, I don’t, I don’t have to remember the lies. ’cause The truth is reality. So, so…

Frank Gurnee (30:55):

Yeah, I think you’re a hundred percent right. And, and it’s, it’s believing in what you do is, is such a big part of this, right? I mean, like, there’s no gimmicks. You don’t, you don’t have to rely on, on all of that. If one, you’re telling the truth and you truly believe in what you’re doing, if you understand that this is a necessary thing that, that every business owner has to look at, should be doing, should be dealing with, then I think it’s really easy at that point to, to, you know, have people believe you because you know, you, you truly believe yourself, right? It’s just not just something you’re selling. So that’s, that’s, that’s great. I think the last thing on marketing really is, you know, I wanted to hit on was, you know, do you guys think that there’s like specific target markets?

Frank Gurnee (31:41):

These guys should be hitting MSPs who’ve dealt with small businesses for so long or, you know, are we thinking of it wrong? And it really is an opportunity for every business out there. Like, cybersecurity to me is something that is necessary for all businesses. But you know, a lot of people are saying, no, it’s compliance, but it’s this, it’s that. Right? So, but to me, it’s, there isn’t a business out there. I don’t care if it’s the smallest business, the who, you know, it could be the coffee shop down the street. The threat is the same. So to me, that’s, that’s how I think. What do, what do you guys think about that?

Michael Kennedy (32:18):

Yeah. My kid would love to stick a rubber ducky in your POS machine at the coffee shop. You know, so Yes.

Evan Francen (32:26):

Hold on, lemme make a note of that.

Michael Kennedy (32:29):

Oh, yeah. We gotta lock some stuff up. So I, I, all business needs what the, the problem that I see in the news and, and the cybersecurity in, you know, that is that we get the noise is the big ones. MGM Tar, you know, somebody was just talking about Target again the other day. All of these big organizations that have a data breach. I’m not talking about my dentist who had a data breach that now all my pi, PHI data is now out, out for sale. It has been out for sale for a while, but it’s out for sale. And then there was a ransomware that he couldn’t recover from, and now he had to shut down. So we don’t hear about the hundreds or thousands of businesses, small businesses that close every day. We only hear about the big noisy you know, the, the big tech executives sitting in front of Congress.

Michael Kennedy (33:27):

And, and we don’t, we don’t see those small businesses. So I, I think it’s a, sometimes it’s a disservice that people are have the awareness. They think they’re, they’re, they’re too small. They don’t have anything that’s gonna be compromised. But one, you know, 15 minutes. I mean, probably most of the people on this webinar in 15 minutes could probably own five or 10 businesses in this office park and, you know, an ACH transfer, and then they have to shut down. So I don’t know where I was going with my rant…

Frank Gurnee (33:59):

I mean, this, this kind of rolls into sales a bit. Yeah. It rolls into sales a bit. Yeah, Evan, when, you know, when thinking about this and thinking about those smaller businesses who really need cybersecurity help, but are not convinced or don’t believe that it can happen to them, right? Yeah. They, you could tell ’em all day long, Hey, you need to be worried about this stuff. How, how do, how do you convince them or get them to understand that this is something that they absolutely need and should be part of, you know, just your normal tech package or, you know, whatever your offer, your offering is. How do, how do you convince those people that this is a real thing?

Evan Francen (34:40):

Well, it starts with a relationship. You know, I mean, information security is a relational, it’s a people thing, right? And so we track a lot, you know, like time-to-close and, you know, all these metrics and numbers, and it kind of doesn’t matter. You know what I mean? It shouldn’t, I mean, I understand that, you know, to make business, you know, to make money, you need to track that stuff and make sure, you know, you know, make it smaller, whatever they do. That’s obviously not my strong suit either. But the it’s establishing a relationship, you know, over the years there’s been so many companies that said no to us upfront for whatever reason. And, but we maintain the relationship and they came back later and did the right thing. You know? So I think from an MSP standpoint, if you’re newer to the cybersecurity industry, meaning you’re offering services or products that you haven’t offered before, one; have the confidence to know that whatever you’re selling provides value to them.

Evan Francen (35:42):

Right? Because that’s gonna help you defend where you’re coming from, right? And so, and if you have problems defining where those values come, that’s why people like us are here. You know, ask me, I’m not gonna steal your customer. I got too much work to do already. You know what I mean? I would love to help you serve the customer. What I don’t want you ever to do is to serve the customer wrong. I don’t want you to ever take advantage of a customer, because that’s more mess that I have to clean up later. Plus, I hate seeing people get taken advantage of, you know? So when you talk about the market to approach whatever market you feel comfortable, every single business, everywhere that’s ever existed needs a risk assessment. Start with that. Right? And that should point you in the direction of what other investments you need to make,

Evan Francen (36:25):

if you’re confused about that or have a trusted you know, relationship with somebody like, like Mike, that can be like, ’cause Mike’s never gonna sell you anything you don’t need. If he doesn’t have a product to sell you, he’s still gonna have the relationship point you in the right direction. And if there’s a need later on, he is gonna, you’re gonna come back to him. You know, those are the kinda relationships you need to have. What, one of the things I would never, ever do is ever buy a product from anybody who is trying to sell me something that doesn’t know me, right? So if you’re, if you, if I get a cold email or a phone call and you’re trying to sell me some, I was gonna mention a whole bunch of company names, but I’m not gonna do that. No.

Evan Francen (37:06):

You need to know yourself well enough to know what you want, to know what you need without a vendor telling you what you know, you know, what you want, what you need. Right? Right. And if you don’t know what you want or what you need, that’s where you need to spend your time right now. Yeah. Because it’s your business. It’s not my business. If, if your business goes under, it’ll break my heart, but I’m still doing fine. You know what I mean? And so we oversaw self fear, but, and what I’ve been going a lot more lately is trying to sell value, right? We’ve always in, in our industry being, ’cause information security is a risk thing. And risk is always based on a negative consequence. So it’s always a loss prevention sort of discussion. But now that we’ve been doing it wrong for so long, I think it’s a great opportunity for me to create actual value to actually add something to your bottom line.

Evan Francen (37:56):

And one, for instance would be to do an asset inventory, start with the hardware assets. Let’s find all the hardware assets that you’re not using anymore, that you don’t need anymore. Let’s get rid of ’em. We just saved you money doing that. And from a risk perspective, from a CISO perspective, we just reduced the tax surface. Those are systems I don’t have to patch anymore. I don’t have to maintain anymore. I don’t have to worry about ’em anymore, and then go to software, do the same damn thing, right? And you’ll find that in a 12 month period, if you’re just engaging with a, with a, a new customer, mid-size customer, you might be able to save them tens of thousands of dollars, maybe hundreds of thousands of dollars just in those two things where I’ve now added to your bottom line. You know, because the language of business, we talk about that crap a lot. The language of business, according to Warren Buffet, who knows, like business stuff is accounting. So start communicating to them on how you’re going to make them more money.

Frank Gurnee (38:52):

Yeah. A lot of us in the managed service world use that with with communications, telecom agents and things like that. We would bring someone in and let them quote out and look at the existing telecom network, communication network and in doing that, typically pay for our managed services because they were on old antiquated T1s and things like that, all this kind of crazy stuff, right? And they’d come in, they’d say, we can put all this new high-speed stuff in, and you’re gonna save X amount of money. And we’d say, well, right there, paid for our managed services. There you go. Right? So in the same, in the same respect going in and doing asset inventory and things like that…

Evan Francen (39:34):

I was talking to another business leader who was, you know, complaining about sales last year or whatever. He says, ’cause they cut information and security budgets across the board. And I’m like, hell yeah. It’s like, what do you mean? I go, that’s less money that they’re misspending. You know what I mean? If you, if you can’t, if you don’t understand how, I mean there’s so many classic examples, and I keep going back to like the SolarWinds breach, right? This super sophisticated attack, which it was pretty cool, could have been mitigated with a firewall. Chances are really good every one of your MSP customers has a firewall. So is it being used properly? Right. And it’s not ingress, it’s ingress and egress. Right? It’s both ways. So there’s a great opportunity right there. I could, and there’s something I could use for marketing as an example.

Evan Francen (40:23):

Everybody heard of the SolarWinds attack, right? Did you know that the SolarWinds attack was mitigated by the IRS? And this is all public information because they had egress filtering properly in place. We wanna do the same thing for you. And the reason why I wanna do the same thing for you is present the same kind of attack, but also maybe identify some command and control, maybe a place where you, you know, we can do some threat hunting with that information. Whatever. It’s just a prudent thing to do, but you already have the tool, why not use it right.?You know?

Frank Gurnee (40:54):

Yeah. I think the biggest sales opportunity right now for MSPs is to go and create that next QBR. Go out to that customer that you have today and talk about what you’re doing. Do a risk assessment. You know, use our core assessment or whatever you have. If you have a spreadsheet, use it. Whatever you gotta use, do a risk assessment. Right? And that opens the door to the cybersecurity conversation, which funny enough, most, most of the customers think you’re handling this for them. So you have to like, you have to communicate to them that you aren’t. And in your next QBR, you could do that. You could say, Hey, we’re gonna come out, we’re gonna do a risk assessment for your business. It’s just part of our, you know, new thing that we’re doing or whatever. Go out there, do it. And then sit down with that customer and say, here, you know, there’s some things we haven’t done for you, and this is fairly new stuff, but you’re hearing about these things, breaches all this stuff in the news. It’s real, it’s here and now we can provide a solution that covers you for that. It’s not something we’ve covered before. And it only costs you this much more to add it to your solution. By doing that, not only have you notified them, it’s not something you cover, maybe you get additional revenue, but on top of that, you cover your ass, right? Because…

Evan Francen (42:09):

Well, not only are you not doing that for your customer, you can’t do that for your customer. (Yeah.) The people who are ultimately responsible for information security in that organization is the customer. (Right.) So have that discussion with them. How am I responsible for this? What information should I know on a regular basis? And that’s how I serve you. Right? I mean, any business that, I mean, you know, financial risks, you know, compliance risks, you know, legal risks, you know, all these other things, why wouldn’t, you know your information security risks. It’s just another risk. And (Absolutely.) You know, the MSPs that are good at serving their customers understand that and help their businesses.

Frank Gurnee (42:46):

Yeah. Did you have something to add?

Michael Kennedy (42:48):

I was gonna say, I think it’s how you approach it too, with them, right? You don’t going in with them and saying, how, how do you, how do one of the things that like we like to do in the QBR is, how is your organization with security awareness training? Are they, do you think they’re doing pretty well? How do you feel that they’re doing, getting them to kind of think about it and buy in versus us coming in and saying, you guys are failing at phishing. You have all this stuff. You’ve gotten a couple of BBCs lately. You really need to get security awareness training because you guys kinda suck. Instead of taking that tack, I mean, that’s honest, it’s truthful, but..at the same time it….

Evan Francen (43:27):

Well, but it goes back back to the relationship too, doesn’t it? I mean, because some

Michael Kennedy (43:29):

Relationship Yep.

Evan Francen (43:31):

Because some of those customers, I do have that kind of relationship where I can just come right out and tell you, you suck. But some, some don’t. You know?

Frank Gurnee (43:38):

Yeah. But then at the end of the day, if you can give them the data, so for instance, like with Teams or with with S2ME, you can send out the, you know, those, those assessments to the employees and then all of a sudden you have the data to say, look, yeah, we’re not doing so well here as you can see, you know, we sent this out to the, to the folks in the, in the organization. And so, you know, what we think would be a good plan would be to get you on some security awareness training, which would, you know, help, you know, potentially cover those, those issues that we’re seeing

Frank Gurnee (44:09):

rather than less, rather than obviously taking that other approach, which is like, you guys just suck and, you know, we know you’re not doing this.

Evan Francen (44:13):

We’re supposed to be deifying people. Right?

Frank Gurnee (44:15):

Right. Exactly.

Michael Kennedy (44:16):

You de-suck. I guess, I guess what I was trying to say is, is I want them to, I want ask ’em the question in a way that they’re thinking about it. Rather than listening to me just tell them that they need to give security awareness training. I want them to, I want to ask them in a way that says, what do you, how do you guys think this is going? And, and I want to get their feedback. ’cause Then I also, I hear different things too. They, if I’m just selling in that widget of security awareness training or, or getting ’em onto it, but I don’t get the feedback that they all hate it. It’s cumbersome. If they got it tweaked a little bit, they would do better. Or they’re, they’re afraid and, and because they think they’re gonna be policed and get in trouble for it. So…

Frank Gurnee (44:56):

Yeah, I think one of the biggest, biggest failures, I think one of the biggest failures we have as kind of tech-minded people going in and trying to sell things is exactly that. We’re trying to sell a thing to somebody. (Yeah.) So instead of selling the thing, we should be talking to them about how we’re gonna help them, what we’re gonna do. (Correct.) You know, what, what is it that it’s not the tech, it’s not this EDR solution or XDR or SOC or whatever, or you know. This type of protection. They don’t care about the thing. So your solution stack of what you put together is not correct. The thing you’re selling, you’re selling them the, this mindset, this idea, this protection, this, this peace of mind. Right? That’s what we’re, we’re providing to them and selling to…

Evan Francen (45:40):

Focus on the Mission and you make money,

Frank Gurnee (45:42):

What’s that?

Evan Francen (45:43):

That’s focus on the mission and you make money.

Frank Gurnee (45:45):

Yeah, exactly. And yeah, so that’s, those are great. Alright. So cool. Just thinking about, you know, sales and, and things like that I think a lot of people get caught up in not understanding how to get educated, what to do, this is all new. Would you guys say it’s a good idea for them to lean on their vendors that are providing these services and solutions to help them? I know for us, we help beyond even what people understand or know. So things like sales trainings and talking to them about, you know, their solution and their stack and pricing it and all these things that you wouldn’t think would come from a vendor. Is that, I, I know with Ostra you guys do a lot of similar stuff as well. Do you think that these guys should be leaning on their vendors to help educate them on all this stuff?

Michael Kennedy (46:39):

I do. I think it’s you for sure. You have to lean on your vendors, talk to other vendors you know, get involved in different cybersecurity type events, attend stuff like this, where you can hear people talk about different products or, you know, solutions in, in our cyber industry. The, the more it’s kind of going goes back to it, and I think you had it, you were talking about the more you know, you know, it’s like those, those PSAs. Yeah. And, and, and be able to, because I think for me, the biggest problem is making sure you don’t the Kool-Aid. So, you know, I’m never going to ask you to and go out and take a picture or video of you. You know, that honesty, that authenticity, that, that kind of transparency. That’s what you wanna look for in these vendors. And when you go have those conversations with them, pay attention to that and, and, and judge for yourself go with, you know, like what I do, I always go with my gut.

Michael Kennedy (47:46):

I listen to it. If it feels squeamish, then I’m not gonna carry forth and then I’ll validate with that vendor. But lean on them to kind of help you understand the tool and the product. Understand. And they’re not gonna know your customers like you do though, right? I mean, that’s, that, that’s really, they’re not gonna know how to communicate into the industry or the, the market that you sell into. That’s your sweet spot. That’s why you’re successful as an MSP in there. But definitely leverage them to help you, you know, kind of convey that messaging why this product or the services is important for them. Like security assessment. You two would be, if, if I needed to talk to somebody about why they should do a security assessment, I would pull you two into a conversation and say, “here…”

Frank Gurnee (48:34):

Yeah. Yeah. I think you know, it’s, it’s, it really comes down to understanding as you choose your vendors and as you kind of get in bed with the vendor and you understand (wait a second, what?) if they’re focused on just them, it’s, it’s not a good relationship. Right. If if the vendors…

Evan Francen (48:49):

We’re supposed to get in bed with them?

Frank Gurnee (48:50):

What’s that?

Michael Kennedy (48:52):

We’re supposed to get in bed with them?

Frank Gurnee (48:53):

<Laugh>. Yeah. Yeah.

Michael Kennedy (48:55):

A a twin size bad.

Frank Gurnee (48:56):

You don’t, Evan, come on. What, where,

Michael Kennedy (48:59):

Well,

Frank Gurnee (48:59):

I thought that was a thing that you, you did.

Evan Francen (49:01):

That’s another thing I I haven’t been doing right then. Put that on the list.

Frank Gurnee (49:04):

Right, right. You gotta, you gotta try it. Yeah. It’s pretty good.

Evan Francen (49:08):

I gotta tell my wife.

Frank Gurnee (49:09):

No the, you know, the, the idea of like the vendors, if, if all they want to know is how many of my thing are you gonna sell? You know, I’ll help you sell my thing. They’re not interested in your business. They’re not interested in seeing you grow. It’s really, every time I get on a call with, with any of our partners, it’s really about me understanding how to make their business successful. And, you know, some of that’s gonna kind of involve our solution or our product and sometimes it doesn’t and that’s okay. You know, I’ll have that conversation with someone to help them as best as I can with the, you know, 25 plus years of knowledge in this industry. Right. So, and I’m sure you guys are the same way,

Michael Kennedy (49:48):

Right? It goes back to that kind of survey side that’s…

Evan Francen (49:52):

I don’t know, (unintelligible) I haven’t been sleeping with the vendors

Michael Kennedy (49:54):

<Laugh>. No.

Frank Gurnee (49:56):

Right.

Michael Kennedy (49:57):

That would be kind of funny though. But it goes, it, it goes back to that kind of, that that survey side of, you know, the mission before money really, it, it, that’s, that’s it.

Frank Gurnee (50:07):

Yeah. Absolutely. Well, awesome. Did let’s see if we had any questions come in, I’d love to get to those. So we had some in the Q and A here. I

Evan Francen (50:17):

Type your questions. What

Michael Kennedy (50:18):

Up? Amen. Evan

Evan Francen (50:22):

<Crosstalk>.

Frank Gurnee (50:23):

Yeah. So all we

Michael Kennedy (50:24):

Umin Evan.

Evan Francen (50:26):

Amen.

Frank Gurnee (50:27):

So someone mentioned in when we’re talking about AI that they’re already seeing software developers using AI to automatically complete questionnaires for things like PCI, SOC two, et cetera. I mean, that can’t be a good idea. Is it <laugh>? I mean,

Evan Francen (50:43):

Well, I mean, I don’t know. I mean, I don’t know. It’s I don’t know what a, I don’t know what the AI is, you know, how it’s been set up, how it’s, you know, the algorithm, I don’t know. It’s plugged into, you know, so generally no, but you could, you could use it for that.

Frank Gurnee (50:58):

Yeah. Yeah.

Evan Francen (50:59):

Because that would be all, that would be all subjective data inputs. And the good thing about AI for compliance is it’s all, it’s all not subjective, objective. The good thing about a AI is it’s, it should be used for obje objective things. Check boxes. Yes/No questions. Stuff like that.

Michael Kennedy (51:19):

Automation.

Frank Gurnee (51:21):

Yeah. Yeah. And, and in, in automation, I think there, there is a pla there is a place, there’s, there’s things that can, (bags under my eyes) can’t automatically been done, you know, be done.

Michael Kennedy (51:30):

Quit showing off your tattoos.

Frank Gurnee (51:32):

Right?

Evan Francen (51:33):

I have bags under my eyes, Does this look weird?

Frank Gurnee (51:40):

Does look strange. <Laugh>

Evan Francen (51:41):

(unintelligible)

Frank Gurnee (51:43):

So, Jason said amen to whatever Evan is saying right now. That was a little earlier. Or you know, maybe when you’re (Jason, check’s in the mail. I’ll…) talking about getting in bed with vendors…

Evan Francen (51:51):

I need the address.

Frank Gurnee (51:53):

<Laugh> could have been then, you know, when you’re talking about getting into bed with vendors, maybe. Amen to that.

Evan Francen (51:59):

I gotta get clearance on that.

Frank Gurnee (52:01):

So Lyle, ask the question. So for marketing, how would you explain the difference between information security compared to cybersecurity? Since most businesses think of cybersecurity as a tool. So how do you

Evan Francen (52:13):

(unintelligible)

Frank Gurnee (52:14):

Make that difference?

Evan Francen (52:16):

So literally cybersecurity is a subset of information security. So information security covers administrative, physical, and technical control. So the people part of security, the physical part of security and the technical part of security, right. And I use, like if I was going to attack an organization, I would attack the people. I wouldn’t attack your computer. You know, I could, but the return on the investment is much easier just to ask you for a password than it is to crack one. So the administrative controls piece is really important and it doesn’t really matter how great your firewall is if I come and steal your server. So we can’t negate the physical controls as well. And then you’ve got the technical piece and the difference between that and cybersecurity. Cybersecurity, by definition, cyber is over pertaining to computers. It’s technical. So, and if I only now, and that’s why I have to ask a lot. ’cause We don’t speak the same language in this industry. When somebody’s talking to me about cybersecurity, I have to stop them and usually ask, are you talking cybersecurity or information security? And I may ask it that way, or I may ask it a little with a little more tact, but I need to know if we’re talking about the same thing which, you know, usually helps. ’cause If you’re not talking about the same thing, if you’re treating this like, this is a technology problem, then we’ve got a problem.

Frank Gurnee (53:35):

Yeah. And I think everything is getting lumped into that cybersecurity,

Evan Francen (53:38):

Which is fine if you wanna refer to information security as cybersecurity. That’s cool.

Frank Gurnee (53:43):

Or as part of it, right, but…

Evan Francen (53:44):

We just need to be clear.

Frank Gurnee (53:45):

Yeah. Yeah. So, okay. That’s great. If you have any other questions, feel free to jot them really quickly. I know we’re getting to the top of the hour here. What final thoughts do you guys have as far around any of this sales, marketing, AI, any of this stuff?

Evan Francen (54:00):

My final thoughts are, I think Mike is awesome. I really dig him. I look forward to him coming down to see me. And you know, whenever you’re coming and you know, Frank, I think you’re awesome too. That’s all I got. Yeah.

Frank Gurnee (54:14):

I just don’t have as cool of a beard.

Evan Francen (54:16):

You never will.

Michael Kennedy (54:17):

You can work on it. Yeah.

Evan Francen (54:18):

Yeah. No, that’s how you get imposter syndrome. So be careful when you compare yourself to other people. That’s right,

Frank Gurnee (54:23):

<Laugh>.

Michael Kennedy (54:24):

That’s right. Stay away from that.

Frank Gurnee (54:26):

Kennedy, any final thoughts from you?

Michael Kennedy (54:29):

Tell the truth. Yeah, I’m gonna, I’m just, that’s my, that’s, I’m gonna tag that.

Evan Francen (54:34):

You can’t go wrong, man. I mean, sometimes you miss out on things like, yeah. We’ve missed many projects over the years, I’m sure. Where we wouldn’t compromise on that, right? Yeah. We’re not gonna tell the customer something that we’re not going to be able to do. And the competition did. And in that case, we’re not competing anyway. We’re playing different games. So, you know, sometimes it does hurt and you have to be prepared for that. But overall, I think you do get a reputation, which is important, you know, in this industry that you, you, you may not like to hear what I’m gonna say to you, but you know, it’s not gonna be a lie. (Right.) And, you know, I’m gonna be open to, you may not feel like it, but I’ll be open to criticism. I need to be criticized. I need to be held to account.

Evan Francen (55:25):

Like, if I tell you something that I think is the truth, I would never tell you something that I didn’t think was the truth. But if it comes out, turns out that it’s not the truth and you don’t say something to me, you’ve now, not you, you’ve, I, you’ve, you, you need to save me for myself. And you need to save the people that listen to me from me. So tell me when I’m not telling, you know, or challenge if it, even if you think what I’m saying just doesn’t seem right, get clarification either way, the conversation is gonna be awesome because you’re gonna come away smarter. And so am I. So, you know, tell the truth all the time. Don’t be afraid to question the truth. You know, ask your vendors, if a vendor’s ever, you know, really asking you, you know, trying to sell you something, ask them how it’s gonna provide value to your business.

Evan Francen (56:16):

Right? And, and if they say, well, it’s gonna save you from ransomware and billion dollars of losses or whatever, explain to me how that’s gonna do that. And is this my most significant risk? And if they say yes, call bullshit right there because they don’t know you. How the hell would they know that? Only you know that. And if you don’t know that, that’s the damn problem. You know? So I think, and, and that’s how you, that’s how I identify a lot of transactional salespeople. I’m not, I’m done with transactional, you know what I mean? I, I do relational. And so if I ask, if I ask you challenging questions about how your product’s gonna provide value to me, if it is the, where I’m supposed to spend my next information security dollar, show me how that is, ’cause according to my risk assessment that I just did last quarter, your shit’s not on here.

Evan Francen (57:06):

So tell me how it’s gonna solve any of these problems for me. And, you know, so I, you just have to be, I think more discerning. You have to be able to, ’cause at the end of the day, it is your problem. It’s not my problem. Right. It, it’s the same thing at like home, you know, we’re all CEOs of our houses, right? It’s just like little businesses, you know, we have budgets and we take money in and we spend it and just like a little business. And the risks are pretty close to the same. They just scale. And so you’re responsible for information security at your own home, right? The same thing would be at your business. It’s whoever’s at the top. And so you wanna make sure that if you, if you really care about your business, that you’re making good risk decisions. If you’re not sure there are answers to get those answers.

Frank Gurnee (57:55):

Yeah.

Evan Francen (57:56):

So that’s, that’s all I got.

Frank Gurnee (57:58):

Awesome. Guys, you know, really appreciate both of you being on today.

Evan Francen (58:03):

Neuralink. Ohh…

Frank Gurnee (58:04):

Yeah, exactly.

Evan Francen (58:06):

Who’s, who’s a Annie non any, any mouse,

Michael Kennedy (58:10):

Any mouse attendee,

Frank Gurnee (58:11):

Any mouse?

Evan Francen (58:12):

What do I think? What? Will you be (Chicken) getting a Neuralink? No, I will never get an implant.

Frank Gurnee (58:16):

Right?

Michael Kennedy (58:17):

No.

Michael Kennedy (58:17):

I don’t like, yeah. I stay away from IOT as much as possible.

Frank Gurnee (58:21):

Right.

New Speaker (58:21):

You know, if I figured if you put something like that in here, like I have to you have to trust all these developers that they coded some good shit. And I don’t know if you’ve met many developers. There are lots of developers who don’t code good shit.

Frank Gurnee (58:35):

Yeah. Well, that, that may be a,

Michael Kennedy (58:37):

Using Chat GPT

Frank Gurnee (58:39):

The medical industry and medical devices and all that good stuff. So you know, we’ll keep that for, for the next one. Thank you guys so much for, for being on today and, and having this conversation. I think this…

Evan Francen (58:50):

We’re gonna do this again soon, right? This is a podcast. We’re gonna do this.

Frank Gurnee (58:52):

Yeah, yeah, yeah. So we’ll, we’ll continue these. With that, you guys all the attendees should be getting some surveys and, and questionnaires. If you receive that, if you have ideas for more topics you want to hear about, feel free to jot those down on those. So we’d love to hear from you and, and have these formulated. So when we do these, it brings you the most value that we possibly can. Thanks guys again for, for jumping on today, a ton of value. And and thank you everyone for, for showing up and taking your time with us. We really appreciate it.

Evan Francen (59:23):

Can you fly a drone on the next one?

Frank Gurnee (59:24):

What was that?

Evan Francen (59:25):

Can we fly the drone on the next one?

Frank Gurnee (59:27):

Yeah. Yeah, that’d be fun. That’d be fun.

Michael Kennedy (59:28):

Can we live stream it?

Evan Francen (59:29):

Yeah.

New Speaker (59:30):

Yeah, if you guys want to check out Ostra, ostra.net, jump over there. You know, tons of good stuff for MSPs with all this managed service and MSSP stuff. And then if you’re interested in learning more about risk management, feel free to jump over to SecurityStudio.com. We’ll take care of you. Thanks guys. Have a great one.

Evan Francen (59:49):

Thanks.

Michael Kennedy (59:50):

Yeah, you too. Thanks. See ya.

Frank Gurnee (59:51):

Yeah.

Stacey Kusnier

Ostra Cybersecurity Earns Finalist Spot for 2024 ACG BOLD Awards

/in , /by

We’re honored to announce that Ostra Cybersecurity has been named a finalist for the prestigious ACG (Association for Corporate Growth) BOLD Awards in the category “Small & Growing.”

These awards celebrate ambitious goals, game-changing innovations, and visionary leaders who make significant strides for their companies and stakeholders. They recognize exceptional corporate leadership and strategic success that leads to impressive growth and sustainability.

Finalists were placed into six categories: Small & Growing, Middle Market, Large & Established, BOLDest Transaction of the Year, BOLDest Leader of the Year, and BOLD Inspiration Community Partnership.

The BOLD Awards Gala will be held on February 27, 2024, at the Metropolitan Club in Minneapolis. During this event, each of the individual category winners will be acknowledged. A live, real-time vote will determine the ultimate victor—the Boldest of the BOLD.

What Sets Ostra Cybersecurity Apart?

Ostra’s path to becoming a BOLD Award finalist is marked by dedication and an unwavering commitment to serving small and medium-sized businesses in the cybersecurity landscape.

Before founding Ostra, Michael Kennedy spent over twenty years developing advanced cyber defense mechanisms for one of the world’s leading healthcare providers. Recognizing that smaller enterprises lacked similar protection measures and witnessing firsthand the devastating effects of a ransomware attack on a friend’s Minnesota-based company spurred Kennedy to take action. Inspired by his industry expertise and passion to make a difference, Ostra was born.

Our mission addresses an alarming observation: although nearly half of all cyberattacks target small businesses, only 14% have adequate defenses. Ostra aims to rectify this imbalance. Through partnerships with Managed Service Providers (MSPs), consultants, and IT specialists, we provide unparalleled security tailored to meet the unique needs of SMBs. We offer genuine enterprise-grade cybersecurity support at an affordable price.

Ostra’s Impactful Year of Protection in 2023

This past year has been remarkable for Ostra, as we achieved significant milestones that underscore our unwavering commitment to safeguarding our customers’ digital assets:

  • Processing over 30 billion events, analyzing 1.3 million alerts, and effectively mitigating 20,000 security incidents.
  • Providing around-the-clock vigilance against cyber threats through our dedicated team.
  • Experiencing a threefold growth in protecting SMB clients, with approximately half being based in Minnesota.
  • Innovating our portfolio by introducing Ostra Encompass (TM) and Ostra Extend (TM), expanding our managed cybersecurity solutions to meet evolving needs.

Kennedy’s words best capture Ostra’s progress and ethos: “I am so grateful for our people—Ostra’s talented employees have a reputation for going ‘all-in’ to make enterprise-level cybersecurity accessible and affordable for small and medium-sized businesses. We all believe that regardless of size, all businesses deserve the same level of protection that the world’s largest companies invest millions of dollars in each year.”

Standing Strong Together in Cybersecurity

As Your Trusted Cybersecurity Team, we at Ostra strive to make best-in-class cybersecurity accessible to businesses of all sizes. Our Security-as-a-Service combines top-tier tools, technology, and talent to ensure that detection, hunting and complete remediation of cyber threats are part of our core offering.

Rooted in the belief that every business deserves elite data protection, Ostra is here to bring Fortune 100-level security to everyone. Learn more about our mission and offerings by visiting ostra.net.

Celebrating ACG’s Legacy of Fostering Growth

In acknowledging our professional colleagues, we would also like to commend ACG (Association for Corporate Growth). ACG is a global professional association focused on driving middle-market growth. With over 14,000 members worldwide, it is the leading organization for professionals involved in corporate growth, development, mergers and acquisitions.

Since 1954, ACG has played a vital role in fostering a global professional community. The Minnesota chapter has served as a beacon for local business vitality since 1966. With nearly 300 members contributing to Minnesota’s dynamic economy, ACG continues to advocate for middle-market success.

Read Ostra’s full press release announcement.

 

Laura Hayes
Ostra Cybersecurity

Ostra Cybersecurity Grows Its Partner Success Team

/in , /by

Laura Hayes Hired to Expand the Impact and Reach of Ostra Channel Partner Program.

Laura Hayes

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for small and medium-sized businesses, recently welcomed Laura Hayes as Senior Partner Success Manager.

With this latest Channel Team hire, Ostra continues to strengthen its Channel Partner Network during a season of exponential growth.

Ostra’s Channel Partner program is designed to help its network of consultants, IT and Managed Service Providers (MSPs) enhance value for small to medium-sized business clients through a multi-layered, fully managed cybersecurity solution.

With a focus on being the Trusted Cybersecurity Team for its clients and partners, Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small and medium-sized businesses.

In this role, Laura is collaborating with Channel Partners on security awareness, lead generation, and co-branding initiatives to help them protect more clients and grow services revenue. She is focused on helping partners build their cybersecurity practices using Ostra’s proprietary, fully managed solutions.

Specifically, she educates partners and clients about the benefits of taking a holistic approach to cybersecurity and coaches them on how to achieve a more consistent revenue stream while managing risk and providing protection for their clients’ valuable information assets.

Many organizations today are navigating massive changes in their virtual workforces, IT infrastructure and data security regulations. Ostra’s managed cybersecurity—combined with the service expertise of its channel partners—delivers a comprehensive solution that addresses a unique set of specialized IT challenges facing business owners.

Before joining Ostra, Laura spent over eight years in channel management, most recently as a Strategic Partnerships Development Manager at Alert Logic, a Fortra security operations subsidiary. Laura also spent three years as a Global Accounts Manager for a global IT consulting firm and five years as a Senior Sales Executive at a software company offering middleware enhancement systems. Her earlier experience also includes sales and sales management roles in the pharmaceutical and corporate travel industries.

“Laura has built a highly successful channel sales career in technology and SaaS for global leaders,” said Wade Hoffman, EVP of Channel & Strategy at Ostra. “Her expertise made her the perfect candidate to educate and motivate Ostra Channel Partners to solve cybersecurity gaps for their clients.”

Laura earned a bachelor’s degree in psychology from the University of Phoenix in Arizona. This background has served her well in understanding what motivates others and how to approach different personality types positively. She enjoys listening to partners, identifying their strengths and challenges, and helping them explore how Ostra could be an asset to their overall business strategy.

“My goal is to help build Ostra’s reputation for having the best partner program in the industry,” Laura said. “I want to enable our partners to experience higher client retention as well as increased trust factor and overall client satisfaction by accessing best-in-class cybersecurity.”

Connect with Laura on LinkedIn.
computer keyboard on fire with keys melting
Michael Kennedy

Prioritize Data Privacy: Don’t Get Burned!

/in , /by

Prioritize Data Privacy to Protect Your Company, Employees and Clients.

 

Maybe you can relate to a metaphorical question I often ask myself: Are there any fires I need to put out today? Or, when faced with smaller sparks of chaos on the horizon: What can I do NOW to prevent a wildfire later?

In my experience, prioritizing data privacy is the best way to prevent security-related incidents that can wreak havoc in the lives of your employees and clients.

As a cybersecurity leader whose team handles urgent problems on a regular basis, I know it’s not possible for humans to invest our time and energy into every cause the world throws at us. But data privacy is a top priority for me, and I believe it should matter to everyone. Keep reading to find out why.

Data Privacy Week

There are a couple of reasons why this is the perfect time of year to focus on data privacy. First January is the start of a new year. It’s all about new habits, new beginnings, and new goals. For more info on the basics of data privacy, check out this short article by the National Cybersecurity Alliance: What Is Data Privacy? (staysafeonline.org)

More importantly, January 21-27, 2024 is Data Privacy Week, an international effort led by the National Cybersecurity Alliance. The goal is to empower individuals and businesses to respect privacy, safeguard data and enable trust.

The theme for this year’s Data Privacy Week is “Take Control of Your Data,” which is something we talk about a lot with clients and colleagues at Ostra. Visit staysafeonline.org to access plenty of free resources and practical tips to better protect yourself, your business, and your employees.

What Factors Create “Fire Hazards” Online?

The digital age has made it easier for criminals to get their hands on private company data and personal information. It’s almost unbelievable to consider this: less than 30 years ago, most criminals could only commit fraud if they could steal wallets, retrieve hard-copy documents, or access electronic information from the inside.

Whether their target was an insurance company, bank, retailer, hotel, manufacturer, pharmacy, auto dealer, school, or private residence—they had to get inside a physical location, often past lock and key, to get that data.

How times have changed. Today, our smartphones and laptops are loaded with highly personalized apps—from fitness trackers to online shopping apps and cloud-based calendars. We do our research online, barely thinking about who is seeing our browsing/buying habits or how they may be monetizing this data.

We share personal details, often in real-time, on social media: birthdays, vacation destinations, or events we are attending. We conduct online meetings, use online banking, and make online dinner reservations. The list goes on.

Unfortunately, all these online activities leave a digital footprint. In addition, many public records are now available online. A passive approach to data privacy is like putting dry kindling in the forest. Cybercriminals only need opportunity and an internet connection to light a match that can lead to ransomware, identity theft, embezzlement, intellectual property theft, and more.

Real World Scenario

Let’s walk through a potential scenario. If I have your name and phone number, I can find lots of other info about you online.

Beyond basic Google, I could also pay a small fee to use a people search directory that might turn up some good dirt on you. After discovering your old addresses and mortgage info, I might even find a public record of a petty misdemeanor from two years ago when you got a parking ticket.

Being the brilliant scammer that I am, now I’m going to use ChatGPT to write a fake but very convincing letter informing you that your $200 parking ticket (which you already paid two years ago) is delinquent and past due. My very convincing letter also states that you owe $1200 and if you don’t pay immediately, you’ll face criminal charges.

Now, you’re terrified. If I’m lucky, you’ll pay me the $1200 without thinking twice.

This fictional scenario is actually something that happens all too often. Unfortunately, scammers can facilitate even scarier scenarios by digging up information that is a lot more personal or embarrassing than a parking ticket.

Aware vs. Scare: What Can You Do?

At this point you may be thinking: If my basic information is already on the internet, is there really anything I can do? Scammers are going to scam people no matter what, right?

These questions are a great example of why fear tactics don’t help anyone. Around this time last year, I shared some thoughts about the importance of cybersecurity awareness—as opposed to the polar extremes of apathy and paranoia, which both lead to inaction. To dive deeper into this topic, read this blog: Awareness Leads to Action: Why Data Privacy Matters (ostra.net).

While it may be both unrealistic and impractical to completely erase your digital footprint, there are things you can do to stay safe online:

  • Opt out of data broker lists. Don’t make it easy for data/information brokers to collect and sell your data. They research both online and offline sources to get your personal information, which is perfectly legal—unless you opt out! This takes a little footwork but can be worth the effort. Learn more here: How To Opt Out of Data Broker Sites (identityguard.com)
  • Stay aware of what you’re opting into. Yes, you should actually take time to read the privacy policy! The National Cybersecurity Alliance has a great article on this topic: Take Control of Your Data (staysafeonline.org)
  • Increase awareness – Google yourself and be aware of what’s out there about you and your family. The more you know, the less likely you’ll be scammed. Always be careful about pictures and info you share—whether it’s via social media or an online form.
  • Stay vigilant. The Internet is a powerful and useful tool that can be used for good, but it can also be used as a weapon by scammers and threat actors. Stay cautious, and don’t let your guard down. Don’t click on links or jump to action before vetting the source. This article has additional tips on what all individuals can do to stay vigilant: Take Control of Your Data (staysafeonline.org)

Data privacy is our shield against exploitation in the digital world. By minimizing opportunities for misuse, we empower ourselves to protect our personal, professional, and financial well-being.

Curious about how Ostra can help you protect your employees’ and clients’ personal data? Contact our Trusted Cybersecurity Team to start an honest, down-to-earth conversation about data privacy.

Title Slide
Ostra Cybersecurity

Navigating the Digital Wilderness: A Managed Cybersecurity Fireside Chat

/in , /by

We are constantly connected to the digital world. From social media to online shopping to SaaS for business, our personal and company information is stored and shared on a daily basis. Every online interaction exposes us to potential cybersecurity threats, making it necessary for us to be aware and vigilant about protecting our data.

This raises concerns about privacy and security, leaving many wondering who they can trust in the vast cyber landscape.

Two Guys Walk Into a Podcast…

In this “Fireside Chat” with Michael Kennedy (Ostra) and Evan Francen (Security Studio), you’ll gain insights into the latest cybersecurity threats and how businesses can better protect themselves and their customers. 

You’ll also learn about the importance of building a strong security culture within your organization, from training employees to implementing proper protocols.

How Safe Is The Platform?

One of the key players in safeguarding our digital information is the company or platform we are interacting with. It’s important to know who we can trust in this digital wilderness and the measures they take to keep our data safe.

When it comes to online privacy policies, most of us simply click “agree” without reading through the fine print. However, as responsible users, we must take the time to understand where our data is going and how it will be used. This allows us to make informed decisions about the platforms we use and holds companies accountable for their actions.

But how can we trust these policies? With an endless stream of data breaches and hacking scandals, it’s easy to feel like no company or platform is truly secure. However, there are steps that responsible companies take to ensure the safety of their users’ data.

Encryption is one such measure. This is the process of converting information into code to prevent unauthorized access. A reputable company will use robust encryption methods to protect sensitive data such as passwords and credit card information.

 

“Understand what the name of the game is. It’s risk management.”

 

A Data Breach! Now What?

Another essential aspect to consider is how a company handles its data in case of a breach. One way to do this is through regular backups and secure storage systems. In the event of a breach, this allows for quicker recovery and minimizes the impact on user data.

Additionally, responsible companies have dedicated teams and protocols in place to detect and respond to any potential threats or breaches. This includes regular security audits and updates to their systems to stay ahead of any vulnerabilities.

Do Privacy Policies Mean Anything?

Furthermore, companies that value the safety and privacy of their users will have clear and concise privacy policies in place. These policies outline what data is collected, how it is used, and who has access to it. Users must review these policies before agreeing to share their personal information with a company.

Honesty: The Best Policy

Transparency is another important factor when it comes to safeguarding user data. A responsible company will be open about any data collection practices and provide users with options to control what information is shared.

Stay In School, Kids!

Lastly, responsible companies prioritize educating employees on proper data handling procedures and regularly conduct training sessions on cybersecurity best practices. This ensures that all employees are knowledgeable about protecting user data and can identify potential threats or breaches.

Final Thoughts

In conclusion, choosing to share your personal information with a company is a decision that should not be taken lightly. It’s important to do your research and only trust companies that prioritize the security and privacy of their users. 

Remember, you have the right to control who has access to your information and it’s crucial to exercise this right to protect yourself from potential risks. Remember these tips when navigating the digital landscape and always prioritize your online safety.

The brutal reality is that no one is immune to cyber-attacks. Individuals, businesses, and even governments have fallen victim to hackers seeking confidential information or monetary gain. It’s not a matter of ‘if’ your data will be targeted, but ‘when.’

That’s why taking proactive measures to protect your digital identity is absolutely necessary. This can range from simple actions, such as regularly updating your passwords and using multi-factor authentication, to investing in more advanced security software and services.

Resources:

Video Transcript

Frank Gurnee (00:00:26):

Good afternoon everybody, and thank you for joining us today for this fantastic fireside chat or Jungle Chat, as we can see in some of those more white background chat <laugh>. So either way, my name is Frank Gurney. I am the channel director at Security Studio. And we have a lot of really fun stuff we’re gonna be doing today. But I do have a couple a couple knuckleheads here with me. So with that, I’d like to introduce them. So, first and foremost, I have Michael Kennedy on the line, also known as Kennedy. And so Michael Kennedy is recognized as a cybersecurity industry. Trailblazer, he’s a founder of Ostra Cybersecurity is a multi-layered, fully managed security service. Austra’s solution combines Fortune 100 caliber tools, tech, and talent to ensure threats are not only detected and hunted, but also fully remediated for business of all sizes. Previously, Kennedy led, built and scaled security platforms for Fortune five companies before setting out on a mission to protect SMBs Kennedy, good to see you. How are you doing today? Yep.

Michael Kennedy (00:01:30):

Thank you. Thank you. Frank.

Frank Gurnee (00:01:32):

Also, on the line, we have Evan Francen. So if you don’t know who Evan Francen is, he is the CEO of Security Studio. He’s the co-founder and CEO of FR Secure as well. He’s an expert level security consulting, which is an expert level security and consulting company. And Evan has over 30 years, 30 years only. Don’t look that old to me, Evan. But a practical experience in information security and is a well-known thought leader and specializes in the industry. He founded Security Studio in 2017, and co-created the software’s key capabilities, including the S two score. Evan is continually working on the mission of fixing a broken information security industry and advising, high profile profile cybersecurity breaches to developing the first ever vcso training program. So, with all that he is also an author of a very cool book called unsecurity. And with that, how are you doing, Evan?

Evan Francen (00:02:29):

Good to see. Good. Yeah, you can just call me security guy. I’m cool

Frank Gurnee (00:02:31):

With that security guy. Very, very cool. So with that, we’re gonna get started here. Mike, do

Evan Francen (00:02:36):

You have a, do you have a pipe right now?

Michael Kennedy (00:02:39):

No, no. It’s my glasses. Oh, okay. Frank wanted me to thought, wanted me

Evan Francen (00:02:43):

Put up a pipe. I’m like, man, I You went all out, brother. Yeah,

Frank Gurnee (00:02:45):

See, I, I, yeah, we did, we did discuss that. We thought the pipe would be a nice touch, you know, next to the fire, but

Michael Kennedy (00:02:52):

Yeah, this fire is gonna get hot, so we better get this going and get it over with because no marketing’s idea around a fireside chat, but it’s already like 75, 80 degrees here, so it’s gonna get hot. Can

Evan Francen (00:03:04):

Imagine how much we were talking about that, about this fireside chat thing. And so I took a lighter and I was like, I could start a fire too, but this is my wife’s garden, so I think that wouldn’t,

Michael Kennedy (00:03:15):

Yeah, that’s smart. No.

Frank Gurnee (00:03:17):

Well, excellent guys. We so we really wanted to create this around being more of a video podcast style, just so you guys know what the format’s like no slides, no you know, no craziness here. We’re just gonna be three dudes talking and really it’s about you guys today. So with that, you know, I wanted to start you guys with kind of a year in review. I mean, I know 2023 is just about at an end here. We’re all kind of getting ready for the holiday season, and there’s been a lot that’s been going on out there as far as security is concerned. You know, there’s been a number of high profile breaches this year. I mean, a few that affected me personally the MGM Breach 23, and me, LastPass, there’s been a ton of ’em. And a lot of these large companies have large budgets. You know, we hear a lot from our MSP and IT partners that their customers think it’s never gonna happen to them. Right. And I’m just wondering what you guys are thinking about one, how do MSPs or IT companies or anybody deal with that mentality of, you know, it’s not gonna happen to me. And, you know, what do you think about all these breaches as well? Let’s start with Kennedy. What do you think?

Michael Kennedy (00:04:37):

So from an, from an MSP standpoint, I, the first thing that comes to my mind always is SolarWinds and how, you know, in that supply chain as an MSP, how do you ensure that you’re being protected? And, and then protecting your customers, you know, ’cause those are, those are the, that’s the end goal is to protect those customers. And are you protecting yourself and providing the right tools to protect those customers. So I really think that’s created a lot of change in the thinking that, you know, people are looking at the supply chain differently. The other side of it too is like, from that customer standpoint, you get a lot of that apathy in, in clients and customers that, oh, we don’t have any data. It’s not gonna happen to me, but you, you see, you know, business email compromise is just crazy right now. And, and we’re seeing more and more of these like, high profile companies being attacked and targeted. But there are probably five times the 10 times that of these small businesses that don’t have to report that are being, having breaches or having to pay and getting ransom.

Michael Kennedy (00:05:59):

I don’t know, I if I, if there’s a, like a right answer of trying to convey that message. Mm-Hmm. <Affirmative>. But it, you know, it comes back to like, what we always talk about is the education. We need to educate ’em. We need to bring ’em into speed into the place. We don’t wanna take ’em all the way to the paranoia, like where I live, but we wanna, you know, bring them up closer to that and that, and that awareness side of things. So and I think, you know, and I think later we’ll move, talk about it too, of like risk assessment and you know, bring it to a customer’s attention and being honest about it and authentic about here’s the products, here’s the solutions you have, this is what you need to implement. Right? And otherwise it’s out of our hand.

Frank Gurnee (00:06:45):

So yeah, having that conversation with the, with the customer in some way, shape or form Mm-Hmm. <Affirmative> and how to start that obviously is, is a big one. But at the same time, I think you made a good point there of like, you know, we see all these news stories, we heard about those big breaches that I just mentioned, including SolarWinds, that, that you said hit the MSP world. But at the same time, you, you don’t hear about the small businesses, right? I mean, that’s the, the thousands that are getting hit every day that are having issues. Those are, those are the ones that even though they’re not hearing about it, it’s a huge issue for them. They just don’t realize it. Right. And so, I, I totally get that. And Evan, any thoughts on this? This subject?

Evan Francen (00:07:24):

Yeah. Well, I mean, sadly, 2023, it’s a lot of, it’s the same old, same old, you know what I mean? It’s for a long people that have been in this industry for a while, it’s you know, that’s just, we’ve made progress. You know, I hate to be negative all the time because I think that’s one of the things that ends up, you know, shooting ourselves in the foot, is we’re trying to help people. Positives, you know, I think it’s, it’s front and center more mm-Hmm. <Affirmative>, we’re starting to see, I think, more of a move towards accountability. We still have a long ways to go. The bad things are, you know, I think pe not enough people still take it seriously. There’s a lot of ignorance still, you know, in our industry, even amongst our own clan. You know, you talk about, you know, basic fundamental things.

Evan Francen (00:08:13):

You talked about the solar winds breach. You know, I, I grew up early in my career, I was a network guy. You know, I was a big Cisco, you know, and I can’t ever imagine putting in a firewall without using it properly, right? I mean, a firewall, it’s not just ingress, right? It’s egress. That’s the reason why we’ve got inbound and outbound rules on firewalls. And so I’ve always, and life was simpler then, right? I mean, it was easier for me to control traffic flows on a network because I didn’t have so many traffic flows. Right? But, you know, so until we get, there’s just, until we get the fundamentals, it doesn’t matter. It, it really doesn’t, you can continue. You almost keep, it’s like you keep pushing the ball further and further away from you, right? The more and more technology you continue to adopt without using it properly.

Evan Francen (00:09:06):

And if you don’t know how to use it properly, that’s fine. We all start there, right? But you need to learn how to use it properly, otherwise people suffer for it. And today, you know, with that lack of accountability, I’m not sure too many people feel the pain. You know, it’s more of a shared pain, right? If I have a breach, I gotta send a letter, but I get so many letters anyway. Nobody really is gonna hold you accountable for it. Yeah. Well, those things will continue to just kind of mass up and there’s going to be a day when we’re all going to have to pay for it. Yeah. Or you’re gonna have to pay for it, you know yourself. So we’re trying to get out ahead of that, but until people slow down a little bit, I think we’re still gonna be chasing.

Frank Gurnee (00:09:46):

Yeah, that’s a good point. Evan. And I, I, you know, one of the other things that that came to mind while you’re, you’re talking about that is that I know you’ve been really close and, and had a lot of information around kind of government compliancies and things that they’re building in the government to help <laugh>, right? Help Mm-Hmm. <Affirmative> you know, this whole cybersecurity threat thing. And have you, are you hearing about things that are gonna drive compliancy or drive specific things that small businesses are gonna have to do? No matter what Is that, is that coming down the pipe?

Evan Francen (00:10:25):

Yeah, I mean, it, it will, I mean, either you choose to do it or you get forced to do it. And one of them is a hell of a lot less painful. Mm-Hmm. <affirmative>. Right? I like to use the analogy of like, and one of them is checking the box, which I doesn’t do it anyway, right? You’ve got the letter of the law and the intent of the law. It was like, you know, I’ve raised five kids and they all lived, I think they’re all still alive. And it was a difference between, it was a difference between me telling them to clean the room and them actually wanting to clean the room.

Frank Gurnee (00:10:56):

Yeah.

Evan Francen (00:10:57):

One was actually clean, the other one wasn’t. Right. You picked up stuff, but, you know, I, I look under your bed or, you know, look in the closet somewhere. So it’s the same kind of just human nature, I think, until people actually want to do this, and they won’t want to do this unless they see an advantage to it or there’s pain associated with it. And right now we’re still kind of in this gray area where I don’t see the advantage.

Frank Gurnee (00:11:23):

Yeah.

Evan Francen (00:11:24):

Or I don’t feel the pain. Yeah.

Frank Gurnee (00:11:25):

And that, you know, I, and I think in the MSP world, and as more MSPs start to go down the cyber road just like, you know, their managed service offerings that they had for so long, they built out their stack of services. That was, it was non-negotiable. It’s part of a managed service agreement is to have these pieces in place. And I think that’s what we’re gonna start to see as well, is like every customer of a, a managed service provider or any other cybersecurity consultant or anyone has to have these pieces in place in order for them to be able to provide service to them. And I think that’s, that’s a way you kind of get a handle on these things, if that makes sense.

Evan Francen (00:12:04):

What, I’d love to see us to sell more. Like, I would be thinking the same thing. If you came to me as an MSP and you wanted to sell me security services, or you wanted to do an assessment of my business, whatever, if I don’t see the advantage in it, if I don’t see what’s in it for me, then I’m not gonna do it. I’ve got other stuff to do. I’ve gotta grow my business. I’ve got, you know, bottom line I’ve gotta deal with. So us as security people, it’d be a lot better to, for us to approach that way. What’s in it for you? Well, what’s in it for you is a more efficient business. What’s in it for you is, you know, all chances are pretty good. We’re going to be able to remove a whole bunch of software that you’re paying for that you’re not actually using that’ll improve your bottom line. So taking that approach as opposed to kind of the fear tactics. ’cause Everybody, you know, they’re, they’re deaf to it. Yeah. That would be too.

Michael Kennedy (00:12:59):

Yeah. Yeah. And they have the insurance, the insurance that they think they have. And Yeah, we right though we have, we have to get it some normalization in it, and we have to do, I mean, and you kind of touched on it too, we have to share the same languages when we talk about this and, and not, not go in with this, the fearmongering and, you know, predatory sales tactics towards people. It’s the education and it’s showing ’em where the ROI and the importance of doing this to, to the business. Like, you always talk about it too, avin about, you know, knowing, understanding their business so that you can talk to them in their business language versus coming in and saying, you need security tool because it’s ’cause you do. Right. So,

Frank Gurnee (00:13:47):

Yeah. And then you know that you speak, you speak well, sorry, Evan to the stand, you know, standardization, I think that was the normalization, right? That you’re

Michael Kennedy (00:13:55):

Talking about. Yeah. Yep.

Frank Gurnee (00:13:56):

Standardizing the practice around the things that are doing. And this just as I was saying, really is the way that managed service providers built their businesses because it was, you had an RM tool, you had a PSA, you had Yeah. A backup and disaster recovery device. You had antivirus tool. You know, you had all these things that you, you had in there and it was a standard way of doing business. So it’s gotta go that route as well. Sorry, go ahead Evan.

Evan Francen (00:14:20):

No, I was just agreeing with you guys. The actually, I forgot what I was gonna say.

Frank Gurnee (00:14:26):

Oh, no worries. What do you guys think that that 2024 is gonna look like? Do you guys think it’s just more of the same, do you think with all this AI stuff that’s gonna be something Skynet, is that coming in <laugh>? I dunno. You know, what do you think? No,

Michael Kennedy (00:14:39):

Not, not, not yet. I don’t think we’re ready for, I think maybe about three years is when we’ll have Skynet. Okay. But I I I think it’s gonna be continuation of the same. Yeah. I think that, I think there’s a huge desire for an easy button and, and, and really just, you know, when you talk about AI really kind of look at the ease and the sophistication of the attacks, they’re, they’re shifting and they can really write a very very telling email or business email <inaudible> phishing or, or phishing with, with like a chat GBTE and, and shoot it out. So I think there’s gonna be, it’s easier to have access for people to, to do those attacks. And, but I think, you know, there, there’s also a lot of businesses and MSPs that we’re kind of talking to, are really looking for more of that kind of that easy, you know, ability to reduce the noise or reduce what they’re kind of looking at.

Michael Kennedy (00:15:47):

You know, we’re, we’re still I don’t, I don’t know. I I, there’s a lot of times too, I think about we’re still trying to find our way after Covid and how we interact with people and how we kind of had that shift and that mentality. And now we’re virtual, we’re not virtual remote users, not remote users. Cloud versus not cloud. And there’s this kind of, we’re in this like this, this, I don’t know, Meyer, what are we, where are we going? Or what are we doing? But I, but what I see a lot of is that it’s, people are looking for something that, that it’s like this easy. And, and I don’t know if that’s part of it. You know, we really some influx in what the, the ease of grocery shopping, the ease, and I want something, I just click a button and then I have it delivered here. Yeah. And I think I, go ahead. Yeah,

Frank Gurnee (00:16:40):

That’s a good point. And and Evan, you know, this is funny because it, it fits right into kind of what we, we talk about a lot, but I feel like in cybersecurity in general, you know, if you’re doing consulting and you’re doing services, there just isn’t an easy button. And even though every vendor out there wants to build that <laugh>, the reality is in risk and in, you know, figuring all this stuff out. You just, you, you can’t throw something on the network and it’s gonna do it. Right? No, I mean, you, you have to, you have to get your feet dirty. And I think one of the things I learned from you, Evan, a while back, is, you know, we sell hard work a lot of times. What are, what are your thoughts around this concept of an easy button around cyber risk and cyber in general?

Evan Francen (00:17:25):

Well, I mean, I think longer term, I think for, for businesses that actually want to be around, you know, long term, you know, you gotta think beyond one year anyway. Mm-Hmm. <affirmative>, I would wanna put my pos my business in a position to have competitive advantage right. In the marketplace. The, when I look at the way I can integrate information security into my business and actually enable my mission, make more money, top line and bottom line ideally you’d see a lot more planning. I, ’cause there’s gonna be a day when the people that didn’t plan for this are the ones that are gonna be not to use scare tactics. Yeah. But it’s, it’s just, it’s logic. Yeah. It’s just logic. And so when the compliance comes, you can’t wait for the government on anything. So waiting for the government to tell you what to do or to provide services for you, good luck with that.

Evan Francen (00:18:19):

I mean, it’s, it’s, again, it’s not gonna provide you the competitive advantage. So in 2024, I think you’re gonna see a lot more of this us trying to find ourselves out thing. And I think there are people in our industry that already know the answers, but you’ve got other powerful people in our industry that kind of don’t want the answers to be known. Right? Right. I mean, if I was going to, you can’t do informa, for instance. I can’t do information security without doing a risk assessment period. Now, the question is, you can do a crappy risk assessment or a good risk assessment. That’s up to you. The right type of risk assessment would be one that would be actionable, that would give me something to do afterwards to improve or manage my risk. It would put risk into perspective. The easiest people to take advantage of from an attacker’s point of view, whether you’re a red teamer or a blue teamer, is to take advantage of ignorance. You know, the people that aren’t paying attention are the easiest targets. Mm-Hmm. <affirmative>, you know, and I think there’ll be a time when the people that are doing it right will get tired of paying for the people that aren’t doing it. Right.

Evan Francen (00:19:26):

You know, why would I, why should I have to pay more in insurance rates? Why should I have to pay more bank fees when I’m a responsible, you know, I’m responsible to the technology I’m using. My, my account didn’t get hacked, so why am I paying for the people that whose accounts did get hacked?

Frank Gurnee (00:19:45):

It’s, it is interesting you brought up insurance too, because I feel like that’s another area where we’re already seeing this, these huge changes, right. In the way that the insurance companies kind of,

Evan Francen (00:19:55):

And that’s the frustrating part. We, we told them this. Yeah. I mean, that’s the frustrating, your nine question questionnaire is not going to be enough to underwr insurance. You’re checking, you’re checking the box. Yeah. And so that, that mentality, and again, people aren’t gonna change unless they see an advantage in it for them, or they feel the pain from it. There’s a great question here from an anonymous attendee. Do we think CISOs facing jail time will have no impact? What about the SEC reporting requirements? And I wanted to address that because the one who’s ultimately responsible for information security in any organization isn’t the ciso. It’s not the ciso, the one who’s ultimately responsible for information security at any organization is who’s ever the top of the list. So the CEO, the board, if there is a board, but it’s not the ciso. So I think what, what what’s gonna happen with the CISO piece is who the hell wants to be a ciso?

Michael Kennedy (00:20:50):

Right?

Evan Francen (00:20:51):

I’m not gonna be a CISO be, and if you want me to be ultimately responsible for information security, then gimme the checkbook.

Michael Kennedy (00:20:57):

Right.

Evan Francen (00:20:58):

But you won’t gimme the checkbook. So, you know, that’s a catch 22. The SEC thing, it’ll be like any other compliance we had. HIPAA did the same thing. GLBA did the same thing. I mean, on and on. We just keep repeating the same mistake. So what will happen with the SEC is people will do the minimum necessary to get compliant and then call themselves good. But until, you know, until you hold a board, if you hold a board of directors responsible for information security at a public company, you’re gonna see some changes.

Frank Gurnee (00:21:28):

Yeah. The, the problem with, with all of that, that you’re saying though, you know, just meeting compliance is you’re not doing the best security for your company at that point, right?

Michael Kennedy (00:21:36):

No, no. You’re checking a box. And when you, and when something does happen, and what the problem is is you’ve kind of brushed that under the rug already. You’ve not done the security assessment, you’re not aware, you’re not implementing the plans against those things. Yeah. And what I was saying

Evan Francen (00:21:50):

In our industry too, if we had, like, if you don’t do these three things, whatever those three things are, make two, maybe one, if you don’t do this one thing, you’re negligent. And just pick one thing. You know, we don’t have to argue about it in our industry about, well, it should be this, it should be that. Just pick one who caress

Michael Kennedy (00:22:08):

Long as inventory forward asset inventory <laugh>.

Evan Francen (00:22:12):

I could get on board with that one.

Michael Kennedy (00:22:13):

<Laugh>,

Frank Gurnee (00:22:14):

<Laugh>

Michael Kennedy (00:22:16):

What, what I was saying, go ahead. I, yeah, I wanna say, when I was saying easy button, I wasn’t referring to like an easy button. I got security or an easy button. It’s what I think what pe what I feel like is, and you kind of touched on it, is the industry has been sold a specific product and a specific, like this will take care of it. No more worries. And what the, what I think MSPs and, and clients and the industry’s looking at is like that that’s a false narrative that it wasn’t. Now I ha I’m still getting all these alerts that I gotta go address to you. I thought you were taking care of the alerts. I thought you were doing the remediations. I still had a breach, but I have you and I’ve been paying you, you know, tens of thousands of dollars. And so that’s what I think people are looking at for, is they want to reduce stats based what they thought they got. That they’re really, I I would say 24 p that won’t become more of a focus for organizations.

Frank Gurnee (00:23:12):

Yeah. It is interesting that you, you can’t just throw money at something and it’s, and I’m protected. Right. It just doesn’t work. Right.

Evan Francen (00:23:18):

Well, that’s what I was saying about the ignorance, right? Yeah. ’cause It’s not just the, your traditional bad guys that are the ones taking a, that, that take advantage of <crosstalk>. We have people in our industry, lots of them, lots of the biggest names in our industry who are taking advantage of people by selling them products they don’t need that don’t work, that don’t solve a problem.

Michael Kennedy (00:23:38):

Right.

Evan Francen (00:23:38):

And they’re making millions, billions of dollars from it. You know, and I’m not gonna mention the na, I would love to mention names. Maybe I’ll do that in a d different podcast. Yeah. But one that comes to mind, their tagline is to end cyber risk. What? You can’t.

Michael Kennedy (00:23:55):

No,

Evan Francen (00:23:56):

That’s impossible. So what I would love to see is I would, you know, the FTC has, you know, laws, oh yeah. We have laws against this, you know, this false advertising truth in advertising is a thing. I would love to see us enforce that. But I think the government itself, I think is ignorant enough outside of a few people to be able to do that. Yeah. But we, I thought that me off probably more than anything is when somebody in our industry who comes off as somebody who you can trust, sells you something that you can’t need. That you don’t need. Yeah.

Michael Kennedy (00:24:31):

You don’t need. Yeah. Frank, we better get moving before he starts calling.

Frank Gurnee (00:24:35):

Yeah.

Michael Kennedy (00:24:35):

So we

Frank Gurnee (00:24:36):

Don’t want was gonna say, great. Great. Isn’t

Evan Francen (00:24:38):

My face turning red now? <Laugh>?

Frank Gurnee (00:24:40):

Well, we just, great venture. Last call.

Michael Kennedy (00:24:42):

We did you pick up the phone and started calling the FTC to yell at us? So yeah, that, yeah, that was,

Frank Gurnee (00:24:47):

That’s part of our last call, wasn’t it? <Laugh>? We live next now. Yeah. Guys, our next, our next subject really we wanted to jump into kind of circles of trust, mental health a little bit. You know, so with that, you know, we know that MSPs have a ton of technical knowledge. You know, a lot wanna be seen as the expert. Cybersecurity’s pretty new for most of them. So what advice would you guys have for them to navigate those feelings of kind of stress or anxiety or inadequacy of not always having all the answers when it comes to cyber because it is new as they enter kind of this new, new bus side of business for, you know, that is all new to a lot of them. Any, any thoughts of how to deal with that?

Evan Francen (00:25:34):

I think there’s three things that make an MSP really successful. And I think any consulting company, it’s trust, credibility, and likability. So I think as an MSP, if you focus on those three things and whatever service you’re gonna provide, so if you don’t know the answer to something information security related, it’s okay to say that you’re not necessarily paid to know all the answers. You’re paid to provide all the answers. So relying on, so, you know, relying on a partner, relying, you know, Mike’s, I’ll give you Mike’s phone number. I’ll put it in the chat. You can call Mike anytime. He’ll help you. I won’t because I don’t want to No, I’m, I’m kidding. But

Frank Gurnee (00:26:14):

Yeah, I was gonna say I know, I know you will actually <laugh> Yeah, I was gonna

Michael Kennedy (00:26:17):

Say <laugh>.

Evan Francen (00:26:18):

<Laugh>. Yeah. But you know, I’m correct

Michael Kennedy (00:26:20):

That

Frank Gurnee (00:26:21):

Even if your wife doesn’t want you to, you will

Evan Francen (00:26:23):

<Laugh>. The truth is, I’m 30 some odd years in this industry. Yeah. I don’t have all the answers. I still have to go to people and find out what this is and how this works. And, but what I won’t do is, is, and that’s where I think imposter syndrome comes in, is when you try to act like you’re somebody that you’re not. Correct. Authenticity. You should, should, yeah. Should you should feel uncomfortable doing that because you’re probably doing a disservice to your customer. Right? Right. So playing in that gap, you know, I see on a, you know, Lyle asked a question. You know, I think some MSPs are scared to work with InfoSec companies to do proper risk assessments for their clients. The MSP is too focused on the stack that they’re afraid to do what the risk assessment will find.

Michael Kennedy (00:27:06):

Mm-Hmm. <affirmative>.

Evan Francen (00:27:07):

And we’ve run into this, this is nothing new. We’ve run into this, you know, forever be because we treat it like it’s an IT issue. Right? Right. This is not an IT issue. This is a great opportunity for the MSP. Even if you find that there are some tech things that you didn’t install correctly that maybe they didn’t, they didn’t need them, right? You can continue down the path of just ignorance and, or you can actually address it at some point. And this is a great opportunity for you to elevate it to where it actually belongs, which is with the board, which is with the ceo EO. So anything you find that looks bad at the organization, it’s actually a reflection of them. It’s not a reflection of you. Yeah. So I, I wanna point that out because I think a lot of people struggle with that. Well, what if I find that I did crap wrong forever? Well, you learn from it and, you know, let’s adjust.

Michael Kennedy (00:27:59):

I’ll, I’ll admit something here. I used to when I was a, when I had a little MSP shop myself, I used to configure Windows machines, and I would go in and I would disable updates, Microsoft updates for people, because you don’t need that. And then it’ll suck up your bandwidth and cause problems with your computer and then create more phone calls for me. I mean, it was, again, it was 20 years ago I was doing it, but it, you know, now I would go <laugh> if it, if it had been more recent, I would go back to all of those people and talk to them about it. You touched on like the, and then somebody mentioned transparency. And the question too, that authenticity you to, to have authenticity, you have to know yourself. Mm-Hmm. <Affirmative>, you have to be honest with yourself to be able to be honest and be authentic with other people.

Michael Kennedy (00:28:46):

And, and, and that, you know, everything you said around, if you don’t know, it’s okay not to know. It’s okay not to, you know, it, it’s okay to surround yourself with people that are smarter in the industry and, and, and what, and so that, that, and I didn’t think about it. And it’s interesting from the imposter syndrome too. Why we get sucked into that is because we, we are trying to compare our insides to other people’s outsides. Because I look outside and I see something, or someone, or an MSP or a security vendor, and, you know, I’m, I’m looking at what I internally. And so having that authenticity, knowing that we don’t, I don’t know at all. And then having friends and, and people like you guys to, to talk to about it. So that is the number one that makes a

Frank Gurnee (00:29:40):

Ton of sense. Kennedy. And, and you know, the, it it reminds me, Evan, of, of a couple conversations you and I have had where you’ve been out at events or shows, and there’s a bunch of guys who are just full of themselves, <laugh>, right. Who know everything. Right. And, and just being in those situations and feeling like that inadequacy, like maybe you don’t know as much as those guys do, but, but do they really, at the end of the day, they’re just posturing, right? I mean, they’re just, they’re, they’re just trying to show off in front of everybody else. So I don’t think that that’s,

Evan Francen (00:30:13):

We do a lot of posturing. And I think Yeah. And it’s, it’s never a question of intelligence either. I think I’ve been, I’ve had CEO many, you know, CEOs over the years, you know, who say they feel stupid or, you know, I’m asking a stupid question. It’s like, this isn’t an intelligence thing. It’s just a learning thing. Right? Yeah. Right. A lot of the things that I’ve learned over the years have nothing to do with how smart I am. They just happened to be things I was part of. I was there, I got my kicked. It hurt. You know what I mean? Mm-Hmm. <affirmative>. And I wanna save other people from going through that, that same thing. Right? So yeah, the same will happen with MSPs When you’re first starting out anything, it’s gonna feel uncomfortable. It’s gonna feel very mechanical. You’re gonna have to, what I tell a lot of people who start in this industry is where you lack credibility. Borrow somebody else’s.

Frank Gurnee (00:31:08):

Yeah.

Evan Francen (00:31:08):

So an an example that would be like I’ve, maybe I’ve never done an assessment before, or I’ve never, I’ve never been a bcso before. And so I’m gonna take what I learned from somebody who’s been a vcso for many years, and I’m gonna say what they say and do what they say, not trying to be them, but to borrow their credibility. And so then when I get challenged, which is the part I think where a lot of us feel threatened, you know, really uncomfortable. ’cause What happens if a customer asks me, well, why did you ask me that question? Why? Why is this so important? Mm-Hmm. <affirmative>, you can, that’s when you can borrow credibility. Well, ’cause, you know, according to this thing that I read from Mike Kennedy, it said, these reasons are why it’s important. Right? Yeah. So that’s a way you get away with, you know, not having that experience, you know, steal somebody else’s experience.

Frank Gurnee (00:32:01):

Yeah. It’s interesting that we see, like, I see this a ton on the, the kind of partner side of things. Like, you might get an MSP or IT company who’s really interested in doing all this stuff and like going down this path, but then they’re, they don’t have their employee buy-in. And that can be an issue. And you guys are both business owners. So I, you know, this wasn’t on our, our list of things to talk about, but I think it, it’s important because you are both business owners. You both understand this. Like, you guys go to things and you get excited and you find something that you think will really help your business and help you grow in the future. How, how do you guys get that buy-in from your employees? Or, or even make that decision, Hey, you’re gonna go down this path, right? That, is that something you guys wanna Yeah. Talk about a little bit.

Michael Kennedy (00:32:47):

Yeah. Berating ’em until they accept it doesn’t really, doesn’t work. <Laugh>

Frank Gurnee (00:32:50):

Doesn’t work.

Evan Francen (00:32:52):

Physical threats, no

Michael Kennedy (00:32:53):

Physical threats. You know, I think I, you know, for me, I, I, I’m a very collaborative person and, and, and, and I’m a, and I’m an overthinker. I think of butt thinking. And so when I see that type of stuff, or I hear those commentary, then it, for me, it’s coming, bringing it back to the, to the organization and saying, Hey what do you guys think about this? Look at this product. And then challenge when they, and if they don’t, then challenging ’em. Why aren’t they looking at that product and, and validating against, or, or or a, a show to go to, or a marketing exercise or anything along those lines of, you know, how, how do, how do we challenge and work together as an organization to propel us forward? Because, you know, I, I am, you know, there’s a, there’s a, you can’t really see it, but there’s a, a, a framed squirrel picture back there that my aunt gave me. ’cause I, squirrel and shiny objects are horrible for me. And so I’ll have a new shiny object every afternoon. And, and so I, I have to rely on the, the people that I work with to ensure that we validate that and, and we go through it. And getting that buy-in is, is really important. But also

Frank Gurnee (00:34:09):

Helping them to see that vision of where you see the company going next. Right. Because I think sometimes we can throw things at, at, you know, employees and people and, and say, Hey, here, here, we want this done. But without giving them that vision of, look, here’s where we’re taking the business over time, context

Michael Kennedy (00:34:25):

Behind it. Yeah. How

Frank Gurnee (00:34:25):

That’s gonna really make it make it happen might be important. Any thoughts there, Evan?

Evan Francen (00:34:31):

Yeah. I mean, it, it, it, some people are good leaders, some people aren’t. You know, I think it it comes, there’s a couple things I think are really important. You know, one is, you know, do, do your employees trust you? Do they think that you’re credible? Hmm. You’re not an. So it’s the trust, credibility, and likability piece that still, you know, applies

Michael Kennedy (00:34:55):

Authenticity, authentic. Yeah.

Evan Francen (00:34:56):

But at the end of the day, everybody, everywhere is always, whether it’s out, out in front of your mentality or it’s subconscious, everybody’s always wondering what’s in it for me?

Frank Gurnee (00:35:08):

Yeah.

Evan Francen (00:35:09):

So being able to paint the picture of how this decision benefits you, right. It benefits us corporately, but you specifically, this is how it benefits. And I think the more you can prove those things out, the more you kind of add to your credibility bank account. Yeah. Mm-Hmm. <Affirmative> there are times when you do have to spend your political capital where you just need to overrule something for whatever reason. Mm-Hmm. <Affirmative>. But I think always being cognizant of how much political capital I have in my account, and, you know, trying to add to that.

Frank Gurnee (00:35:44):

Yeah.

Evan Francen (00:35:44):

It’s a big deal.

Frank Gurnee (00:35:45):

Well, both you, both of you guys are really huge on education and educating folks. And it shows in austra and security studios, onboarding of new partners. It’s really about taking them through a path of education to get them up to speed and, you know, to a whole nother level, really at the end of the day of, of even becoming the CISOs for our side. And, and you guys take them through a huge education path on the Ostra side. Where does that passion come from for, for you guys? I mean, what’s, what’s the idea or thought or mindset around educating?

Evan Francen (00:36:26):

I’d rather you do the work than me.

Frank Gurnee (00:36:28):

<Laugh>.

Michael Kennedy (00:36:30):

I was gonna say, I mean, very self I hate saying this, but selfishly from an operational standpoint, then in a process and communication, all of that, it’s, it comes back to the more that we communicate, the more that we educate, the more that with the time that we spend with you going through what we do, what you do, how we develop synergies together, you know, maintains the healthiness of our relationship and operationally long term, it it reduces all that back and forth noise. You know, we’re, so there’s that piece of it. But then also the other side of it is too, that, you know, what we kind of talked a a little bit earlier about, of getting to a place where we have the common language, we share the same values, we share the same messaging around what we’re trying to accomplish in this industry. And if we can align in that during that education process, getting the feedback from those partners to say, you know, that’s not gonna work with my clients. And if you did it this way, it would work. Having that feedback loop is, is critical so that we can adjust as well. But really it’s, it come, it comes back to just such a, a, a synergistic operational side. When, when we’re all happy and headed in the same direction, we’re all super happy. So, yeah.

Evan Francen (00:38:08):

I, I agree. And it’s, it’s a big mission. You know what I mean? My mission isn’t about me. You know, it’s not about how much money I can make. It’s not about, it’s just not about me. Right. The mission is about us. It’s about this industry and everybody who’s affected by it. And I think the more you can teach, the more you can empower, the more you can benefit, you know, personally with a career, you know, maybe a new career. What I don’t want you to, I think part of the education motivation too, is to, to stop you from doing it wrong. Mm-Hmm. <affirmative>. Because this is, you know, and I’ve said it a million times, this is not a product industry. This is a service industry that’s dominated by products. Totally different. Right? So because people are the biggest risk, right? Yeah. They’re the ones who cause most of the issues.

Evan Francen (00:39:03):

What, and it’s not the end user clicking on buttons that I’m talking about. It’s the developers developing crappy code. You know, why do I have to patch all the time? If you didn’t have bugs, you probably wouldn’t have to patch all the time. <Laugh>. You know, I mean, they’re not, you’re not patching for new features. Those are called upgrades. Yeah. Right? And so, you know, it’s, it’s us corporately as people, we have to do better than this. There will, we will pay the price. And so I think, you know, giving it your all try and to empower people, you know, to consult other people. Well, yeah. And then also being open to criticism. ’cause I don’t have all the answers. We already talked about that. And so if I’m teaching this way and you’re like, yeah, but that doesn’t work. Being open to that criticism, you’re not attacking me personally.

Evan Francen (00:39:45):

You’re attacking the way I’m doing something, right? Yeah. And so being open you know, well, you know, you’re, I benefitted tremendously from this industry. I’m live in, I live in Mexico, I live in this. I don’t want any more money. I want other people to benefit, right. By doing good security. So if you can live out a good example that you can do security correctly and to make money, they’re not mutually exclusive. But the thing is, if you focus on the mission, you’ll make money. If you focus on the money, you won’t make the mission. So totally different. So going out there and selling people products that they don’t need, going out there and giving them crappy advice because you were afraid to say that you didn’t know the answer. Things like that, you know, oftentimes that’s putting money or ego ahead of the mission and people suffer for it.

Frank Gurnee (00:40:34):

Yeah, for sure. No, that’s great. And you know, and I think it all goes back to what we were talking about earlier, which is standardizing the way that all of these things are done. ’cause If there’s no standardization around the services that CISOs or MSPs or anybody provides, then you’re just kind of, everybody’s doing something differently, right? Which doesn’t serve anyone at the end of the end of

Evan Francen (00:40:55):

The day. There’s a good question. Another good question. Look at that. Yeah. Marketing thing.

Frank Gurnee (00:41:00):

<Laugh>, we have a good question. Let’s take a look at questions.

Evan Francen (00:41:03):

What does good marketing look like? Pretty pictures,

Frank Gurnee (00:41:07):

<Laugh>

Evan Francen (00:41:07):

Colors.

Frank Gurnee (00:41:09):

Yeah. That makes, I would

Michael Kennedy (00:41:10):

Say if you, if you’re following LinkedIn, I would say not empty Bowes

Evan Francen (00:41:14):

Headphone cases. Oh God.

Frank Gurnee (00:41:16):

<Laugh>.

Evan Francen (00:41:17):

<Laugh>. Alright guys. But that’s the thing. But that’s the thing. If you, if you had a product that was actually as good as a lot of these people say is they would be rushing down your door to come by from you. Yeah. But the thing is, you don’t have that product. You may say you do, but again, anybody with discernment knows well enough that you don’t. And so I think what good marketing is, is it’s honest, it’s transparent. And in all of that, what’s in it for me as a buyer, right? How would I benefit from this? How would I benefit from your service? How would I benefit from your product? And don’t make up some. Like truly. And I can hold you calm to that. That would be good marketing. ’cause Then I would buy it and I’d be like, oh my God, everything you said, yeah, you did. Right. And I’m, I’m gonna go tell the masses about this. That

Frank Gurnee (00:42:09):

Actually leads us into our, our next conversation point, which is, you know, there’s all these vendors out there that are, that are jumping on the cybersecurity bandwagon. You know, they’re all talking, but it, it feels like there’s a lot of misinformation going on out there. How do MSPs know what to believe? I mean, what would you guys say? How, how do you, how do they know?

Evan Francen (00:42:30):

Well, I love that that first que I think it’s tied to that first question that Jason posed, you know, in the chat. Mm-Hmm. <affirmative>, yeah. Understanding the basics of what information security actually is. Mm-Hmm. <affirmative>. Right? That’s what keeps you safe from buying the crap. You know, because you think, if you think about it, like, what I’d rather mis, I’d rather not spend a dollar on information security than misspend a dollar on information security. Because at least one, I’m not ignorant enough to believe that I’m actually protecting myself. I’m not living in a false sense of security. And I didn’t away that dollar. Right? So when you, what are the fundamentals of information security One, understand what the name of the game is. It’s risk management. Risk management, not risk elimination. Impossible. So anybody who ever tells you that they can end cyber risk, it’s.

Evan Francen (00:43:22):

You can’t, right? So it’s risk management. Well, what would I need to do in order to manage risk? One, I would need to understand it. I would need to diagnose it, right? Like I take a car to a an auto mechanic. They run diagnostics before they start pulling out the wrenches and tearing your car apart. The same thing with information security. So before I’m going to manage something, I have to understand it. So that would require a risk assessment, right? And so risk, we overuse that word a lot. It’s likelihood of something bad happening. And the impact, if it did, it’s not vulnerabilities that’s different. It’s not threats that’s different. It’s when a threat compromises a vulnerability, that’s when you have a risk. So I think understanding those basics. And then if you did a good risk assessment, I think then you build a roadmap. You did. ’cause Part of the management is assessing it, then making decisions. What are we gonna do? Yeah. There are these 10 risks that are unacceptable. They’re just too much for us. Right? Let’s do something about them, and then that will lead to your budget. So it’s all tied in nicely together, but it’s all work, you know, it’s simple and people get confused, but simple must mean easy. No different things.

Michael Kennedy (00:44:39):

Yeah. Right.

Evan Francen (00:44:40):

So that’s, that’s how you do it.

Frank Gurnee (00:44:42):

Well, I know we’re, we’re at the, our 45 minutes here guys. And I, I, do you guys have a, a little extra time? We can, we can spend here if, if you on the call coming

Evan Francen (00:44:52):

Into drone flying time, but whatever,

Frank Gurnee (00:44:53):

Right. If those of you on the call here can, can stay a few, few more. We have a few more questions we can go through. And of course I’d like to get through your questions as well. But all of this subject, you know, that we’re talking about really, you know, speaks to this, this mindset or idea of guarantees. And I’ve heard this from a number of cybersecurity companies out there, vendors touting a hundred percent ransomware protection, or, you know, something of this nature. I mean,

Evan Francen (00:45:21):

Crowdstrike

Frank Gurnee (00:45:23):

Possible. I mean, I, I can’t see how it would be,

Evan Francen (00:45:28):

Are they watching this

Michael Kennedy (00:45:29):

Cross? No, we can’t. Yeah, a hundred percent of the time. Nobody’s a hundred percent. That’s all you gotta think about. Yeah. Nobody’s a hundred percent. It’s all a bunch of, and that, that goes back to your previous question around, you know, how do you, you know, wade through this noise? Yeah. And, you know, just don’t trust vendors who say like that. I mean, ’cause and, and to Evan’s point about risk assessment of like, there’s no, nobody’s a hundred percent. It’s just not, it’s not possible. I mean, there’s just no way. And well, I, and

Evan Francen (00:46:07):

If, and if that’s what your goal is, if you’re actually driving towards that, yeah. You’re going to fail. Yes. And you’re going to be disappointed. So just, you’re just setting yourself up for failure right out of the gate.

Michael Kennedy (00:46:17):

Right.

Evan Francen (00:46:18):

It’s the goal isn’t even to prevent all breaches. Correct. That’s not the goal. You can’t do it. Nobody can do it. It doesn’t matter. No ai, nothing. It’s impossible. We’ve seen it forever. Right? So take it from somebody who’s been in this industry and seen this same crap recycle over and over again. Oh

Michael Kennedy (00:46:35):

Yeah. Yeah.

Evan Francen (00:46:36):

So if I know I can’t prevent all bad things from happening, then I should have something in place to detect it and then respond to it.

Michael Kennedy (00:46:42):

Correct.

Evan Francen (00:46:43):

This is all very logical business

Michael Kennedy (00:46:46):

Mitigate. Yep.

Evan Francen (00:46:48):

And you know, so, and if you don’t, and if you don’t have expertise in those areas, then find somebody that you can trust who does, has ex does have expertise. Somebody who’s not going. Like if you said to, to me, like I’ve, I’ve heard like invisible processes, you know, I was in a meeting and I was asking them, oh, this is a really cool technology. Can you tell me how it actually works? And they said, well, you know, it went on to something. I’m like, okay, I’m still not getting that. Explain to that more. Well, it’s invisible processes. I’m like, what? There’s no such thing as an invisible process. <Laugh>

Michael Kennedy (00:47:25):

What? Un what about protecting unknown threats?

Evan Francen (00:47:30):

Yeah. I don’t know.

Frank Gurnee (00:47:32):

Yeah. Unknown <laugh>.

Evan Francen (00:47:34):

I don’t know how you do it, but,

Frank Gurnee (00:47:35):

Yeah. Interesting. No, I mean, that all makes sense, guys. And, and you know, it’s just, it’s more of, more of, that’s how you weeded it, weeded out the, you know, those folks and, and you know who you can trust if they’re saying things are creating guarantees. It’s just not correct. Well,

Evan Francen (00:47:53):

And in this, in this industry, as a rule of thumb, I would never buy anything from anybody who told me that I needed to have it. Right? Meaning if it was a salesperson, right? I should already know. Like, it’s the same thing, like at my house, right? So take this. ’cause We used to be two different things, right? Cybersecurity or information security and life, right? They were separate from each other. Like I wasn’t online until I booted up my modem and connected to a OL, right? So they were separate things, but they’re not separate anymore. There’s an intersection between everything I do in daily life and everything I do. Cyber. I mean, they’re just, you can’t separate them anymore. Mm-Hmm. <Affirmative>. So the same risks, the same concepts of risk apply, right? So if you were going to guarantee me that I’m never going to get hacked, can you guarantee me that I will never get in a car accident?

Evan Francen (00:48:42):

Can you guarantee me that I’ll never trip going down the stairs? Can you guarantee me that I’ll never have a heart attack? Can you guarantee me I’ll ever have any of these things? No, you can’t because that’s life, right? So what we do is we do things to manage that, right? Mm-Hmm. <Affirmative>, I manage the risk of me having a heart attack by maybe not smoking, watching my weight getting exercise, if that risk is important enough to me, right? And the same thing with cyber. There’s some risks that maybe just aren’t important enough to you, but what’s not acceptable and it’s not defensible, is to be ignorant to just not know, not care, play my, you know, like, play. You’d have better chances at MGM where they lost your information.

Michael Kennedy (00:49:23):

Mm-Hmm. <Affirmative>. Yep. Exactly. Well,

Frank Gurnee (00:49:25):

That’s great. You know, I wanted to get one more question out before we kind of get to the q and A here. And you know, that’s it. If, if you two were MSPs today, you know, handling networks for small businesses you know, what would you be focused on doing in your business in 2024? Like what, how to help these guys and, and what would be those next steps for you? Any thoughts?

Michael Kennedy (00:49:50):

Security assessment. I would go and, and sit down with it every single one of the clients and walk them through security assessment first and foremost. And then, and then take that back. Because then that, that enables me to understand the gaps that I’m not providing them. And it understands the gap, the gaps of what tools or solutions that I need to look at as an MSP to bring in to, to provide them. But sitting in <laugh> this, I would sit down and do an S two assessment, an assessment with these one of these clients, and then identify like what you just said, Evan, what, where’s the risk? And, and then what, what weight do we put against that risk? And then, and then work, build a plan together, partner with that business, and build a plan together and get the remediation done.

Evan Francen (00:50:39):

Yeah. Yeah. I think absolutely. And I, and not missing out, like and I’m learning all the time, you know, I mean, 30 some odd years, and I’m still like, ’cause I was stuck on this thing. I, I was with a bunch of CIOs at a round table and they kept talking about speaking the language of business, speak the language of business, speak the language of business. And I was on this round table and I was the only security guy there. And they asked me, you know, and I wasn’t saying anything. I was just listening. And then they noticed I didn’t say anything. And they’re like, Evan, what do you think? And I, and I didn’t think before I said, what? I said, none of you speak the language of business.

Evan Francen (00:51:16):

And they’re like, what? And they were just blown away. I’m like, yeah. Because all I hear is like, it’s so hard to keep up with the unrealistic technology demands of the business. It’s, you know, we’ve got all these assets, we don’t have enough staff, we don’t have enough budget. And I’m like, none of that speaks to me like you speak the language of business. No. So then the, this is, this was the learning thing. ’cause Then I thought about us, you know, I thought about information security people, and do I speak the language of business? I mean, I’m not gonna beat these guys up and I’m not doing it. And so I, I did research on what the language of business is and the language of business according to what’s his name? Who’s the guy from Omaha?

Michael Kennedy (00:51:56):

Oh, Warren.

Evan Francen (00:51:57):

Warren Buffet. Yeah, Warren. Because he knows a lot about business, you know what I mean? He said the language of business, and this was a quote is accounting. And I was like, son of a. All right. That makes sense. So as an MSP, if I were starting an MSP today, or I was providing consulting services for a small to midsize business, I would approach it as how can I use, how can I provide value to your business and make you more money,

Michael Kennedy (00:52:27):

Right?

Evan Francen (00:52:28):

Either top line. So a competitive advantage in the marketplace depending on what market we’re operating in. You know, some, some places touting security gets you business, right? Or gets you through the third party vetting process faster. Right? Right. Whatever. On the bottom line, if I know complexity is the worst enemy of security, I’m looking for every opportunity possible to simplify this crap. So if I walk into a small to mid-size business and I find I would do an asset inventory, what stuff do we have here? Right? Now that we don’t need, we’re not using anymore legacy hardware software that we’re paying for, that we’re not using. ’cause From a, from a risk management perspective, I just reduced risk quite a bit because those are things I don’t have to configure anymore. I don’t have to secure them anymore. I don’t have to worry about passwords. They’re gone from a business perspective. At the same time, this is the alignment that I’m talking about. At the same time, I just saved my, my small to mid-size business, a couple hundred thousand dollars, which by the way, totally paid for all the risk stuff that we did. So I think always looking for opportunities to show how you provide value to them. I’m gonna get paid either way. If I don’t provide value, I I hope you’d fire me.

Frank Gurnee (00:53:46):

Right. No, those are, we

Michael Kennedy (00:53:48):

Call that, yeah, we call that pro, we call that profit bleed. Reducing profit bleed.

Evan Francen (00:53:53):

Yeah. Yeah. Good. That’s a great, I’ve never heard that term, but I like that.

Frank Gurnee (00:53:57):

Yeah. Yeah. Great points, guys. So I wanna jump in some of the questions here. I know we only have about five minutes till the top of the hour, so we’ll try to go through these quickly. I’m not sure that you guys can recommend any tools or software. Someone asked if if there were any tracking vulnerability tools that you guys would recommend for smaller organizations. Anything that you guys, it’s

Evan Francen (00:54:20):

Not gonna come down to the, it’s not gonna come down to your choice of tool. It’s gonna come down to how you use it.

Frank Gurnee (00:54:25):

Yeah. There’s

Michael Kennedy (00:54:26):

How you, how you, how you

Evan Francen (00:54:28):

Address it. That’s almost a commodity now in our industry. So you’ve got, you know, Nessus, Qualys, rapid seven. I mean, there are a number of players. You

Michael Kennedy (00:54:35):

Open source, you open source ones too that you can set up yourself for free. Yeah.

Evan Francen (00:54:40):

So going down that route, whatever tools you’re researching just learn how to use them. Right.

Frank Gurnee (00:54:47):

Okay. Let’s see here. What do you guys think good cyber marketing looks like? Any messaging that you’ve found that resonated with customers and is honest. So, so marketing for them to their potential customers. Anything that comes to mind that might

Evan Francen (00:55:02):

Resonate? It starts with a beard.

Frank Gurnee (00:55:05):

Good. You need a beard. Everybody needs a beard. We need

Michael Kennedy (00:55:06):

A beard. No, we don’t need a beard. I think it’s, it, it’s the authenticity, right? Yeah. You know, not, we talked about it not having a hundred percent, or not having guarantee the, just the fin the finite we do, you know, we’re, you know, it’s, it’s the, the messaging that comes across is we wanna, we wanna partner, we wanna, how do we help you?

Frank Gurnee (00:55:27):

And I don’t think marketing fear is the way to do it either. That’s just correct.

Michael Kennedy (00:55:31):

Yeah.

Frank Gurnee (00:55:31):

Something that, well,

Evan Francen (00:55:33):

They, they had a saying, they have a saying at FFR Secure, they’ve used for years that if you see Evan panic, it’s time to panic <laugh>. So, I mean, that means that there’s a time for fear, right? There’s a time to be afraid. But, you know, you gotta be really careful. And when you play that card, man, because people are, it, we got taught, that’s a crazy thing about this industry too. We were taught this stuff as like little kids, you know, in nursery rhymes. Remember the boy who cried wolf?

Michael Kennedy (00:56:02):

Mm-Hmm. <affirmative>.

Evan Francen (00:56:04):

I was already taught this. So, you know, are these boys who are crying wolves or men? I guess, I dunno what gender we’re talking, but there would be people that are crying wolf to sell you something and there’s no justification for it. So, you know, continue to ask it, ask the questions.

Frank Gurnee (00:56:22):

No, very good. This is just a statement. So you hit a great point, Evan. Linking the business need to, a personal benefit creates buy-in, we’ve seen this in implementing good cyber practices and linking them to employee’s, personal online shopping, banking activities such as that. So that was a great point from Matt. We had an anonymous attendee. Attendee let us know that Kennedy’s beard routine is, is more intense than his haircare routine. So that’s always good.

Michael Kennedy (00:56:48):

It’s called laziness. Laziness. <laugh>.

Frank Gurnee (00:56:52):

Somebody said the box with lots of exclamation marks. So <laugh>. And then we have from Carrie, absolutely risk management. But what about people management? Get it, people are risk. But any other thoughts on that that you guys can provide?

Evan Francen (00:57:09):

What comes down? I mean, we were taught this in college too. I don’t know if how many people went to college, but psychology 1 0 1, right? They taught you you know, Pavlov, I think it was you know, how to motivate dogs, but people kind of what’s in it for them? What pain do they have if they don’t do it right? So it, it comes down to the same thing. So put it into their language in ways that they can understand. And people are so unique that you can’t, you can’t just generalize, right? Because what works at FR Secure in my company or security studio, my company may not work in your company. I don’t know what motivates, I don’t know what your culture is in your organization. So that’s why can training and awareness program is really limited in its effectiveness. It has to be custom to the people that you’re actually serving so that it resonates with them

Frank Gurnee (00:57:59):

All. Perfect. and I think we hit on this. Lyle’s had just talked about the a hundred percent guarantees and, you know, outside of that, if the market’s flooded with that, how do we educate people on business and risk mitigation? Like if there’s all these guarantees out there going on and people, you know, marketing that way, how do you get guarantee

Evan Francen (00:58:20):

That someday you would die?

Michael Kennedy (00:58:21):

Haven’t watched. Yeah. Have him watched Tommy Boy <inaudible> out parts.

Frank Gurnee (00:58:25):

There you go. <Laugh>

Michael Kennedy (00:58:27):

In a box and slapping hundred percent guarantee on it.

Frank Gurnee (00:58:30):

Yeah. Yeah. Good, good point. I mean, that, that is you know, you’re, you’re just gonna have to combat it with reality, right? Reality. And, and that, that there just is no guarantee. But

Michael Kennedy (00:58:41):

You know, and, and it, and it’s okay. I think the other thing too is we get this like, we ha we have to win the deal. We have to win the deal. We have to win the deal and, and, and, and go through it. It’s okay not to win the deal. It’s okay that we’re not a, like Evan said it a couple of times, it’s okay that we’re not a fit for your business. I dunno how many times I’ve told people that’s it’s okay that, you know, we’re, we’re not gonna work for you. You know, and six months later we get a phone call, it’s like, you, you, we need you. ’cause The path we went didn’t work out for us. And that’s great, but you can’t, we’re not magicians. We’re not, we don’t have, you know, that ability to change people’s minds, right? You can only express and be authentic. And if they, if they don’t onboard, okay, it’s okay.

Evan Francen (00:59:29):

Yeah. There’s plenty of others that do want to get on board. Yeah. I’ve done the same thing with, with executive management that just, you know, they don’t give a and it doesn’t matter. You try all the different angles, try to figure out all the different ways, and they still don’t care. Rather than me continuing to waste my time here and maybe get it over this hump, screw it, I’ll go, I’ll go work for other places where they actually have good management.

Frank Gurnee (00:59:53):

Yeah. Right. So we’re at the top of the hour, guys. There’s, there’s one last question here that I, I’d love to hit and then we’ll we’ll, we’ll get our ending going here. But Jason asked, other than fr secure C-I-S-S-P mentor program, blogs and ostra.net blogs, are there any publications, websites, organizations that are better than others for staying up to date on cybersecurity news and events? Do you guys have any recommendations where these guys can go to check out stuff?

Evan Francen (01:00:20):

I can tell you what I do. I, I I actually don’t go to any news source. I create Google search alerts. So there’s certain things that I’m interested in hearing about on a regular basis. And so with Google you can, you know, set up certain search criteria and then have it email you digest of those things. Mm-Hmm. <Affirmative>. So I get sources like if I’m interested in, you know, counties that have been hacked, you know I’ll do a search with county breach data, whatever, whatever my search criteria are, and then I’ll get updated on those. ’cause Then I can read it without somebody’s interpretation of what it is. Right.

Frank Gurnee (01:01:05):

Tim,

Michael Kennedy (01:01:06):

Any thoughts? I use, I use an app Flipboard and I configure it the same way that Evan talks about. I have different parameters in there for a secure related industry related just world events type stuff. And then I, I go through and I, and read myself. I mean, there, there are a lot of good organizations and a lot of really good people out there that, that publish podcasts, that talk industry related stuff. That, you know, I just, I read through that stuff as it comes too. But yeah, I customize, I do the same thing. Customize

Evan Francen (01:01:41):

And certainly what my friends are doing, you know what I mean? Mm-Hmm. <affirmative> people that are really respecting this industry. So, you know, and I’m not pitching it. I think it’s good, you know, like Hackle Box, my good friend, you know, Oscar, you know, leads that, and I always want to kinda keep up to date on what he’s up to and what he is doing. So. Mm-Hmm. <Affirmative> That’s a good point. You know, Mike, the those podcasts as you make friends, you know, in this industry, follow your friends, see what they’re up to.

Michael Kennedy (01:02:07):

Mm-Hmm. <affirmative>.

Frank Gurnee (01:02:08):

Awesome. Well, guys you know, this has been super informative. We’re, we’re planning to do, you know, a series of these over time. So I think that’d be great. At the end of this, you guys they’re listening. We’ll have a survey, just like to know what it is. Two questions I think or something. So, so let us know what you thought of it and anything that you wanna see in the future or talked about. So feel free to, to fill that out for us at the end. Any final thoughts? Kennedy, I’ll, I’ll start with you. Any final thoughts?

Michael Kennedy (01:02:39):

I’m not sitting in front of a fireplace next time it’s too hot. Too hot.

Frank Gurnee (01:02:42):

Now you’re sitting here dying <laugh>.

Michael Kennedy (01:02:45):

We gotta do one in Mexico. Sitting around a bonfire together. Yeah.

Evan Francen (01:02:49):

Come out with me, man. Yeah, I think, you know, start with protecting what’s most important to you. Yeah. Start with protecting yourself and your family. You know, we talk about business a lot, but at the end of the day, you know, what are your kids doing? You know, because I can recover from, if you hack my bank accounts, which has happened many, many times ’cause it’s just nature of the beast, I can recover from that. What I can’t recover from is you stealing one of my children’s innocence. Yeah.

Michael Kennedy (01:03:20):

Yep.

Evan Francen (01:03:22):

I can’t recover from that stuff. So start there. You know, start with personalizing this, get yourself, get your family secure, and you’ll be, you’ll, you’ll be amazed at how much you learn from doing that, that you can then take to your work. So my, my, it’s the same with like, when I tell, when people ask me, you know, how do I get into, you know, pen testing and I’m like, hack yourself,

Michael Kennedy (01:03:43):

Right?

Evan Francen (01:03:44):

Yeah. What do you mean? Like, hack your house? Like I, you know, and the normal, you know, American House has like 12, 13, 14 devices connected to the network, right. Hack all that crap. Yeah. You’re not gonna go to jail for that and you’ll learn so much. So the same thing. You know, make this personal, protect your family, protect yourself, and see where good things go from there.

Michael Kennedy (01:04:04):

Yeah. Have I, I make my kids read data privacy policies.

Evan Francen (01:04:08):

It’s torture. They

Michael Kennedy (01:04:09):

Want in, they wanna install Snap Snapchat on their thing. Okay. Read the policy and tell me where, what, where your data’s going, and then you can have it. Right. So, nice. That’s awesome. And they, yep. Yep.

Evan Francen (01:04:20):

That’s borderline torture a little bit. It’s

Michael Kennedy (01:04:23):

Close, but they need to know that they do. I want them to have that thinking process. Right. So yeah. Don’t

Frank Gurnee (01:04:29):

That on everything. Right. Oh, great. Great stuff guys. This has been super informative and awesome. Really appreciate your time from both of you. And, and I think that we’ve, we’ve learned a lot today. We went over a little over, but most people have stayed with us, so that’s fantastic. If you guys wanna learn a little bit more, this was not about, you know, our, our solutions or anything like that, but if you’d like to learn more about ostra ostra.net, feel free to jump over there and check those guys out. Mm-Hmm. If you’d like to learn more about Security studios, just security studio.com, check us out and thanks everyone for joining us today. There’s been a great fireside chat getting Kennedy all warmed up there.

Michael Kennedy (01:05:09):

Okay, thank you. Have a

Evan Francen (01:05:10):

Merry Christmas guys.

Ostra Cybersecurity

Ostra Cybersecurity Year in Review: 2023

/in /by

As we welcome a new year, we’d like to extend our sincerest gratitude to our Channel Partners, clients, shareholders, and industry colleagues for their invaluable contributions to our continued success. In our fifth year as a company, we sustained rapid growth while enhancing operational efficiencies, ensuring the safeguarding of an increasing number of small and mid-sized companies through our expanding Channel Partner network.

A Look Back at 2023

 

Expanded Offerings focused on Remediating the Real Problem

In a rapidly changing world where SMBs are overwhelmed and alert-fatigued, Ostra expanded its industry-leading cyber threat remediation services with Ostra EncompassTM and Ostra ExtendTM.  

In the realm of cybersecurity, the real challenges facing SMBs and the IT providers who serve them extend beyond technology; it is fundamentally a people and talent issue. This growing problem propelled Ostra to introduce these expanded offerings, enhancing our capability to address this issue directly in the market. 

Instead of merely receiving the alerts and advice commonly offered by most Managed Detection and Response (MDR) solutions, clients and partners alike can trust Ostra’s proactive team to handle the challenging task of remediating and resolving threats on their behalf. Going beyond typical products or services, we will continue to focus on changing the way cybersecurity is delivered in 2024 and beyond.

Managed Increased Threats

As Ostra continues to protect more channel partners and their SMB clients, the threat landscape naturally increases at an exponential rate. In 2023, Ostra’s client volume (email, endpoint, sensors, etc.) increased more than 3X over the previous year. However, instead of seeing a huge increase in alerts and events needing investigation and remediation, Ostra actually reduced the number of alerts and investigative events by 70% compared to last year.

So, how exactly was Ostra able to decrease time spent on security events and alerts amidst an unprecedented increase in threat volume? Let’s break it down… 

Increased Efficiencies 

Ostra operates fundamentally differently than typical cybersecurity vendors providing MDR or similar services—enabling us to increase efficiencies and focus on high-priority incidents. Bringing in Emad Bhatt to lead Technology Services also brought a heightened laser focus to the expansion of Ostra’s technology and security operations. 

In addition to being able to truly remediate and resolve threats in real-time, our tools and proprietary technology allow our team to:  

  • Quietly & efficiently elevate client security postures by enabling advanced security, enhanced visibility, automated event correlation, forensic analysis, and pattern recognition.  
  • Enhance internal operational efficiencies within our proprietary mesh architecture infrastructure and data river leveraging Automation, Artificial Intelligence, and Machine Learning.  
  • Process more than 30 billion events, investigate 1.3 million alerts and remediate 20k security incidents last year alone.

Top Resources from 2023

This year, themes of trust, transparency, and simplifying cyber jargon resonated most with our community. Explore our top picks for resources in 2023 that embody these key elements. 

 

You can expect more content like this from Your Trusted Cybersecurity TeamTM in 2024. Keep an eye out for additional insights on both our blog and LinkedIn. 

Paul Dobbins

Why Businesses Keep Losing the War on Cyber Terror: Part 3

/in /by

Awareness Isn’t Enough: A Transparency Revolution 

In Part 1 of this blog series, I asked why businesses continue to lose the war on cyber terror; and in Part 2, I identified some of the root causes of the problem. Now it’s time to stop talking and start doing something about it.

Every October during Cybersecurity Awareness Month, we see an increase in tips and tricks to help businesses better protect themselves. This is a great endeavor to raise awareness for the average consumer. How do I know it’s working?  For one, my wife (who works in education) came home beaming ear to ear, boasting that she knew it was Cybersecurity Awareness Month because her school was taking part in the campaign. Amazingly, my middle school-aged son even knew about it.

But we, as leaders in cybersecurity, must do more to affect top-level change in order to truly flip the script in this war. We must question the ways we are currently conducting business. We must begin putting the “why” ahead of what we do—and let that guide how we do things.

As outlined in Part 2, the amount of noise in the cybersecurity landscape is deafening. In an ecosystem as complex as cybersecurity, trust is paramount. But when phrases like ‘where there’s mystery, there’s margin’ permeate the culture, trust is eroded. The best way to earn trust is through transparency.

Inspired by our Founder, Michael Kennedy’s passion for transparency, Ostra has outlined the beginnings of a framework that we believe people are hungry for. We believe leaders in the cybersecurity industry should model these behaviors:

Honesty:

  • Using plain, common language that all user levels can understand
  • Using transparent sales & marketing practices
  • Using non-predatory practices (e.g., fear tactics)

Self-awareness:

  • Openly recognizing their organization/solution is not perfect or ideal for everyone
  • Committed to constantly growing, learning and improving for the good of clients

Transparency:

  • Giving and receiving constructive feedback
  • Sharing critical information with competitors and other vendors in the interest of serving and protecting clients

Accountability:

  • Educating others as a priority over sales
  • Seeking collaboration with industry partners
  • Donating time, talents and other resources to bettering the industry

Join the Revolution

Would you do business with companies who align with this transparency framework or something similar? If so, let us know and be part of a transparency revolution. Together we can turn the tide.

Chris Pridemore
Ostra Cybersecurity

Ostra Hires Chris Pridemore as Security Operations Manager

/in , /by

Ostra Hires Chris Pridemore as Security Operations Manager

Chris Pridemore

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for small and medium-sized businesses, recently welcomed Chris Pridemore as Security Operations Manager.

In this new management role, Chris will help improve and expand Ostra’s existing Security Operations Center (SOC) to meet the needs of current and future clients as the company grows.

Chris brings over a decade of experience in IT systems infrastructure and cybersecurity to the operations side of the business. He has built successful cybersecurity programs in large enterprise environments with experience leading both Governance, Risk & Compliance (GRC) and SOC teams.

With this latest hire, Ostra was able to shift many of the day-to-day responsibilities for technology and security operations management to Chris, enabling Vice President Emad Bhatt to focus more heavily on Ostra’s IT Strategy, Roadmap, and Product Development priorities.

Adding a dedicated security operations leader further demonstrates Ostra’s resolve to protect more clients and scale its Diversified Managed Cybersecurity offerings. This hire comes on the heels of the recent unveiling of Ostra EncompassTM and Ostra ExtendTM, which are designed to meet the evolving needs of small and medium-sized businesses as well as the managed service providers (MSPs) and IT firms that serve them.

“Chris is a welcome addition as we continue to expand and mature our team of great people with the technical skills to stand between our clients and cyber threats,” Emad said. “His skill set will be pivotal as we protect an increasing number of clients while incorporating automation and highly scalable processes.”

With a focus on being the Trusted Cybersecurity Team for its clients and partners, Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small and medium-sized businesses. Ostra’s Managed Cybersecurity offerings—combined with the service expertise of its channel partners— protect clients through best-in-class, multi-layered, and fully managed solutions.

Chris earned a Bachelor of Science degree in Cybersecurity from Metropolitan State University in St. Paul, Minn. Chris has spent more than half his career as an Intelligence Analyst in the U.S. Army National Guard, earning an Army Commendation Medal in 2008. Over the years he progressed in various IT roles, including positions at IBM and Hays Companies. Most recently, he served as a Senior Security Analyst at Andersen Corporation before joining Ostra.

In his new position, Chris looks forward to drawing on his leadership skills and deep technical background to support Ostra’s mission. He said, “I am excited to do my part to proactively protect our clients’ systems and data, especially as Ostra continues to grow.”

Connect with Chris on LinkedIn.

Paul Dobbins

Why Businesses Keep Losing the War on Cyber Terror: Part 2

/in /by

Change the Channel: It’s Broken 

I’m not one to bury the lead. When it comes to cybersecurity, the channel is broken because it’s primarily focused on margin.  As I said in the last blog entry, the quote “Where there’s mystery, there’s margin” is more important to many than actually solving the complex issues facing the clients served by our channel. 

Unsurprisingly, the origin story behind why the channel is broken starts decades ago with a guy named Dave Berkus.  Dave was in the business of selling large computing systems prior to the advent of the personal computer, and is the self-proclaimed inventor of the saying “where there’s mystery, there’s margin.” Do a quick search and you’ll find him on video, quoted as saying: 

 

“You’ll be able to charge more, not less, when people don’t understand…”  

 

Think about how this relates to the questions I asked in the first part of this blog series and the answers you may have come up with: 

  • How many companies are trying to sell you cybersecurity products so you can expand your offerings for your clients? (I counted 44 exhibitors at MSP Summit last week.) 
  • At a high level, what are they trying to accomplish and how?  And why, if we have all these wonderful individual products and technologies, do we keep losing this most important war?  

While the answers to these questions are certainly multi-faceted and complex, let’s break it down as simply as possible. Which organizations first started combating cyber threats? Enterprises. Thus, individual, point-based solutions were sold to enterprises that, theoretically, had the resources and funds to implement and manage multiple point-based solutions with very specific purposes.  Commercial antivirus solutions were first, followed by firewalls, VPN, MDM, ETP, EDR, MDR, XDR, and every other acronym-based solution you can think of.  

When the enterprise funnel began drying up, these solutions were pushed downstream further into the channel. When those business prospects became too small, rather than solve for scale, many solutions were modified and watered down. Today, on average, it is estimated that each small business deploys a dozen or more different security tools; a medium-sized business averages several dozen tools; and an enterprise deploys more than one hundred.   

For small or medium-sized businessesthe heart and soul of MSP clientelehaving dozens of security solutions to manage is a recipe for disaster. If they are watered-down solutions, it gives a false sense of security. If they are truly enterprise-level solutions, they immediately drain resources for both the MSP and the business itself. 

Look at the vast cyber landscape outlined below.  Given the sheer volume of logos, there’s obviously margin.  The real mystery is figuring out how anyone could think a small or medium-sized business—or an MSP—could successfully navigate this landscape on top of paying attention to the company they are already running.

  

There Is Good News

Full transparency: At Ostra Cybersecurity, with a few notable exceptions, we haven’t had much luck finding trustworthy MSPs that we can recommend to our clients. We have focused our efforts on looking for straightforward and humble MSPs who share our vision to go against the grain and think differently about the business of cybersecurity so we can start winning the war. So, when we set out to attend MSP Summit last week in Orlando, we felt like we were hunting for unicorns amidst a sea of 40,000 horses.   

After many in-depth conversations, our team was encouraged to hear several MSPs acknowledge the cybersecurity problem within the channel. We heard from numerous people that too many point-based solutions using cyber jargon only creates noise and confusion and ultimately take the focus away from the core business of MSPs. It was refreshing to meet MSPs who have not been seduced into overextending their business. As broken as the channel may be, my hope of change is restored after talking with these folks. 

In the third and final installment of this blog series, we’re going to dive deeper into the transparency theme, throwing margin and mystery to the curb. We’ll talk about how to challenge the way MSPs think about cybersecurity and how the channel conducts business. I’ll have some questions for you to consider as you evaluate whether it’s worth changing the way we all do business for the sake of winning this war.   

Spoiler alert: it’s worth it. 

Stay tuned.

Paul Dobbins

Why Businesses Keep Losing the War on Cyber Terror: Part 1

/in /by

Are MSPs a Weak Link in Cybersecurity?

MSPs should be on top of the world. Even through a pandemic, economic downturn and stifling inflation, the majority of MSPs were able to increase revenues in 2021 and 2022 looks even stronger, as reported by Channel Futures regarding Wingman’s 2022 MSP Growth Survey.

As the industry continues to consolidate, MSP acquisitions increased from 23 transactions in 2017 to 78 in 2021, with private equity deal volume increasing 390% in that timeframe (from 10 private equity deals in 2017 to 49 in 2021, based on MSP Insights).

However, at the same time, more than 75% of MSPs say their current workload is at or over capacity. More than 50% of MSPs say their pipelines will support them for less than six months and 40% express concern that their workload impedes finding new business.

Is it any wonder, then, that CISA and cybersecurity allies across the globe released a joint advisory earlier this year warning of increases in malicious cyber activity targeting MSPs, along with very basic cybersecurity recommendations for MSPs to implement? Threat actors know MSPs are vulnerable and provide access to multiple victim networks that they can exploit on a global scale.

But threat actors aren’t the only ones taking advantage of MSPs. Traditional vendors are taking advantage of MSPs by focusing on fear and distrust to turn a quick profit instead of solving industry problems.

“Where there’s mystery, there’s margin.” 

 MDR/XDR vendor at a recent MSP tradeshow

When it comes to vendors who encourage a sales culture based on mystery, the only thing separating them from threat actors is that we know the vendor’s identity. And MSPs that are seduced into following the “(sl)easy” money are betraying the trust of their clients and deserve to be replaced. Given that recent data has identified 80% of MSP customers are looking to replace their MSP within the next year (Channel Insider), that’s probably happening sooner rather than later.

The business practices I have described here should make any service-oriented organization angry! But it’s not just blatantly predatory sales tactics that continue to erode the foundation of security for businesses using MSPs. There are deeply rooted issues that need addressing. In this blog series, I’m going to boldly ask for your help in doing so.

If you’re an MSP, take a second to think about how many companies are trying to sell you cybersecurity products with the assumption that this will help you expand your offerings for your clients. Makes sense on the surface, right? We know that cybersecurity is the number one, most important, top-of-mind pressing IT issue facing businesses of all sizes right now, period. It’s influencing the overall cost of doing business, overwhelming already understaffed and overworked IT teams, and keeping worried C-suite execs up at night.

Take A Minute to Critically Think

Industry leaders from across the nation will gather October 30 – November 2 in Miami for the MSP Summit. Let me ask you these questions as you prepare to attend (or think about a recent MSP show you’ve attended):

  • Count all the cybersecurity products you’re being sold. At a high level, what are they trying to accomplish and how?
  • Why, if we have all these wonderful individual products and technologies, do we keep losing this most important war?

In Part 2 of Why Businesses Continue Losing the War on Cyber Terror, I’ll dive further into how we got to this point. Stay tuned.

Before I get too much hate mail, I’m not a fan of bringing problems without solutions. So Part 3 of this series will bring everything together. It will discuss how we can begin to approach this challenge differently, change the narrative, and start winning the war on cyber terror from a business perspective. Spoiler alert: Ostra Cybersecurity (my employer) is not the be-all, end-all solution; it cannot be done by any one company alone.

Before signing off, I encourage you to attend the MSP Summit. It’s a great time to hear from innovative leaders and catch up with colleagues in the managed services space—and don’t forget to stop by Ostra at Booth #309 and say hello if you’re in the neighborhood.

Until next time… I’ll leave you with a few simple challenges. Be skeptical of mysteries. Think clearly. And let’s get ready to shake things up and start winning the war on cyber terror.

Michael Kennedy

Well-Informed and Well-Balanced: The Link Between Cybersecurity Awareness and Mental Health

/in , /by

When it comes to mental health, the fall and winter months can be especially challenging for many people—including those of us who work in the high-intensity world of cybersecurity.  

Recently, I shared some perspectives on mental health within the cybersecurity industry at Hacks and Hops 2023, an information security event series hosted by FRSecure. This year’s event (held October 5, 2023 in Minneapolis) brought together hundreds of security professionals to learn and network. The timing of the conference coincides with Cybersecurity Awareness Month in October. Celebrating its 20th Anniversary this year, the Cybersecurity Awareness Month campaign is a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime. 

Taking a Moment for Mental Health

With so much focus on cybersecurity best practices and tips on staying safe online being shared this month, it also seems like the perfect opportunity to have a transparent conversation about a topic that doesn’t always get the same level of attention in our industry: mental health.  

At this point you might be wondering: What does cybersecurity awareness have to do with mental health? Or maybe you believe that everyone who works in cybersecurity is on an inevitable path to constant anxiety (I know I certainly feel that way sometimes).  

Sure, the daily grind of a career in cybersecurity can be stressful and overwhelming. The first reason is that security professionals are especially at risk for cybersecurity fatigue due to staff/skills shortages on their teams that make it harder to stay on top of vulnerabilities. For example, “there will be 3.5 million unfilled cybersecurity jobs globally in 2023—enough to fill 50 NFL stadiums,” according to Cybersecurity Ventures. (For more on this topic, read Ostra’s blog, Overcoming Cybersecurity Fatigue: Help For IT Service Providers.) 

Secondly, it’s hard to be constantly watching out for the bad guys and witnessing the scary stuff happening on the dark web without it impacting your mental health. 

All About Balance

In my experience, taking a balanced approach to cybersecurity awareness is empowering. Armed with the right information, we can take actionto protect our data—and that’s a great feeling. By contrast, the opposite extremes of either apathy or paranoia will have a paralyzing effect that solves nothing. The diagram below illustrates this concept in more detail.

Data Privacy Inforgraphic - Awareness leads to Action

 

4 Tips to Promote Positive Mental Health

As someone who has spent more than 20 years in the cybersecurity industry, I have dealt with my share of stress, fatigue, what-if thinking, and random episodes of sheer panic. But I have survived and learned a lot in the process. So here are 4 tips that have helped me pursue positive mental health habits. Hopefully, they will help you as well:  

  • Having thoughts of impending doom does not mean doom is impending. That tightness in your chest or pit of your stomach is a natural response to what we are seeing every day on the front lines of cybersecurity. It’s your cue to take a step back and find something good, funny, or hopeful to think about. Refresh your perspective. 
  • Normalize talking about how you feel. As soon as you acknowledge it and say it out loud to someone else who understands exactly what you are going through—because they are going through the same thing—it becomes less scary. Addressing mental health in the workplace and fostering a safe environment for sharing feelings of stress is also crucial for employers and company leaders to promote employee well-being, enhance productivity, and create a positive, inclusive culture.  
  • Do what works for you. When it comes to relieving stress and anxiety, some people take walks or go to the gym. Others lean into mental health apps, meditation or deep breathing exercises. Personally, I like to recharge by finding ways to help other people and spending time outdoors.  Whatever your go-to method for shedding stress or anxiety might be, I promise the time will be well spent. 
  • Reach out to another human who can support you when you need it most. It can be a friend, mentor, spouse, trusted colleague, neighbor, or mental health professional. If you or someone you know is experiencing a mental health crisis, call or text 988 immediately. If you are uncomfortable talking on the phone, you can even chat with someone at the Suicide & Crisis Lifeline at 988lifeline.org, or text NAMI to 741-741 to be connected to a free, trained crisis counselor on the Crisis Text Line. You don’t have to suffer alone—there are so many people and communities who are ready to help. 

 

During the month of October and beyond, please join me in promoting cybersecurity awareness while also making mental health a priority in your own life but also within your organization. Our world needs people who will bring their best selves to the difficult mission of protecting clients—let’s step up. 

For more information about Cybersecurity Awareness Month, including tips and resources to help you stay safe online, visit staysafeonline.org. 

Ostra Company News
Stacey Kusnier

PRESS RELEASE: Ostra Unveils Diversified Managed Cybersecurity Offerings to Meet Evolving SMB Client Needs

/in /by

Company expands its industry-leading cyber threat remediation and resolution services with Ostra EncompassTM and Ostra ExtendTM.

[Minneapolis, Minn., Sept. 26, 2023] – Ostra Cybersecurity, a company that provides a multi-layered, holistic, and fully managed Security as a Service that continues to revolutionize the way cybersecurity is delivered to small and mid-sized businesses, announced its diversified managed cybersecurity offerings designed to fit the evolving needs of its clients and partners.

All of Ostra’s solutions are managed by a trusted team of cybersecurity experts. This is especially important since threat remediation and resolution is the number one thing that many companies are looking for. Rather than just receiving the alerts and recommendations that many Managed Detection and Response (MDR) firms typically provide, clients can rely on Ostra’s proactive team to do the hard work of remediation on their behalf. In a world where SMBs are overwhelmed and alert-fatigued, Ostra’s experts have the skills and knowledge to confront cybercriminals head-on while achieving real results and resolution.  

Ostra’s new managed cybersecurity offerings include: 

  • Ostra EncompassTM: This offering is ideal for SMBs and partners who need a solution that encompasses all of their critical cybersecurity needs. Ostra Encompass incorporates 24/7 Managed SOC & SIEM, Firewall & VPN, Endpoint Security, and Email Security—plus a newly added Security Awareness Training component.  
  • Ostra ExtendTM: This new offering incorporates Ostra’s 24/7 Managed SOC & SIEM, Collector & Sensor, and Endpoint Security components. The solution is beneficial for clients who already have some security capabilities in place but need endpoint remediation and general cybersecurity guidance.

As Ostra continues to evolve its offerings to better meet the needs of the market, the company remains focused on its mission to simplify cybersecurity and make Fortune 100-level protection more accessible to SMBs.  

“Not all of our clients require the same type of cybersecurity solution,” said Ostra Founder Michael Kennedy. “Ostra believes in transparency and trust, and these new managed cybersecurity offerings help us communicate more clearly with our partners and clients about the exact level of service they need.”  

A major part of Ostra’s mission is to educate its community, and provide helpful resources related to cybersecurity and data privacy. Adding psychological Security Awareness Training to its core capabilities adds another important layer of protection for organizations while also increasing their cybersecurity compliance and enabling them to meet standards such as NIST and CMMC. 

“While security tools do a great job of filtering out most phishing emails, hackers are changing their tactics every day to target our clients’ employees,” said Emad Bhatt, VP of IT at Ostra. “This additional frontline defense training truly arms our clients and their employees with the critical knowledge they need to be protected.” 

Ostra’s new value-added Security Awareness Training includes ongoing psychological training, phishing testing, and reporting. Designed to increase staff engagement in cybersecurity best practices, this component is now included at no additional cost to Ostra Encompass clients.  

About Ostra Cybersecurity 

As Your Trusted Cybersecurity Team, Ostra makes cybersecurity simple and accessible to businesses of all sizes. Ostra provides its partners and their clients with multi-layered, comprehensive, and fully managed Security as a Service. Ostra’s proprietary solutions combine Fortune 100-caliber tools, tech, and talent to ensure threats are not only detected and hunted, but also fully remediated.   

With a mission to simplify cybersecurity for small to mid-sized businesses, Ostra believes everyone deserves best-in-class data protection—not just big business. For more information, visit www.ostra.net 

Read the full Press Release

 

Stacey Kusnier

Ostra Cybersecurity Names EVP to Senior Leadership Team

/in , /by

Wade Hoffman to lead sales channel network and strategic sales initiatives.

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for small and medium-sized businesses, recently named Wade Hoffman to a new role as Executive Vice President, Channels & Strategy.

This latest hire affirms Ostra’s continuing drive to meet the needs of small and medium-sized businesses (SMBs) through its rapidly growing network of Channel Partners.

Wade will be leading the Channel team to grow its network of trusted Channel Partners and the client base the channel serves in Ostra’s mission to protect as many SMBs as possible from cyber threats.

“Wade’s extensive experience in channel development as well as his intense focus on fostering successful partnerships will strengthen our leadership team and contribute to our ongoing success,” said Ostra President Joe Johnson. “As we grow and evolve, Wade will help Ostra provide a scalable approach to support our future expansion and progress.”

Prior to Ostra, Wade built a career defining and selling complex solutions and services for clients ranging from SMBs to global enterprises. He brings broad experiences across industries and solutions such as data analytics, business continuity, unified communications, and information security.

One common theme Wade has seen across various industries and companies of all sizes is the value of capturing, organizing and protecting the most valuable business asset: data. “Information security has been my passion over the past 10 years,” Wade said. “I am proud to work with Ostra partners and clients to ensure they have a strong information security program in place to protect that asset.”

Wade earned a bachelor’s degree in computer science from South Dakota State University and an MBA from Keller Graduate School of Management. He also holds credentials as a Certified Information Systems Security Professional (CISSP) and a Certified Virtual Chief Information Security Officer Course (CvCISO).

Connect with Wade on LinkedIn.

Ostra Cybersecurity

How Do I Become a Cybersecurity Reseller?

/in , /by

How to Become a Cybersecurity Reseller

With the rapid evolution of technology and the increasing threat of cyber-attacks, businesses of all sizes are seeking robust cybersecurity solutions to protect their sensitive data and operations.

This has led to a growing demand for cybersecurity resellers who can provide comprehensive security solutions tailored to diverse business needs. If you’re interested in becoming a cybersecurity reseller, this article will guide you through the process.

Understanding the Role of a Cybersecurity Reseller

A cybersecurity reseller acts as an intermediary between cybersecurity solution providers and end-users, helping businesses access top-tier cybersecurity technologies and services.

As a reseller, you don’t develop the solutions yourself; instead, you partner with established cybersecurity providers to offer their products to your clients.

This partnership allows you to tap into cutting-edge technologies and leverage the expertise of established players in the industry.

The Benefits of Being a Cybersecurity Reseller

Access to Expertise: Cybersecurity resellers collaborate with established providers with deep industry knowledge and expertise. This means you can offer your clients solutions backed by a team of professionals who understand the intricacies of cyber threats and prevention.

Minimized Overhead: Developing and maintaining your own cybersecurity solutions can be costly and resource-intensive. As a reseller, you can avoid these overhead costs and focus on delivering value to your clients.

Diverse Product Portfolio: Cybersecurity providers offer various solutions that address cybersecurity aspects, from ransomware prevention to cloud data protection. This allows you to provide tailored solutions to clients based on their unique needs.

Efficient Time-to-Market: Partnering with established providers lets you quickly enter the market with proven solutions. This efficiency can be crucial in a rapidly evolving cybersecurity landscape.

Steps to Success With Cybersecurity Reselling

The first step to becoming a cybersecurity reseller is understanding the market. This involves gaining knowledge about various types of cybersecurity threats, such as ransomware, malware, and phishing, as well as the different tools and technologies used to combat them.

It’s also crucial to understand the specific needs of businesses in terms of mobile device security, cloud data protection, and other aspects of cybersecurity.

Once you’ve gotten up to speed on the basics of cybersecurity, these steps will walk you through the process of establishing a cybersecurity reseller partnership:

  1. Research and Choose Your Partners: Research reputable cybersecurity providers like Ostra Cybersecurity. Look for providers with a strong track record, a comprehensive product suite, and a commitment to ongoing innovation.
  2. Understand Your Audience: Identify your target market and understand their cybersecurity needs. Different industries and businesses have varying requirements, so tailor your offerings to these specific needs.
  3. Build Relationships: Establish strong relationships with your chosen cybersecurity providers. This collaboration is built on trust and ensures you can effectively communicate your clients’ needs to the provider.
  4. Education and Training: Gain a deep understanding of the cybersecurity solutions you’ll be reselling. This knowledge will enable you to effectively consult with your clients and provide them with the best solutions for their needs.
  5. Value-Added Services: Consider offering additional services alongside the cybersecurity solutions, such as consulting, training, and ongoing support. This can set you apart from competitors and create a holistic cybersecurity solution for your clients.
  6. Marketing and Sales: Develop a marketing strategy highlighting your offerings’ benefits. Educate your clients about the importance of cybersecurity and how your solutions can safeguard their digital assets.
  7. Customer Support: Provide exceptional customer support to your clients. Quick response times, troubleshooting assistance, and regular check-ins can go a long way in building solid and long-lasting relationships.

Partnering with a Managed Cybersecurity Provider

Once you’ve gained a solid understanding of the market, the next step is to partner with a managed cybersecurity provider.

This provider should offer a comprehensive solution that tackles both known and “zero-day” threats – those that are brand new and unknown to security professionals.

The solution should be constantly updated to keep up with evolving threats and seamlessly integrate into clients’ IT environments.

Ensuring Seamless Integration and Support

In choosing a provider, ensure that they can integrate their solution into your current security suite with minimal effort on your part. They should take care of everything behind the scenes, from setup to ongoing management, allowing you to focus on your core business.

Look for a provider offering expertise, educational resources, training, sales and marketing tools, and ongoing support. This will help you provide the best possible service to your clients and grow your business.

Customizing Solutions to Fit Client Needs

Every business is unique, with different cybersecurity needs. As a reseller, you should be able to offer customizable solutions tailored to your clients’ specific requirements. This means working closely with your provider to understand their offerings and how they can be adapted to fit different business contexts.

Ready. Set. Go!

Becoming a cybersecurity reseller can be rewarding, providing an essential service to businesses while offering significant growth opportunities.

You can establish your successful cybersecurity reselling business by understanding the market, partnering with a reputable managed cybersecurity provider, ensuring seamless integration and support, and customizing solutions to fit client needs.

Remember, it’s not just about selling services; it’s about being a trusted advisor who can provide comprehensive data security that eliminates risk and meets clients’ compliance requirements.

The Ostra Cybersecurity Reseller Program

Ostra Cybersecurity offers a comprehensive suite of cybersecurity solutions to help you become a successful reseller.

Ostra has the exceptional talent to not only hunt for and identify threats but also remediate and eliminate them in real time for a fraction of your insourcing cost.

Our robust, secure product offerings are designed to meet the needs of small and medium-sized businesses in any industry. Our team of experts is available to provide assistance and support throughout your journey as a reseller. Contact us today to learn more!

FAQs

Q: What is a cybersecurity reseller?

A: A cybersecurity reseller is a business that sells cybersecurity solutions provided by a third-party supplier. They act as a bridge between the cybersecurity provider and companies that need these solutions. They can offer added value through consultation, customization, and additional support services.

Q: Why is partnering with a reputable cybersecurity provider important?

A: Partnering with a reputable cybersecurity provider is crucial as it ensures you have access to high-quality, effective cybersecurity solutions. A reputable provider will have a track record of success and will offer comprehensive, updated solutions to tackle both known and emerging cyber threats while minimizing liability risk exposure.

Q: What are the key capabilities to look for in a cybersecurity provider?

A: Key capabilities to consider include a comprehensive and constantly updated solution suite, seamless integration with existing IT environments, and robust support services. The provider should also be able to offer customizable solutions to meet varying client needs.

Q: How can a reseller add value to the cybersecurity solutions they offer?

A: Resellers can add value by offering additional services such as consulting, training, and ongoing support. By understanding their clients’ specific needs, they can also tailor the cybersecurity solutions to provide a more effective, personalized service. Offering a holistic cybersecurity package is also beneficial, setting your services apart from competitors.

File folders with name tabs - Cybersecurity, Data, Business, Technology, Internet (Outsourcing Cybersecurity)
Ostra Cybersecurity

Insourcing vs. Outsourcing Cybersecurity:
How to Find the Best Approach for Your Practice

/in , /by

Outsourcing Cybersecurity: Most Companies Can’t Handle Cybersecurity On Their Own

File folders with name tabs - Cybersecurity, Data, Business, Technology, Internet (Outsourcing Cybersecurity)Cybersecurity has become an essential aspect of business operations. With the increasing complexity of cyber threats and the value of sensitive data, organizations must adopt robust strategies to protect their assets.

A recent article in Forbes titled The Evolution Of Cybersecurity And How Businesses Can Prepare For The Future states, “One thing is for sure: The biggest challenges facing the future will be keeping up with the growing sophistication of attackers.”

When implementing a cybersecurity practice, companies often face the critical decision of insourcing or outsourcing their cybersecurity efforts.

Both approaches have their merits and drawbacks, making it essential for businesses to carefully evaluate their unique needs before determining the best course.

Understanding Insourcing and Outsourcing in Cybersecurity

Before delving into the comparison, it’s important to understand what insourcing and outsourcing mean in the context of cybersecurity.

Cybersecurity Insourcing

Cybersecurity insourcing refers to handling cybersecurity internally, wherein an organization establishes its in-house team of cybersecurity professionals responsible for safeguarding the company’s assets.

Cybersecurity Outsourcing

Cybersecurity outsourcing involves partnering with external cybersecurity service providers to handle security tasks on behalf of the organization.

Hybrid Cybersecurity Approach

The hybrid approach to cybersecurity is a combination of insourcing and outsourcing, wherein an organization outsources certain tasks while keeping the remainder in-house.

The Advantages of Insourcing Cybersecurity

One of the primary advantages of insourcing cybersecurity is its level of control and customization. An in-house team allows organizations to tailor their security measures to align with their specific needs and requirements.

Additionally, in-house teams can better understand the company’s operations and culture, leading to a more effective security strategy.

Insourcing can potentially lead to cost savings in the long run. While initial setup costs might be higher, the absence of third-party fees can result in lower overall expenses over time.

With a dedicated team on-site, response times to security incidents can be faster, potentially minimizing the impact of breaches or attacks.

The Challenges of Insourcing Cybersecurity

Despite its advantages, insourcing cybersecurity also presents certain challenges. Building and maintaining an expert cybersecurity team demands significant recruitment, training, and continuous education investment.

As the threat landscape evolves rapidly, it can be challenging for in-house teams to keep up-to-date with the latest threats and security technologies.

Moreover, for smaller organizations or those with limited resources, assembling a comprehensive in-house team with diverse skill sets can be cost-prohibitive. In such cases, insourcing might result in a trade-off between the breadth of expertise and the available budget.

The Benefits of Outsourcing Cybersecurity

Cybersecurity offers several compelling benefits, making it an attractive option for many organizations. Access to specialized expertise is one of the primary advantages of outsourcing.

By partnering with a reputable cybersecurity service provider, businesses can tap into a pool of highly skilled professionals with extensive knowledge of the latest threats and security practices.

Outsourcing cybersecurity can provide around-the-clock monitoring and support, ensuring that security incidents are promptly detected and addressed, even outside regular business hours.

This constant vigilance can significantly enhance an organization’s ability to respond to threats in real-time.

The Considerations and Drawbacks of Outsourcing

While outsourcing can be beneficial, it’s not without its considerations and potential drawbacks. One critical aspect that requires careful attention is data privacy and security.

Sharing sensitive information with external parties carries inherent risks, and organizations must ensure that the chosen cybersecurity provider adheres to the strictest data protection standards.

Another potential drawback is the lack of complete control over the cybersecurity process. Relying on external providers means entrusting them with critical security responsibilities, and organizations must thoroughly vet potential partners to establish trust and ensure alignment with their security objectives.

 

“One thing is for sure: The biggest challenges facing the future will be keeping up with the growing sophistication of attackers.”

 

Evaluating Your Cybersecurity Needs

Before deciding between insourcing and outsourcing, organizations must thoroughly evaluate their cybersecurity needs. This assessment should encompass various factors, including the organization’s size, industry, budget, existing in-house expertise, and the level of security required to protect sensitive data and assets.

Consideration of the company’s growth trajectory and future expansion plans is crucial, as scalability plays a vital role in determining the sustainability of the chosen approach.

Cost Analysis: Cybersecurity Total Cost of Ownership

An accurate cost analysis is essential for making an informed decision. This analysis should consider the initial setup costs and the long-term expenses associated with each approach.

While outsourcing might have more apparent upfront fees, it could prove cost-effective when considering factors like recruitment, training, and retention of in-house cybersecurity professionals.

Organizations should calculate the Total Cost of Ownership (TCO) for insourcing and outsourcing options to understand the financial implications comprehensively.

Risk Assessment: Identifying Vulnerabilities and Threats

Conducting a risk assessment is a fundamental step in cybersecurity planning. This assessment involves identifying potential vulnerabilities and threats the organization might face and understanding how each approach addresses these risks differently.

Both insourcing and outsourcing have risk profiles, and organizations must weigh these risks against their capabilities and risk tolerance to make an appropriate decision.

Hybrid Approach: The Middle Ground

In some instances, a hybrid approach combining elements of both insourcing and outsourcing might be the best fit for an organization. A hybrid model allows companies to leverage their in-house expertise while complementing it with external resources for specific security functions.

For example, an organization might choose to maintain an in-house cybersecurity team for routine tasks and day-to-day monitoring while outsourcing incident response and penetration testing to external experts.

Real-World Examples and Case Studies

A recent client specializing in software development had been managing its cybersecurity internally for several years. However, as the company expanded its operations and the cybersecurity landscape evolved, it faced challenges maintaining a robust and up-to-date security posture.

Seeking a more efficient and comprehensive solution, the client decided to outsource its cybersecurity to Ostra Cybersecurity, a reputable external cybersecurity service provider.

The Challenge

As our client’s business grew, so did their digital footprint, making them a more appealing target for cyber threats. The company’s internal IT team needed help to keep up with the increasing complexity of cyber threats and the demands of managing security across its expanding network.

Regular updates to security software, threat monitoring, and incident response were becoming overwhelming tasks, diverting attention from the core business functions.

They also had concerns about the potential for data breaches and their impact on their reputation and customer trust. They needed a cybersecurity partner with expertise and resources to safeguard their sensitive data and intellectual property effectively.

Choosing Ostra Cybersecurity

After thorough research and evaluation of potential cybersecurity partners, our client decided to partner with Ostra Cybersecurity. Ostra’s reputation for providing comprehensive and proactive cybersecurity solutions and its focus on SMBs aligned perfectly with the client’s needs.

The decision to outsource their cybersecurity was based on several key advantages offered by Ostra:

Expertise and Specialization: Ostra Cybersecurity boasts a team of highly skilled cybersecurity professionals who specialize in various aspects of security, including threat detection, incident response, and compliance. This expertise allowed the client to leverage cutting-edge security practices without needing continuous internal training and skill development.

24/7 Monitoring and Support: Ostra’s round-the-clock monitoring and support services provide the client peace of mind. The continuous monitoring allowed for real-time threat detection and immediate response to potential security incidents, reducing the risk of extended breaches and minimizing potential damage.

Advanced Threat Detection Technology: Ostra Cybersecurity utilized advanced threat detection technology, including AI-powered tools and machine learning algorithms. This technology enabled early identification of emerging threats and potential vulnerabilities, ensuring proactive mitigation before they could pose a significant risk.

Enhanced Data Protection: Data security was a top concern for the client, and Ostra Cybersecurity addressed this by implementing robust data protection measures. Encryption, access controls, and secure data storage practices were employed to safeguard sensitive information from unauthorized access or data breaches.

Regular Security Updates and Patch Management: Ostra Cybersecurity assumed responsibility for managing security updates and patches across the client’s systems. This helped to keep their infrastructure updated with the latest security patches, reducing the risk of exploitation through known vulnerabilities.

Scalability and Flexibility: As the client grew, they needed a cybersecurity solution that could scale with their evolving needs. Ostra’s flexible service offerings allowed for seamless adjustments to accommodate changes in their network size and security requirements.

The Results and Benefits

By outsourcing their cybersecurity to Ostra Cybersecurity, our client experienced several significant benefits:

Enhanced Security Posture: With Ostra’s expertise and proactive approach to security, they saw a marked improvement in their overall security posture. The timely identification and mitigation of potential threats reduced the likelihood of successful cyber attacks.

Cost Efficiency: The cost of outsourcing their cybersecurity proved to be more cost-effective than maintaining an in-house cybersecurity team. The client optimized their cybersecurity budget by eliminating the need for continuous training and expensive security tools.

Increased Focus on Core Business: With Ostra managing its cybersecurity, our client’s internal IT team could redirect their efforts towards improving software development and other critical business functions.

Compliance Adherence: Ostra’s expertise in compliance requirements ensured that the client remained compliant with industry regulations and data protection laws, mitigating the risk of legal and financial consequences.

By partnering with Ostra Cybersecurity, the client successfully transitioned from internal cybersecurity management to an outsourced, proactive approach.

Ostra’s expertise, advanced technology, and 24/7 monitoring bolstered XYZ Technologies’ security posture, allowing them to focus on their core business operations without compromising data protection.

The decision to outsource their cybersecurity proved to be a strategic move that fortified our client’s resilience against cyber threats in an ever-evolving digital landscape.

What’s Best For You?

Choosing between insourcing and outsourcing for your cybersecurity practice is a mission-critical decision that requires a comprehensive evaluation of your organization’s unique needs, risk tolerance, and available resources.

Each approach has advantages and drawbacks, and there is no one-size-fits-all solution. By carefully considering the factors outlined in this blog, your organization can make a well-informed decision that enhances your cybersecurity posture and protects your valuable assets in an ever-evolving digital landscape.

Discover the benefits of outsourcing cybersecurity in business operations. Make an informed decision for your practice. Protect assets effectively.

A trusted cybersecurity partner can provide much-needed relief as well as lend cutting-edge expertise to your stretched IT operations team. Explore your options by scheduling your free security assessment with Ostra today.

 

FAQs:

 

Q: What is the difference between insourcing and outsourcing cybersecurity?

A: Insourcing involves handling cybersecurity internally, with an in-house team responsible for security. Outsourcing, on the other hand, entails partnering with external cybersecurity service providers to handle security tasks.

Q: What benefits does outsourcing cybersecurity provide?

A: Outsourcing provides access to specialized expertise, around-the-clock monitoring and support, and the ability to tap into a pool of skilled professionals. This can enhance an organization’s ability to respond to threats promptly.

Q: What considerations should organizations make when evaluating insourcing vs outsourcing cybersecurity?

A: Organizations should evaluate factors like their size, industry, budget, existing expertise, and security needs. They should also assess their growth trajectory and scalability requirements.

Q: What is a hybrid approach to cybersecurity, and when might it be beneficial?

A: A hybrid approach combines both in-house and outsourced cybersecurity elements. It can be beneficial when an organization wants to leverage its in-house expertise while supplementing it with external resources for specific security functions.

Q: What should organizations consider when deciding between insourcing and outsourcing cybersecurity?

A: Organizations should weigh factors like control, customization, expertise, cost, data privacy, and risk tolerance. An accurate Total Cost of Ownership (TCO) analysis is essential, as well as a thorough risk assessment.

Ostra Cybersecurity

Overcoming Cybersecurity Fatigue:
Help for IT Service Providers

/in , /by

IT service providers face many challenges when trying to serve their clients—especially smaller businesses. Generally speaking, it takes a special breed of human to thrive in the often-overwhelming field of cybersecurity. There are many reasons why these challenges can be even more felt among managed service providers (MSPs).

Overworked and Short-Staffed

In the IT world, cybersecurity is a niche that can be incredibly overwhelming and stressful. Consider the following statistics:

  • 83% of IT security professionals felt more overworked going into 2020 than they were at the beginning of 2019, according to a Tripwire survey.
  • On average, one study found that a security operations staff member handled 3.5 major functions as part of their job in 2019; Some staff handled as many as twelve functions.
  • 45% of the 400 international operations professionals surveyed in 2020 saw a sharp increase in cyber threats and security incidents compared to previous years.

Second, it is very difficult to find qualified cybersecurity specialists to cover the vastly-growing need to protect clients against ransomware, various types of malware and other threats. Being short-staffed has become a way of life, as it can take several months to fill positions such as a Security Analyst. For example:

  • More than two-thirds of security professionals surveyed in 2019 said a cybersecurity skills shortage was impacting their ability to stay on top of vulnerabilities.
  • As of January 2021, there were 4.07 million unfilled cybersecurity positions globally, up from 2.93 million in 2020. This includes 561,000 in North America alone.

Cyber Fatigue is Real

Staff burnout is another problem that IT firms and small cybersecurity teams grapple with. Cybersecurity is a high-stakes venture that involves constant vigilance to protect sensitive data and keep mission-critical business functions operational.

According to an article about PsyberResilience, many cyber “first responders” have to deal with challenges such as:

  • Little time to decompress between security alerts and up to 80% false positives
  • Working long hours, including weekends
  • Pressure to keep up with constantly changing landscape—from new threats, tactics and technologies, to new laws, regulations, guidelines, frameworks and standards

These challenges are why many service providers choose to partner with a Managed Security Services Provider (MSSP). Rather than having to seek out, hire, manage and compensate a full-time team of IT experts with the right cybersecurity credentials, they can work with a trusted resource that can handle it all—freeing them up to focus on bigger IT strategy initiatives for their clients.

For example, Ostra Cybersecurity’s team includes experts in the field of relationship management, IT integrations and decades of combined cybersecurity expertise. Our proactive, behind-the-scenes approach provides 24/7 monitoring, automated threat detection and response before the threats get in. This not only saves businesses time and high payroll expenses, but also saves them tens (or hundreds) of thousands in dollars versus dealing with data breaches after they occur.

The Challenges of Tech Silos

Today’s IT service providers are responsible for delivering a number of critical services to clients—including network, application, infrastructure and security services. We know technology silos can be a significant barrier for service providers in terms of their productivity. As technology is advancing, processes are becoming more detailed and companies are formalizing their approach to areas like risk management and threat intelligence.

It can become difficult, especially within fast-growing organizations, for MSPs to maintain their expert-level knowledge while staying agile and able to quickly navigate in and out of these various specialty areas. That’s why it is helpful to partner with a cybersecurity specialist who knows how to prevent ransomware, understands the types of malware attacking their systems, and ultimately gives them the best cloud data protection.

Small Businesses are a big target

In January 2021, HelpNet Security reported on a Cynet survey of 200 small and medium businesses with cybersecurity budgets of $1 million or less. They found that 63% of CISOs “feel their risk of attack is higher compared to enterprises, despite the fact that enterprises have a larger target on their back.” Small businesses depend on their MSP to protect them, which is why having adequate protection for your clients is critical for them, and your status as their trusted IT advisor.

With the increased targeting of smaller businesses by cybercriminals, MSSPs are increasingly needed to step in to protect these at-risk companies. This article discusses why it’s important to simplify cybersecurity for MSPs and channel partners who serve small businesses:

All businesses—including IT service providers—are faced with the reality of limited resources while they face an exponentially-growing need for security and cloud data protection. Orchestrating a robust defense against ransomware and various types of malware impacts costs, personnel, and other resources within the organization.”Paul Dobbins, Chief Growth Officer, Ostra Cybersecurity

Relieve your IT team’s pain points

A trusted cybersecurity partner can provide much-needed relief as well as lend cutting-edge expertise to your stretched IT operations team. Explore your options by scheduling your free security assessment with Ostra today.

cybersecurity
Mike Barlow

Tackling the Top 3 Cybersecurity Hassles for MSPs

/in , , /by

As someone who has worked in the technology space for over a decade, I often hear from Managed Service Providers (MSPs) who are frustrated by the amount of research, problem-solving time, and day-to-day management that is required to provide comprehensive cybersecurity to their clients. Adequately protecting clients from the growing landscape of cybersecurity threats gets more challenging every day.

For service providers, most of their pain points center around three areas:

  • Tools: Working with multiple platforms and disjointed software products is complex. It’s frustrating and time-consuming for MSPs when cybersecurity tools do not integrate well or talk to each other.
  • Technology: Cybersecurity technology is constantly changing. It’s time-consuming and challenging for many MSPs to stay on top of all the latest product developments, new tech, and best practices that will help them stay ahead of threats and protect their clients.
  • Talent: Today’s MSPs have a lot on their plates, and their teams are overwhelmed. Many providers don’t have in-house cybersecurity experts or 24/7 resources to provide robust prevention, management and remediation of threats.

Finding the right support

The good news is that MSPs don’t have to battle these frustrations on their own. Finding a cybersecurity partner can relieve your team’s cybersecurity fatigue while making sure your clients are protected.

The right partner can take on the burden of researching and selecting the right cybersecurity software tools for your business, as well as managing the solution after it is installed. Make sure you choose a cybersecurity solution that utilizes enterprise-grade, constantly updated tools and software.

It is also helpful to work with a partner that has strong and influential relationships with software and technology providers—especially when quick product support or remediation is needed.

For example, Ostra’s proprietary infrastructure and architecture offers a comprehensive 24/7, 360-degree cybersecurity package that leverages the most secure and proven platforms available today. We configure the very best and latest technologies into one easy-to-install platform, which enables our partners to protect their clients with a simplified solution.

If you are the one responsible for addressing the cybersecurity needs of your organization, it is common to become exhausted by research. It takes time and patience to stay on top of the latest software products, tools, and services on the market.

This is why a holistic, layered approach to cybersecurity is needed. For more details about what this involves, I highly recommend this blog that covers “7 Cybersecurity Must-Haves,” written by Ostra’s founder, Michael Kennedy.

Why is layered cybersecurity essential?

The field of cybersecurity is broad, deep, and ever-changing. Covering all of your clients’ cybersecurity gaps can be a challenge for MSPs—especially with so many technology silos and specialty areas to navigate.

For example, it’s important to think about 24/7 SOC & SIEM coverage, email threat protection, endpoint security, the right firewalls, VPNs and more for your clients. You’ll also want to make sure your solution is backed by human expertise to make the best decisions and act on threat intelligence.

That’s why a layered, proactive approach is essential to protecting small businesses and medium-sized companies from cyber threats. This will help you eliminate threats that others do not—which gives your SMB a competitive advantage.

Partner up for best results

As an MSP, it’s vital to have a cybersecurity expert in your corner, whose advice and quick response you can count on to support your business.

Industry trends show that MSPs are relying more and more on MSPs to separate cybersecurity responsibilities from the rest of the things IT departments are covering, and to make things easier. For example, this Rasmussen University article lists some common cybersecurity problems that most organizations face—including treating cybersecurity like just another IT issue. And this Tech Republic article, “The Rise of the CISO,” illustrates why cybersecurity is its own animal, and can’t just be expected to be absorbed by IT. It needs dedicated resources that can adequately address security threats.

When it comes to a partnership model, Ostra takes a unique approach. Rather than simply signing up channel partners and their customers, Ostra is intentional about partnering with a variety of IT service and solution providers—creating a network that can cover the full range of client and industry needs. This allows Ostra to provide our clients with trusted referrals for their other IT requirements, which also helps our partners grow.

Ostra is committed to helping our network of consultants, IT and Managed Service Providers enhance value for their small to medium-sized business clients by offering comprehensive data protection solutions. Our technology suite—combined with the service expertise of our channel partners—delivers a comprehensive solution that meets the unique IT challenges facing business owners today. Contact Ostra to explore the benefits of partnering with us.

Are you ready for a hassle-free way to provide comprehensive cybersecurity to your clients? Learn how to become a partner today.

Ostra Cybersecurity

Employee Spotlight: Beau Zamora, Security Support Technician

/in /by

Welcome back to Ostra’s Employee Spotlight series. This week we’re highlighting Beau Zamora, Security Support Technician. Learn about Beau and his many hobbies and experiences both in and out of the Ostra office.

Career & Life at Ostra

Describe what you do at Ostra in one sentence.

I am the first point of contact for all our client’s security/networking needs.

What initially interested you about Ostra Cybersecurity in the first place? What about our mission do you connect with?

There were a few reasons I decided to pursue a career at Ostra. I love working with smaller companies/start-ups, the symbolism of our name, and protecting SMBs (and, of course, the benefits/perks package is great.)

I connect strongly with Ostra’s core mission to protect SMBs and small business owners. My best friend, who is a small business owner, was targeted by malicious actors who severely damaged his business reputation by hijacking his site. I wished I could have done more to help, and I don’t want others to go through the same thing.

What excites you most about your position and growth opportunity at Ostra?

I am most excited about being in a position that allows me to work directly with all parts of our team and see every angle of the big picture. This opportunity allows me to continue nurturing my passion and interest in the field and finetune my desired career path.

What do you believe is the best thing about Ostra or the Ostra team?

The best thing about Ostra and the team is the genuine passion that is fostered here in every one of us.

What’s the first thing that you do when you start working every day? 

I start every day by reviewing/triaging any tickets that have come in overnight or in the early morning. This allows me to prepare for my day and have a focused plan on providing excellent service to our clients. Then I make coffee and get to it.

What’s your favorite thing about working in Ostra’s Technology Service team?

Every day brings a variety of new tasks to resolve for our client’s security and networking needs. I love not knowing what the day may bring. It’s refreshing and keeps me engaged.

What do you find most challenging about your role at Ostra?

My favorite part about my role is also the most challenging part of my role. I never know what the day may bring, and I must always be prepared to think on my feet with a focused plan.

What advice would you offer to someone looking to take on a role similar to yours?

Embrace the learning and have fun while you do it! Focus on understanding solid problem-solving methodologies and troubleshooting.

OK, now for some fun questions!

If Ostra announced a last-minute day off for tomorrow, what would you do with your suddenly free day? 

I’d probably head to Minnehaha dog park to set up a hammock while my dog plays in the river.

Name one thing not a lot of people know about you.

I have many hobbies that closely align with the profession of clowns, which include but are not limited to juggling, tight-rope walking (slack-lining), playing small instruments (ukulele/harmonica), spinning poi (sometimes on fire), and I have a box of magic tricks that I haven’t learned yet.

Three words to best describe you.

Curious, mysterious, and serious.

Want to be a part of Ostra’s culture and team? Learn more about working at Ostra and apply for open positions!

computer screen showing alert status warning
Eunice Asemnor

Don’t Ignore the SIEM Who Cries ‘Alert’: The Importance of Thoroughly Investigating False Positives in Security Alerts 

/in , /by

False positives in security alerts are a common problem that can plague security professionals, consuming valuable time and resources while decreasing the effectiveness of security measures.  

A recent survey by Security Magazine found that 20% of security alerts are false positives, which can be a significant issue for organizations with limited resources. 

What is a SIEM?

A Security Information and Event Management (SIEM) is a security management system that collects, stores, analyses, detects and responds to security events from multiple sources across an IT environment. 

SIEMs are the eyes and ears of security teams, collecting a wide range of security data and alerting teams when suspicious activities occur. 

However, this means SIEMs can often trigger false positives due to the wide range of data and sources it processes. This is where thorough investigation comes in, as investigations can help determine whether an alert is valid or a false positive. 

In a Security Operations Center (SOC) environment, false positives are particularly prevalent due to the high volume of alerts that analysts must process. This leads to the critical question of how best to handle false positives without overlooking possible vulnerabilities or being bogged down by excess false positives.

How are False Positive Security Alerts Handled in a SOC?

One approach to handling false positives is to conduct a thorough investigation each time an alert is triggered. This approach ensures that no potential vulnerability or compromise is dismissed. Investigations can be conducted in several ways, such as checking the IP address, running hashes, and scanning files through approved file checkers. 

Checking the IP address can help determine if the source of the alert is legitimate or if it is a false positive. Running hashes is another approach that can help determine if a file has been modified or tampered with. Scanning files through approved file checkers can also help identify any malicious files that may have triggered the alert. 

Thorough investigations can be time-consuming and require additional resources, including a second analyst’s review to ensure that no oversights or gaps in the investigation occur. 

Assume the Worst Case.

Ignoring alerts, assuming they are all false positives, can decrease the effectiveness of security measures. This can open vulnerabilities and make it easier for attackers to access sensitive information.  

Therefore, it is vital to be vigilant and thoroughly investigate each alert, even if it is a false positive, to ensure that possible vulnerabilities or compromises are not overlooked. 

Another issue with false positives is that they can result in a waste of resources of time and money. Analysts must spend time investigating alerts that ultimately turn out to be false, taking away from the time they could have spent investigating genuine security threats. This can be a significant issue in environments with many false positives. 

Can the SIEM be configured to generate fewer false positive alerts without missing genuine threats?   

In many cases the SIEM can be configured to reduce false positives without compromising security. This includes tuning the rules and adjusting thresholds to reduce the number of false positives generated. Changing the parameters around traffic and data sources can also help reduce false positives. 

Here at Ostra, to address false positives, we follow a systematic approach that includes daily checks to ensure alert consistency. We use multiple checkers to confirm that data stays unchanged and to identify new information. This helps us stay updated and respond effectively.

We also implement policies to reduce unwanted noise, allowing us to focus on genuine threats. Learning from past experiences, we prevent previously validated alerts from reoccurring. This ongoing process of review and adjustment helps our team effectively manage false positives. 

One real-world example we’ve experienced at Ostra involves frequent alerts from a popular RDM application used by our clients. Rather than investigating each alert individually (which is very time-consuming and inefficient) our team implemented a policy in our SIEM and XDR systems to suppress these regular alerts. To ensure ongoing efficacy, we then verify monthly with the client that they’re still using the application and cross-check the alert parameters. This approach has saved time and allows for prioritizing more urgent alerts. 

To reduce the number of false positives and improve overall security in the SOC environment, it is crucial to remain vigilant, conduct thorough investigations, and utilize multiple investigative techniques. It is also essential to balance the need to investigate thoroughly with the need to avoid being bogged down by an excess of false positives. 

The Bottom Line.

False positives in security alerts are a significant issue for security professionals that can consume valuable time and resources while decreasing the effectiveness of security measures. Partnering with a trusted cybersecurity partner like Ostra can provide much-needed relief and cutting-edge expertise to your stretched IT operations teams.

Contact us to learn more about what it means to be powered by Ostra Cybersecurity.

Ostra Cybersecurity

The Hidden Dangers of Insider Threats

/in /by

Possibly one of the most underrated catalysts for a cyberattack is the insider threat. Take a look at some recent statistics:

  • An article by Identity Management Institute stated that 65-70% of all security incidents arise from insider threats to system and data security.
  • According to IBM Security Intelligence, 40% of insider incidents involve an employee with privileged access to company assets.

Many companies do not account for the damage that an insider threat could do. An insider threat can be anyone with access to an organization’s network, like employees, contractors, business associates, or friends. Insider threats are the biggest contributors to cyberattacks, especially in the last couple of years.

22% of all folders were available to every employee. (Varonis)

What is an insider threat?

An insider threat is anyone who has special access to the organization and can possibly use that access to attack or help hackers target the company. There are a few different types of insider threats to be aware of: malicious insiders, inside agents, emotional employees, reckless employees, and third-party users. Each one of these types of insider threats all could have access to an organization in some way and can use it to their advantage.

Insider threat attacks have only been growing in the past years and experts predict that number to skyrocket as more businesses switch to remote work. The increasing mix of remote, hybrid, and on-site employees means that companies must be extra vigilant about managing network access and permissions. Even the most loyal employees who retire or leave on good terms should no longer have access to company files or systems after their last day. In addition, it is important to ensure that dissatisfied or disgruntled employees—whether they are still there, or were recently laid off—cannot use their access in retaliation against the company.

“The overall cost of insider threats is rapidly rising. There is a 31% increase from $8.76 million in 2018 to $11.45 million in 2020”. (Cost of Insider Threats Global Report)

Online Hygiene

Although cybersecurity has become a loaded concept, it’s important to make cybersecurity a priority. Good online hygiene should be part of any organization’s onboarding or off-boarding process, but if it not, then take it upon yourself to exercise best practices to keep your company safe.

Some basic precautions include performing regular software updates and enabling MFAs. You can also contact Ostra to explore how a cybersecurity assessment can reveal what vulnerabilities you may have, and how you can stay ahead of threats.

Avoiding Apathy

How can companies best protect their data from insider threats? While it is tempting to succumb to either apathy or paranoia, neither of these extremes is the right approach. Rather, awareness that leads to action is the goal. You can read more about this approach in Ostra’s blog about data privacy.

How to protect against insider threats?

  1. Update and maintain the user access/privileges list and be aware of which employees have access and to what—especially as you are onboarding new employees or removing access from departing employees.
  2. Ensure sensitive/confidential information is not accessible by anyone who does not need it.
  3. Educate employees on insider threats and how they can help defend against a possible attack.
  4. Implement a cybersecurity program that can defend immediately against any lurking vulnerabilities.

Ostra Cybersecurity provides active defense protection for your businesses’ data and act immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Contact us today to see how Ostra can help you and your clients minimize risk from insider threats.

round wood plaque on blue stained wood background commemorating Ostra Cybersecurity's 5 year anniversary
Michael Kennedy

The Ostra Journey: Reflecting on 5 Amazing Years

/in , /by

Five years ago, the decision to start Ostra Cybersecurity was not an easy one. Leaving a successful, well-paying IT job with Fortune-5 company perks so that I could help small businesses become more secure was definitely a mission-motivated move, but that was not my only reason for wanting to make a change. I was looking for more balance in my life and needed to increase my time spent with family and friends as well, so I took the plunge.

In 2018, that first year building out Ostra’s brand and taking our first crack at a security solution was fun and exciting, not to mention a vastly refreshing change of pace from hopping on an airplane every week to shake hands with higher-ups across the globe as the corporate grind pushed my body, mind, and soul to its limits.

Those early days working with various industry professionals to develop Ostra’s sales materials—while at the same time tackling the design engineering of our technology stack—made for long days and nights that blended together. Our first set of customers were patient with us and provided the invaluable feedback we needed in order to solidify our messaging and our solution so we could continue to grow.

Key Milestones

Ostra Cybersecurity 5-year Anniversary Timeline graphic

Since Ostra’s inception, there have been some key milestones that created inflection points for the business and our constant growth along the way. The first was my chance introduction to Joe Johnson, a transformational business leader who would later become the president at Ostra.

That following year, Joe and I were able to double the business and grow Ostra enough so we could move our operations out of my basement and public library conference rooms to our very first office space. Hiring the first four employees soon followed.

That momentum would continue with the addition of Paul Dobbins as Chief Growth Officer. This kicked off a fast-paced season that included building our channel partner program and adding 20 more employees, taking us to our current (and much larger) office space in Minnetonka, Minn.

Most recently, having my long-time friend Emad Bhatt join Ostra as VP of IT not only put one of the smartest engineering architects on our leadership team but secures our position as a technology leader in the security-as-a-service space.

As we mark our five-year anniversary in 2023, I am just blown away by how much Ostra has achieved. Being surrounded by my new Ostra family, building and growing a business with a mission to protect small businesses, and creating a positive culture that values people over money are just some of the things that have made this story so amazing.

For those who need a reminder of why Ostra exists—including the specific incident that led to our mission to fiercely defend and protect small businesses—check out this blog: The Ransomware Attack that Sparked Ostra Cybersecurity.

Remembering to pause and look at all the things creating gratitude in my life is sometimes hard to do in our fast-paced industry. But as I look around at all the employees, people, clients, and partners that have impacted this journey, I am forever grateful for every single person, challenge, and opportunity we have come across.

You have helped bring Ostra to where we are today. Thank you. (Off to grab another box of tissues.)

Stacey Kusnier

Ostra Cybersecurity Expands Senior Leadership Team

/in , /by

Emad Bhatt to lead Technology Services team as Vice President of IT.

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for small and medium-sized businesses, recently welcomed Emad Bhatt as Vice President Information Technology. This latest hire speaks to Ostra’s significant expansion as a company, as well as the development of its Technology Services team—allowing us to provide more robust protections to an increasing number of clients.

Previously, Ostra Founder Michael Kennedy led many of the security operations responsibilities for the company. Having a new, dedicated leader who is laser-focused on technology and security operations will allow Kennedy to devote more time to his executive responsibilities and other initiatives as a visionary leader in the cybersecurity industry. By adding Emad to the Senior Leadership Team, Ostra further demonstrates its resolve to help consultants, IT and Managed Service Providers (MSPs) protect their clients through best-in-class, multi-layered, fully managed cybersecurity solutions.

In this key leadership role, Emad provides hands-on guidance to drive an effective, engaged and motivated team for Ostra’s growing Technology Services. He is responsible for IT Strategy, Roadmap, Product Development, setting, implementing, and providing nonstop evaluation of consistent standards for IT Architecture, Engineering, Security Operations Center and support systems that protect Ostra’s clients.

With a focus on being the Trusted Cybersecurity Team for its clients and partners, Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small and medium-sized businesses. Ostra’s technology suite—combined with the service expertise of its channel partners—delivers a comprehensive solution that addresses a unique set of specialized IT challenges for businesses.

Emad’s expertise in strategic leadership and business/technology transformation, combined with his impressive background in Information Security Solution Architecture, are just a few strengths that make him a valuable leader and subject matter expert at Ostra

Previously, Emad led the Global M&A Architecture Team at UnitedHealth Group (Optum), where he worked with complex M&A integrations for almost a decade. During this time Emad enjoyed becoming a close colleague of Ostra’s founder, Michael Kennedy. The experience not only provided many opportunities for collaboration, but also laid the foundation for what later prompted Kennedy to launch Ostra as a Fortune 100-caliber cybersecurity service that’s accessible to SMBs.

“In addition to working together at Optum, Emad and I have been good friends for several years and there is no one whose technical expertise I respect more,” Michael said. “Bringing his expertise and leadership skills to the team takes Ostra to a whole new level in our ability to fight the war on cyber terror.”

Emad earned a Bachelor’s degree in Engineering (Computer Science) from Visvesvaraya Technological University (VTU) in India. He also maintains his accreditation in Cisco Certified Internetwork Expert Security (CCIE Security) and completed his Program for Accelerated Capability Enhancement (PACE) from Indian Institute of Management, Bangalore.

In his new role at Ostra, Emad is excited to empower the team to drive business transformation and strategic growth. “I have a passion for building cutting-edge technology—particularly in the areas of cybersecurity, digital innovation, and new product development,” Emad said. “Here at Ostra, I am thrilled to be in the position to help others maximize the value of their investment in cybersecurity.”

Connect with Emad on LinkedIn, or email him at emad@ostra.net

Eunice Asemnor

Spot the Signs of Tax-Time Phishing Scams

/in /by

Tax season is officially upon us. Tuesday, April 18 is the deadline for most Americans to file their 2023 federal tax returns—and for many, the process of preparing and assembling the necessary documents is already underway. This is also an especially busy season at Ostra, as our Trusted Cybersecurity Team always sees elevated levels of phishing activity around tax time.

Both individuals and businesses should remain extra vigilant and take steps to avoid getting “hooked” by phishing scams during tax season.

Phishing and IRS Impersonators

As the digital age progresses, so do the tactics of cybercriminals. One of the most common types of cybercrime is phishing, in which scammers pose as legitimate entities to trick people into divulging sensitive information.

The Internal Revenue Service (IRS) is a popular target for phishing scams due to its role in collecting taxes from individuals and businesses. To protect yourself from tax-related phishing scams, it is essential to be aware of the tactics used by scammers during our tax season, and learn how to report them to the IRS.

Phishing emails often use fear tactics to get people to act quickly without thinking. One very important point to understand about the IRS is this:

“A real IRS agent WILL NEVER demand you make an immediate payment to a source other than the U.S. Treasury. Unscrupulous callers claiming to be federal employees can be very convincing by using fake names or phony ID numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that source to verify.”

(Source: National Cybersecurity Alliance)

For example, an email may claim that the recipient is owed a tax refund but needs to provide their personal information to claim it. Another common strategy is to claim that the recipient owes back taxes and is in danger of legal consequences if they do not pay immediately. These emails may also contain attachments or links that, when clicked, download malware onto the user’s computer.

Stay Ahead of the Game

To protect yourself from phony IRS phishing, it is important to recognize these tactics and take the following precautions:

  1. Be on the lookout of unsolicited emails. The IRS does not initiate contact with taxpayers via email, text message, or social media. If you happen to get an email claiming to be from the IRS, don’t click on any of the links or open any attachments. Instead, forward the email to the IRS (phishing@irs.gov).
  2. Be sure to check the sender’s email address. Phishing emails often use email addresses that appear to be legitimate but are slightly different from the actual address. For example, an email may come from “irs-taxrefund.com” instead of the official “irs.gov.” Always check the sender’s email address before clicking or replying to any emails.
  3. Do not provide personal information. The IRS will never ask for personal or financial information via email, text, or social media. If you receive a message asking for this type of information, it is most likely phishing.
  4. Use strong passwords. You’ve heard this one before, but it’s an important one. Always create strong, unique passwords for all your accounts and change them regularly. You can use a combination of letters, numbers, and symbols, and avoid using the same password for multiple accounts.
  5. Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your accounts by requiring a second form of authentication, such as a code sent to your phone and your password.

Phishing scams by criminals posing as the IRS can be dangerous and costly. By recognizing the tactics used by scammers and taking necessary precautions, you can protect yourself from becoming a victim. Be wary of unsolicited emails, double-check sender email addresses, do not provide personal information, use strong passwords, and enable two-factor authentication. Stay vigilant and take steps to keep your personal and financial information safe.

Protect Your Business

Is your business fully protecting the financial information, health records, or other sensitive data from customers, clients or third-party entities? Working with a dedicated cybersecurity partner like Ostra offers peace of mind. Our proprietary solutions are built on multiple layers of protection to keep your data, as well as your reputation, safe and sound.

Reach out to Your Trusted Cybersecurity Team today with any concerns or questions on tax-related scams.  From phishing to malware, ransomware and other cyber threats, Ostra has you covered.

Michael Kennedy

Protecting What We Value: Why Data Privacy Is Worth the Effort

/in /by

For anyone who participates in today’s digital economy, sharing information across multiple devices, apps, websites and software programs has become standard business practice and part of our daily routines. Many assume it is safe to repeatedly upload documents to file-sharing sites, collect details about customers via email, utilize customer service chats, process credit card payments online, or engage with third-party services. But how many of us take the time to learn more about the data collection process—or verify how this information will be kept confidential in the future?

Data Privacy Week

Data Privacy Week is an annual campaign and global initiative that spreads awareness about data privacy and educate individuals on how to secure their personal information. As a proud Data Privacy Champion, Ostra recognizes and supports the principle that all organizations share the responsibility of being conscientious stewards of personal information.

Ostra’s history and team culture reveals our passion for data privacy; we were founded on the belief that all businesses and individuals have a fundamental right to data privacy and security, no matter the size of their organization. Our team remains engaged in educating businesses about how to manage and secure their own data and systems, as well as taking steps to protect the data of clients or third-party vendors they interact with.

Why Is Data Valuable?

The truth is that data is a valuable asset because all online activity generates a digital trail that reveals behaviors, interests, purchasing habits, and more. For example, a weight loss app can track things such as the user’s age, weight, blood pressure or activity levels. Auto insurance providers may offer a rate discount if users install an app that shows their driving habits, daily routes, and phone usage while driving. YouTube, TikTok, and other social media apps keep an eye on the videos and ads that users click on, so they can place similar content in their feeds.

SDG Group, a global management consulting firm, explained that the “highly reusable” nature of data is one of the reasons why it is such a valuable asset for businesses:

“Generated once, it can be reused multiple times for a variety of uses: information analysis by business analysts, analytical models, etc.” (Source: sdggroup.com)

Of course, data isn’t always used for nefarious purposes. Most business use data analytics to help them reach more customers, and that’s not in itself a negative thing. For example, this HubSpot article asserts that there are four main benefits of big data for large and small businesses: solving problems, increasing revenue, cutting costs, and improving customer experiences.

But unfortunately, cybercriminals can use an individual’s online details to create a digital profile with the end goal of identity theft. And at the corporate level, all it takes is one weak password to give hackers a foothold that could result in a ransomware attack on the larger organization or its customers.

Take Proactive Steps

In his 2022 Data Privacy Week blog, Ostra Founder Michael Kennedy unpacked the idea that data privacy shouldn’t be considered an all-or-nothing pursuit. Although it can be tempting to become stuck in either apathy or paranoia, both of these extremes can actually result in inaction—which doesn’t help anyone. The best way forward is simple awareness, which leads to action steps. Read the full article here.

Apathy and paranoia are two extremes that result in inaction, while awareness leads to action.

 

Three Tips for Managing Data Privacy

Below is a summary of simple tips, provided by the National Cybersecurity Alliance, to help you manage your data privacy:

1. Know the Tradeoff Between Privacy and Convenience

Anytime you download a new app, open a new online account, or join a new social media platform, you may be asked for access to your personal information before you can even use it! This data might include your geographic location, contacts, and photos.

This personal information about you is tremendously valuable to businesses – so you should think about whether the service you get in return is worth the data you must hand over, even if the service is free.

Make informed decisions about sharing your data with businesses or services:

  • Is the service, app, or game worth the amount or type of personal data they want in return?
  • Can you control your data privacy and still use the service?
  • Is the data requested even relevant for the app or service (that is, “why does a Solitaire game need to know all my contacts”)?
  • If you haven’t used an app, service, or account in several months, is it worth keeping around, knowing that it might be collecting and sharing your data?

2. Adjust Settings to Your Comfort Level

Check the privacy and security settings for every app, account or device that you use. These should be easy to find in a Settings section and should only take a few moments to change. Set them to your comfort level for personal information sharing; generally, it’s wise to lean on the side of sharing less data, not more.

You don’t have to do this for every account at once. Start small and, over time, you’ll make a habit of adjusting all of your settings to your comfort. The National Cybersecurity Alliance has in-depth, free resources like the Manage Your Privacy Settings page  to help you check the settings of social media accounts, retail stores, apps and more.

3. Protect Your Data

Data privacy and data security go hand-in-hand. Along with managing your data privacy settings, follow some simple cybersecurity tips to keep your data safe. The National Cybersecurity Alliance recommends following these “Core 4” tips:

  • Create long (at least 12 characters), unique passwords for each account and device. Use a password manager to store each password – maintaining dozens of passwords securely is now easier than ever.
  • Turn on multifactor authentication (MFA) wherever it is permitted – this keeps your data safe even if your password is compromised.
  • Turn on automatic device, software, and browser updates, or make sure you install updates as soon as they are available.
  • Learn how to identify phishing messages, which can be sent as emails, texts, or direct messages.

For more information about Data Privacy Week, visit https://staysafeonline.org/data-privacy-week/

 

Ready to learn how Ostra can help you safeguard your most valuable asset? Contact our Trusted Cybersecurity Team to start an honest, down-to-earth conversation about data privacy.

Stacey Kusnier

Ostra Cybersecurity Expands Partner Success Team

/in /by

James Matheson joins team to help manage rapidly growing Channel Partner network.

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions for small and medium-sized businesses, recently welcomed James Matheson as Partner Success Manager. With this latest hire, Ostra continues to strengthen its Channel Partner network during a season of exponential growth for the company.

Ostra’s Channel Partner program is designed to help its network of consultants, IT and Managed Service Providers (MSPs) enhance value for their small to medium-sized business clients through a multi-layered, fully managed cybersecurity solution. With a focus on being the Trusted Cybersecurity Team for its clients and partners, Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small and medium-sized businesses.

In this role, James will focus on helping Channel Partners build their cybersecurity practices using Ostra’s proprietary, fully managed platform and service. Specifically, he will be involved in training and equipping them with the tools and strategies they need to be successful.

Many of today’s organizations are navigating massive changes in their virtual workforces, IT infrastructure and data security regulations. Ostra Cybersecurity’s technology suite—combined with the service expertise of its channel partners—deliver a comprehensive solution that addresses a unique set of specialized IT challenges facing business owners.

James brings a strong background in IT managed services to his role at Ostra. Previously, he co-founded a managed services provider (MSP) in Minneapolis and spent the next decade building the firm from the ground up. He later sold the company to a national MSP. James is excited to leverage his firsthand experience in facilitating Ostra’s growth and meeting client needs.

“James’s career path has given him a deep knowledge of IT service delivery, as well as clear insights about the cybersecurity gaps that businesses of all sizes are currently experiencing,” said Laura Riebschlager, Director of Partner Success at Ostra. “We are thrilled that he is contributing his industry knowledge and strategic management skills to benefit Ostra and our Channel Partners.”

James earned his bachelor’s degree from Gustavus Adolphus College in Saint Peter, Minn. He also holds a certificate in business administration from the U.S. Small Business Administration, as well as a certificate in entrepreneurship from the Edward Howe Foundation.

“It’s really exciting to dive in and help build the channel at Ostra,” James said. “Small companies are just getting beat up out there. This role is about more than sales for me – it’s an opportunity to coach owners on how to build businesses that are both successful and doing some real good in the world.”

Connect with James on LinkedIn, or email him at james.matheson@ostra.net.
Stacey Kusnier

Ostra’s Year in Review

/in , /by

As we officially begin the new year, we’re humbled to share some our top accomplishments of 2022. As Your Trusted Cybersecurity Team, Ostra is grateful to all of our Channel Partners, clients, shareholders and industry colleagues who helped us achieve great things last year. Here’s to an even more spectacular 2023!

 

Blocking Threats in 2022

In response to a huge increase in cyber threats throughout the year, the Ostra Cybersecurity Defense Team was busier than ever in 2022.

Security Stats

  • Ostra processed over 80 billion cybersecurity events in 2022
  • Of the 80 billion processed events, approximately 225 million were designated as active threats
  • Emails processed in 2022: 5 million
  • Emails blocked due to threats: 2 million

Industry Stats

Cyber Jargon won’t Protect Clients 

Ostra believes in listening to our clients, partners and peers in the industry, which is why we continue to engage our current clients and partners with Voice of Customer (VoC) surveys. Here’s what we learned in 2022…

  • SMB leaders shared they need solutions that reduces drain on internal operations and IT. Many prefer cybersecurity offerings that can be managed by their MSP as part of their service.
  • SMBs want their IT or MSP partner to care about their business and employees.
  • Survey respondents indicated they value a cybersecurity team that can provide hands-on, 24/7 support.
  • We were able to test and validate that the market trusts us to provide a comprehensive cybersecurity solution with real people and expertise behind it—NOT cyber jargon or IT people to talk over their heads.

Ostra is proud and humbled to be Your Trusted Cybersecurity Team—providing clients with the right tools managed by good people. And we could not protect our clients the way we do without our growing Channel Partner Network, which grew by more than 300% last year. These partnerships also enable Ostra to help our clients who are seeking referrals for MSP services, IT consulting, cyber insurance and/or security advisory services such as assessments, compliance and vCISO services.

Top Resources from 2022

Ostra’s mission remains focused on educating our community with cybersecurity news, trends and best practices. Here’s a roundup of some of our favorite blogs from 2022:

We will continue to deliver more educational content in 2023, directly from our cybersecurity experts. Stay tuned for more on our blog and on LinkedIn.

Ready to explore how our Trusted Cybersecurity Team can support your business in 2023 and beyond? Contact Ostra today.

 

1 Q3 2022 Coveware report ($258,143); 2Barracuda Networks report via PR Newswire (3/2022); 3Coveware Marketplace Report (Q2 2022).
Stacey Kusnier

Ostra Cybersecurity Adds Director for Rapidly Expanding Channel Partner Network

/in /by

Ostra Cybersecurity, provider of a world-class and fully managed cybersecurity solution tailored for small and medium-sized businesses, is pleased to welcome Mel Kolinski as Director of Strategic Partnerships. In this role, Mel will collaborate with Mike Barlow, who leads Ostra’s strategic partnership initiatives, to give companies of all sizes access to Fortune 100-caliber data protection through Ostra’s rapidly expanding Channel Partner network.

Ostra Cybersecurity’s channel partner program is designed to help its network of consultants, IT firms and Managed Service Providers (MSPs) enhance value for their small to medium-sized business clients. Ostra offers comprehensive and proactive data protection solutions, as well as active management and remediation of cyber threats.

Ostra’s market niche is ensuring that comprehensive data security is not just reserved for elite, multi-national corporations. Focused specifically on meeting the needs of SMBs, Ostra’s Trusted Cybersecurity Team takes a highly proactive, streamlined and down-to-earth approach to protecting clients. Combining innovative technology with the service expertise of its Channel Partners, Ostra delivers a comprehensive solution that addresses a unique set of specialized IT challenges facing business owners today.

In this role, Kolinski looks forward to building relationships with potential Channel Partners at Ostra. “I am excited to help businesses in the IT space realize the positive impact—and the real value—that Ostra can bring to their SMB clients when they partner with us for their cybersecurity needs,” Kolinski said.

With more than 15 years of sales and account management experience, Mel is an engaging leader who is focused on finding solutions. Most recently, Mel worked as a National Hospitality Sales Leader at LIXIL Water Technology. Previously, she also held sales management roles at Professional Plumbing Group, Fortegra, and Ulta.

Mel earned her bachelor’s degree from the University of Michigan. Over the years, she has served on several non-profit boards and helped form and incorporate a non-profit corporation. Mel has also volunteered as an employment readiness mentor at Freedom House in Detroit, and she continues to serve as a volunteer for figure skating clubs in Livonia and Dearborn, Michigan.

Chief Growth Officer Paul Dobbins stated that Kolinski’s relational skills, service-oriented style, and broad account management experience makes her a valuable asset to Ostra’s sales and marketing team.

“Mel is a natural at connecting the dots and meeting the needs of companies in diverse industries,” said Dobbins. “We are excited about Mel’s capacity to build and strengthen Ostra’s valuable Channel Partner relationships.”

Connect with Mel on LinkedIn, or email her at mel.kolinski@ostra.net.

Ostra Cybersecurity

Employee Spotlight: Eunice Asemnor, Security Analyst

/in /by

Next up in Ostra’s Employee Spotlight series is Eunice Asemnor, Security Analyst. We recently sat down with her to discuss her role at Ostra, what makes her tick, her experience and her life outside of work.

Career & Life at Ostra

Describe what you do at Ostra in one sentence.

I am a Security Analyst at Ostra who handles the alerts that come in and actively monitor client machines to assure the health of the environment.

What initially interested you about Ostra Cybersecurity in the first place? What about our mission do you connect with?

The fact that we work with small businesses is what initially caught my eye at Ostra. Many small businesses neglect to see that cybersecurity should be a priority for them. Threat actors don’t just aim at big corporations – rather, they mostly aim at smaller ones who are more vulnerable. I admire that our Founder, Michael Kennedy, saw that need in the system and catered to it.

What excites you most about your position and growth opportunity at Ostra?

At Ostra, the company allows everyone to explore areas they have interest in—the sky is the limit. As an example, when I first joined the team, I mentioned that I enjoy reading cybersecurity articles. I then had the opportunity to participate in creating a Field Report for Ostra’s blog. Additionally, there is always constant growth available in the company and I am able to learn so much from my team members.

What do you believe is the best thing about Ostra or the Ostra team?

The company culture at Ostra is truly amazing. We are the definition of a team. Everyone works with each other and is always willing to help wherever needed.

What’s your favorite thing about working in the SOC department?

Working in the SOC department allows me to always be working on something new. Aside from working on the alerts that come in on a day-to-day basis, I have the opportunity to participate in many neat projects. Recently, I had the opportunity to work on a phishing campaign for one of our clients and it was amazing!

What do you find most challenging about your role at Ostra?

The most challenging part of my role at Ostra is being able to find good balance. Depending on the day, there can be a lot to do, but finding good balance helps make it doable.

What advice would you offer to someone looking to take on a role similar to yours?

The advice I would give to someone looking to take on a similar role is to be ready to learn. At Ostra, everyone is so skilled at what they do and it’s a blessing to be able to pick the brain of such intelligent individuals. I always have my notebook on standby when I am speaking with one of my team members because I never know the tips I am going to get from the conversation.

What would you do for a career if you weren’t doing this?

If I was not a cybersecurity analyst, I would probably look into being a financial consultant. I am into money management and wealth building so I could see that being something I would be successful in.

OK, now for some fun questions

Where’s your favorite place in the world?

My favorite place would have to be Accra, Ghana.

Name one thing not a lot of people know about you.

I am an instrumentalist and involved in the music scene in Ghana.

Three words to best describe you.

Kind, optimistic, and ambitious

What’s your motto or personal mantra?

Matthew 6:34:

Therefore, do not worry about tomorrow, for tomorrow will worry about itself. Each day has enough trouble of its own.

This verse always reminds me to take things one day at a time. In life, a lot of things can happen, but we have to remember to take things one day at a time. For the most part, things always end up working out.

Want to be a part of Ostra’s culture and team? Learn more about working at Ostra and apply for open positions!

Ostra Company News
Stacey Kusnier

PRESS RELEASE: Ostra Cybersecurity Secures Capital to Bring Fortune 100-Caliber Protection to Small and Mid-Sized Businesses

/in /by

Funding led by Rally Ventures will fuel growth and strengthen channel partner relationships.

[Minneapolis, Minn., Nov. 16, 2022] – Ostra Cybersecurity, a company that provides a multi-layered, comprehensive and fully managed solution to simplify cybersecurity for small to mid-sized businesses, announced that they have recently raised $3.5 million in Series A funding led by Rally Ventures, with participation from founding investor Jeff Cowan.

More than 75% of cyber attacks target small and mid-sized businesses (SMBs) with the average total cost of a data breach reaching nearly $3 million in 2021. It’s critically important for businesses of all sizes to keep systems and data secure from cybercriminals, but best-in-class, enterprise-grade protection has not always been accessible or affordable for most SMBs.

Ostra’s comprehensive solution provides SMBs with access to cybersecurity that rivals the type of protection the world’s largest companies rely on. Ostra combines the latest generation of cybersecurity tools, technology and talent into one fully managed service that protects against email threats, ransomware attacks, malware infiltration and more.

The funding will support Ostra’s business development and operational initiatives to strengthen and expand its channel partner relationships. “This investment helps us navigate a time of rapid growth while continuing to provide breakthrough solutions as the trusted cybersecurity team for our clients and partners,” said Paul Dobbins, Chief Growth Officer with Ostra.

“Every business should have access to best-in-class data protection,” said Ostra Cybersecurity President Joe Johnson. “Cybercriminals are increasingly going after SMBs and Ostra is passionate about ensuring they have what they need to protect their data so clients can sleep at night knowing our team is fully managing their security environment.”

“Cybersecurity challenges are overburdening SMBs. Ostra delivers big company technology to make cybersecurity accessible to businesses of all sizes,” said Michael Jennings, Venture Partner at Rally Ventures. “The Ostra executive team are entrepreneurs with decades of experience in cybersecurity and strategic operations. We look forward to joining them in their mission to simplify cybersecurity for SMBs.”

About Ostra Cybersecurity

Ostra Cybersecurity provides a proprietary solution that combines Fortune 100-caliber tools, tech, and talent to ensure threats are not only detected and hunted, but also fully remediated. Ostra was founded in 2018 by Michael Kennedy, a cybersecurity innovator who previously led a $100 million global security initiative for one of the world’s largest healthcare providers. Kennedy recognized that small and medium-sized businesses (SMBs) were increasingly being targeted by cybercriminals. He built Ostra Cybersecurity on a mission to simplify cybersecurity and better protect SMBs. To learn more about Ostra Cybersecurity, visit ostra.net.

About Rally Ventures

Rally Ventures invests exclusively in early-stage business technology companies, focusing on entrepreneurs creating major new markets or bringing transformative approaches to existing ones. Since 1997, Rally Ventures’ partners and venture capital industry veterans have invested in or run early stage enterprise business-to-business technology companies with a proven ability to deliver superior returns regardless of the overall market environment. For more information visit rallyventures.com.

 

Read the full Press Release

Stacey Kusnier

“Who Can You Trust” – A Hacks and Hops Session Recap

/in /by

Ostra was a proud sponsor and co-presenter at this year’s Hacks & Hops Information Security Conference, held October 6, 2022 at the U.S. Bank Stadium in Minneapolis. Hosted by FRSecure, one of Ostra’s Channel Partners, Hacks and Hops is a full-day conference that brings information security professionals together to learn, network and enjoy beer. 

Who Can You Trust?  

For the opening session of Hacks and Hops, Michael Kennedy (Founder, Ostra Cybersecurity) joined Evan Francen (Founder and CEO, FRSecure/SecurityStudio) for a candid discussion about mental health and coping strategies for those who work in the stressful field of cybersecurity. Access a replay of the on-demand session below.  

 

 

Session Summary 

Information security professionals are presented with no shortage of tasks, deadlines, emails, conference options, information feeds and advice on a daily basis. Whether they are building secure infrastructures, responding to incidents, combing through threat feeds, justifying budgets, training or educating employees, the job can feel overwhelming at times. So, who can they trust and where can they go for the solid support they desperately need?

As two cybersecurity leaders known for their honesty and frankness, Michael and Evan delivered a 40-minute presentation entitled “Who Can You Trust?” They shared some of their own struggles, as well as wisdom they have learned along the way, regarding:

·      Tips for dealing with job-related anxiety, impostor syndrome, etc. 
·      Vetting the information they consume (marketing fodder, headlines, threat feeds, etc.) 
·      Recommendations they make to their customers

 

Letting go is not letting it consume you… If something happened, how do we fix it? How do we move on? … You’ve got to be in this moment, today. Just deal with what’s in front of you.

– Michael Kennedy, reflecting on ways to stay mentally healthy while managing cyber threats

 

A Call for Transparency 

Many of Kennedy’s and Francen’s comments were rooted in themes of transparency and honesty. Kennedy shared that although it can sometimes feel intimidating to admit what you don’t know—especially in an industry rife with acronyms and cyber jargon—transparency is critical to getting the support you really need to help your clients.  

Transparency is a topic that Ostra leaders have been passionate about since the company’s inception. Chief Growth Officer Paul Dobbins recently published a 3-part blog series, Why Business Keep Losing the War on Cyber Terror. In the final blog in this series, “Awareness Isn’t Enough: A Transparency Revolution,” Dobbins outlines 4 key behaviors that Ostra believes every leader in the cybersecurity industry should model in order to create the kind of transparency that benefits everyone, including clients.  

Join the Revolution

If you are an information security professional, do you think being more transparent could help you get the support you need? Or, if you are a business owner, would you do business with companies who align with this transparency framework or something similar? If so,  let us know and be part of a transparency revolution. 

Ostra Cybersecurity

Employee Spotlight: Anthony Stephens, Advanced Security Analyst

/in , /by

Next up in Ostra’s Employee Spotlight series is Anthony Stephens, Advanced Security Analyst. We recently sat down with him to discuss his role at Ostra, what makes him tick, his experience and his life outside of work.

Career & Life at Ostra

Describe what you do at Ostra in one sentence.

I oversee the Security Operations Center here at Ostra by providing insight and analysis of all logs to protect our customers.

What initially interested you about Ostra Cybersecurity in the first place? What about our mission do you connect with?

The mindset and passion of the team is what initially interested me about Ostra. Right from the start I could tell they cared about protecting their customers and providing the best security solutions. 

What do you believe is the best thing about Ostra or the Ostra team?

The best thing about Ostra is the team’s passion, everyone truly takes security to heart and are passionate about protecting our customers.

What’s the first thing that you do when you start working every day?

I start each day by reading news articles and catching up on security research blogs and twitter feeds.

What do you find most challenging about your role at Ostra?

Knowing we must strive to succeed 100% of the time against adversaries, but threats only have to succeed one time.

What advice would you offer someone looking to take on a role similar to yours?

To keep asking questions, reading and learning. Take steps back and look at each situation through the eyes of your adversaries and find choke points within the environments.

OK, now for some fun questions

Where’s your favorite place in the world?

Sitting on a server room floor within the hot aisle

If Ostra announced a last-minute day off for tomorrow, what would you do with your suddenly free day?

I would spend the day with my family.

Three words to best describe you.

Husband, Father, and geek.

What’s your motto or personal mantra?

I will get it done when everyone else is asleep

Want to be a part of Ostra’s culture and team? Learn more about working at Ostra and apply for open positions!

Eunice Asemnor

Field Report: ” Phished by Association”

/in , /by

When it comes to phishing, attackers are becoming highly creative in the way they deliver the phish. They are doing a lot more reconnaissance work and it is our duty to ensure we are being more alert to avoid this form of social engineering.

SIGNS OF DANGER

Recently, Ostra came across a case of “phishing by association” that is a great reminder of why it is important for businesses to foster open and transparent relationships with vendors and partners.

One Friday evening, a client contacted us to say that she strongly believed her workstation had been compromised. After hearing her concerns, the Ostra Cybersecurity Defense Team started vigorously working on the situation.

We began with a few questions to get more information as to why she believed her environment had been compromised. She mentioned a vendor she was doing business with had been breached, and the cyber criminals sent phishing emails to their contacts. When she received the phishing email, she unfortunately clicked on it because she thought it was a legitimate email from the vendor.

CONTAINING THE THREAT

The first thing Ostra encouraged the client to do was to reset all her passwords. In situations like this, attackers are gathering credentials to hold for future use. Changing passwords immediately prevents the use of the credentials.

After ensuring the client changed her passwords, we immediately started reviewing her traffic logs to search for any suspicious events.

Fortunately, everything seemed healthy on her workstation and connected devices. However, Ostra continued to monitor the situation over the weekend and through the following week until we were satisfied that no damage had been done and her environment was secure.

Eunice Asemnor, Security Analyst at Ostra, stated that it was especially helpful that the client reached out immediately after clicking the email in this case. “It gave our Cyber Defense Team the ability to promptly remediate and handle the situation.” She added that this scenario illustrates the importance of being cautious with every email you receive—even from trusted vendors.

TAKEAWAYS FROM THE TRAIL

Although many phishing emails come from strangers, “phishing by association” is a tactic where cyber criminals send emails that appear to originate from a vendor that the client has worked with in the past.

Shown above is an example of what this type of phishing email might look like, along with some clues that it warrants further scrutiny.

Even if a company has all the best cybersecurity measures in place, they can still be vulnerable to attacks if their third-party vendors are not protected. This is why Ostra encourages clients to build trust through proactive communication with outside vendors, while also holding them accountable to ensure they are keeping up with the best security practices.

5 Tips for Phishing Prevention

Ostra recommends taking the following steps to minimize your risk of falling victim to a phishing scheme:

  1. When using email, always be careful and take necessary precautions before clicking links or opening attachments.
  2. Watch for the following red flags, which are indications that the email could be a phishing attempt:
    • Spelling mistakes, typos, unusual phrases or poor grammar.
    • Calls to action that include deadlines or suggested consequences to create panic.
  1. Beware of bogus links. Like in the case of our client, phishing attempts may include a legitimate-looking link. Simply hover your mouse over the link and it will reveal the actual URL. Most trustworthy banks and financial institutions use “https://” in their URL. You can also search for the company’s official website, and then compare their domain to the URL being represented in the email.
  2. Be diligent in examining “From” addresses, which can be forged to appear legitimate. Attackers can use a minor typo to make it appear like it is coming from your CEO or bank. Be very alert to check if the email is coming from a true source.
  3. Emails requesting personal information should always be handled with care. Do not provide usernames, passwords, or other personal company information without due diligence.

NEED A CYBER GUIDE?

At Ostra, we pride ourselves on educating our clients and providing Fortune 100-caliber cybersecurity to businesses of every size—including small and medium-sized companies. To explore how you can get started with a trusted cybersecurity advisor to better protect your business or clients from phishing attempts, ransomware and other cyber threats, contact Ostra today.

Joe Johnson

Getting Started With a Trusted Cybersecurity Advisor

/in , /by

Today’s leaders of small businesses and medium-sized companies are busy. These multi-taskers are launching new products, building workplace culture, growing their organizations, and figuring out how to attract and retain top talent. Not to mention… keeping up with technology and managing cyber risks in an ever-evolving digital landscape.

Since ransomware perpetrators are increasingly targeting SMBs, cybersecurity should be on every business owner’s radar. But how do you get started? In the video below, Ostra Cybersecurity President Joe Johnson shares tips for finding the right trusted advisor to help build a comprehensive cybersecurity strategy.

A recent Forbes survey revealed that 78% of small business owners planned to make technology a top investment in 2022. Their priorities included things such as digital transformation initiatives, improving internal processes/workflows, and more.

But most leaders—even CIOs—don’t have the time or expertise to stay ahead of every curve and sub-specialty in the area of technology. That’s why it is important to work with a trusted cybersecurity advisor who is interested in protecting your organization, not just driving sales for their organization.

Watch the video above to learn more about how a trusted advisor can help you take steps to ensure you’re taking a proactive approach to cybersecurity with a comprehensive strategy and program. Or, to hear more from Joe Johnson on this topic, check out this free, full-length webinar: Get a Grip on Cybersecurity and Cyber Insurance, Presented by Ostra and Trava.

Contact Ostra to learn why our multilayered, comprehensive cybersecurity solution is essential for businesses of every size.

Ostra Cybersecurity

Employee Spotlight: Claudia Madrigal, Executive Administrator & Project Manager

/in , /by

Next up in Ostra’s Employee Spotlight series is Claudia Madrigal, Executive Administrator and Project Manager. We recently sat down with her to discuss her role at Ostra, what makes her tick, her experience, and her life outside of work.

Career & Life at Ostra

Describe what you do at Ostra in one sentence.

I coordinate the onboarding of new Ostra partners and clients, implement internal and external processes, and handle various operational tasks. I also take it upon myself to pet all the dogs that visit our office!

What initially interested you about Ostra Cybersecurity in the first place? What about our mission do you connect with?

The fact that Ostra was a start-up initially interested me. As a part of their mission, Ostra puts people first always, both clients and employees. I experienced this firsthand when I had to take several weeks off due to COVID immediately after I started working for Ostra. It’s a very supportive environment.

What excites you most about your position and growth opportunity at Ostra?

I enjoy the variety of work I do, as well as liaising with different departments and clients. Although Michael Kennedy keeps asking me how I want my role to grow in the company, I still don’t know what I want to be when I grow up!

What do you believe is the best thing about Ostra or the Ostra team?

Ostra encourages autonomy, self-development and work-life balance. The company climate, spirit of cooperation and my team members’ senses of humor are what make it so enjoyable to go to work every day.

What’s the first thing that you do when you start working every day?

Coffee first always. The Nespresso machine is the main reason why I come into the office every day. After coffee, I meet with Ostra’s Cybersecurity Operations team to plan the day’s priorities.

What do you find most challenging about your role at Ostra?

Balancing the strategic work with the operational needs of a growing company. Currently, the majority of my time is taken up with onboarding new clients and partners— a fun problem to have!

What advice would you offer to someone looking to take on a role similar to yours?

Always look for what can be done more efficiently and how you can best support your team.

What would you do for a career if you weren’t doing this?

I don’t see myself being pigeon-holed into a narrow role and I’m always interested in learning new things. I would probably continue to work in operations, but maybe in a completely different industry.

OK, now for some fun questions

Where’s your favorite place in the world?

I’m originally from Portugal, so it will always be my home. But my favorite place is anywhere I haven’t visited yet.

If Ostra announced a last-minute day off for tomorrow, what would you do with your suddenly free day?

If the weather was nice, I would be out riding my motorcycle. However, if it’s cold or raining, I would curl up with a book and the New York Times Sunday crossword puzzle.

Name one thing not a lot of people know about you.

I can make balloon animals!

Three words to best describe you.

Independent, get stuff done, and versatile.

What’s your motto or personal mantra?

Learning for the sake of learning.

Want to be a part of Ostra’s culture and team? Learn more about working at Ostra and apply for open positions!

Ostra Cybersecurity

[Webinar Recap] Get a Grip on Cyber Security & Cyber Insurance

/in , , /by

Did you miss “Get a Grip on Cyber Security & Cyber Insurance,” the free webinar presented by Ostra and Trava on April 20? With cybercrime and ransomware increasing exponentially in today’s business climate, small and medium-sized businesses must be more cyber-savvy than ever in their day-to-day operations.

Watch a free, on-demand replay of the webinar to learn how SMBs can better protect themselves and manage risks by sharpening their grasp of cybersecurity and cyber insurance. The webinar was co-hosted by Trava, one of Ostra’s trusted Channel Partners. Trava is a cyber risk management firm that integrates assessments, vCISO insights, and insurance to protect small and midsize businesses from the potential damage of cyber threats.

In this educational 30-minute session, Trava’s CEO/Founder Jim Goldman moderates a discussion with Ostra’s President, Joe Johnson, as well as Ryan Dunn, Director of Insurance at Trava. These cyber industry experts cover topics such as:

  • What is the relationship between cyber security maturity and cyber insurance for small and medium sized businesses?
  • How can SMBs sort through the noise of cyber security and cyber insurance in order to prioritize strategies?
  • What action items should an SMB take to establish their own comprehensive cyber security program?
  • Are there key questions to ask your tech team and vendors when assessing cyber solutions?
  • What’s the difference between cybersecurity vs. cyber liability insurance? Do you really need both?

The current situation

Ryan Dunn shared that insurance is always more successful when carriers have enough data on hand to effectively predict probabilities and risk factors. However, since cyber risks are constantly changing, risk profiles from even five years ago are no longer relevant today.

Compounding the problem, many of today’s cyber insurance applications are full of overly-technical or irrelevant questions that have no ability to uncover the real-time, gaping holes in a company’s cybersecurity strategy. For example, if a company says they are using multi-factor authentication as part of their cybersecurity strategy, is anyone fact-checking or validating that? Also, just because a company might have adequate guardrails around their data today—or at the time of their insurance application—doesn’t mean they will still be safe tomorrow, next week, or next month.

In summary, hardly anyone is comfortable in the current cyber insurance landscape. On one hand, business owners are dealing with insurance premium increases with almost no losses. Meanwhile, insurance agents are dealing with increased cybersecurity requirements and stipulations from insurance carriers—they are not cybersecurity experts, and yet they have to relay this news to clients. A massive increase in cyberattacks is fueling the cycle, yet it’s practically impossible to predict a cybersecurity loss using traditional actuarial tables.

The path forward

Tackling cybersecurity and cyber insurance can produce an overwhelming sense of “doom and gloom” if you are looking at it from reactionary standpoint. Being proactive, taking stock, and having a plan is a much better approach.

According to Joe Johnson, it’s essential for SMBs to understand their cybersecurity vulnerabilities before proceeding with a plan of attack. In practical terms, he recommends the following sequence.

Building Your Cybersecurity Strategy

  1. Conduct cybersecurity assessments to identify in vulnerabilities
  2. Find a vCISO or a trusted advisor with a vested interest in protecting your business and your clients
  3. Provide regular, ongoing cybersecurity training for employees
  4. Put cybersecurity policies in place to protect your organization
  5. Deploy cybersecurity tools with multiple layers of high-caliber defense to protect against known and unknown threats
  6. Prepare for an event, which should include cyber insurance as well as an incident response plan, regular penetration testing, and active monitoring

Since most business owners and even IT departments don’t have in-depth cybersecurity expertise, an important first step is to reach out to an expert or trusted advisor who can partner with you in these steps. Download: Cybersecurity Strategy Tips from Ostra and Trava.

Access the Free, On-Demand Replay

To access a free replay of this webinar, click here.

Learn more about Ostra’s commitment to making cybersecurity more cost-effective for small and medium-sized businesses, or contact Ostra today to get started with a free cybersecurity assessment.

To learn more about cyber insurance, connect with Trava.

Ostra Cybersecurity

[Webinar Recap] A Titanic Mistake: Incident Response Without Active Monitoring

/in , /by

Mike Thompson from FRSecure and Ostra Cybersecurity’s own Michael Kennedy recently teamed up to present a free, 30-minute webinar: “A Titanic Mistake: Incident Response Without Active Monitoring.”

If you missed the live webinar, keep reading to get the overview or watch the full webinar recording here.

Webinar Highlights: Lessons from the Titanic

Co-hosted by Ostra and  FRSecure, this online event offered participants the chance to learn from two of the region’s most well-respected leaders in cybersecurity, delivered in an accessible and engaging format.

Potential cyberattacks are often like icebergs: they’re floating all around you, and you can’t be sure exactly what lies beneath the surface. So how do you give your organization the precious resources it needs to outmaneuver an iceberg-sized cyber event and avoid a dangerous hit?

In their informative 30-minute session, Thompson and Kennedy covered:

  • How to assess what’s underneath the surface in the “ice field” of threats to uncover the full impact of an event
  • Real-world examples of cyber event “icebergs” and what we can learn from them
  • Best practices for steering around the “Bergy Bits” with layered security and vigilant SOC monitoring
  • Actions companies can do to minimize the danger of a “sinking ship” when incidents occur
  • It’s not just about icebergs—facing the reality of internal threats, both intentional and accidental

Although no cybersecurity method is completely infallible, there are a number of measures that can aid in minimizing the likelihood of an attack and shortening the time it takes to detect one. For example, a key point that the co-presenters discussed in the webinar focused on the need to simply raise awareness about how outside organizations are interacting with your data, and the level of risk that might be involved.

“Organizations of all sizes are bigger than they seem,” Kennedy pointed out as he and Thompson shared more about how threats can lurk beneath the surface. As it turns out, most companies—even the smallest ones—are giving some sort of access to outsiders such as web developers, marketing firms, facility management vendors, printer support vendors, and more. Kennedy urged participants to consider a very important question: “Who has third-party access to your data?”

Thomspon agreed, pointing to Target and Okta as just some of the more publicized examples where domain addresses and credentials were compromised by third parties. But he cautioned, “For every one company that you hear about, there are probably 1000 that you don’t.”

In case you missed this latest educational collaboration between FRSecure and Ostra, be sure to check out the on-demand video recording here.

About the Presenters

As the Incident Case Manager/Team Lead at FRSecure, Mike Thompson is an information security veteran who has had a front-row seat to the damage done when companies neglect to actively monitor cyber threats.

Likewise, Ostra Cybersecurity Founder Michael Kennedy is recognized as a cybersecurity industry trailblazer. Prior to starting Ostra, he spent more than 20 years building, leading and scaling security platforms for Fortune 5 companies including the world’s largest healthcare provider.

Both Thompson and Kennedy share a passion for utilizing a proactive strategy to protect vulnerable businesses—especially small and medium-sized companies. Their extensive experience has convinced them that prevention is far easier and more cost-effective than trying to recover from a data breach or ransomware event that has already occurred. 

How Ostra and FRSecure Collaborate

Ostra enjoys partnering with companies like FRSecure who share our commitment to protecting businesses. Learn more about the proactive partnership that FRSecure and Ostra share when it comes to data security in our Cyber Allies blog.

Launched in 2012, FRSecure is an innovative, Minnesota-based consulting and testing company that is known for being Information Security Experts on a Mission to Fix a Broken Industry. Their award-winning technical team performs risk assessments, penetration testing, incident response forensics, technical research, and cybersecurity planning. FRSecure also advises clients who have questions about how to integrate cybersecurity into their existing environment, or who need help creating an overall cybersecurity strategy to fill gaps in their current systems.

Watch the free, on-demand replay of “A Titanic Mistake” here.

Make sure to visit FRSecure’s Resources Page as well as Ostra Cybersecurity’s Blog for relevant and timely content on a variety of cybersecurity topic.

If you have questions about cybersecurity or want to take advantage of a free cybersecurity assessment, contact Ostra or FRSecure today.

 

Stacey Kusnier

Ostra Cybersecurity Adds Director to Lead Partner Success Team Through Exponential Growth

/in , /by

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions tailored for small and medium-sized businesses, is pleased to welcome Laura Riebschlager as Director of Partner Success. This new hire is the latest example of the company’s strategic investment in its Channel Partner program, which continues to generate exponential growth for the company.

Ostra Cybersecurity’s channel partner program is designed to help its network of consultants, IT and Managed Service Providers (MSPs) enhance value for their small to medium-sized business clients by offering comprehensive data protection solutions.

In this role, Riebschlager will focus on building a team of talented experts who can ensure that Ostra never loses its personal touch with clients, despite the rapid growth that is occurring. Among other things, she will support new and existing Channel Partners by developing strategic plans, trainings, marketing resources, and tools that make it even easier for them to meet their goals.

Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small and medium-sized businesses. Many of today’s organizations are navigating massive changes in their virtual workforces, IT infrastructure and data security regulations. Ostra Cybersecurity’s technology suite—combined with the service expertise of its channel partners—deliver a comprehensive solution that addresses a unique set of specialized IT challenges facing business owners today.

Riebschlager is a fierce advocate for partners and clients in the technology industry. With more than 17 years of sales and operations experience, she specializes in working with SMBs as well as top tech leaders. Prior to joining Ostra, Riebschlager already had experience collaborating with the core leadership team at Ostra—including Director of Strategic Partnerships Mike Barlow, Chief Growth Officer Paul Dobbins, and President Joe Johnson. Their careers all intersected at various tech-related companies over the years.

According to Barlow, Riebschlager’s account leadership experience in the technology space makes her a valuable asset to Ostra’s partner success team.

“Ostra’s growing Channel Partner network has been like a fast-moving train over the past year,” Barlow said. “And we don’t see it slowing anytime soon. We are thrilled to have Laura as a dedicated resource to connect our partners with the cybersecurity expertise and support to accelerate their own success.”

Previously, Laura worked as an Account Director at Phobio, where she co-created multiple programs for SMBs to buy and sell used electronics. Laura also held sales management roles at companies such as Fortegra, the second largest credit insurer in the U.S., and Brightstar, the global leader of end-to-end mobile device lifecycle management solutions. Laura earned a bachelor’s degree in Psychology from the University of Nebraska.

“This is an exciting opportunity to help ensure that Ostra is constantly delivering on its mission to provide Fortune 100-level protection for businesses of all sizes,” Riebschlager said. “As someone who really enjoys thinking outside the box to solve problems for clients, I am thrilled to be a part of Ostra’s service-driven culture.”

Connect with Laura on LinkedIn, or email her at LauraR@ostra.net.

Ostra Cybersecurity

Employee Spotlight: Johnathan Erwin, Security Engineer

/in , /by

Ostra is kicking off our first employee spotlight with our Security Engineer, Johnathan Erwin from Ostra’s Cybersecurity Operations team. We recently sat down with him to talk about his role at Ostra, what makes him tick, his experience, and his life outside of work.

Career & Life at Ostra

Describe what you do at Ostra in one sentence.

I help support Ostra’s Cybersecurity Operations, and make sure everything runs smoothly for our team and clients. (And whatever else Michael Kennedy tells me to do! Haha.)

What initially interested you about Ostra Cybersecurity in the first place?

I worked with Michael Kennedy previously at Optum, and really enjoyed working with him. I was interested in learning more about cybersecurity, so joining the team at Ostra made a lot of sense.

What excites you most about your position and growth opportunity at Ostra?

I like that the opportunities are ever changing. I also enjoy building new tools, learning something new or finding something new to try. At Ostra, there is always something new to try, learn or take on.

What do you believe is the best thing about Ostra or the Ostra team?

The best thing about Ostra is our work environment. Ostra’s leaders have built an amazing culture where people are here to work and help each other. Our team cares for each other, is flexible and communicates well.

What do you find most challenging about your role at Ostra?

At Ostra, I never know what the day will hold. I can come prepared with my best laid plan, and then something shifts, and I must switch gears. Each day it is something new, and I must always be prepared for whatever comes.

What advice would you offer to someone looking to take on a role similar to yours?

I would say to get really good at using Google. Haha! But seriously, be comfortable asking questions, multi-tasking, shifting gears often and being prepared for a changing workload.

What would you do for a career if you weren’t doing this?

I would love to do something in the music business. I have played bass and guitar for the most of my life and would pursue that as a career.

OK, now for some fun questions

Where’s your favorite place in the world?

My favorite place in the world would definitely be a concert. It doesn’t matter which one, simply any concert.

Name one thing not a lot of people know about you.

I have a huge sweet tooth—cookies are the best bribe!

Three words to best describe you.

Silly, hardworking, and caring.

Name the most interesting place you have ever visited.

I had the opportunity to visit a gem mine in North Carolina called Emerald Hallow. A memory I will never forget!

What’s your motto or personal mantra?

I’ll rest when I’m dead.

 

Want to be a part of Ostra’s culture and team? Learn more about working at Ostra and view our open positions!

Michael Kennedy

Awareness Leads to Action: Why Data Privacy Matters

/in , /by

To anyone who is familiar with Ostra’s history as well as our team culture, it is no surprise that we are passionate about data privacy. Ostra is a proud 2022 Data Privacy Week Champion because we were founded on the belief that all businesses and individuals have a fundamental right to data privacy and security.

January 24 – 28, 2022 is Data Privacy Week—a global initiative to generate awareness about the importance of online privacy. In addition to educating citizens on how to manage and secure their personal information, Data Privacy Week encourages businesses to respect data and be more transparent about how they collect and use customer data.

What does data privacy mean?

Individuals and businesses approach data privacy in slightly different ways:

  • As individuals, we are usually more concerned with protecting our personal information, securing our financial or health records, keeping our families safe on social media, or reducing the risk of personal property being stolen.
  • For businesses, however, data privacy is more complex. It’s not just about protecting the data of their company, employees, or investors. They also need to be accountable for how they are handling data for their clients, vendors, or any other organizations that they interact with.

But in all cases, data privacy is simply about minimizing opportunities for others to exploit data for personal, professional, political, social or financial gain.

The path to action

According to a Pew Research Center study, 79% of U.S. adults report being concerned about the way their data is being used by companies.

Yet, at the same time, many of us in the information security industry hear comments like, “Who cares if Big Brother is listening to what kind of cereal I like?” People know they are being targeted, but the outrage has worn off.

When Ostra conducts cybersecurity assessments for our clients, we typically try to find out where they fit on the scale of concern for their data security and data privacy.

After spending more than 20 years in this industry, I’ve seen attitudes about data privacy that range from apathy to paranoia. Both ends of this spectrum are problematic.

How can we best position ourselves to champion data privacy? I am a big fan of awareness that leads to action. This concept is illustrated below:

On the left side, Apathy leaves people unmotivated, leading to careless inaction. On the other end, Paranoia creates a fatalistic outlook, which can be just as paralyzing. Neither of these extremes tend to move people forward. But right in the middle is Awareness, which leads to action.

Businesses can build employee awareness about data privacy by asking these questions:

  • Whose data do we have?
  • What kind of data do we have? (Financial, personal/health information, etc.)
  • Should we even have this data?
  • Who has access to this data? (And is anyone overseeing these permissions?)
  • How do we secure this data?

Individuals can take data privacy more seriously by thinking about:

  • Where is my personal data being stored?
  • Who has access to my personal data?

Privacy Frameworks

As companies dive further into the topic of data privacy, they should also develop an official Data Privacy Policy or framework if none exists.

What is a Data Privacy Policy? It is simply a roadmap that your company can follow to keep sensitive data secure. Your policy might outline the following:

  • Methods you use to manage/store private data
  • Standards or procedures for encrypting your data
  • What to do if an employee is on the receiving end of private data that they should not have access to
  • Procedures about who is a gatekeeper for sensitive, confidential or HIPAA-protected data
  • Definitions about what is considered private or confidential data
  • Guidelines for sharing or forwarding data to non-gatekeepers

Train your employees (and then train them again, and again…)

A policy is only as good as the people who follow it—or don’t. So once you have a framework in place, it’s time to ensure your employees are properly trained, regularly updated, and are inspired to share your commitment to data privacy.

Training topics or roundtable conversations might include:

  • What is protected information?
  • What are some scenarios where private data might be exposed, unintentionally?
  • What should I do if I accidentally receive something from a client or employee that I shouldn’t?
  • How do I report a data privacy breach or incident?
  • What are best practices for keeping my laptop, smartphone or network files secure?

Data privacy training doesn’t have to be formal or complicated. It could be a casual lunch-and-learn or Q&A session. The goal is to get employees thinking and talking about their role in ensuring data privacy at the company.

At a minimum, I recommend that businesses host quarterly or monthly data privacy trainings for every employee and contractor. Since Ostra believes so strongly in data privacy, our security team talks about it at least once per month—sometimes as part of our all-company town halls, or even more frequently at smaller gatherings. We know that regular, ongoing conversations about data privacy are crucial to proactively protecting ourselves, our company and our clients.

Links between personal & business data privacy

Your personal and company data might be more interconnected than you realize. Cybercriminals are constantly looking for cracks in the armor to help them gain access to a company’s client list, financial data, intellectual property, or other important information.

Whether you are the CEO or a part-time intern, it’s important to consider:

  • How much information are you sharing on your personal social media accounts that might make your password easier to crack? (i.e. birthdates, anniversary dates, middle names, location details, etc.)
  • Do you participate in online surveys or quizzes that gather your personal details? If so, could your answers be used to put your data at risk?
  • Do you ever check email from an unsecured network—e.g., while at home or at your local coffee shop?
  • Have you checked the privacy settings on the many apps have installed on your smartphone?

By collecting unsecured personal information, impersonators can build profiles of employees to gain access to sensitive data at the places where they work.

Of course, many people can’t imagine their company might be a prime target for things such as ransomware—especially those who work for SMBs. But cyber attacks are not just aimed at multi-national, Fortune 100 corporations. A 2Q 2021 Coveware report stated that more than 75% of ransomware cyberattacks occur on companies with less than 1,000 employees.

Impersonating employees by researching their personal data is a common strategy that criminals can use to initiate ransomware attacks, credit card fraud, industrial espionage and more.

About Data Privacy Week

January 24 – 28, 2022 is Data Privacy Week. In 2022, National Cybersecurity Alliance expanded its annual Data Privacy Day campaign from a single day (January 28) to a week-long initiative. Data Privacy Day began in the United States and Canada in January 2008 as an extension of Data Protection Day in Europe, which commemorates the Jan. 28, 1981 signing of the first legally binding international treaty dealing with privacy and data protection (known as Convention 108). For more info about Data Privacy week and other initiatives from the National Cybersecurity Alliance, visit staysafeonline.org.

About Ostra

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes. The result is a multi-layered, 360° solution that allows you to set it and forget it. For more information, visit www.ostra.net.

Ostra Cybersecurity

Ostra and FRSecure are proactive partners in data security

/in /by

As a next-generation managed security services provider (MSSP), Ostra is proud to partner with a select group of companies that share our values and commitment to protecting clients. It is rewarding to work with Channel Partners like FRSecure, whose focus is crystal-clear: Information Security Experts on a Mission to Fix a Broken Industry.

Watch this short video to hear from John Harmon, President at FRSecure, talk about how Ostra helps fill cybersecurity gaps for their clients. Ostra empowers Channel Partners like FRSecure to better protect the businesses they serve.

 

Launched in 2012, FRSecure is a Minnesota-based consulting and testing company in the information security space. Its award-winning technical team excels at risk assessments, penetration testing, incident response forensics and technical research. In addition, clients come to FRSecure for advice on cybersecurity planning, leveling up their current staff, or integrating security into their business.

Since one of FRSecure’s specialties is helping clients how to prioritize their security projects and then implement them in a cost-effective way, becoming an Ostra Channel Partner just made sense.

To learn more or schedule your free cybersecurity assessment, contact Ostra today.

About Ostra’s Channel Partner Program: For more information on the benefits of becoming an Ostra Cybersecurity Channel Partner, visit our Partner page, or connect with Mike Barlow, Director of Strategic Partnerships.

About FRSecure: FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction. Ostra is proud to have FRSecure as one of our official Channel Partners. To learn more about FRSecure, visit frsecure.com 

About Ostra: As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes. Visit ostra.net to learn more about our multi-layered, 360° solution.

Ostra Cybersecurity

Remote Control: Prioritizing Cybersecurity in the Hybrid Workplace

/in , /by

As a 2021 Cybersecurity Awareness Month Champion, Ostra is proud to help shed more light on security vulnerabilities and help secure our interconnected world.

In cooperation with the National Cyber Security Alliance, Ostra Cybersecurity invites our clients and partners to join us as we continue to use the month of October to spread more awareness and take action to protect the valuable data that is online.

Below are tips to help guide our community to better data privacy in the world of remote work. These tips are more relevant than ever, as remote and hybrid workforces continue to shape how companies interact with their employees and customers.

Remote Working Trends

In this day and age, employees are more connected than ever. The hybrid workplace is here to stay, and for employees, this means relying on connected devices from their home office setups.

According to recent data, smart home systems are set to rise to a market value of $157 billion by 2023, and the number of installed connected devices in the home is expected to rise by a staggering 70% by 2025. In this new normal where smart devices and consequently online safety are a must, here are some tips for securing those devices.

Remember smart devices need smart security

Make cybersecurity a priority when purchasing a connected device. When setting up a new device, be sure to set up the privacy and security settings on web services and devices bearing in mind that you can limit who you are sharing information with. Once your device is set up, remember to keep tabs on how secure the information is that you store on it, and to actively manage location services so as not to unwittingly expose your location.

Put cybersecurity first in your job

Make cybersecurity a priority when you are brought into a new role. Good online hygiene should be part of any organization’s onboarding process, but if it is not, then take it upon yourself to exercise best practices to keep your company safe.

Cybersecurity has become a loaded concept. There are so many things to consider when protecting your data—whether you are working at home, remotely/on the road, or in a traditional office setting.

Some basic precautions include performing regular software updates, and enabling MFAs. You can also contact Ostra to explore how a cybersecurity assessment can reveal what vulnerabilities you may have, and how you can stay ahead of threats.

Make passwords and passphrases long and strong

Whether or not the website you are on requires it, be sure to combine capital and lowercase letters with numbers and symbols to create the most secure password. Generic passwords are easy to hack. If you need help remembering and storing your passwords, don’t hesitate to turn to a password manager for assistance.

If you are a business owner, it’s more important than ever to make sure you are doing everything you can to protect your most valuable asset—your data, and your clients’ data.

Malware attacks, phishing scams and ransomware events are increasingly targeting small and medium-sized businesses. Being prepared and preventing these disruptions is not just about convenience; it can be a matter of survival. Check out our blog, Why Cybersecurity Should Be On Every Business Owner’s Radar, for tips on how you can protect your business.

Never use public computers to log in to any accounts

While working from home, you may be tempted to change scenery and work from a coffee shop or another type of public space. While this is a great way to keep the day from becoming monotonous, caution must be exercised to protect yourself and your company from harm’s way. Make sure that security is top of mind always, and especially while working in a public setting, by keeping activities as generic and anonymous as possible.

Turn off WiFi and Bluetooth when idle

The uncomfortable truth is, when WiFi and Bluetooth are on, they can connect and track your whereabouts. To stay as safe as possible, if you do not need them, switch them off. It’s a simple step that can help alleviate tracking concerns and incidents.

These are just a few simple steps towards achieving the best online safety possible. Staying safe online is an active process that requires constant overseeing at every stage – from purchasing and setting up a device, to making sure that your day-to-day activities are not putting anyone at risk. By following these steps, you are doing your part to keep yourself and your company safe from malicious online activity.

To learn some additional ways to protect your data while working remotely, check out our 2021 Cybersecurity Strategies blog.

What is Cybersecurity Awareness Month?

Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online.

The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to the Cybersecurity Awareness Month theme of ‘Do Your Part. #BeCyberSmart.’

As a 2021 Champion, Ostra supports this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

Contact Ostra for a free cybersecurity assessment or to explore how you can stay ahead of threats.

Ostra is a proud Cybersecurity Awareness Month Champion
Ostra Cybersecurity

Ostra announces commitment to safeguarding business data during Cybersecurity Awareness Month

/in , /by

As a 2021 Cybersecurity Awareness Month Champion, Ostra is proud to help shed more light on security vulnerabilities and do its part to secure our interconnected world.

Throughout the month of October, Ostra Cybersecurity is joining a growing global effort to promote the awareness of online safety and privacy during Cybersecurity Awareness Month. This year’s initiative highlights the growing importance of cybersecurity and encouraging individuals and organizations to take necessary measures to stay safe and secure in an increasingly connected world.

Ostra Cybersecurity has focused on proactively protecting businesses from data breaches ever since the ransomware attack that sparked its formation. Named after the Spanish word for oyster—whose shell protects the pearl inside—Ostra delivers a comprehensive, managed cybersecurity solution that protects a business’ most valuable asset: their data. Ostra is dedicated to improving information security practices across the industry and making Fortune 100-caliber cybersecurity accessible to businesses of ALL sizes.

With a passion for educating others about cyber threats, Ostra considers it a high priority to help spread the word as a 2021 Cybersecurity Awareness Month Champion.

“Too many times, we see the devastating impact of data breaches on real people—employees, business owners, customers, donors and more,” explains Michael Kennedy, Founder of Ostra Cybersecurity. “So that’s why Ostra is ‘all in’ when it comes to highlighting the importance of data security during Cybersecurity Awareness Month.”

What is Cybersecurity Awareness Month?

Cybersecurity Awareness Month 2021Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online.

The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to the Cybersecurity Awareness Month theme of ‘Do Your Part. #BeCyberSmart.’

As a 2021 Champion, Ostra supports this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

Spreading Awareness

All month long, Ostra will be sharing educational content and cybersecurity tips on our blog and social media channels. Follow Ostra on LinkedIn to stay up-to-date on Cybersecurity Awareness Month initiatives, as well as everyday data security topics that impact businesses of all sizes.

Ostra will also be promoting cybersecurity awareness this October by participating in Hacks & Hops—a FREE virtual security conference hosted by FRSecure on October 14, 2021. Ostra is proud to be a sponsor and presenter for this year’s event.

Hacks & Hops brings information security professionals together to learn, network and enjoy beer. This year’s full-day, virtual conference will include 12 speakers and 8 topics—ranging from mental health, cyber insurance, MSSPs, and more. Attendees can also earn up to 5 hours of self-study CPE credits by participating.

Michael Kennedy, Founder of Ostra Cybersecurity will share “The Problem With Tech Providers and MSSPs” as the final presentation of the Hacks & Hops event. This educational session will cover:

  • Best practices to recognize and reward clients’ current cybersecurity efforts
  • Obvious challenges being ignored (by clients and providers), and what to do about it
  • Opportunities for ALL to step up, keep learning and doing better, plus some words of advice to the cybersecurity industry

Learn more and register for this free cybersecurity event at hacksandhops.com

For more information about Cybersecurity Awareness Month 2021 and how to participate in a wide variety of activities, visit staysafeonline.org/cybersecurity-awareness-month. You can also follow and use the official hashtag #BeCyberSmart on social media throughout the month.

2021: Do Your Part. #BeCyberSmart

More than ever before, technology plays a part in almost everything we do. Connected devices have been woven into society as an integral part of how people communicate and access services essential to their well-being.

Despite these great advances in technology and the conveniences this provides, our lives and businesses can quickly be disrupted by cyber criminals and adversaries who use technology to do harm. Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering actionable guidance surrounding behaviors anyone can take to protect themselves and their organizations.

This year, the Cybersecurity Awareness Month’s main weekly focus areas will revolve around:

  • Understanding and implementing basic cyber hygiene, including the importance of strong passphrases, using multi-factor authentication, performing software updates and backing up data.
  • Recognizing and reporting phishing attempts whether it’s through email, text messages, or chat boxes.
  • Empowering individuals to not only practice safe online behavior, but consider joining the mission of securing our online world by considering a career in cybersecurity.
  • Making cybersecurity a priority in business by making products and processes “secure by design” and considering cybersecurity when purchasing new internet-connected devices.

Simplifying Cybersecurity for Diverse Clients

Ostra’s mission is to simplify cybersecurity for small and medium-sized businesses. This is accomplished by tailoring multi-layered cybersecurity—powered by technology that the world’s largest companies rely on—to fit smaller businesses.

In addition to working directly with clients, Ostra fulfills its mission by partnering with trusted advisors who serve businesses across diverse industries. Through its Channel Partner Program, Ostra empowers Managed Service Providers (MSPs), consultants, incident response firms, assessment firms and others who need to deliver best-in-class security solutions for their small- and medium-sized business clients as part of a broader IT services strategy.

Check out Ostra’s blog to learn more about their relationship with Channel Partners such as CyberFin and FRSecure.

About Ostra

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes. The result is a multi-layered, 360° solution that allows you to set it and forget it. For more information, visit www.ostra.net.

About Cybersecurity Awareness Month

Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit the National Cyber Security Alliance website.

About National Cyber Security Alliance

NCSA is a nonprofit alliance on a mission to create a more secure connected world. We enable powerful, public-private partnerships in our mission to educate and inspire individuals to protect themselves, their families and their organizations for the collective good. Click here for more information on the National Cyber Security Alliance.

Ostra Cybersecurity

Hacks & Hops Virtual Security Conference- October 14, 2021

/in /by

Hacks & Hops is a FREE virtual conference for information security professionals. Hosted by one of Ostra Cybersecurity’s Channel Partners, FRSecure, this event brings information security professionals together to learn, network and enjoy beer on Thursday, October 14, 2021.

Watch this short video to hear from John Harmon, President at FRSecure, as he shares what to expect at the 2021 Hacks & Hops conference.

 

This year’s event includes 12 speakers and 8 topics ranging from mental health, cyber insurance, MSSPs, threat intelligence and more. Michael Kennedy, Founder of Ostra Cybersecurity, will present on cybersecurity best practices, challenges being ignored (by clients and providers), and opportunities for all to keep learning and do better.

Attendees can earn CPE Credits* by participating.

*CPE Credits – Up to 5 hours of self-study – Learn More Here

How To Register

Registration is FREE. Visit hacksandhops.com to learn more about the speakers and topics, or to register for this all-day event (9a-5p CT) on Thursday, October 14, 2021.

 

Ostra Cybersecurity

Cyber Allies: FRSecure and Ostra are proactive partners in data security

/in , /by

Ostra Cybersecurity enjoys building relationships with like-minded companies who share our commitment to protecting clients. That is why it is especially rewarding for us to work with Channel Partners like FRSecure, whose focus is crystal-clear: Information Security Experts on a Mission to Fix a Broken Industry.

Launched in 2012, FRSecure is a Minnesota-based consulting and testing company in the information security space. Its award-winning technical team is best known for performing risk assessments, penetration testing, incident response forensics and technical research—as well as regularly taking down hacking challengers at industry events such as DEF CON.

Although they typically work with organizations that employ less than 500 people, FRSecure also serves much larger companies that need to fill a gap in their security expertise. In addition to assessments and testing, clients consult FRSecure for advice on cybersecurity planning, leveling up their current staff, or integrating security into their business.

One of FRSecure’s specialty areas is helping clients identify which security projects they should prioritize—and showing them how to implement those plans in a cost-effective way. With this in mind, becoming an Ostra Cybersecurity Channel Partner made sense for a number of reasons.

How does becoming an Ostra Channel Partner benefit companies like FRSecure? In short, Ostra empowers Channel Partners to better protect the businesses they serve.

Paul Dobbins, Chief Growth Officer at Ostra, explains: “FRSecure is a perfect example of what Ostra’s Channel Partner Program is specifically designed for… naturally adjacent companies in the cybersecurity ecosystem. Together we’re breaking down silos within the industry to make sure companies are protected with holistic solutions.”

Culture Cues

“First and foremost, what FRSecure looks for in a partner is culture fit,” shares John Harmon, President at FRSecure. “Are they interested in helping us fix the broken industry? Are they interested in helping us solve the same kinds of problems and serving the same kind of customers that we serve?”

The mission-driven culture at FRSecure resonates with I.S. professionals who want to make a difference in their industry—which has helped the company attract a team of bright, highly committed experts.

This mirrors the Ostra team’s passion for protecting clients from the devastating effects of cyberattacks, which are increasingly targeting small and medium-sized businesses. (A friend’s devastating experience with ransomware is one of the reasons Michael Kennedy founded Ostra—read more about the Ransomware Attack that Sparked Ostra Cybersecurity.)

Shared Values

Another important consideration in any partnership is common values—such as collaboration and truth-telling. Both Ostra and FRSecure are strong advocates for transparency.

“What we liked most about Ostra was their leadership and their willingness to let us look under the hood,” Harmon recalls, “so we could verify what they were claiming to do and who they were planning to serve.” Allowing this level of access to their proprietary solution—which Harmon says is rare in the cybersecurity industry—built trust and empowered FRSecure to refer clients to Ostra with confidence.

 Another factor that contributes to the success of this Channel Partner relationship is the willingness of both companies to tackle tough problems together. Being open to feedback and communicating clearly ensures that nothing is lost in translation.

“We’re constantly working through issues, trying to find the best solutions for our clients—and sometimes that can get uncomfortable,” admits Harmon, “But with Ostra, we can speak plainly… and we can move a lot faster to help our clients.”

FRSecure was also drawn to Ostra’s technical expertise in filling the gaps left by other cybersecurity products. The holistic Ostra solution was able to measurably solve security issues for their clients.

Vision & Leadership

How does Ostra typically add value to Channel Partners and their clients? In FRSecure’s view, Ostra’s top strength is being able to identify the client’s real issue, knowing what the gaps are, and having the skill to fill those gaps in the most responsible way.

“Ostra is not trying to shoehorn their solution into things, hoping it works,” John Harmon explains. “Ostra is very good at vetting the issues… customizing their solution to make sure it fits, and [making sure] our customers are happy when they’re through.”

 Harmon also admires the way Ostra has been able to package its very high level of cybersecurity expertise into a solution, and scale it in a way that benefits businesses of every size—including FRSecure’s clients.

 “[Ostra Founder] Mike Kennedy is a visionary,” Harmon says. “He’s somebody who saw a problem in the industry and, despite all odds and despite hulking competition, created an offering that is going to be viable in our industry… I’m so happy that we are a part of that journey.”

Facing Reality

In recent months, there have been dramatic policy changes at cyber insurance companies and at the regulatory level. As a result, both Ostra and FRSecure have seen organizations start to shift their strategies; instead of just relying on cyber insurance, companies are realizing their need to put a proper incident response plan in place.

According to Harmon, “There is now no choice but to take preventative measures and have insight into your network and your security program.”

To meet this need, FRSecure offers several compliance preparation services (such as SOC2 audit, Vendor Risk Management and more) to clients. Ostra is also uniquely positioned to help businesses learn to use insurance in a more responsible way. For example, in a June 2021 webinar presented by Ostra (The Ultimate Reality Check for Cybersecurity), panelists shared tips to protect small business owners from losing everything due to a data breach caused by malware, phishing or ransomware schemes.

No Surprises

Leaders at Ostra and FRSecure agree that when it comes to cybersecurity, nobody likes surprises. That’s why it’s crucial for organizations to account for every potential vulnerability and get a clear view of the situation before moving forward with a cybersecurity solution.

“You can’t secure what you don’t know you have,” John Harmon warns. “One of the first things that we coach our clients is to understand: What are all the assets in your network, in your data pool, even in your staff?”

Whether companies need a risk assessment, cybersecurity program planning, a cyberattack simulation or compliance preparation, FR Secure can provide a detailed analysis of their vulnerabilities as well as options for fixing the problem.

Joe Johnson, President at Ostra Cybersecurity, sheds some light on how Ostra fits in to this equation. “FRSecure helps clients understand their current reality, which is foundational to building an effective cybersecurity strategy.” He continues, “Ostra can offer a Fortune 100-caliber, layered cybersecurity solution to FRSecure clients who are looking for 24/7 threat prevention, management and remediation.”

A layered approach to cybersecurity is vital to helping companies confront the brand-new (also known as “zero-day”) exploits that sneak under the radar, in addition to the known threats that are logged by threat intelligence engines.

John Harmon summarizes: “Make sure that you are protecting yourself against everything… and not just what you can see.”

Partnering for Results

“Partnerships by definition should be a two-way street and FRSecure is a shining example,” stated Mike Barlow, Director of Strategic Partnerships at Ostra. “We are continually evaluating new channel partners including MSPs, vCISO, consulting, assessment and incident response firms. Selected Ostra Certified Partners like FRSecure are partners we trust explicitly in recommending to our clients in need of services outside of our area of expertise.”

Proactive partnerships with cyber allies like FRSecure are worth celebrating. The shared values, complimentary culture, and continuous improvement mindset of our Channel Partners ensures we are creating the best data security outcomes for clients.

About Ostra’s Channel Partner Program: For more information on the benefits of becoming an Ostra Cybersecurity Channel Partner, visit the Partner page on our website or connect with Mike Barlow, Director of Strategic Partnerships, on LinkedIn.

About FRSecure: FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction. Ostra is proud to have FRSecure as one of our official Channel Partners. To learn more about FRSecure and its award-winning technical services team (Team Ambush), visit frsecure.com

About Ostra: As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes. Visit ostra.net to learn more about our multi-layered, 360° solution.

Ostra Cybersecurity

CyberFin and Ostra: A Channel Partner Story

/in /by

Ostra Cybersecurity collaborates closely with other technology companies to help them more effectively serve their diverse client groups. As a next-generation managed security services provider (MSSP), Ostra is always looking for opportunities to simplify cybersecurity while delivering value for our Channel Partners.

CyberFin is a Minnesota-based company that relentlessly focuses on protection for closely regulated businesses such as insurance agencies, financial services, brokerages and their commercial customers. As one of Ostra’s Channel Partners, CyberFin focuses on cybersecurity in the insurance and financial space.

This video features a conversation with Chris Steffl, Managing Partner at CyberFin, about what it’s like to work with Ostra Cybersecurity. Ostra leaders Joe Johnson (President) and Michael Kennedy (Founder) also discuss what makes the partnership with CyberFin work well, and how Ostra supports the good work that CyberFin is doing for their clients.

Click here to watch the video.

To learn more about Ostra or schedule your free cybersecurity assessment, contact us today.

 

Ostra Cybersecurity

Hacks & Hops Virtual Security Conference

/in , /by

featuring Ostra’s Michael Kennedy as speaker – October 14, 2021

Hacks & Hops is an event hosted by one of Ostra’s Channel Partners, FRSecure, that brings information security professionals together to learn, network and enjoy beer.

Save the date from 9a-5p on Thursday, October 14 for this free full-day, virtual conference that includes 12 speakers and 8 topics—ranging from mental health, cyber insurance, MSSPs, and more. Michael Kennedy, Founder of Ostra Cybersecurity, will be the final speaker of the day. Attendees can earn CPE Credits* by participating in this event.  Visit https://hacksandhops.com/ to register.

Ostra is a sponsor of this free event.

*CPE Credits – Up to 5 hours of self-study – Learn More Here

Presenter information

Learn from experts in various niche areas of cybersecurity. The lineup of engaging speakers for this virtual conference includes:

  • Evan Francen, Founder & Chief Executive Officer of FRSecure & SecurityStudio: Welcome
  • Joe Scargill, Special Agent in Charge Twin Cities at Secret Service: Opening Keynote 
  • Arin Brown, Chief Technology Officer at SEACHANGE: How to Build a Security Program From the Ground Up 
  • Tony Lambert, Senior Intelligence Analyst at Red Canary and Mike Thompson, Incident Case Manager – Team Lead at FRSecure: Panel Discussion
  • Amanda Berlin, Chief Executive Officer & Owner, Mental Health Hackers: Mental Health Hackers
  • Oscar Minks, Director of Technical Services at FRSecure and Sonu Shankar, Head of MDR Product at Arctic Wolf: How to Stay Ahead of Threat Intelligence
  • Tim Smit, Cyber Security Practice Lead & Owner at Lockton: What’s Going On With Cyber Insurance and Why It’s Still Important
  • Mike Kennedy, Founder at Ostra Cybersecurity: The Problem With Tech Providers and MSSPs 

In his 40-minute presentation entitled The Problem with Technology Providers and MSSPs, Ostra Founder Michael Kennedy will share:

  • Best practices to recognize and reward clients’ current cybersecurity efforts
  • Obvious challenges being ignored (by clients and providers), and what to do about it
  • Opportunities for ALL to step up, keep learning and doing better, plus some words of advice to the cybersecurity industry
  • Additional Q&A (time permitting)

 How To Register

Registration is free. Visit https://hacksandhops.com/ to learn more or register for this all-day event (9a-5p CT) on Thursday, October 14, 2021.

About Ostra Cybersecurity

As a next-generation managed security service provider (MSSP), Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-caliber protection for businesses of all sizes. The result is a multi-layered, 360-degree solution that allows you to set it and forget it. By making cybersecurity technology simple and accessible to business of all sizes, Ostra is helping create a world with greater data privacy and protection for all of us. For more information, visit www.ostra.net.

Learn more about cloud data protection, email threat prevention, and how to prevent ransomware, various types of malware and more. Contact Ostra today for a free assessment to see what vulnerabilities may exist for your business or clients.

Mike Barlow

Banking on Expert Cybersecurity: CyberFin Partners with Ostra to Protect Financial & Insurance Clients

/in , /by

As a next-generation managed security service provider (MSSP), Ostra Cybersecurity works closely with some great companies in the technology space. In my role as Director of Strategic Partnerships, I enjoy finding ways to support and collaborate with our Channel Partners that serve on the front lines of cybersecurity for diverse client groups around the world.

CyberFin is a Minnesota-based company that provides relentless protection for closely regulated businesses such as insurance agencies, financial advisors, real estate brokers and registered investment advisors. As one of Ostra’s Channel Partners, CyberFin focuses on cybersecurity in the insurance and financial space.

In early 2021, Ostra began working with Managing Partner Chris Steffl and the team at CyberFin. In the wake of unprecedented cybersecurity challenges in the post-pandemic world, Ostra came alongside CyberFin with solutions to strengthen their business model and help them stand apart in a crowded field.

The first great thing about our partnership with CyberFin is that their mission and values are aligned with Ostra’s—being proactive and never settling for anything but the best for their clients.

In addition, both Ostra and CyberFin love to educate small businesses and mid-sized companies about cybersecurity. Chris Steffl, Managing Partner at CyberFin, shared a bit about how Ostra supports CyberFin in this area:

“We’re taking an industry that has very little knowledge or understanding about cybersecurity and we’re trying to make it simple and easy for them to understand…

One of the big things that Osta is excellent at is the deployment of their tools, and how their team works with our organization and the clients that we have. Ostra made it really easy to bring those tools in, and explain it to our clientele… financial planners or insurance agents that aren’t in the cyber industry… so that they’re able to figure out what tools they need to put in place.” – Chris Steffl, Managing Partner at CyberFin

In terms of CyberFin’s particular expertise, they are a trusted advisor in the finance and insurance space. With decades of experience, they have been in the trenches and know what their clients need. This makes CyberFin a fierce advocate for their clients—they are constantly on the lookout for any security threats or compliance issues that might arise. So getting the right tools, technology and talent behind their solution was extremely important.

“Ostra is really a next-generation level of cybersecurity,” summarized Chris Steffl. “They are able to comprehensively pull together all the different tech stacks that they’ve got, and deploy that in a very easy manner. And I think that’s one thing that set’s them apart from other cybersecurity firms is the ability to pull all these tools together to make an easy, simple deployment of the products.”

Ostra is proud to work alongside Channel Partners like Cyberfin to ensure financial and insurance businesses of all sizes—even small firms and start-ups—get the same level of best-in-class, layered cybersecurity that Fortune 100 companies rely on.

To learn more about CyberFin, visit www.cyberfin.net.

To learn more about how Ostra and our Channel Partners can deliver expert-level cybersecurity or improve your data security compliance, contact our team today.

Michael Kennedy

What is Layered Cybersecurity?

/in /by

What is layered cybersecurity, and why is it essential to protecting small businesses and medium-sized companies from cyber threats?

In this short video, Ostra leaders answer these questions. Hear from Joe Johnson (President), Michael Kennedy (Founder) and Paul Dobbins (Chief Growth Officer) as they explain the features and benefits of a comprehensive, multi-layered approach to cybersecurity.

When evaluating their data protection options for their unique needs, many businesses become overwhelmed by the sheer number of technology silos and specialty areas to navigate. The field of cybersecurity is broad and deep—and ever-changing.

Watch this video to learn more about Ostra’s unique approach: simplifying cybersecurity while providing the best-in-class tools, proprietary technology, and exceptional talent that businesses need to protect their data.

Click here to watch the video.

To learn more about Ostra or schedule your free cybersecurity assessment, contact us today.

 

The Ultimate Reality Check for Cybersecurity
Ostra Cybersecurity

Highlights from BrightTALK Webinar: The Ultimate Reality Check for Cybersecurity

/in , /by

By Ostra Cybersecurity

On July 12, Ostra presented a free BrightTALK webinar: The Ultimate Reality Check for Cybersecurity. In this informative discussion, our panel of cybersecurity experts—including Ostra Co-Founder Michael Kennedy and Chief Growth Officer Paul Dobbins—shared how real-life threat events during the pandemic have forever changed the cyber threat landscape for businesses.

The presentation also included tips and strategies for combating threats in the face of endpoint visibility and control challenges—which have become harder for businesses to manage as remote workstations, virtual meetings and cloud-based apps and file sharing has become commonplace.

Organizations of all sizes are increasingly being targeted by cybercriminals—through ransomware, phishing schemes or other malware attacks—due to insecure endpoints. The panelists discussed some of the recent, high-profile cyberattacks that are still impacting the business world, and whether the latest governmental actions will be effective.

Panelists for this webinar presentation included: Michael Kennedy, Co-Founder and CTO at Ostra Cybersecurity; Oscar Minks, Director of Technical Solutions and Services at FR Secure; and Heidi J.K. Fessler, Founder and Cybersecurity/Data Privacy Attorney at Innova Law Group. The discussion was moderated by Paul Dobbins, Chief Growth Officer at Ostra Cybersecurity.

Why endpoint security matters (now, more than ever)

Over the past 12-15 months, a lot has changed in the cyber-threat landscape. The Covid-19 pandemic forced many companies to rapidly shift to a remote workforce; an unprecedented number of employees were suddenly working from home, sometimes with little technical/configuration support.

“During lockdown, we saw companies using old machines that had not been patched, or they had vulnerabilities,” shared Michael Kennedy. Although Ostra helped those clients with remediation, the more ideal scenario is to be proactive. “Make sure everything is patched and updated,” he advised. “Be ready for it. Plan this out. Have a policy.”

Amid the rising tide of virtual transactions, Ostra also heard from business leaders who wondered why they should prioritize cybersecurity when so much personal and financial information was already available online. Would it even matter?

“I think we have become numb to all these cyber events—the Target breach, the Experian breach,” stated Michael Kennedy. But he warned that complacency is dangerous, since ransomware events can have a significant impact—and most small businesses don’t recover.

Adding to Michael’s point, attorney Heidi Fessler shared an alarming statistic: “Eighty percent of SMBs that experience a data breach will lose their business. It is terminating,” she said. “Mostly because you didn’t think it could happen and you’re not ready.”

Heidi has also worked with small businesses that had a false sense of security about avoiding ransomware or malware because they worked with a managed service provider or an IT person. “IT and information security are not the same people,” she stated. “Data loss prevention is on the data security side. Just because someone is keeping your computers running, they are not [necessarily] a security person.”

Tackling zero-day exploits

The panelists also discussed the challenges of dealing with zero-day exploits.

“Zero-day is a newly discovered vulnerability with no fix for it,” explained Oscar Minks. “There can be work-arounds, but nothing is properly patched or corrected at this point.” Since the pandemic, the number of zero-day attacks has increased significantly. How can businesses better protect themselves against them?

Oscar suggested that the first step is to take inventory: businesses should know their environment, know their endpoints, know their network, and don’t let them be exposed.

“Innately, we should consider all of our applications are insecure,” Oscar shared. “Even if they are properly patched, protecting and isolating those services is important. Be proactive to protect those assets.”

Other real-world cybersecurity topics

In the remaining segments of the webinar, our panelists covered several other real-world cybersecurity topics including:

  • How should businesses hold an MSP or MSSP accountable?
  • What is ransomware-as-a-service, and how does it work?
  • Why is it important to separate IT and Information Security roles in your organization?
  • What are common misconceptions about cloud security?
  • What is the most important thing businesses can do to make endpoints more secure?
  • What role do policies, processes and insurance play in cybersecurity?
  • Do government actions work? What else can help fix a broken cybersecurity industry?

The Ultimate Reality Check for Cybersecurity is a free, 50-minute webinar. To watch the on-demand presentation in its entirety, please visit our event page on BrightTALK.

 

The Ultimate Reality Check for Cybersecurity
Ostra Cybersecurity

Watch free BrightTALK Cybersecurity webinar featuring Ostra leaders

/in , /by

The Ultimate Reality Check for Cybersecurity

Introducing The Ultimate Reality Check for Cybersecurity from BrightTalk. In this free webinar, four presenters—including Ostra Co-Founder Michael Kennedy as one of the panelists and Chief Growth Officer Paul Dobbins as a moderator—shared how real-life threat events during the pandemic have forever changed the cyber threat landscape.

Large-scale data hacks and ransomware events have made global headlines recently. But far from the glare of media attention, organizations of all sizes are increasingly being targeted by cybercriminals due to insecure endpoints.

In this session, panelists shared real stories from the front lines of cybersecurity, as well as strategies for combating new-age threats in the face increasing endpoint visibility and control challenges.

Our panelists also discussed how recent high-profile cyberattacks are still impacting the business world, and what changes organizational leaders can anticipate from recent public hearings and governmental actions.

Timely topics

Here are just a few of the questions and topics that our panelists unpacked:

  • How is the cyber-threat landscape changing?
  • If our data is already out there, why should we care?
  • What is really happening with “new threats” and ransomware, how are they being covered in the media?
  • How has cloud computing and having a remote/hybrid workforce changed the way we think about endpoint security?
  • What are strategies for combatting malware and cyberattacks?
  • Why is it important to separate IT and Information Security roles in your organizations?
  • Is the government doing anything to protect businesses, and will it work?
  • How can companies improve compliance and risk mitigation when it comes to cloud data protection and cybersecurity?

Panelist overview

The three panelists and our moderator for this event all work in the trenches of cybersecurity and risk management on a daily basis. They help businesses mitigate risk while learning how to improve cloud data protection, and how to prevent ransomware, malware and data breaches.

Participants included:

  • Michael Kennedy, Co-Founder & CTO, Ostra Cybersecurity (panelist)
  • Paul Dobbins, Chief Growth Officer, Ostra Cybersecurity (moderator)
  • Oscar Minks, Director of Technical Solutions and Services at FR Secure (panelist)
  • Heidi J.K. Fessler, Founder and Cybersecurity/Data Privacy Attorney at Innova Law Group, PLLC (panelist)

How to Watch

To watch a FREE replay of this 50-minute webinar that was first presented on July 12, click here.

Michael Kennedy

Cybersecurity – a loaded concept

/in , /by

Working in the technology space for many years, I have noticed that cybersecurity is a loaded concept. Similar to other words—such as history or intelligence—there can be multiple ways of describing it, depending on your angle.

The multi-faceted nature of cybersecurity is one reason why small- and medium-sized businesses sometimes find it frustrating to evaluate their options. It takes time to explore the latest software products, tools, and services. It can be difficult to make apples-to-apples comparisons when the packages and solutions in question are addressing different vulnerabilities.

For example, there are trustworthy brands and powerful technologies behind many of today’s cybersecurity solutions. But do they cover all your vulnerabilities, or just endpoints? Do you need multiple software tools for preventing ransomware, removing malware and protecting mobile devices, or is there a great all-in-one option? Are services such as updates, management, and tech support included in the cost?

As someone who has spent my career protecting data for small start-ups to Fortune 10 companies (and everything in between), I have found one thing that every business has in common: the need for a holistic, layered approach to cybersecurity.

If you are the one responsible for addressing the cybersecurity needs of your organization, it is common to become exhausted by research. It takes a lot of time and patience to stay on top of the latest software products, tools, and services on the market.

7 Cybersecurity Must-Haves

Here is an overview of seven cybersecurity essentials that every business should assess. By comparing your current state with these must-haves, you can better prioritize how to fill any gaps that might exist:

  • 24×7 Security Operations Center (SOC) – Will you have a knowledgeable team of specialists to provide round-the-clock support for cybersecurity issues that arise?
  • Security Information & Event Management (SIEM) – Does your solution incorporate the latest threat intelligence? Will it provide security orchestration, event logging, and analytics?
  • Email Threat Prevention (ETP) – How are email-based threats handled? Will you utilize machine learning and AI to identify attacks that evade policy-based defenses? Does your solution weed out credential-phishing URLs or impersonators?
  • Endpoint Security (Antivirus & Malware Protection) – How will you know when connected devices and infrastructure access points are compromised? Do you have integrated malware and antivirus (AV) defenses that analyze behavior and learn from it?
  • Firewall & VPN Security – Are your systems protected against new and malicious URLs? What happens if a “zero-day” exploit is successful in targeting a loophole in your software?
  • Cloud Security (CASB) – Is your solution built for cloud computing models such as SaaS and IaaS? How does it work with cloud-based services (i.e., Office 365, Box and AWS)? Are on-premises, mobile and remote users protected?
  • Mobile Device Management & Security (MDM) – How secure is your data across laptops, tablets, phones, IoT, & other devices? Is there seamless integration with existing architecture?

Comparing Costs & Risks

Once you review all these aspects of cybersecurity, the next step is to compare hard costs, soft costs, and risks.

For example:

  • Acquisition: How much will you invest to acquire the right products or services? (What happens if you don’t?)
  • Integration: How do you ensure that your solutions will integrate with your existing systems and software? (What happens if they don’t?)
  • Maintenance: What will you spend to maintain and update those products or services? (What happens if you fall behind schedule?)
  • Effectiveness: How will you know your solution is working or not working? (Who in your organization will manage the response or remediation for any flagged issues?)

How an MSSP Can Help

A Managed Security Services Provider (MSSP) can relieve the burden of researching and selecting the right cybersecurity software tools for your business, as well as managing the solution after it is installed. Not all MSSPs are equal, so make sure you choose one that utilizes enterprise-grade, constantly updated tools and software.

It is also helpful to work with a managed security service provider that has strong and influential relationships with software and technology providers—especially when quick product support or remediation is needed.

Finally, make sure that product training/education, seamless integration, expert-level technical support, and ongoing threat management are in your MSSP’s wheelhouse.

Read more about Michael Kennedy’s background and  The Ransomware Attack that Sparked Ostra Cybersecurity

About Ostra

Ostra is a next-generation managed security services provider (MSSP) that aims to make cybersecurity technology simple, comprehensive, and accessible to businesses of all sizes. By combining best-in-class tools, proprietary technology, and human expertise, Ostra is helping create a world with greater data privacy and protection for all of us.

Start taking a proactive approach to cybersecurity by scheduling a free security assessment with our team today. 

 

Ostra Cybersecurity

How Ostra Makes Cybersecurity More Cost-Effective for SMBs

/in /by

Cyberattacks against smaller businesses are increasing, and unfortunately many of these businesses are not adequately protected. This leaves them vulnerable to ransomware, types of malware and data breaches that puts their own bottom line and reputation at risk, while also giving criminals access to their clients’ data and systems.

President Joe Johnson and Co-Founder Michaael Kennedy share how Ostra has packaged Fortune 100-level cybersecurity expertise into a cost-effective solution for small business.

SMBs Are Worth Protecting

 

Unlike large enterprises that invest significant resources to achieve custom-built, multi-layered cybersecurity solutions, many small and mid-sized companies struggle to find affordable options for getting the level protection that they actually need.

But despite the fact that many SMBs believe they aren’t on a typical hacker’s radar, statistics show that cybercriminals are drawn to low-hanging fruit. (Case in point: IBM reported that small and mid-sized businesses are hit by 62% of all cyberattacks, or about 4,000 per day.) Criminals are specifically looking for smaller businesses that interact (either as a vendor or supplier) with globally recognized brands, in hopes that they will provide an easier access point for the treasure-trove of data that those corporations work hard to protect.

Ostra was founded for the purpose of making Fortune 100 level cybersecurity accessible to small businesses and medium-sized companies. Our unique combination of best-in-class tools, proprietary technology and human expertise enables Ostra to provide a comprehensive managed cybersecurity solution that small businesses can actually afford.

“Ostra is able to provide Fortune 100-level security tools based upon our expertise and experience deploying these technologies in Fortune 100 organizations, and our ability to create scalability and pass through the costs associated with a scalable environment,” states Michael Kennedy, Co-Founder. 

One way that Ostra achieved this is by building behind-the-scenes tools to automate many of the processes that occur in SOC analysis and cybersecurity event management within large organizations. Combined, they are able to provide a simple, cost-effective solution for the small to medium-sized business.

In addition to being simple to use and affordable, Ostra’s cybersecurity solution is constantly updated. This means the world’s best threat intelligence is continually—and proactively—protecting their data against known threats as well as brand new, “zero-day” exploits.

Contact Ostra to see how we can simplify cybersecurity while bringing 360-degree, best-in-class data protection to your business.

 

Joe Johnson

Why Cybersecurity Should be on Every Business Owner’s Radar

/in , /by

Most people know about the large-scale data hacks and ransomware events that top the national and global headlines. Recently, for example, the Colonial Pipeline cyberattack has gotten significant coverage on every major news outlet; last winter, everyone was talking about the SolarWinds breach.  But what many people don’t realize is that, far from the glare of worldwide media attention, small and medium-sized businesses are increasingly being targeted by cybercriminals.

Cybersecurity in the Age of Risky Business

There are a few reasons why the risk of cyberattacks are increasing for smaller businesses. First, over the past year the COVID-19 pandemic has forced businesses to figure out a way for an unprecedented number of employees to work remotely. This has opened up new security challenges across the board:

“Remote work has challenged enterprise security monitoring in numerous ways from the platforms used for communication to the devices people are using and networks on which they transmit data. We have seen an increase in social engineering opportunities as cyberespionage and cybercriminal groups attempt to take advantage of vulnerable employees unfamiliar with managing their technology environments.” –  2020 Cyber Threatscape Report by Accenture

Although businesses of every size are navigating these issues, cybercriminals know that small and medium-sized businesses (SMBs) are even more vulnerable. Some SMBs don’t take the time to develop a cybersecurity strategy because they think they are too small to worry about being attacked. Others rely on consumer-grade, off-the-shelf solutions to protect their data.

The following statistics about the impact of cyberattacks on SMBs are alarming:

  • Insurance carrier Hiscox reported that in 2019, 47% of small firms (1- 50 employees) and 63% of medium sized firms (50-249 employees) experienced one or more cyberattack.
  • According to IBM, small and mid-sized businesses are hit by 62% of all cyber-attacks, or about 4,000 per day.
  • Smallbiztrends.com stated that 43% of cyberattacks are aimed at small businesses, while only 14% are able to mitigate such risks effectively.
  • The Denver Post shared a S. National Cyber Security Alliance report that 60% of small businesses victimized by a cyberattack will go out of business within six months.

In reality, if your business or clients handle customer data—whether it’s banking/credit card info, medical records, sensitive research data, tax information, customer databases, legal documents, proprietary product information, or anything else that criminals would love to access—then you are at risk and should learn how to prevent ransomware. Small businesses with many clients are the most vulnerable for ransomware attacks. Don’t be forced to pay to get your data back—instead, be proactive in order to protect it adequately.

The Problem With “Off-The-Shelf” Protection

Consumer-grade, off-the-shelf (COTS) cybersecurity products are widely available on the marketplace. At first glance they can seem appealing to small business owners. These COTS options tend to be free or low-cost; they may be conveniently bundled with other business software. They may also be pre-installed, “standard” features on new devices or laptops that you purchase from the manufacturer, or they are recommended by your managed service provider. Seems suitable for a business owner who is working with a limited technology budget, right?

But cybersecurity insiders and hackers know that COTS solutions have a lot of gaps that can actually leave companies vulnerable. They simply don’t protect businesses at the same level as top-tier cybersecurity solutions.

For example, consumer-grade tools are typically updated about once or twice a month. First, the manufacturer has to create the update and make it available. Next, the end user needs to see that the update is available, and manually update their device—or, if they are an IT director at a company, they will manually update many devices. Unfortunately, two or three weeks is too long for a business owner to be left vulnerable—when new threats are being created on a daily basis. The cybersecurity solution that was updated a month ago just can’t recognize or respond to a threat that was deployed yesterday.

This article on the U.S. Cybersecurity Infrastructure & Security Agency (CISA) website explains why COTS software is generally an attractive target for cybercriminals:

“… the major COTS packages typically manage important information and connect to more systems…  Further, the information and experience obtained in one attack can be used again on the same package elsewhere.” – Craig Miller, Cigital, Inc.

Smarter Tools, Quicker Updates

By contrast, the latest generation of cybersecurity tools are updated constantly. They utilize the latest technologies—such as real-time threat intelligence, advanced analytics, and machine learning/AI—to proactively anticipate and respond to threats. Sophisticated cybersecurity tools don’t just react to known threats, but they also prepare for unknown threats (a.k.a. “zero-day exploits”) that occur on the same day that a software weakness is identified.

Many of today’s most crippling cyberattacks are coming from new threats being created every day. The best way to guard against these unknown variables is to deploy a solution that is constantly on the lookout for these unknown variables. For example, Ostra is constantly monitoring and collecting threat intelligence info from around the globe to provide automatic updates all our clients within minutes. Ostra’s solution is customized and automated, so our clients do not have to spend time maintaining it.

Are You Ransomware Bait?

Another reason every business owner needs to make cybersecurity a priority is because of business liability issues. Laws are expanding on a daily basis in terms of the data that businesses are legally expected to protect.

Dealing with ransomware is a great example of a liability that many business owners do not prepare for—until it’s too late. Have you ever been locked out of your house or car? It’s pretty inconvenient. Now imagine getting locked out of your business because of a ransomware event. Suddenly you cannot make or receive payments, communicate with clients, or even access important files.

In addition to your company’s data, any customer information on your system is now being held hostage as well, unless you pay the criminal to get it all back. Learning how to prevent ransomware is key. (Preventing ransomware is one of the reasons our company was founded—read more about the Ransomware Attack that Sparked Ostra Cybersecurity.)

A comprehensive cybersecurity strategy, paired with the best technology, can help you avoid these liabilities.

Building an Effective Cybersecurity Strategy

There are three important steps that every business can take to effectively protect against cyberattacks.

Step 1: Develop an overall cybersecurity strategy.

Business owners should never have a false sense of security by relying on technology alone to protect their data and systems. For example, Ostra’s best-in-class approach to technology combined with multiple layers of defense will go a long way in protecting your business—but technology is not the only piece of the puzzle. In addition to choosing the right technology, business owners should also develop an overall cybersecurity strategy that includes:

  • Conducting cybersecurity assessments to find gaps in vulnerability
  • Providing regular, ongoing cybersecurity training for employees
  • Putting cybersecurity policies in place to protect your organization

Step 2: Back up your data (and keep backups in a safe place).

This is a bit like fire insurance—you hope you’ll never need it. But the U.S. government recently issued an Alert urging businesses to help prevent business disruptions caused by ransomware attacks. In addition to regular data backups, make sure you isolate those backups from all of your network connections.

Step 3: Use multiple layers of high-caliber defense.

Cybersecurity is a very broad category that can cover a lot of different areas. Make sure all of those are covered (keep reading below for the top 6 things to look for in a cybersecurity solution). For example, while it is great to pay for the perfect firewall, you still have a lot of vulnerabilities if your email, mobile devices, or cloud applications are not protected.

Building a comprehensive cybersecurity strategy involves more than installing the right products or working with the right partners. Make sure that you have those other safeguards in place as well.

Top 6 things to look for in a cybersecurity/MSSP solution

Working with a Managed Security Services Provider (MSSP) is one important piece that should fit in with your overall cybersecurity strategy, in order to help with managed detection and response to threats. Once you realize that a multi-layered approach is needed, the next step is to decide which areas are the most important to address.

I recommend covering your bases in the following areas:

  1. Have a Security Operations Center (SOC) and Security Information & Event Management (SIEM) system in place. Ideally, you want 24/7 monitoring, combined with technology that provides the latest threat intelligence and insights from the front lines. Employing SOC & SIEM gives you the added protection of on-call staff that can provide full support that includes investigating and remediating all of the alerts. . This will ensure you have the best protocols, cybersecurity experts and technologies to stay ahead of future attacks, while also providing analysis that helps you learn from past threats.
  2. Provide employees with Email Threat Prevention (ETP). Email is the number one vehicle for data breaches. Effective ETP will include advanced URL defense against credential phishing and impersonation. It should utilize machine learning, AI and analytics to identify and block both known threats and new, malicious campaigns.
  3. Pay attention to Endpoint Security, Antivirus (AV) and Malware Protection. Your solution should effectively block threats, secure your data and intellectual property, and provide a system that can isolate a device if it detects a threat so it cannot spread across your network. It should use intelligence-led, real-time detection to cover all access points—laptops, desktops, servers and more.
  4. Choose your Firewall and VPN Configuring the firewall is a complex process, so make sure it is done well, and by a professional. An effective Firewall and VPN will automatically detect and prevent “zero-day” (brand new) exploits and various types of malware, as well as known threats. You’ll also want a solution that offers automated, intelligent policy recommendations and machine learning-powered visibility across your IoT and other connected devices.
  5. Select the right Cloud Security (CASB) for cloud-based apps, software and services. Successfully protecting information (with automatic blocking, quarantining or encrypting data) helps companies maintain legal compliance in the cloud without impacting productivity and cost. Your CASB solution should allow you to govern cloud and web use for all users whether they are on-premises, mobile or remote.
  6. Don’t forget about Mobile. With more employees staying connected to work email and networks via smartphones, mobile security has never been more important. Make sure you have a mobile security (MDM) solution that can seamlessly integrate with your existing architecture to protect apps, documents, content and data on any device (using any operating system) from a single platform.

Why is Third-Party Validation Important?

When business owners are assessing cybersecurity solutions, it’s also important to look for third-party validation. This is the process of getting an independent, third-party source to test your product or solution and make sure it does what is claimed.

For example, in this article about the importance of third-party validation for cyber solutions, one industry expert noted:

“…without in-depth testing no-one really knows whether or not an Endpoint Detection and Response (EDR) agent can do what it is intended.”- Simon Edwards, founder and director at SE Labs:

Choose to work with a partner whose goal is to safeguard your company, and not just to sell a particular program or technology solution. There are many great products and organizations in the cybersecurity space, so make sure the one you select has a vested interest in protecting your business and your clients.

Ostra’s approach to cybersecurity

Ostra’s expert team understands how cybersecurity works at large corporations, so we know how to leverage top-tier tools and technologies to create the best sphere of protection possible. Our dedicated experts are constantly monitoring and assessing the best tools available on the market. This allows us to create a solution using the same resources Fortune 100 companies use, but we’ve made it simple, accessible and affordable for small and medium businesses.

In the process of building Ostra’s Cybersecurity solution, we have also been fortunate to work closely with some outstanding tech companies—some of the biggest and best in the world—who are continually evolving with the constantly changing cybersecurity landscape. Combining these best-in-class tools across every category of cybersecurity enables us to protect our clients with a holistic solution.

Ostra is continuously evaluating the marketplace to see who can fit that space, to make sure that our solution is up-to-date with the latest and best features to protect your business. Our highest priority is delivering a high quality, simple-to-use, efficient cybersecurity solution that allows our clients to “set it and forget it.”

 

Learn more about how to prevent ransomware, types of malware and more. Contact our team today for a free assessment to see what vulnerabilities may exist for your business or clients.

Paul Dobbins

Ostra Simplifies Cybersecurity for our Channel Partners

/in /by

Navigating the many facets of cybersecurity can be a daunting task for today’s businesses. It takes precious time and resources to evaluate the many solutions, products and specialized technology services for businesses that want to learn how to prevent ransomware, protect against types of malware, and provide cloud data protection.

Ostra Cybersecurity’s Channel Partner Program is designed to help our network of IT service providers enhance value for their small to medium-sized business clients by offering comprehensive data protection solutions. We work with Managed Service Providers (MSPs), consultants, incident response firms, assessment firms and others who need to deliver best-in-class security solutions for their SMB clients as part of a broader IT services strategy.

All businesses—including IT service providers—are faced with the reality of limited resources while they face an exponentially-growing need for security and cloud data protection. Orchestrating a robust defense against ransomware and various types of malware impacts costs, personnel, and other resources within the organization.

“When you look at all the different cybersecurity products out on the market, it can be a daunting task,” said Paul Dobbins, Ostra’s Chief Growth Officer. “What Ostra strives to do is break down the silos between all the different products and services, and make sure that they’re all working together and in conjunction with each other in one, simplified solution.”

Leading the Way

At its core, Ostra aims to simplify cybersecurity for small and medium-sized businesses. We work with a vast array of trusted partners—MSPs, IT consultants, incident response firms and assessment firms—that serve businesses every day. Ostra provides the cybersecurity education, tools and ongoing support so our channel partners and their customers can truly set it and forget it. We even take care of all the product updates, so there’s nothing to worry about.

Ostra has already blazed the trail to help channel partners provide Fortune-100 quality cybersecurity to their end users. We hand-picked the best technologies, configured and tested them thoroughly in every environment imaginable, and added our proprietary programming to build an ideal solution. Ostra’s simple, easy-to-install platform brings immediate results—for cloud data protection, prevention of ransomware, protection from the many types of malware, defenses against phishing schemes and more—to businesses of all sizes.

By making cybersecurity technology simple, comprehensive and accessible to business of all sizes, Ostra is helping create a world with greater data privacy and protection for all of us.

Reach out to our team today to start simplifying cybersecurity for both your firm and your clients.

Ostra Cybersecurity's Channel Partner Program
Paul Dobbins

Ostra Cybersecurity Empowers Channel Partners to Better Protect Small Businesses

/in /by

Out of all the reasons I was excited to join Ostra Cybersecurity, what really drew me in was the company’s mission: to simplify cybersecurity for small and medium-sized businesses. I was inspired by Ostra’s commitment to making multi-layered cybersecurity—powered by the same technology the world’s largest companies rely on—more accessible and tailor-made to fit smaller businesses.

That’s why I was eager to throw my two decades of leadership experience behind the growth and expansion of Ostra’s Channel Partner Program. After all, when it comes to fulfilling Ostra’s mission, what better way to help smaller businesses simplify cybersecurity than to work with the trusted advisors who are already serving them, day in and day out?

Through Ostra’s Channel Partner Program, we work with Managed Service Providers (MSPs), consultants, incident response firms, assessment firms and others who need to deliver best-in-class security solutions for their SMB clients as part of a broader IT services strategy.

Crushing the Silos that Frustrate Tech Providers

Today’s IT service providers have a lot on their plates. They are responsible for delivering a number of critical services to clients—including network, application, infrastructure and security services. It can become difficult, especially within fast-growing organizations, to maintain their expert-level knowledge while staying agile and able to quickly navigate in and out of these various specialty areas. Small and mid-sized business leaders want a partner who knows how to prevent ransomware, understands the types of malware attacking their systems, and ultimately give them the best cloud data protection.

We know technology silos can be a significant barrier for service providers in terms of their productivity. Adequately protecting clients from this growing landscape of cybersecurity threats can be exceptionally daunting. According to the State of Cybersecurity 2020 Report from CompTIA, cybersecurity practices are becoming more formal—meaning today’s companies have a greater need for more advanced technology, more detailed processes, and more comprehensive education. Now, companies are formalizing their approach to areas like risk management and threat intelligence. New frameworks are emerging to structure these best practices. This makes comprehensive security, in itself, a highly complex and difficult thing for service providers to manage for their clients, along with all the other things that clients need from them.

To complicate matters, the market is in no shortage of cybersecurity tools and solutions. For example, did you know that the average enterprise uses 80 different technology products from 40 vendors? In this article, a technology executive at IBM Security Systems states:

“Security professionals are increasingly taking on the role of investigator, sorting through multiple data sources to track down slippery foes. Third-party integration tools don’t exist, so the customer is responsible for bringing together data from multiple sources and applying insights across an increasingly complex environment.”

– Dr. Sridhar Muppidi, IBM Fellow and CTO, IBM Security Systems

 

When service providers have to sift through all the different solutions, products and services that are on the market today, it can be an intimidating task to find and recommend the ideal cybersecurity mix for each client.

Things to consider might include:

  • PROTECTION POINTS: Where is the client vulnerable? What provider or service do they need for email protection? Endpoint protection? Protecting against types of malware? Knowing how to prevent ransomware? Applications for cloud data protection? Mobile devices? Firewall?
  • COST: How much will it cost to acquire each of these products or services? How many different relationships or subscriptions will be needed?
  • EFFORT: How much time and resources will it take to maintain each unique solution, and to make sure they are all working together properly?
  • COMPATIBILITY: Will each solution integrate well with other systems and software that the client is using?
  • USABILITY: How will the cybersecurity implementation impact employees? Will it be visible to website visitors? Are there any downtime issues or service gaps to navigate?

So how might an IT service provider or MSP, tasked with so many other important responsibilities, manage cybersecurity more effectively for clients?

Fortunately, service providers don’t have to tackle the complexities of cybersecurity on their own. Ostra strives to break down these silos that exist between all the different products and services. We do all the legwork to make sure every technology layer is functioning correctly, and in conjunction with each other. And the best news? Ostra’s comprehensive data protection packages are quick and easy for Channel Partners to implement for their customers.

Ostra takes all the guesswork out—so our Channel Partners don’t have the burden of trying to research the best endpoint protection, or the best email protection, or the best VPN or firewall. Our team of experts have already found the best resources, tested them, added our proprietary programming to build the ideal solution, and packaged it all into one simple platform available to businesses of all sizes. Ostra can tailor the solution to meet the complexity of the client. Not only that, but Ostra continues to manage the solution on top of everything else—so our Channel Partners don’t even have to worry about updates.

Be the trusted IT advisor with simplified cybersecurity

Most managed service providers need to collaborate with other specialists and technology vendors to make sure each aspect of the cybersecurity matrix is covering the clients’ protection points. Of course, this takes a lot of time and resources, and pulls service providers away from their core competency and managing other aspects of clients’ technology requirements.

Ostra eliminates the need for service providers to cobble together cybersecurity solutions on their own. Our unique, proprietary infrastructure and architecture offers a comprehensive 24/7, 360-degree cybersecurity package that leverages the most secure and proven platforms available today. This means IT providers can focus more on being a trusted advisor to their clients, and less on managing the tactical side of cybersecurity.

Based on our expertise in building and deploying Fortune 100-level security technology, Ostra has created behind-the-scenes tools that automate a lot of the processes that need to come together in cybersecurity. This helps us provide the right level of protection, in a very cost-effective way, to small and medium-sized businesses.

While other tools offer only a partial solution or fractional approach to cybersecurity, Ostra is the only solution of its caliber to offer an integrated and comprehensive suite of cybersecurity solutions. We eliminate that hassle and pain point. We have the solution that prevents ransomware, protects against the many types of malware and provides cloud data protection. Our goal is to make everything simple and serve as the “one-stop-shop” for our Channel Partners and their clients.

After a very simple onboarding and set up process, Ostra’s solutions run behind the scenes with zero downtime for employees or customers. The technology is there, it works the way it should, and nobody has to worry about it—which means that service providers can move on to other important work. Ostra also provides our Channel Partners with educational resources, training, sales and marketing tools, and ongoing support to ensure that their clients get exactly what they need.

When they work with Ostra, service providers can set it and forget it—taking cybersecurity off the to-do list for both themselves and the clients they are protecting.

Building a Community of Trusted Channel Partners

From a channel partner perspective, Ostra strives to work with people who understand the efficiencies that can be developed—in terms of time, energy, and resources– when working with a cybersecurity expert who has the capacity to build and maintain a solution. We believe that Channel Partners are always looking for added value that they can pass on to their customers—and Ostra helps them do just that.

When they count on Ostra as their Trusted Cybersecurity Team, it allows them to deliver security solutions with enhanced value and much needed protection for their small and medium-sized business clients.

Ostra is building a vast array of Channel Partners across the entire spectrum of cybersecurity needs, and they play a critical role in helping Ostra bring this Fortune 100-level security protection to businesses of all sizes. And, since our solution is constantly updated, we always have the world’s best threat intelligence behind our tools. That means our Channel Partners can count on Ostra for the latest and greatest threat protection for their customers.

Curious about the benefits of becoming a Channel Partner? Contact us today to learn how Ostra can simplify cybersecurity for your firm, and let’s make world-class data protection more accessible for your clients.

The Ostra Cybersecurity Approach

With Ostra Cybersecurity comes a team of experts in the field of relationship management, IT integrations and decades of combined cybersecurity expertise. We operate behind the scenes to protect businesses by managing Detection and Response before threats get in. This saves companies time and tens of thousands of dollars dealing with costly problems associated with simply reacting to threats and data breaches after they occur. By making cybersecurity technology simple, holistic and accessible to business of all sizes, Ostra is helping create a world with greater data privacy and protection for all of us.

Read more about The Ransomware Attack that Sparked Ostra Cybersecurity, and learn about how to prevent ransomware, the various types of malware, data cloud protection and more.

Ostra Strategic Partnership Director Mike Barlow
Stacey Kusnier

Ostra Cybersecurity Ramps for Rapid Growth in Channel Partner Market with New Director of Strategic Partnerships Mike Barlow

/in /by

Ostra Cybersecurity, a leading provider of world-class cybersecurity solutions tailored for small and medium-sized businesses, is pleased to introduce Mike Barlow as its new Director of Strategic Partnerships. This latest hire signals the company’s commitment to leveraging channel partners to fuel its robust growth strategy in 2021 and beyond.

Ostra Cybersecurity’s channel partner program is designed to help its network of consultants, IT and Managed Service Providers (MSPs) enhance value for their small to medium-sized business clients by offering comprehensive data protection solutions. As a sales leader, Barlow will focus on strengthening Ostra’s current strategic alliances and jump-starting the long-term success of new channel partners. Barlow has spent more than 15 years in national sales and strategic account management in the security and credit protection markets. He is skilled at implementing growth strategies and fostering authentic, long-lasting relationships with internal and external partners.

“Mike has an exceptional leadership record of building successful strategic partnerships that accelerate growth,” said Paul Dobbins, Chief Growth Officer at Ostra Cybersecurity. “We are intensely focused on reaching more customers through high-quality channel partners, and Mike will play a pivotal role in helping us reach new milestones of success. We’re thrilled to welcome him to the team at this exciting stage of our journey.”

Barlow comes to Ostra with a strong background in sales development and training. He enjoys helping strategic partners refine their sales planning process to increase revenue. Most recently, he worked in sales management roles at Scorpion Security Products, a provider of anti-theft devices & security solutions for the retail industry. Additionally, Barlow was a sales manager at Fortegra, a leader in credit protection/insurance/warranty products. He also gained sales and account management experience at T-Mobile and Verizon, as well as ProtectCELL, a pioneer in handset protection.

Ostra’s market niche is ensuring that top-notch data security solutions are accessible for small and medium-sized businesses. Many of today’s organizations are navigating massive changes in their virtual workforces, IT infrastructure and data security regulations. Ostra Cybersecurity’s technology suite—combined with the service expertise of its channel partners—deliver a comprehensive solution that addresses a unique set of specialized IT challenges facing business owners today.

“I am looking forward to building mutually rewarding connections that will expand Ostra’s user base and help more businesses get access to comprehensive data protection,” Barlow said. “This is an exciting opportunity to develop strategies and partnerships to help Ostra reach the next level of success.”

Connect with Mike on LinkedIn, or email him at mike.barlow@ostra.net.

cybersecurity transformation cityscape
Ostra Cybersecurity

How to Accelerate Cybersecurity Transformation for Small Business

/in , /by

The acceleration of technology and cybersecurity transformation has left many organizations unprepared. The migration of entire work teams from traditional offices to virtual teaming is daunting when there’s time to plan, catastrophic when pushed upon companies in response to COVID-19. Considering cybersecurity measures has never been so challenging, and so very important to preventing ransomware, protecting from malware, and establishing protocols for cloud data protection.

No business has faced a harsher reality than small and mid-sized businesses. Companies who cannot afford a CISO (Chief Information Security Officer) are left to read between the lines of numerous promotions and promises from various software and consulting companies promoting their individual solutions.

Gartner says COVID-19 is still top challenge for most organizations

Though a shortage of technical, security and IT personnel is problematic, and the rapid migration to cloud computing is challenging, Gartner states that “responding to COVID-19 remains the biggest challenge for most security organizations in 2020.” Beyond 2020, companies are still reeling from the digitization acceleration they were unprepared to tackle – and smaller companies need to find solutions that work like the big guys but are manageable for the little guys. In the Gartner Top 9 Security and Risk Trends for 2020, threat detection and response capability improvements took the #1 trend spot. It is not enough to respond after a threat has been made or a hack has begun, technology needs to detect, prevent and protect businesses from a cyber-attack.

Additionally, Gartner trends data privacy in the #5 spot. Privacy is no longer just a compliance, legal or auditing issue according to Gartner, it is an “influential, defined discipline of its own affecting almost all aspects of an organization.” Protection of data and privacy integrated in an overall cybersecurity transformation plan is essential for small business. So, who is providing Fortune 500 solutions in ways that are attainable to smaller sized businesses?

Gartner says now is the time to accelerate cybersecurity transformation

According to Gartner’s article, Why Now is the Time to Accelerate Digital, “organizations have to change, now. There is no option to continue on as they have. It has to be done to preserve the business and the future of the business.” Cybersecurity is a key part of the digital transformation that smaller companies must adopt and prioritize for their health and well-being.

Gartner suggests organizations apply digital business acceleration in these five dimensions:

  • The “everything customer,” who requires both deep personalization and ironclad privacy
  • Right-scoped growth, which may involve new customer segments and the abandonment of incumbent value propositions
  • A composable technology foundation that balances efficiency with resilience
  • An adaptable workforce, equipped with the skills, processes, information and autonomy to flex in the face of disruption
  • Any-scale operations that can spin up and down with demand and unforeseen circumstances

Ostra stands ready to help small business with digital transformation

“With cyber-attacks and security breaches on the rise, the need for better cybersecurity solutions and real system protection is no longer something to think about for the future,” said Michael Kennedy, Founder of Ostra Cybersecurity. Kennedy and his executive team, Joe Johnson and Paul Dobbins, have made it their mission to combine the best Fortune 500 technology into an easy-to-use suite of services manageable for smaller companies.

Seeing the opportunity to help smaller companies, Ostra went even further in its mission and designed a go-to-market strategy that marries them with the best technology companies already providing products and services to the small and mid-sized business market – Ostra’s channel partners.

“Our goal is to enable small to medium-sized business to have the cybersecurity protection we see larger organizations spend millions on each year,” said Kennedy. “Even better, to put our combined cybersecurity solution in the hands of the most reputable companies serving small businesses with IT solutions means that Ostra Cybersecurity’s positive impact for small business owners multiplies. We are taking down the barriers that stop small businesses from protecting their data, their systems, their employees, and their customers.”

An Ostra Cybersecurity solution can scale with a business, protect customer privacy, enable an adaptable workforce and be part of the technology foundation that sets a company up for long-term success.

Ostra Cybersecurity – Solving Problems Before They Happen

With Ostra Cybersecurity comes a team of experts in the field of relationship management, IT integrations and decades of combined cyber security expertise. We operate behind the scenes to protect businesses by managing Detection and Response before threats get in. This saves our clients time and tens of thousands of dollars dealing with costly problems associated with simply reacting to threats and data breaches after they occur.

Ostra makes it manageable for small companies to have access to Fortune 100 services and to understand how to prevent ransomware from infiltrating their systems. Ostra provides cloud data protection to avoid the various types of malware. Waiting until an attack happens is not a sound strategy, and we have made it our mission to provide data protection services to companies of all sizes.

By making cybersecurity technology simple, comprehensive, and accessible to business of all sizes, Ostra is helping create a world with greater data privacy and protection for all of us.

Ready to chart your path to cybersecurity transformation? Start by scheduling a free security audit with our team today.

 

READ: The Ransomware Attack that Sparked Ostra Cybersecurity

WATCH: Michael Kennedy: Ostra Cybersecurity’s Origin Story [Video]

Ransomware Attack
Michael Kennedy

The Ransomware Attack that Sparked Ostra Cybersecurity

/in , /by

With cyber-attacks and security breaches on the rise, the need for better cybersecurity solutions and reputable data protection services is no longer something to “think about for the future.” While large companies spend millions of dollars protecting their digital assets, small and mid-sized companies struggle to find solutions that work and are both affordable and maintainable.

The market is full of “free” and “low-cost” tools that trap business owners – requiring them to purchase additional products and services to maintain security, or actually infecting their systems with malicious viruses designed to steal their information. Too many small businesses take steps to protect themselves only to learn software they trusted has led to a virus, ransomware attack or keylogger data theft. The challenge is real, and it became our mission to develop a solution to protect the little guys.

With a background in IT project management, mergers and acquisitions, leadership consulting, and organizational development – I enjoy finding new ideas and building new businesses. But cybersecurity was not on my radar until I led a $100 million global security initiative for a Fortune 10 company. A combination of industry connections and personal experiences challenged me to protect small businesses from the growing threat of online attackers.

Listening to the industry beg for knowledge of how to prevent ransomware and seeking affordable data protection services motivated me to develop a better way for companies of all sizes to have effective cloud data protection.

The Ransomware Attack that Sparked Ostra Cybersecurity

Several years ago, while sitting around a firepit at deer camp, a good friend began sharing a story about the cyberattack his company was currently facing. His company was in the midst of a ransomware event – someone was holding their data hostage for payment. I was asking him questions like, “What are you going to do? How will you stop it?” His reply stopped me in my tracks. He said there’s nothing they could do … they simply had to pay the ransom.

Digging further I learned he had called the FBI, but unfortunately the ransom amount was “small enough” that it wasn’t something the FBI would pursue. My friend’s company paid several hundred thousand dollars to get their data back. That ransomware attack could have been prevented if smaller companies only had access to the same security protection as the Fortune 100.

I do not consider myself a cybersecurity expert, but I am extremely passionate about taking care of business data the same way I want to protect my own family and friends. Listening to him struggle with a ransomware attack that was preventable, entirely avoidable – that really solidified it for me. We need to educate people. We need to provide the tools. There IS a better way for small business to be protected … it just requires the right layered approach to security.

Listen to Ostra Cybersecurity’s origin story in this video blog >>

Ostra’s Beginnings

Tapping into the knowledge and expertise of my professional connections, I began to evaluate how the small business market was looking at cybersecurity. To my chagrin, the market was flooded non-cohesive solutions for security assessments, virus software, and firewall and endpoint protection. You would never find a Fortune 100 company using bits and pieces of cybersecurity, and certainly not trusting free tools.

This is why Ostra Cybersecurity was founded – to build a company on a mission to provide big company tools in a cost-effective and manageable way for every company to adopt and manage. The tools are available, but the know-how to bring them together in a suite of services that is affordable for companies of all sizes … that was the challenge.

Our goal is to enable small to medium-sized business to have the cybersecurity protection we see larger organizations spend millions on each year. Even better, to put our combined cybersecurity solution in the hands of the most reputable companies serving small businesses with IT solutions means that Ostra Cybersecurity’s positive impact for small business owners multiplies. We are taking down the barriers that stop small businesses from protecting their data, their systems, their employees and their customers.

The Concept Behind Ostra’s “Suite of Services”

ostra-cybersecurity-suite-of-servicesBack to the idea of protecting your home with a security system … if you put locks on the windows and doors, but then leave them wide open – your home is not secure. Many of the so-called “enterprise” solutions are like door locks – they only work if they are engaged. We believe in layered solutions that watch and pay attention regardless of whether the window or door is locked … that let you know if you’ve left something open.

We’ve designed a system – a suite of services – providing small and mid-sized companies real protection, just like the big guys deliver for the Fortune 100. We have multiple security tools in place, run constant simulations, have firewalls watching for types of malware, IPS (intrusion prevention system), anti-virus solutions, email security protection … and we have all these systems talking to each other in real-time. THAT is layered data protection services that work for small business.

Avoid Cyber-Actors, Follow Industry Leaders

Many companies push their enterprise-level solutions, enterprise meaning sized for Fortune 500 or Fortune 1000 level organizations and not sized for small to medium-sized business, or home office solutions. Additionally, lesser solutions promote themselves as “enterprise” even when they don’t meet the standard set by industry-leading technology groups and independent researchers like Gartner.

In March 2021, Gartner published a digital article called “Organizations who recognize the value of a security leader, but can’t afford a traditional CISO should consider virtual options.” This article discusses the emerging recognition of smaller companies to be more strategic regarding cybersecurity and the necessity to have a leader, a CISO, responsible for guiding company cybersecurity protocol.

A CISO is the chief information security officer for a company – large companies can easily pay the $200 – $500K average salaries for these strategic security leaders, but what about companies that can’t? Gartner’s article goes on to encourage smaller companies to consider a “virtual CISO,” and lists ways that companies can pursue industry standard cybersecurity at an affordable price.

(From Gartner Article) At the most basic level, virtual CISO offerings are a hybrid of:

  1. Traditional staff augmentation, involving an on-site or virtual presence in meetings, events, operations and strategy planning
  2. Consultative engagement and management to drive creation and implementation of security and risk program artifacts, such as strategic and tactical roadmaps, architecture and policy, and to run risk management and risk assessment processes
  3. Project management of architecting and deploying security and risk solutions
  4. Coaching or advisory services to train full-time staff on how to leverage created artifacts, develop communicating plans and train the next generation of security and risk leaders

Ostra Cybersecurity – Solving Problems Before They Happen

With Ostra Cybersecurity comes a team of experts in the field of relationship management, IT integrations and decades of combined cyber security expertise. We operate behind the scenes to protect businesses by managing Detection and Response before threats get in. This saves our clients time and tens of thousands of dollars dealing with costly problems associated with simply reacting to threats and data breaches after they occur.

Ostra makes it manageable for small companies to have access to Fortune 1000 services and to understand how to prevent ransomware from infiltrating their systems. We provide cloud data protection to avoid the various types of malware. Waiting until an attack happens isn’t a sound strategy, and we have made it our mission to provide data protection services to companies of all sizes.

By making cybersecurity technology simple, comprehensive and accessible to business of all sizes, Ostra is helping create a world with greater data privacy and protection for all of us.

Start taking a proactive approach to cybersecurity by scheduling a free security audit with our expert team today.

Cybersecurity: Frequently Asked Questions

What is cybersecurity?

Cybersecurity is the protection of computers and systems from attacks. Just like protecting your home by investing in a security system with cameras and sensors, cybersecurity protects your company’s systems, computers and data from hackers. The right solution will protect your personal information, customer lists and financial details from “cyber actors” who are constantly roaming the web looking for unprotected assets. Mike Kennedy, Founder of Ostra

What is ransomware?

Want to understand how to prevent ransomware? It starts with understanding the threat. The Cybersecurity and Infrastructure Security Agency (CISA) defines ransomware as: an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.

What are the types of Malware?

According to Cisco, Malware is intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.” Examples of common malware includes viruses, worms, Trojan viruses, spyware, adware, and ransomware.

What is cloud data protection?

Companies large and small still struggle with the idea of data protection services, specifically cloud data protection. Is my data really safe in the cloud? Norton answers questions about cloud safety in this excerpt from Cloud Security: How Secure is Cloud Data?

The data that you save with cloud service providers may likely be safer than the information you’ve stored in your computer’s hard drive. Remember, hackers can use malware and phishing emails to get the information stored on your own devices. They might freeze your computer, demanding a ransom before they’ll release the files and data they’ve frozen.

The security measures undertaken by larger companies providing cloud services are likely to be more robust and powerful than what you have protecting your home computer and devices.

Ostra-Cybersecurity_Michael Kennedy_origin-story
Michael Kennedy

Michael Kennedy: Ostra Cybersecurity’s Origin Story [Video]

/in /by

In today’s constantly changing landscape of digital threats, having multi-layered cybersecurity protection is essential to fully protecting both data and customers. Yet, too many small businesses struggle with obtaining the vital cybersecurity resources they need. Michael Kennedy, founder of Ostra Cybersecurity, understands this reality better than most as a leading industry advocate for data privacy.

Throughout his career, Kennedy recognized that most companies outside the Fortune 500 did not have the enterprise-level protection for their most valuable asset, their data. This widening gap became even more apparent to Kennedy after a personal friend’s business experienced a devastating ransomware event. After hearing his friend share the severe impact it had on his small business and the lack of resources available to proactively protect against it, Kennedy knew he needed to do something to help others prevent these types of situations.

“At my core, I want to educate,” Kennedy said. “I don’t think people understand the importance around data privacy. The same way I would want to protect my personal information, is the same way I want to protect my business.”

Ostra was born in 2018 from Kennedy’s drive to increase awareness around data privacy and security. After more than 20 years of work for one of the world’s largest healthcare providers, he leveraged his strong reputation and relationships in the security industry to create a 360° best-in-class software solution—specifically designed to help small and medium-sized businesses proactively protect against known and unknown cybersecurity threats.

Our approach: Prevent problems before they happen

With Ostra comes a team of experts in the field of relationship management, IT integrations and decades of combined cyber security expertise. We operate behind the scenes to protect businesses by managing Detection and Response before threats get in. This saves our clients time and tens of thousands of dollars dealing with costly problems associated with simply reacting to threats and data breaches after they occur.

By making cybersecurity technology simple, comprehensive and accessible to business of all sizes, Ostra is helping create a world with greater data privacy and protection for all of us.

Start taking a proactive approach to cybersecurity by scheduling a free security audit with our team today.

types of malware
Ostra Cybersecurity

11 Types Of Malware + How To Detect & Remove Them

/in , /by

Taking care of your business’s data and sensitive information means staying vigilant against cybersecurity threats at all times. This is made more difficult each year, as new types of viruses, technologies, and methodologies for cybercriminals are created. For example, since its inception in the 70s, many variants of malware viruses have been created, amplifying the danger of cybersecurity threats for small and medium-sized businesses.

To help defend your organization against malware, we’ve crafted this guide of 11 of the most common types of malware and how to effectively get rid of them.

11 Types of Malware: How They Get in Your System, What They Do, & How to Get Rid of Them

types of malware

1. Ransomware

How it Gets in Your System: Phishing emails that contain malicious downloads or attachments are often the source of ransomware.

What it Does: Blocks access to a computer system or computer files until a sum of money is paid.

How to Get Rid of it: Unfortunately, paying the ransom is the easiest way to remove this malicious software. This makes prevention all the more important.

2. Spyware

How it Gets in Your System: This type of malware gets in through drive-by-downloads or another inadvertent action by an internal employee—such as clicking on a link in a phishing email.

What it Does: Steals internet usage data and sensitive information (credit card and bank account information, PII)

How to Get Rid of it: A spyware removal tool can be used, depending on the severity of the infection. More drastic actions may need to be taken if the virus is robust.

3. Adware

How it Gets in Your System: Enters via malicious apps or pops-ups that take advantage of browser vulnerabilities.

What it Does: Bombards your devices with unwanted advertisements on your computer, attempting to get you to download malicious software.

How to Get Rid of it: In some instances, you can simply uninstall the adware. With more serious adware issues, you’ll need to use anti-adware software to get rid of it.

4. Malvertising

How it Gets in Your System: An employee clicking on malicious ads that appear legitimate will cause malvertising to be downloaded onto the system.

What it Does: Attempts to inject malicious code that installs malware or adware on the user’s computer.

How to Get Rid of it: Delete any files that were downloaded, use a virus scanner, and eliminate. In some instances, you’ll need to work with a cybersecurity team to totally rid the computer of the virus.

5. Trojan Malware

How it Gets in Your System: A trojan virus will typically enter a system through a piece of malware attached to an email. The file, program, or application appears to come from a trusted source.

What it Does: Damage, disrupt, steal, or in general inflict harmful action on your data and network.

How to Get Rid of it: Installing an antivirus program that will search, isolate, and remove the virus is one of the best ways to get rid of a trojan virus.

6. Fileless Malware

How it Gets in Your System: Phishing emails are a common culprit for fileless malware. Unlike many other viruses, fileless malware doesn’t touch the hard drive but instead embeds itself into the memory.

What it Does: Gains access to your secure data and exploits it.

How to Get Rid of it: Fileless malware can be particularly difficult to purge from your system. Preventative measures are a must for this type of malware.

7. Worm Malware

How it Gets in Your System: Traditionally gains access to a system through a phishing email. It can also be inadvertently downloaded online.

What it Does: As a self-replicating virus, worm malware can quickly spread and wreak havoc on a company by gaining access to their valuable and private data.

How to Get Rid of it: Using a dedicated removal tool will assist in eradicating a worm virus in your system. If the virus has spread too fast, you may need to bring in some outside help.

8. Mobile Malware

How it Gets in Your System: Mobile malware is exactly what it sounds like—malware that gains access through a mobile device. This can be done by drive-by-downloads, trojan viruses, mobile phishing, and browser exploits.

What it Does: Gains access to private information and data.

How to Get Rid of it: Restoring your phone from an earlier back-up can potentially rid your mobile device of the malware.

9. Rootkit Malware

How it Gets in Your System: Often derive from unintentional downloads online. They are designed to remain hidden on your computer.

What it Does: Remotely control your computer to gain access to your system and data.

How to Get Rid of it: Because rootkit malware is difficult to detect and get rid of, this is another type of malware where prevention is key.

10. Keylogger Malware

How it Gets in Your System: Phishing emails and trojan viruses are two of the more prevalent ways in which keylogger malware infects a computer.

What it Does: A keylogger is a type of spyware that can be used to track and log the keys you strike on your keyboard, capturing any information typed—including PINs, credit card numbers, usernames, passwords, and more.

How to Get Rid of it: Anti-rootkit software is oftentimes your best bet when dealing with keylogger malware.

11. Bot Malware

How it Gets in Your System: Malicious pop-up ads or the downloading of dangerous software from a website are often the starting points of bot malware.

What it Does: Bot malware is a self-propagating malware capable of infecting its host and connecting it back to its central servers. Obtaining financial information, exploring back doors open by worms, content scraping, email address harvesting, and more can all be done by bot malware.

How to Get Rid of it: A robust antivirus software will need to be deployed to get rid of bot malware.

The Best Offense is a Good Defense

In order to best protect your business from malware, prevention methods must be integrated into your system. Ostra has Malware protection built into our integrated technology so threats are blocked before they get in.

Ostra’s multi-layered solutions make keeping your data safe simple, as it prevents viruses from compromising your system in the first place. Instead of piecing together a cybersecurity solution from multiple providers, you can choose Ostra and cover your emails, endpoints, mobile devices and your entire network with one centralized solution.

Ostra works around the clock to protect and secure your data. After all, cybercriminals don’t take days off—your cybersecurity solution shouldn’t either.

Reach out to Ostra to get started on combating malware and other cyber threats today.

glba compliance checklist
Ostra Cybersecurity

GLBA Compliance Checklist: 7 Steps to Comply With

/in , /by

When it comes to cybersecurity for financial institutions, creating a system that is GLBA compliant is essential. To ensure that your company is in-line with GLBA, here are seven steps to follow, as well as how Ostra can help protect your data. 

The Gramm-Leach-Bliley Act (GLB Act or GLBA) is a set of laws that financial institutions must keep up with if they want to avoid serious penalties. Enacted in 1999, GLBA is a federal act that controls how financial institutions deal with individuals’ private information

GLBA consists of three distinct sections that financial institutions be careful to follow:

  • The Financial Privacy Rule – Regulates the collection and disclosure of private financial information
  • The Safeguards Rule – Stipulates that financial institutions must implement security programs to protect such information
  • The Pretexting Provisions – Prohibit the practice of pretexting (accessing private information using false pretenses)

In addition, GLBA requires that financial institutions give their customers a written privacy notice that explains in detail their information-sharing practices.

GLBA Compliance Checklist

1. Understand GLBA and How it Affects Your Organization

First and foremost, it’s crucial that you review GLBA in its entirety. Many business owners will sit down with a lawyer and review the act in detail. This will help you gain a better understanding of how it applies to your financial institution. Understanding is always the first step towards compliance.

2. Conduct a Robust Risk Assessment

It’s important to understand where your financial institution currently sits as it pertains to GLBA compliance. The best way to do this is to work with an external examiner that can help you pinpoint where any GLBA-related weaknesses reside.

3. Identify and Improve Upon Your Internal Controls (Working With a SaaS Provider)

Whether you’ve failed a GLBA compliance test in the past or want to ensure you pass your first one, working with an experienced cybersecurity SaaS (Software-as-a-Service) provider is one of the best ways to do so. A quality SaaS provider will be able to install cybersecurity software that can effectively check all the boxes of GLBA compliance.

For a smoother process of achieving GLBA compliance—and improving your internal controls—working with a team like Ostra is a must.

4. Put in Place Roadblocks for “Insider Threats”

While outside threats like cybercriminals and hackers should always be considered when creating a robust cybersecurity plan that covers GLBA compliance, they are far from the only ones you need to be worried about.

Employees accidentally or even maliciously comprising your customers’ or clients’ financial information is an even bigger threat. To ensure you avoid insider threats to your organization, be thorough in your employee recruitment and filter out potential security risks. Also, keep your employees up-to-date on the latest security best practices.

5. Make Sure All Your Service Providers Are GLBA Compliant

If you rely on any service providers to help carry out your own service for your customers or clients, you should ensure that they are GLBA compliant as well. Never assume that they are, and make sure that they provide proof that they are safe to work with.

6. Review and Revise Your Privacy Rule Requirements to Ensure Compliance

To meet the privacy rule requirements, you must provide customers with a “clear and conspicuous” privacy notice that describes in detail what information is collected and for what purpose. In some instances, you’ll also need to provide an annual disclosure to customers. If you’re failing to meet those requirements, revise your privacy rule requirements.

7. Assess and Update Your Disaster Recovery Plan

GLBA also requires an incident response plan. So, make sure you have an IT disaster recovery and business continuity plan in place to show that you have all the precautions in place to mitigate a disaster.

How Ostra Can Help Your Organization Achieve GLBA Compliance

It’s normal to feel stressed about ensuring your business is compliant with all these regulations. At Ostra, we regularly work with financial groups to help secure their provide data, and we how to fast track the process of becoming compliant with the Gramm Leach Bliley Act. By simply implementing Ostra within your system, you’ll be well on your way to achieving compliance. We’ll fill in any of the gaps to ensure your clients’ information is protected. That’s our promise.

To protect your customer data and improve your data security, contact us today.

data security
Ostra Cybersecurity

Data Security: Looking Ahead at 2021 Cybersecurity Strategies

/in , /by

The importance of data security has taken on new life in recent years. While initially an area of interest for industries like healthcare and financial services, our digital era has made data security something that all companies—regardless of what field they operate in—must integrate into their business plan. The cost of failing to do so can be detrimental to a company’s customers, bottom line, and reputation.

But, what does the future have in store for data security—in particular, what will it look like this year, in 2021? Before we get to that, it’s important to first look back at 2020 and the lasting impact it will forever have on cybersecurity going forward.

How the Coronavirus Pandemic Forever Changed Cybersecuritydata security

One of the most significant challenges of cybersecurity is accounting for all the endpoints and devices throughout your company. Securing all of your endpoints was made even more difficult as offices transitioned to remote work where employees connected from personal networks and devices.

As a result of remote working, cybersecurity threats and incidents skyrocketed. The FBI reported that cybercrime increased 400% during the initial months of the pandemic. Over the course of the year, ransomware attacks, phishing scams, and crypto-jacking all skyrocketed, growing by 252%. Simply put, maintaining a secure, robust cybersecurity approach is tough when employees are scattered throughout the country.

But, once the vaccine has been distributed to enough Americans, we can go back to working in our offices again, right? Well, not exactly. First, even when we reach herd immunity—which experts estimate to be somewhere around 50-80% of the population—it’ll still be quite some time before everyone is allowed back to their offices.

In addition, over 80% of business leaders plan on allowing partial work from the home structure after COVID, according to Gartner. While there have been many claims during COVID that suggested this or that as “the new normal,” remote working IS the new normal. Businesses have learned that their employees can still be productive while working remotely and that it is necessary to allow remote working conditions for employees that have families and live busy lives.

This all goes without mentioning the tools that cybercriminals now have at their disposal, which makes them difficult to thwart. Cyberthreats are getting more complex, as evidenced by the recent FireEye and Solarwinds breaches that tie back to Russia. Thanks in large part to the quick actions on FireEye’s part, the threat was able to be mitigated—proving that having systems in place to catch and contain breaches is essential. But, the point remains—these cybercriminals are getting smarter and, to some degree, more daring.

Protecting Your Business in 2021: Cybersecurity Strategies to Adopt That Will Keep Your Company Secure

data security

Move to the Cloud

One of the smartest moves you can make in 2021 to improve your company’s data security is adopting a cloud-based cybersecurity solution. In fact, we’re likely to see a huge burst in cloud adoption in 2021. A recent study by Next Pathway Inc. found that 65% of companies are making cloud migration a top priority in 2021.

With its many benefits and its overall convenience, the push for cloud adoption was inevitable. This includes the ability to grow with your organization, as well as allow your employees to access the data they need, regardless of where they are. A cloud-based cybersecurity solution also allows you to centralize your security.

Businesses that were already using cloud-based security were able to better protect their data in 2020. To ensure that you’re doing everything you can to keep your data secure, consider looking into cloud solutions in 2021.

Integrate a Proven Mobile Cybersecurity Solution

Mobile threats also accelerated during the COVID-19 pandemic, as cybercriminals saw them as another way to gain access to a company’s sensitive data. Employees have their emails linked to their smartphones, which provides another avenue for data thieves to gain access. In addition, smartphone owners also download apps onto their phones. If they aren’t careful, they may accidentally download a malicious app that can compromise one of your business’s network endpoints.

For these reasons, finding a cybersecurity solution that incorporates mobile security into its services is of the utmost importance. Because tablets are often used for business functions, they need to be protected as well.

To ensure that your employee’s mobile devices are secure, invest in a proven mobile cybersecurity solution this year.

Work With a Quality SaaS Provider 

The benefits of working with a Software-as-a-Service (SaaS) provider cannot be overstated. Perhaps most importantly, SaaS providers offer a way for companies that have fallen behind on their cybersecurity to get themselves up-to-speed fast.

Teaming up with a third-party cybersecurity team allows you to be proactive with your data security without sacrificing internal hours. You can focus on growing your company while your cybersecurity partner keeps your data safe. Working with a SaaS provider enables you to be more flexible internally with how you allocate your time and resources. Instead of building out an internal cybersecurity team, which can take months, if not years, in 2021, we’ll see more companies opting to work with a reputable, high-quality SaaS team.

Ostra’s Enterprise-Grade, Cost-Effective Solution is Perfect For SMBs

It’s clear that 2020 forced companies to take a long hard look at their security measures, with the above strategies being just some of the many moves we’ll see this year.

This pivot to a more robust cybersecurity plan is especially true for small and medium-sized businesses that didn’t have the resources to make the switch to remote working as seamlessly as large companies. If you want to avoid becoming a headline in 2021 for a cybersecurity breach, then you need to ensure that your data is protected from all angles and devices, it’s essential to integrate a robust, comprehensive cybersecurity plan into your system.

At Ostra, our mission is to provide best-in-class data protection for businesses, which means effectively stopping known and unknown internet threats from getting at your protected data. Our services cover mobile devices, endpoints, firewalls, email security, and cloud solutions.

We believe that everyone is entitled to quality, professional-grade cybersecurity. That’s why we offer cost-effective, enterprise-grade cybersecurity solutions for SMBs.

To get started on integrating proactive data security solutions,  reach out to Ostra today.

Ostra Cybersecurity Chief Growth Officer Paul Dobbins
Stacey Kusnier

PRESS RELEASE: Ostra Names Paul Dobbins as Chief Growth Officer

/in /by

Leading cybersecurity provider kicks growth into high gear serving small and mid-market businesses with best-in-class data protection.

[Minnetonka, Minn., Jan. 12, 2021] — Ostra, an industry leader in cybersecurity solutions, is excited to announce Paul Dobbins has joined the company as Chief Growth Officer. Dobbins will focus on strategic growth initiatives while expanding Ostra’s position as the best-in-class data protection provider for small and medium-sized businesses. He will oversee sales, marketing, partnership experience and go-to-market strategy.

“This is a very exciting time for us, and Paul is just the type of leader we need to take our company to the next level,” said Ostra President Joe Johnson. “Drawing on his years of leadership and experience growing early-stage companies, he will provide fresh and invaluable insight to our positioning strategy as we continue to innovate and accelerate our company’s rapid growth.”

Dobbins has spent the last 17 years building and leading successful sales, marketing and support teams for startups and billion-dollar corporations across multiple industries. Previously, Paul worked for startup and industry-disruptor ProtectCELL, where he held various leadership positions during its meteoric rise to an Inc. 500 fastest growing company and eventual sale to Fortegra, a billion-dollar specialty insurance company. He continued in various leadership positions within Fortegra’s warranty team, helping it transform into a significant growth engine for the company.

Cybersecurity is essential for the small business community to address. According to Small Business Trends and the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR), nearly one-third of data breaches in 2020 involved small businesses. Ostra’s mission is to provide affordable data security solutions to small businesses who are experiencing massive change in their virtual workforces, expanding IT infrastructure and increased data security regulations.

“It’s truly exciting to offer SMBs an affordable, multi-faceted, comprehensive security solution unlike anything ever seen in the market,” said Paul Dobbins, Ostra Chief Growth Officer. “With Ostra and its proprietary infrastructure, I look forward to helping build another world-class organization with a mission to protect SMBs and their customers.”

Connect with Paul on LinkedIn, or email him at paul.dobbins@ostra.net.

About Ostra

Ostra is an industry-leading cybersecurity provider focused on providing small and medium-sized businesses affordable access to a suite of world-class data security solutions normally reserved for Fortune 500 companies. Ostra’s proprietary, multi-faceted, plug-and-play infrastructure provides a sphere of protection unmatched by any individual product in the marketplace. Ostra provides businesses peace of mind by eliminating cyber risk with one comprehensive solution so they can focus on what is most important… growing their business. To learn more, visit www.ostra.net.

Download full press release.

soc audit
Ostra Cybersecurity

What is a SOC Audit + How Ostra Can Help Your Organization Become Compliant

/in /by

If your company is not SOC-certified but should be, it’s time to get started on improving your controls. If you wait, you’ll continue to miss out on building relationships with potential partners, and as a result, lose valuable business.

Keep reading this article to:

  • Find out why SOC audits are a necessity in today’s business environment.
  • Learn about the three types of SOC audits and which apply to your business.
  • Discover how Ostra can help you pass your SOC 2 audit and gain a competitive advantage.

Outsourcing has been steadily increasing over the years, with the global outsourcing market currently sitting at over $92 million.

Because outsourcing provides many benefits for businesses—with cost savings being one of the biggest—there are no signs of the industry slowing down. In fact, many logistics leaders are continuing to increase their outsourcing budgets.

However, with outsourcing being such a crucial part of many businesses’ operations today, various regulations, compliance requirements, and certifications are needed to ensure that processes are still being done by the book.

Enter SOC (Service Organization Control) audits.

For businesses looking to work as outsourcing partners for other companies, ensuring compliance with SOC audits is essential.

Before we get into what exactly are SOC audits, let’s discuss the importance of having one done for your business.

Why Your Business Needs a SOC Audit

Businesses that work with third-party service providers are looking to work with SOC-certified companies. There are liability concerns that come with outsourcing, and a SOC certification proves that your business is a trusted vendor. This is because SOC reports establish credibility and trustworthiness for service providers.

Being SOC-certified allows your business to maintain a competitive advantage that’s worth both the time and monetary investment.

Breaking Down SOC Audits

A SOC audit report allows companies to feel confident that their outsourcing partners are operating in a compliant and ethical manner. Essentially, it’s a compliance regulation for businesses that provide services to another company.

For example, a healthcare company works with vendors who supply them with software to secure their patient data. To ensure that those vendors are safe to work with in terms of data protection, the healthcare company will request that they are SOC 2 certified.

There are three types of SOC audits:

SOC 1 – For service organizations that provide a service that affects the financial statements of another company. For example, a software company that provides revenue recognition software would be subject to a SOC 1 audit.

SOC 2 – For service organizations that provide a service that affects compliance and operational controls. The aforementioned company that supplies patient data software to a healthcare provider would be an example of a company requiring a SOC 2 audit.

SOC 3 – If a company wants to prove that they are SOC 2 certified but wishes to keep its controls confidential, it can issue a SOC 3 audit report for general use. A company’s SOC 3 can be reviewed by anyone who would like confidence in the controls of the service organization.

The Criteria of a SOC 2 Audit

Performed by independent, third-party auditors to examine various aspects of a company, SOC 2 audits examine several key areas of a business, including:

  • Security – Security is at the crux of a SOC 2 audit, with this category addressing whether a system is protected against unauthorized access. Working with a cybersecurity team to flesh out your security processes and protocols can ensure you pass this portion of the audit.
  • Availability – Ensuring that the service you’re providing for clients is available for use as agreed upon is also important to a successful SOC 2 audit. For example, companies that provide data centers or hosting services to their clients would be subject to an availability review.
  • Processing Integrity – If the services you provide are e-commerce and transactional integrity-related, processing integrity will be included in the SOC 2 report. Passing this category will prove the services you provide are done so in an accurate and timely manner.
  • Confidentiality- If the service you provide is related to keeping sensitive data—such as Personal Identifiable Information (PII) or Protected Health Information (PHI), a confidentiality section will be on your SOC 2 report. Passing this category will illustrate your commitment to standing by the agreements you made with your clients, including how you’ll protect their information and who has access to it.
  • Privacy – If your service involves handling client data, the privacy category will appear on your SOC 2. Specifically, it addresses how your business collects and uses consumers’ personal information. Checking the boxes on this category will show your organization is in line with any commitments you made with your clients on the data privacy side. The privacy category will also look at how your organization operates within the generally accepted privacy principles issued by the AICPA.

How Ostra Can Help You Become SOC 2 Compliant

what is a soc audit

As mentioned, a CPA firm will be able to conduct your company’s SOC 2 audit. But, what happens when you receive the results of your audit and find there are gaps?

For example, suppose a company has issues with data security within their emails, or they don’t have controls over customer data on mobile devices. In these cases, they will not pass their SOC 2 audit. To pass the next time around, they must address the issues that are flagged by the CPA. Failure to do so may result in penalties from state regulators, which can set your company back and harm your brand’s reputation.

That’s where Ostra comes in. Our experts will work directly with the CPA auditor and discuss the results of your audit. Then, we’ll create a detailed, thorough plan for how to get your organization up to 100 percent compliance. We understand the importance of becoming SOC 2 compliant, which is why, by simply integrating Ostra into your controls, your organization can go from 0 to 100 percent compliant.

Choosing the Right CPA For Your SOC Audit

Finding the right CPA can make the process of becoming SOC compliant that much easier. While there are the big four accounting firms to consider, they do not tailor to small and medium-sized businesses. That being said, there are some excellent local CPAs that specialize in working with SMBs and SOC 2 audits.

DHA is a local Minnesota CPA firm with extensive experience in conducting SOC 2 audits that we often partner with. This allows the process of going through your SOC 2 audit and filling in any gaps a seamless and straightforward process.

If you need help finding a trusted CPA firm to conduct your audit, we can help connect you with the right team.

To get started on becoming SOC 2 certified, reach out to us today for a free security assessment. As a Tekne Award Finalist for Data Security, we’re one of the top cybersecurity and SOC 2 compliance providers around.

cybersecurity-101
Ostra Cybersecurity

Cybersecurity 101: The Basics Of Keeping Your Business Secure (2021 Guide)

/in , /by

Cybersecurity can be an obscure and broad term covering everything from sophisticated digital systems to simple Norton anti-virus software. It’s important to know the nature of cyber threats and how you can protect your business against them.

Experts predict that cybercrime in 2021 will cost companies around the globe $6 trillion. By 2025, that number is expected to increase to $10.5 trillion. We have to treat cybersecurity protection as an essential part of business operations.

In this guide, we’ll be breaking down cybersecurity concepts and why it matters in 2021. With an increase in remote working and a rise in cyberattacks, protecting your sensitive data is more important than ever. Understanding the basics of cybersecurity is essential to protecting your business and keeping your data safe.

Regardless of industry – manufacturing, financial services, healthcare, etc.— sensitive data is at the core of business operations. This data can include credit card information, passwords, financial records, patient information, and more. Data breaches can cause a loss in profits, and even more severe, an irreparable break in consumers’ trust.  While it is critically important to protect other people’s data, a business also needs to protect its own and ensure it can maintain operations (and reputation) and properly defend against a ransomware attack.

According to this Forbes article, in today’s digital age, every company is a data company, and with this data comes the responsibility of ensuring its safety. It’s our duty as business managers to protect our business operations, our data. 

The Importance of Cybersecurity in 2021

This year COVID -19 has forced businesses to adapt their digital security measures as they navigate working remotely. Even after a vaccine becomes readily available, working from home is likely to continue indefinitely

Businesses and employees have adjusted to remaining productive and carry out business-as-usual while working from home. But, remote workers connecting from personal devices and open networks open the door for an increase in cyberattacks. 

The FBI recently reported that the number of complaints about cyberattacks to their Cyber Division went up to as many as 4,000 per day. This represents an astonishingly 400% increase from the complaints they saw pre-COVID. 

Today, the question for many business owners is, how to adapt to remote working and still protect their business, clients, and data. 

Cybercriminal Methods: What to Be on the Lookout For

In the mid-2000s, 80% of cybercriminals worked independently or were freelancers. They made up an unsophisticated and less skilled group of cyberattacks. As more data is exchanged online and technology has evolved, cybercriminals have gotten more sophisticated. Today, 80% of cybercrimes are part of an underground cybercrime organization and weave complicated and novel cyberattacks.

 

A pyramid outlining the levels of a cybercrime organization.

The methodology of cybercriminals has evolved over time. Initially, viruses had to be transferred through computer discs. Today, viruses can spread through the internet like wildfire. 

Here are some of the key cybersecurity terms and ways in which cybercriminals will attempt to gain access to your company’s data: 

Social Engineering and Phishing

Social engineering and phishing involve an attempt at getting personal information under the guise of a trusted source. For example, receiving an email from an email address that looks like your local bank’s email address saying they need you to confirm your account by providing personal information. The email address may also look like the company’s email, and the sender (cybercriminal) may request login credentials. 

When an employee’s information is compromised, the hacker may try to bypass security perimeters, distribute malware inside a closed environment, or gain access to secured data.

How to Keep Phishing Threats at Bay: 

  • Implement two-factor authentication
  • Enforce strict password requirements
  • Educate employees about the dangers of phishing

Malware

Malware—or malicious software—is one of the most popular types of cybercrime. Able to exist in many different formats, it is a versatile method. It can take the form of a trojan virus, worms, or spyware and can be difficult to get rid of. 

For an example of malware in action, let’s look at the trojan virus. An employee sees an ad online for an ad blocker. They download the blocker, which turns out to be a virus posing as helpful software. Once the virus has been downloaded, the hacker is free to wreak havoc by accessing sensitive data and then modifying, blocking, or deleting the data. 

How to Stop Malware Attacks in Their Tracks: 

  • Secure your network through security solutions like firewalls
  • Work with an experienced cybersecurity provider 
  • Install anti-virus software

Ransomware

Ransomware—a type of malware—is malicious software that locks up all the operating systems of a computer and displays a message demanding a fee to regain control of your system. Ransomware can be especially difficult to deal with, as you don’t want to pay the ransom. However, you also don’t want to have your system locked for too long, as this can endanger productivity for your business.

Ransomware can come in different forms, with phishing emails being one of the more popular vehicles. Say an employee opens up one of these emails and clicks on a link asking them to reset their password. Once they click the link, the ransomware downloads itself onto the computer and locks the user out. A pop-up message appears on the screen saying that they need to pay a ransom if they want to regain access. The company pays the ransom, and then they must go through their system and fix any issues and assess the damage. At this point, income has been lost due to these delays and any compromised data. In addition, the company loses credibility with its clients, suppliers, and other stakeholders. 

How to Avoid Ransomware Attacks: 

  • Make sure all your software is up to date with patches
  • Use reliable antivirus software and a firewall
  • Backup all your files in the event an attack does occur

What Parts of Your Business to Protect

cybersecurity-101

Here are some key areas of your business to ensure you are protected and how cybersecurity service providers like Ostra can help keep your data safe. 

Keep Emails Safe

Email is one of the key mediums that cybercriminals use to commit their crimes. Ensure all your employees use a secure email service and don’t send work emails from their personal accounts. In addition, educate your employees about the importance of being vigilant while using their emails.

Ensure Mobile Devices Are Secure

Eighty-five percent of people use their smartphones to access their emails. That means it’s likely many of your employees do the same. Working with a qualified, experienced cybersecurity team is the best way to prevent mobile devices from being compromised, as they can leverage the latest mobile security solutions to keep your data safe. 

Identify and Secure All Endpoints

Map out your network endpoints and use cybersecurity solutions to protect them. As we mentioned earlier, there are a multitude of avenues that cybercriminals can attempt to gain access into your system. Endpoints that businesses need to keep secure include desktops, laptops, smartphones, tablets, servers, workstations, internet-of-things devices, etc. 

Utilize Cloud Security Solutions

Cloud security is a solution that every business should consider. In addition to being scalable, housing all your data in the cloud can be more secure than storing it on-premise. When looking for a cloud service provider, validate that they are investing heavily in security.  By partnering with a cloud security provider like Ostra, you can ensure that as your business moves to the cloud your data is secure.

How Ostra Can Help Keep Your Data Secure and Safe

Are you feeling overwhelmed about the prospects of keeping all your data safe? Don’t worry, we’ve got your back. 

Ostra offers a comprehensive cybersecurity solution that can be customized to fit your needs. 

Our 360° Protection covers: 

  • Email Threat Protection
  • Elite endpoint
  • Malware and Ransomware
  • Mobile Device
  • Cloud Application Security Broker
  • Firewall
  • SIEM
  • Security Operations Center (SOC)

While our solutions are thorough, the ease-of-use on your end is impressive. Ostra will seamlessly integrate with your business, and it dynamically updates so there is no need for you to monitor it. Ostra’s solutions will be hard at work in the background of your system, 24/7. 

We’ve made enterprise-grade cybersecurity accessible for all businesses—small or large. By merging our proprietary technology and our strategic partnerships with top cybersecurity solutions out there, we’ve created a unique, cost-effective cybersecurity solution available to businesses of all sizes for the first time.

To get started on incorporating Ostra into your cybersecurity plan, reach out to us today!

Ostra-small-business-security-tips-998x681px
Ostra Cybersecurity

Small Business Cybersecurity Tips

/in , /by

Many small businesses are currently struggling because of the pandemic. The last thing any small business needs now is a cyberattack, which could easily put a company out of business. So now more than ever there is a need for strong cybersecurity practices, especially in smaller businesses with less cybersecurity devoted resources.

60 percent of companies that are victims of a cyber-attack go out of business within six months. -NCSA

The average loss of a cyberattack in 2019 was around $200,000, which is a lot of money for a small business to pay. This helps to understand why so many companies struggle to succeed after a cyberattack.

These are some helpful tips to help improve cybersecurity in small business

Train your staff

Employee training is the first and one of the most important steps in maintaining quality cybersecurity. Your employees are the main entry point that hackers try to exploit. Hackers try to gain access through employees by tricking them with phishing and social engineering attacks. They also target employees who are working from home on unsecured personal internet networks. Business owners should train their employees to back up data regularly, avoid any suspicious links, and to report any possible phishing scams. Trained employees will reduce the risk of an attack and should be wary of any future attack.

A 2019 Accenture study found that 43 percent of cyber-attacks are aimed at small businesses but only 14 percent are prepared to defend themselves. This is alarming news especially since small businesses are a top-tier target for most cybercriminals. Shows just how many small businesses lack preparedness and how many need to quickly improve their security.

Find a cybersecurity solution

Perhaps one of the best ways to defend your business against cyber threats is to find and install a solid cybersecurity solution. Small businesses usually are short on cybersecurity resources, to begin with, and usually do not have dedicated IT/Cybersecurity experts. Which is why small businesses need a low-cost solution that is extremely effective.

Your business technology should be protected with anti-virus and anti-malware software, this will find and identify any threats to your business. These have security features that will make it harder for any information to be stolen. Every business should have a virtual private network (VPN) that hides your IP address, making it almost impossible for hackers to track you. VPNs are very useful and a necessity if you have employees working from home on unsecured networks. Email protection and maintaining a firewall are also highly recommended in the cybersecurity community.

Ostra offers an affordable and quality cybersecurity solution for your business, that incorporates the very best security tools to protect small/medium-sized businesses. We operate behind the scenes to protect businesses and their most valuable asset, their data.

We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Want to find out more? Contact us today!

Ostra Cybersecurity

Cybersecurity Awareness Month

/in /by

October is Cybersecurity Awareness Month, Ostra is proud to take part in helping to create a safer and more trusted cyberspace for everyone.

History of Cybersecurity Awareness Month

Cybersecurity Awareness Month was founded by both government and industry to make sure every American consumer and business has the resources needed to stay safe and secure online. Originally, 17 years ago, cybersecurity month messages were about updating antivirus software and the threat of a “virus”. But as technology advanced, so did the efforts needed to educate people on growing cybersecurity threats.

Today, organizations of every kind, non-profit/for-profit, corporations, universities, small businesses, and other groups all participate in Cybersecurity Awareness Month. These groups all have one goal in mind, to educate their employees/customers/members on the importance of creating a safer, more secure internet for everyone. Awareness efforts today highlight the basics of keeping your technology and information safe. Companies and organizations share tips and tricks throughout October.

Cybersecurity Awareness Month Resources

To get involved and learn more about Cybersecurity Awareness Month, check out these cybersecurity focused partners.

The National Cyber Security Alliance (NCSA) builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online and encourage a culture of cybersecurity. https://staysafeonline.org/cybersecurity-awareness-month/

Information Systems Security Association (ISSA) is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. https://www.issa.org/

The Cyber Security Hub is an online news source for global cybersecurity professionals and business leaders who leverage technology and services to secure the entire perimeter in their enterprise. https://www.cshub.com/

Ostra’s Cybersecurity 101

For those who are new to the world of cybersecurity or just need a refresher, check out our Cybersecurity Terms 101 post. We cover the basic terms that everyone should know to better protect their own devices and to help keep cyberspace safe.

Want to find out more about Ostra and how we can help your business? Visit Ostra.net or contact us today at protection@ostra.net

Ostra-largest-medical-cyberattack-998x681px
Ostra Cybersecurity

Largest Medical Cyberattack in US History?

/in , /by

Universal Health Systems is a major US hospital and healthcare provider that has more than 400 different locations throughout the country. The hospital system was hit with one of the largest medicals cyberattacks ever in the United States. Experts believe it could be the biggest ever.

The attack, that left the IT network offline across the 400 healthcare facilities, was reported as a security incident. The facilities had to resort to their back-up plan which includes offline documentation methods. Nurses had to work with pen and paper and could not access their medication system. Many reported that their computers either shut off on their own or slowly stopped working.

The way the entire system was compromised at once and many computers seemed to be taken over, makes this seem like a ransomware attack. Many experts are speculating that this is the case. We know that cybercriminals like to target healthcare systems because the probability of a ransom payment is higher. Hospitals would rather pay than have a patient become more injured, sick, or die due to a security incident.

Protect your business

To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms. Ostra Cyber Security is the professionally managed security team for your business. Managing everything from desktops and laptops, to tablets and BYODs, Ostra’s technology keeps everyone safe.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/30ov82h

Ostra-legislation-security-standards-998x681px
Ostra Cybersecurity

House Passes Legislation To Set Internet Of Things Security Standards

/in /by

A new bill that was just passed will require that all Internet of Things devices purchased by the US government must meet set security requirements. Internet of Things devices is any everyday objects that connect via the internet to send/receive data. Things like smartwatches, smart home security devices, and wireless inventory trackers are all IoT devices.

This bill, called the IoT Cybersecurity Improvement Act, instructs the National Institute of Standards and Technology to enforce security standards that any government agency needs to follow when buying IoT devices.

“These devices must be secure in order to protect Americans’ personal data.” Rep. Kelly (IL)

Even though this bill doesn’t directly improve the security of millions of consumer Internet of Things devices that are already being used by Americans. Such as home voice assistants, smart TVs, and smartwatches. It is still a huge deal for long-term IoT security. Because government agencies are big customers, IoT manufacturers will have to adjust to meet the new standard if they want to keep their business. Most IoT manufacturers sell to the government and consumers, so it should encourage them to only follow one set of standards. Resulting in improved security standards for all future IoT devices.

Stay protected

This bill gives manufacturers 2 years to update their security standards. Some say this is too long of a wait considering there are currently millions of devices in the US that could be vulnerable to unknown or known exploits.

Ostra Cyber Security provides active network defense protection for your home or businesses’ Internet of Things devices and acts immediately instead of monitoring and alerting as many antiviruses do.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://washex.am/34euwxj

Ostra Cybersecurity

Companies are Looking for Affordable Cybersecurity Solutions

/in /by

It is estimated that more than half of the US workforce has transitioned to remote working. With more people working from home businesses are way more vulnerable. This has really increased overall cybersecurity spending for companies.

58% of companies represented in a recent Microsoft survey have increased their cybersecurity budgets in response to the pandemic.

Companies have spent the last months working overtime to meet business goals while also protecting the business from new and dangerous threats. Even though many companies are spending more to play defense, many are still being impacted by social engineering attacks, like phishing scams. Phishing scams have only become more popular as employees are now working on personal networks and devices.

Companies are Struggling with Complex Cybersecurity Programs

The COVID situation has made companies rethink their cybersecurity approach. Now companies are finding ways to increase the efficiency of their cybersecurity while also simplifying them.

“Companies are looking for simplicity, to date, security is too complicated.” – Andrew Conway, GM for Microsoft’s security marketing

Companies are struggling with complex and hard to use/install cybersecurity programs that use many different security tools from different vendors. Many programs require too much set-up or maintenance work. Companies and cybersecurity managers are looking for an affordable cybersecurity program that simplifies cyber defense and protects what matters.

Businesses NEED a simple and affordable cybersecurity program in place

Ostra is your cyber-security-solution that offers a 360 degree, 24/7 protection that works seamlessly in the background, protecting sensitive data and communications at every access point. Ostra Cyber Security is a software solution that knits together the top security solutions in the industry. We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Want to find out more? Contact us today!

Ostra Cybersecurity

Tesla Employee Prevents Massive Ransomware Attack

/in , /by

Ransomware attack on Tesla

A Tesla employee working in a Gigafactory in Nevada was offered a $1 million bribe to help a hacker install malware into the Tesla computer systems. The hacker who has since been arrested is a Russian citizen by the name of Egor Igorevich Kruichkov. This attack was well planned out by the Russian hacker, as the Tesla worker who he contacted was also Russian and spoke it too.

The Tesla worker met with Kruichkov in early august after being contacted but didn’t know the reason for the rendezvous. After meeting, Kruichkov asked the Tesla employee to help him install malware that once installed, would launch a massive DDoS attack. Which would effectively allow the hackers to occupy the Tesla system, giving them access to steal sensitive corporate data. The hackers would then hold the data until the electric car manufacturer pays big. Kruichkov mentioned that a reward of $1 million would be sent to the Tesla worker in cash or bitcoin.

Enter the FBI

Kruichkov and the hacking group could only hope that the worker would accept the offer. However, the results did not favor the Russians. As soon as the Tesla worker left the meeting he contacted the FBI who then, with the help of the Tesla worker, communicated with the Russian hackers and got as much information as possible. The FBI discovered that the Russians were the ones responsible for the recent $4.5 million ransomware attack on CWT travel.

On August 21st the hacker contacted the Tesla employee and said “the project was delayed” and said he was leaving the area. The FBI followed and arrested the Russian hacker the next day during a failed flee attempt.

This Tesla employee prevented a possible cyberattack on Tesla that could have cost them millions of dollars. Not just in ransom payments but also in the lost operating time that could cost way more than the ransom.

Protect your business from ransomware attacks

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3hH961h

Ostra-cybersecurity-in-education-998x681px
Ostra Cybersecurity

The Challenge of Cybersecurity Education at Colleges

/in /by

Colleges around the nation have dealt with an increase in pandemic-related cyberattacks. Colleges have always been a target for many cybercriminals as they hold a lot of sensitive information and research, which are valuable on the dark web. With the increase in attacks, many college security chiefs say the real challenge is educating professors and students on cybersecurity training and data protection.

Many of the attacks have been targeted towards medicine schools that conduct COVID-19 related research. The academic community has always worked together and relied on shared information, which is what makes training difficult.

“In an environment where it is intrinsic for our people to say, ‘Give away the information,’ there’s also a national interest in keeping it protected, too. It’s a super delicate balance,” -Erik Decker, CISO at University of Chicago Medicine

Mr. Decker says that the overall solution includes educating the students and any faculty on cyberattacks and how they work. As well as what the best security practices are even though they might add more time to the research process. Emphasizing the idea of data protection is necessary.

Importance of data protection

Most organizations are experiencing an increase in pandemic related cyberattacks currently. However, many companies fail to properly train their employees or install a cybersecurity program, which creates a huge vulnerability for the company. This is why a cybersecurity solution is necessary no matter the size of the company, big or small.

Ostra Cybersecurity prevents problems before they happen. Ostra operates behind the scenes to protect businesses and their most valuable asset, their data.

Want to find out more? Contact us today!

Ostra Cybersecurity

Cybersecurity Challenges and Concerns of Remote Working

/in /by

A new report by Malwarebytes wanted to investigate the new normal of working from home (WFH). They measured the immediate reaction to the pandemic and also businesses’ future cybersecurity strategy. The cybersecurity company surveyed more than 200 executives and managers in IT and cybersecurity roles at US companies.

Organizations’ challenges to remote working

Switching to working from home created a new set of challenges for companies. The biggest challenge for most was maintaining efficient cybersecurity, especially those who had already been facing cybersecurity threats before the pandemic.

55% of the respondents said their biggest challenge was training employees how to work from home securely and compliantly.

Image: Malwarebytes

Biggest cybersecurity concerns

There are a lot of concerns for IT and cybersecurity managers/executives with the switch to remote work. Many of the concerns involve the inevitable increase of ransomware and malware attacks overall. Many employees do not have proper cybersecurity training and don’t know how to avoid common cyberthreats, like phishing scams. Employees also lack cybersecurity protections for their home devices and ISP.

45% of respondents say their biggest concern is other individuals who have access to an employees device and may inadvertently compromise it.

Image: Malwarebytes

Protect your business, keep your employees secured

Human mistakes are inevitable and its what cybercriminals depend on to exploit and hack a business. These mistakes are much more likely to happen when employees are working from home. It is important for your business to manage and secure the scattered endpoints, which are your employees. Working from home could be the new normal for a long time, consider using an affordable and effective cyber-security program.

Ostra specializes in protecting business data for remote workers with elite security using Fortune 100 caliber tools. Managing everything from desktops and laptops, to tablets and BYODs Ostra’s technology keeps everyone safe.

Want to find out more? Contact us today!

Ostra Cybersecurity

Ransomware Gang Attacks Billion-Dollar U.S. Liquor Maker

/in , /by

The hacking group called REvil ransomware, who have hacked numerous million-dollar companies, have hacked and encrypted Brown-Forman. Brown-Forman is a top U.S. based liquor maker with brands like Jack Daniels, Finlandia Vodka, Early Times, and Old Forester.

The REvil gang reportedly had access to Brown-Forman’s systems for over a month. They were able to completely explore any system/device they had access too. Even the company’s cloud services were exposed. A Brown-Forman representative has claimed that they detected the attack early enough that no data could have been encrypted.

Even though the Liquor company stopped the attack before any encryption took place, the hackers claim to have stolen a terabyte of data. The REvil gang is using this data to hopefully extort Brown-Forman and get paid.

“Screenshots posted by REvil provide a glimpse into the full scope of the breach. Internal communications, financial documents, contracts and personnel data all appear to been accessed”.

A Brown-Forman representative has said some information included employee data. Employees at Brown-Forman now have a huge increase in risk for identity theft or attacks on personal accounts. This is a big reliability for the company. REvil hackers believe that the company will end up paying. The hackers could be right, especially if they start to leak files to force payment, as they have done before.

REvil Ransomware

REvil ransomware has been a threat to many smaller companies in the past. Recently, however, this ransomware group and others alike have been targeting governments and billion-dollar corporations. These ransomware attacks are growing worse by day as hackers develop increasingly more sophisticated ransomware strains. REvil has recently started to auction off stolen data on the dark web and is one of the first hacking groups to popularize it.

Protect your company from ransomware

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3aCaL5E

Ostra Cybersecurity

Cloud Service Costs Rise During Pandemic

/in /by

The COVID-19 pandemic has increased the need for cloud computing services. Companies are racing to meet the demand for cloud computing tools needed for their remote workers. While also battling the rising costs of the cloud. There are a lot of company budgets being stretched as companies search for more affordable cloud costs.

“The corporate shift to the cloud has accelerated, with businesses last year spending an estimated $96.4 billion on cloud infrastructure services”

This cloud usage boom has positively impacted the big cloud companies like Amazon, Microsoft, and Alphabet Inc. The cloud services industry leader, Amazon, said its cloud usage grew 33% in the first quarter to $10.22 billion. This is good for cloud providers and the cloud industry. However not for the companies who need to expand their cloud usage while struggling with the economic impact of the pandemic.

The biggest companies pay hundreds of millions of dollars every year for their cloud services. Many smaller companies’ cloud budgets are being optimized to decrease the financial strain from the pandemic. These businesses are finding that they are overestimating their needs and have been paying too much. Companies have found that their cloud bills have increased even when the cloud use decreases because “the applications had to be kept running”.

Experts recommend keeping your cloud budget updated and tuned up. Cloud providers can charge plenty of hidden fees which makes it important to know how much your business needs and how much you are paying for.

Ostra not only specializes in protecting business data for remote workers with elite security but also keeps costs affordable and makes budgeting predictable.

Want to find out more? Contact us today!

 

Ostra Cybersecurity

Cybersecurity Training Company SANS Hit by Phishing Attack

/in /by

The cybersecurity training company SANS has fallen victim to a data breach. The attack started after a successful phishing scam against one of SANS employees. The breach compromised over 28,000 records of personal identifiable information, like names, emails, phone numbers, and addresses. No sensitive information like credit card info or login credentials were exposed.

The cybersecurity training company detected the breach during a systematic review of its email configuration. Where they found that 513 emails were forwarded to an unknown email address. This means that the company did not even know there was a breach until they found it on accident. “After finding the activity, SANS said it’s IT and security team deleted the forwarding rule as well as a malicious O365 add-in”. This breach is surprising for a company like SANS, whose employees should be very informed and alert to phishing scams.

This incident shows that no organization is immune from a cyberattack, even companies that specialize in the information security industry. Phishing attacks rely on human error which is what makes social engineering attacks so dangerous to organizations. If an employee at a cybersecurity training company can fall victim, then so can anyone else.

Many employees are working from home which can make it hard to conduct the cybersecurity training necessary.

”With remote working, the proper training is more essential than ever. In the case of phishing attacks, training should include phishing simulations where employees are taught how to respond to suspicious emails.”

Even with extensive employee training, training just isn’t enough.

Protect your business with a cybersecurity solution

With today’s increased risk of a phishing scam it is important to have cybersecurity that will protect your network and information immediately when faced with a threat. Your business has a greater chance now than ever to be targeted for a phishing scam or worse. Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do.

Ostra protects your company from all threats including the number one way attacks can happen; email.

Want to find out more? Contact us today at protection@ostra.net

News Article

Ostra Cybersecurity

Twitter Could Pay $250 Million for Using Private Information for Advertising

/in /by

Twitter could be paying a hefty fine to the U.S. FTC for its use of private information (phone numbers and emails) in targeted advertising campaigns. This fine comes after the FTC filed a complaint against Twitter for using “phone number and/or email address data provided for safety and security purposes for targeted advertising during periods between 2013 and 2019”.

Many Twitter users have voluntarily submitted both their phone number and email to better secure their accounts with two-factor authentication. Usually when creating an account. But the users had no idea their information would be used in advertising campaigns. Twitter has now stopped requiring users to submit their phone number.

Twitter has said that its most recent breach has affected its business with advertisers. This is an issue that has occurred with many other social media companies, for example, the Facebook-Cambridge Analytica data scandal.

Protect your email

Email inboxes are the most common entry-point for ransomware attacks. Twitter being caught distributing private information like email addresses means that cybercriminals most likely have access to this information now too. Especially with the recent Twitter data breach, nobody knows what kind of information has been stolen.

Ostra protects your company from all threats including the number one-way attacks can happen; email.

https://bit.ly/31JvX5v

Ostra Cybersecurity

Travel Management Firm CWT Pays $4.5 Million to Hackers

/in , /by

The US business travel management firm CWT just paid a $4.5 million bitcoin payment to hackers who stole terabytes of information. CWT claims that the hackers stole sensitive corporate files and put 30,000 computers offline. CWT represents more than 1/3 of companies on the S&P 500, which makes them a very valuable target for hackers.

Ransomware. Why did it have to be Ransomware?

Just like Indiana Jones hates snake’s, business executives hate ransomware. When ransomware is used by experienced hackers it can be very effective and can give all the leverage to the criminals, leaving businesses stuck with limited options. A majority of the time the hackers end up getting paid, which is why ransomware is a CFOs worst nightmare. In the case of CWT, the strain of ransomware used was called “Ragnar Locker” which encrypted computer files and made them useless until the ransom was paid. The hacking group originally asked for a $10 million payment, but a CWT negotiator brought the ransom to $4.5 million instead.

CWT was quick to pay the hackers as they wanted their systems online and sensitive information returned. On July 28th a bitcoin payment for 414 bitcoin or $4.5 million US dollars was paid to the hacking group and the attack was over.

Cybersecurity experts say that paying ransoms encourages future attacks, but these situations leave business executives with a difficult decision.

Protect your business from ransomware

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://nyti.ms/2DAnObP

 

Ostra Cybersecurity

Hospitals Face Wave of Cyberattacks Trying to Crash Websites

/in /by

The healthcare industry has been one of the most targeted industries during the COVID-19 pandemic. With cybercriminals trying to steal COVID vaccine-related information or disrupt hospital operations in the hope of receiving a quick ransom payment. The healthcare industry currently has the largest number of cybersecurity openings of any other industry.

Researchers have said that hospitals dealing with many COVID-19 patients have had a giant increase in DDoS attacks. DDoS attacks, or Distributed Denial of Service attacks, are when cybercriminals attempt to overwhelm and crash websites by flooding the server with millions of rogue requests. These attacks can crash systems for hours or even days and are used in blackmail schemes or distraction methods.

This specific cyberattack on these hospitals came from over 300,000 different IP addresses. The attacks took place on hospitals in the US, Germany, Canada, and the UK.

Protect your business and your employees working from home

Numbers don’t lie, and the possibility of your business falling victim to a cyber-attack has never been higher. Protecting your business and sensitive data is a priority in the era of cybercrime.

Ostra Cyber Security offers a total solution for cybersecurity that combines Fortune 100 tools and is easy to deploy without needing to purchase any hardware.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/30HrxNv

Ostra Cybersecurity

Remote Work Boosts Cybersecurity Hiring

/in /by

It is estimated that more than half of the US workforce has transitioned to remote working. With more people working from home businesses are way more vulnerable. This has increased the need for cybersecurity-related positions.

According to LinkedIn, there were 261 thousand open cybersecurity positions in April, 244 thousand in May, and 348 thousand in June. This has made the Cybersecurity and IT job market one of the top performers since the start of the pandemic. The sectors with the biggest need for cybersecurity positions have been Healthcare, Financial Services, IT and Services, and Retail.

Businesses NEED a cybersecurity plan

The threat of a cyberattack grows every day, especially if you’re a business that operates with remote workers. Cybercriminals are more active than ever, and they target the weakest links who do not have a good cybersecurity program/team in place.

Ostra is your security team of experts, without having to hire a full-time cybersecurity role. We manage and update the technology daily. Use your budget wisely and let the experts keep you safe.

Want to find out more? Contact us today!

Ostra Cybersecurity

Connected-Car Cyberattacks Have Doubled Since Last Year

/in /by

There are more connected cars on the road every year than ever before. Even though these cars make everyday life more convenient for consumers, they are way more likely to be targeted in a cyberattack than traditional cars. It is estimated that connected car cyberattacks have doubled in the last year alone.

The average connected car has over 150,000,000 lines of code

A cyberattack is more likely to occur when there are more lines of code for hackers to attack. Hackers only need a small portion of the code to gain access to all the data available.

Recently Nissan had to shut down one of their connected car apps after security testers found a vulnerability. Cybercriminals “were able to connect to the car via the internet and remotely control the car’s heated seating, fans, air conditioning, and heated steering wheel”. This means that cars could have their battery drained without the owner realizing it.

Keyless Theft

The main way that theft of connected cars occurs is through the keyfob. Most thefts occur while the car is parked at the owner’s house, and the thieves don’t even need the key. By amplifying or duplicating the signal from the car key inside the house, they can trick the car into thinking the key is being used. When successful, thieves can steal cars in under 30 seconds.

Stay Protected

Protect yourself and your connected car by only downloading official apps, keeping your car software up to date, and limit the personal data you trust your car with.

Ostra Cybersecurity extends multiple layers of protection around your network, hardening the defenses and creating active barriers preventing criminals from exposing any lurking vulnerabilities, like installing malware and taking control of your car.

Want to find out more? Contact us today!

Ostra Cybersecurity

Vulnerability in Website Builder Exposes 700,000 sites

/in /by

In late July, a threat intelligence team found a vulnerability in themes by Elegant Themes. The themes were Divi, Extra, and the WordPress plugin, Divi Builder. These products combined are downloaded on over 700,000 websites.

The vulnerability allowed attackers the ability to upload PHP files onto any website with the programs downloaded. The attackers also used remote code execution on the website servers.

Elegant Themes is the company that created Divi and Divi Page Builder. These are website editing tools that make website design easy and completely customizable. Divi editor users can import and export page templates with ease, however, this is where the security issue was found. The import/export feature was missing a server-side verification check, which means that the server function that determines if a file is safe was not working.

“This flaw made it possible for authenticated attackers to easily bypass the JavaScript client-side check and upload malicious PHP files to a targeted website. An attacker could easily use a malicious file uploaded via this method to completely take over a site.”

This vulnerability has been patched completely in a new update released in early August. It is recommended that any company using these website builders, updates immediately.

Protect against vulnerabilities

Ostra Cyber Security extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals from exposing any lurking vulnerabilities.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/2PnOeQ9

Ostra Cybersecurity

Garmin in Trouble for Paying Ransom

/in , /by

The GPS company Garmin became the victim of a ransomware attack late July. The suspected hackers, known as EvilCorp, encrypted a lot of company data and attached a ransom note to each file. The ransom note had directions to email one of two email addresses to get a price for the encrypted data. Garmin confirmed that the price was around $10 Million for the decryption key.

Garmin has paid the ransom to get their stolen information back. There is no official explanation yet how Garmin paid the hackers. But now Garmin could be in more trouble for paying the ransom. This time with the United States Government.

EvilCorp is on a US sanction list

Because the hacking group is on a US sanction list, that makes any transaction illegal and a punishable offense. Garmin reached out to a cyber response company, but the company refused due to legal implications.

Eventually, Garmin found a cyber response company that would help them with the transaction and securing their stolen data. The company, Arete IR, is confirmed to have assisted Garmin but no official statements have been released about the payment.

Even though Garmin was faced with no other choice but to pay the ransom, the company may be facing more punishment by the US government if the hackers are confirmed to be EvilCorp.

Protect your business

Ostra eliminates the human errors that can lead to a ransomware attack by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help secure your network and keep your businesses private data out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3k94LWd

Ostra Cybersecurity

Cybersecurity is a Business Decision

/in /by

Today, many companies struggle with their cybersecurity budget. Either not spending enough or spending too much, both issues result in unreliable cybersecurity.

Several CISOs have said that their cybersecurity budget comes from the ROI and contribution it adds to the business. Making sure the business is secure while creating growth and profit is what makes cybersecurity a business decision.

When cybersecurity spending is not calculated and not part of a solid business plan, many endpoint security issues arise. Businesses need to track the effectiveness of their cybersecurity to define the ROI and create a budget.

“More than one of every three enterprise devices had an Endpoint Protection (EP), client management or VPN application out of compliance, further exposing entire organizations to potential threats”.

Businesses must keep their devices up to compliance otherwise the risk of a breach is imminent. Especially as most workers are remote which makes network security much more difficult to maintain.

Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Contact us today!

Ostra Cybersecurity

Blackbaud Pays After Ransomware Attack

/in , /by

Blackbaud, one of the largest providers of fundraising technology to nonprofits, universities, and other charities was hacked. After a ransomware attack left important data encrypted, Blackbaud was forced to either pay the ransom or let the data be sold to other cybercriminals. Blackbaud paid in Bitcoin and received confirmation that the data was destroyed.

It is unknown how much was paid to the hackers, but the ransom was not paid until there was sufficient proof that the data was destroyed. Blackbaud officials say that credit card info, bank account info or social security numbers were not stolen. To ensure the privacy of its customers, the company hired outside-experts to monitor the internet and dark web. To make sure that no information was released or sold by the hackers.

Blackbaud is the target of millions of cyberattacks each month

The company follows the industry best practices and they conduct aggressive tests on the security of their systems and infrastructure. They are a part of many Cyber Security related organizations. Officials claim to have implemented additional security measures to prevent this from happening again.

This is the second time this year that a major provider for the nonprofit sector was hacked. Earlier this year MIP, a financial software company, was hacked and users were locked out for 3 weeks.

Protect your data

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3jYC0eL

Ostra Cybersecurity

Twitters Biggest Threat: Its Own Employees

/in /by

Twitter demonstrated an example of the biggest cybersecurity threat that companies cannot defend against. Their own employees.

When Twitter was breached mid-July, many highly followed blue checkmark accounts became pawns in a coordinated bitcoin scam. Some accounts included Joe Biden, Elon Musk, Jeff Bezos, even the Twitter Support account. It took twitter multiple hours to contain the breach, while the hackers received over $115,000 in bitcoin transfers.

Twitter tweeted, saying the breach was “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”. What that means is that the attack was not through malware or a technical problem, but an employee let it happen.

Humans are the biggest threat to cybersecurity

Twitter told a tech-focused news website that whoever was behind the breach had gained access from an employee. An employee who was paid and willingly gave the hackers access. Insider attacks like this are common, and a huge threat since humans are unpredictable compared to technology. You can apply updates and fix cybersecurity tech, but you cannot fix humans who would turn on their company for a handful of cash.

35% of attacks are insider attacks — SpectorSoft

Insider attacks occur more often when the economy and job market are in poor condition. A pandemic is a perfect time for hackers to target employees who need money.

Ostra protects against known and unknown threats even when they come from inside.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://nbcnews.to/2De2ubx

Ostra Cybersecurity

Garmin Hit by 4-Day Ransomware Attack

/in /by

The navigation company became the victim of a ransomware attack on Thursday. The attack left many Garmin systems offline, including fitness apps, aircraft navigation systems, and customer service centers. Garmin factories had to close production lines, and planes that use Garmin navigation were grounded.

The attack completely crippled the navigation company. A cybersecurity company reported that Garmin’s IT department shut down all the company’s computers, including employee computers at home. Anything connected to the Garmin network, even by VPN, was cut off to stop the ransomware from spreading through the network.

10 Million dollar ransom

Garmin employees say that the attack was due to WastedLocker ransomware. The hackers encrypted a large number of company files, with a ransom note attached to each file. The ransom note has directions to email one of two email addresses to get a price for the encrypted data. Garmin has confirmed that the price was $10 Million for the decryption key.

The attack lasted 4 days, with Garmin systems becoming operational again on Monday (July 27th). Currently, it is not known whether Garmin paid the $10 Million, but the real price was paid in the number of lost profits from 4 days of operation.

Protect your business

Ostra eliminates the human errors that can lead to a ransomware attack by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help secure your network and keep your businesses private data out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3g7FdX3

Ostra Cybersecurity

Why One Data Breach Can Lead to More Cyber Attacks

/in /by

Recently, cyberattacks have skyrocketed during the COVID-19 pandemic, which is a huge issue in the long run. Most businesses have become too used to these attacks, and usually, disregard the long-term effects that the breach has caused. Especially when gigabytes of personal customer information is stolen and posted on the dark web.

Personal Details Can Lead to Endless Threats

When a business becomes the victim of a data breach, usually they can pay the hackers and get the data back. But that is when the real threat starts. The business will do damage control and send out emails to their affected customers. The goal of the email is to establish a perception of safety and security. Even though the business has no idea who has access to their customers’ information.

The data that is lost in these incidents, like stolen personal data, lead to ransomware or “man-in-the-middle” breaches in the future.

“Ransomware exploits can arrive in email, text, messaging and social engineering. The success of these attacks counts on the appearance of legitimacy, which is why they often offer links, attachments, and messaging from familiar sources, sites, and people”.

The more personal information gathered from past breaches, the more likely they are to be the target of a social engineering attack. With loads of information, it’s easy for a hacker to pretend to be a close associate.

Data leaks that occur today may not even be harmful for years to come. As personal information is being sold, traded, and bought all over the dark web, long term security issues will emerge. Private information gathered throughout the next 5 years could help cyberattack hold an entire business network hostage.

Protect your customer information

To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms.

Ostra is the professionally managed security team for your business. Managing everything from desktops and laptops, to tablets and BYODs Ostra’s technology keeps everyone safe.

Want to find out more? Contact us today!

Ostra Cybersecurity

Outdated Budgets are a Threat to Business Cybersecurity

/in /by

Its 2020 and business are operating online more than ever before. But many organizations are looking to decrease their overall spending as things move online. That is an issue for cybersecurity teams who are expected to keep the same security, now with more vulnerabilities, while on a lower budget.

Cybersecurity budgets are usually the first to get cut, even in a pandemic when phishing attacks have increased more than 600%. One of the biggest issues that companies are facing is the lack of funds for an up-to-date cybersecurity team/program.

“Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago”.

When cybersecurity budgets aren’t updated, so are the old security systems and programs. Hackers can easily take advantage of a security system when they use tools that are more updated than the system they’re attacking.

Stay Updated

Ostra Cyber Security is your security team of experts. We manage and update the technology daily. Use your budget wisely and let the experts keep you safe.

Want to find out more? Visit our website or contact us today!

 

Ostra Cybersecurity

Hackers are Selling Your Data to the Highest Bidder

/in /by

It is never a good situation when data is stolen by hackers. In the best-case scenario, the victim would pay the ransom and hope the hackers give back and delete the data. But that is not typically how it goes.

Usually, if the victim does not pay the ransom, the data is auctioned off on the dark web for the highest bidder. Sometimes even if the victim pays to get the data back, the hackers will still sell the data online.

How is the data auctioned off?

Researchers at a cybersecurity company have published a report that shares the details of these dark web data auctions. Once the data is put up for auction, anyone with dark web access can bid on it. No identity proof is required, only a simple CAPTCHA checkpoint. The highest bid must be paid in cryptocurrency, which is untraceable.

The company discovered many listings on the dark web. A simple 50 gigabytes of sensitive files and data from a U.S. law firm are sold for $30k. The most expensive found was a full library of trade secrets, patents, and executive-level communication history, all for the price of $1.2 Million.

“Email inboxes are still the most common starting point for ransomware attacks. Being able to identify a phishing message could keep your secrets from being spilled to the highest bidder”.

Cyberattacks are only increasing and victims are paying the ransoms. Cybercriminals have no reason to stop attacking, especially when they can make a fortune from one successful phishing email.

Protect your data

Ostra protects your company from all threats including the number one-way attacks can happen; email.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3jtMuTl

Ostra Cybersecurity

What a Cyber Attack on the Energy Sector Could Mean

/in /by

Even though the energy sector faces the same threats as every other sector, an attack on the energy industry could cause the most damage. A cyber-attack targeting a major power grid could completely shut down an entire economy. The attack could be so widespread that it could knock out the power for many large cities, resulting in disastrous damages.

In 2016, a Russian hacking group is believed to have attacked the Ukraine power grid. Resulting in the loss of power in Ukraine for a long duration. This example is evidence that there are many cybercriminal organizations that have the power to take away energy for an entire population.

“If one country wants to inflict major damage on another, they don’t need to drop bombs. All they need to do is hack into their power grid.”

Just one successful phishing email or a hidden security issue and an entire power grid can be attacked. Even if your business is not an electric company with access to a power grid. You still have something that cybercriminals want access to, and they will try their best to get it.

Protect yourself with Ostra Cybersecurity

Ostra protects your company from all threats including the number one way that attacks can happen; email.

Want to find out more? Contract us today!

Ostra Cybersecurity

Over 100 Law Firms Report Data Breaches

/in /by

There have been more than 100 law firms that have reported data breaches since 2014. Since about 20 states do not require that law firms report data breaches, that number is definitely higher.

Most of the reported breaches occurred through phishing attacks, with some through hacking or security lapses.

One big law firm reported that they received emails that were designed to appear like a legitimate request for W-2 forms. This attack led to many W-2 forms being sent to the unauthorized user behind the attack. Exposing Salaries, SSNs, and other personal information for 900 people.

While another law firm reported that a payroll employee responded to an email that claimed to be from a senior executive. The email exposed the private information of 1,500 people.

Protect your business

Ostra eliminates the human errors that can lead to stolen logins by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help you keep your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/30wzymN

Ostra Cybersecurity

Android Faces New Security Threat, Malware That Spreads Itself

/in /by

Self-Spreading Android Malware

There is a new type of malware that has recently appeared on Android phones throughout the world. This malware can steal personal information, bank details, and can read your text messages. Once the phone is infected, it uses the user’s contact list to spread itself through text messaging.

FakeSpy Malware is linked to a Chinese-speaking cybercriminal group called ‘Roaming Mantis’. There have been other campaigns of this malware in the past. However, it is always evolving and is updated to stay undetected by updated security measures.

Recently Android users in the US, UK, Germany, China, and others have been under threat of this new malware. The attack starts through a phishing campaign, users receive a message related to a missed package from the post office. The link then leads them to download a fake app that appears to be the real post office app. Once the app is downloaded and users have granted minimal access, the data-stealing begins. Once the app is downloaded, the page even redirects to the actual website to appear more authentic.

Once the phone is infected, FakeSpy can steal all personal information on the phone, including all text messages sent & received. The malware spreads itself too, by using the stolen contact list, it sends the fake delivery message to all the user’s contacts.

Protect against phishing attacks

With phishing scams like this always being sent between phones, it is important to have cybersecurity that will protect your network and information immediately when faced with a threat. Your business and employees have a greater chance now than ever to be targeted for a phishing scam or worse.

Ostra Cyber Security provides active defense protection for your businesses’ and employees’ data and acts immediately instead of monitoring and alerting as many antiviruses do.

Want to find out more? Contact us today at protection@ostra.net

https://zd.net/32AhWci

Ostra Cybersecurity

Many High-Profile Twitter Accounts Simultaneously Hacked in Bitcoin Scam

/in /by

Many popular twitter accounts have been hacked in a giant bitcoin scam. The accounts include Bill Gates, Joe Biden, Barack Obama, Warren Buffet, Bitcoin, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, and many more.

The twitter accounts seemed to all be simultaneously hacked, as the tweets were all identical and carried out at the same time. The tweets all had the same message, claiming to double any Bitcoin payment sent to them.

This is one of the largest coordinated attacks that Twitter has ever seen. How they did is unknown, but the scammers have managed to hack into all these accounts with ease. All with the goal to exploit possible bitcoin traders into sending them money.

The screenshot below is from Elon Musk’s twitter account. The identical message was shared multiple times on all the accounts mentioned above.

These are big names to have all their accounts hacked at the same time. The story is still developing and the details as to how the hackers gained access is still unknown.

If you think your personal accounts are safe, you will want to reconsider. The private twitter accounts of some of the worlds richest people have been hacked. Cyber-criminals are smart and always evolving, they will try to gain access to your confidential information. The odds of being hacked decrease dramatically if there is a security measure in place to catch social engineering attacks and possible mistakes.

Ostra Cyber Security uses tools that only Fortune 100 companies have access to, but Ostra delivers it at an affordable price. Ostra will help you keep you and your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

Ostra Cybersecurity

There are 15 Billion Stolen Logins on the Dark Web

/in /by

A new report found the true number of stolen account logins that are currently circulating around the dark web. After auditing dark web forums and marketplaces for 18 months, the report found a 300% increase in the number of stolen account logins since 2018. Now there are 15 billion stolen usernames and passwords from over 100 thousand data breaches.

What happens to the account logins?

With 15 billion login credentials many are just given away for free, but more valuable ones can be worth a lot of money. The average price for online banking and other financial account logins is $70.91 each. Some banking accounts are reported to sell for upward of $500. Anti-virus and security program logins sell for an average price of $21.67. Many social media, music, and video streaming accounts sell for under $10 on the dark web.

The real money comes from domain administrator accounts that can give hackers access to the business network. These account logins sell in auction-style for cybercriminals who will pay up to $120,000. The price depends on the access privileges of the account. Account logins like these are stolen through phishing emails and other social engineering campaigns on employees.

Protect your employee’s logins

Protecting your passwords is extremely important. Especially since most compromised credentials belong to consumers. It is necessary to avoid re-using passwords and to use two-factor authentications if possible. One compromised employee login could lead to a lot of damage for your business.

Ostra Cyber Security eliminates the human errors that can lead to stolen logins by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help you keep your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3ewbJAF

Ostra Cybersecurity

When It Comes To Cyber Training, It’s Quality Over Quantity

/in /by

Conducting cyber security training more frequently than others does not mean less security incidents, according to a report by security software company, Tessian.

The percentage of employees who sent emails to the wrong people was highest in businesses that provide more frequent cyber training. 63% of employees that get training every 1-3 months remember sending emails to the wrong people. However just 43% of employees who get training once a year or less remember sending emails to the wrong person.

Quality over Quantity

This shows the importance of creating an effective and meaningful cyber security training for your employees. It is more effective to deliver quality training, that will change the behavior of the employees. Training needs to be engaging and meaningful, not boring and taught just because it needs to.

It is more important now than ever to deliver quality cyber training, as many employees are more vulnerable working remotely.

To protect against the inevitability of human error, an effective Cybersecurity Program is essential for businesses. Especially ones with remote workers operating on unsecured home networks.

The Ostra solution provides 360-degree 24/7 proactive protection to all employees, regardless of where they are located. What that means is that Ostra becomes a secure ISP for remote employees working on a home or public Wi-Fi connections. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data. Even if a mistake is made.

Want to find out more? Contact us today!

Ostra Cybersecurity

60% of Organizations Experience Cyberattacks Spread by Their Employees

/in /by

With today’s huge increase in phishing attacks. Many organizations still do not provide regular cybersecurity awareness training, some don’t even have a security solution.

A new report from security vendor, Mimecast, highlights the current issues surrounding social engineering attacks. Many surprising statistics help to explain why phishing attacks are successful and how they affect the organizations. The lack of training, security programs, and an increase in remote work all play a role.

  • 51% of organizations have been impacted by ransomware in the last year
  • 58% saw an increase in phishing attacks
  • 82% have experienced downtime from an attack

These numbers show that many businesses are not prepared when it comes to cybersecurity. There has been an increase in phishing attacks, especially targeting remote workers who might be more vulnerable. Even though organizations know that the numbers are getting worse, statistics show that its their own employees that are responsible

  • 60% of organizations have had their own employees spread malicious emails
  • 55% do not provide regular security awareness training
  • 41% do not even have a system in place to monitor for phishing scams

Organizations need to take the security measures necessary to protect against phishing attacks. Which starts with a cyber security solution.

Ostra Cybersecurity has a solution that provides 24/7 proactive protection to all employees, regardless of where they are located. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data.

Want to find out more? Contact us today!

Ostra Cybersecurity

Number of Coronavirus-Related Scams Jump

/in /by

The Internet Crime Complaint Center (IC3) has noted a large increase in cyber threat complaints per day. Before the COVID-19 pandemic began, they were receiving around 1,000 complaints daily. Now, they receive 4,000 complaints a day.

These cyber threats are foreign groups trying to steal COVID-19 related information. As well as cybercriminals trying to exploit users working from home. Health agencies have reported an increase in cyber threats as well, as they are a very profitable target for cyber criminals.

“Near the start of the epidemic, researchers at the cybersecurity company Barracuda Networks reported a 667 percent increase in “phishing” emails.”

These emails are sent with the purpose of downloading viruses onto the recipient’s computers. With the increase in reported phishing scams, it is important to understand and identify possible scams when going through your emails.

Protect your business and your employees

Numbers don’t lie, and the possibility of your business falling victim to a cyber attack has never been higher. Protecting your business and sensitive data is a priority in the era of cybercrime.

Ostra Cyber Security offers a total solution for cybersecurity that combines Fortune 100 tools and is easy to deploy without needing to purchase any hardware. Ostra Cyber Security is perfect for those who do not want to put a lot of time into their cybersecurity program. Just set it up and forget about it. It requires no IT support, it is budget friendly, and Ostra does all the work to stop threats before they reach you.

Want to find out more? Contact us today!

Ostra Cybersecurity

Hackers Selling Stolen Customer Information Online

/in /by

Frost & Sullivan is a business consulting firm in Silicon Valley, who thought their private information was safe from the hands of hacking groups. Next thing they knew, all their sensitive employee and customer information was for sale, on the dark web.

Frost & Sullivan is a globally recognized consulting firm with offices all around the world. They offer information such as marketing research and analysis, among other things.

A hacking group known as “KelvinSecurity Team” managed to find a way into the Frost & Sullivan database by finding a vulnerability in the defense. The breach happened because of a mis-configured backup directory on the consulting firms cloud server. After finding a way to access the databases, the hacking group put the stolen data on an online hacker forum to sell.

The stolen data includes information on employee and customers, first and last names, emails and usernames, and passwords. In other words, a fortunes worth of information for a hacking group. Many hashed passwords can be easy for these groups to decipher. Giving whoever has the information access to the Frost & Sullivan’s database, as an employee.

The last thing you want is your company’s private information for sale on the dark web. Where many cybercriminals have access to it. It is important to have a security solution in place, as there are more cyberattacks then ever before.

Ostra Cyber Security offers a solution that uses the same security products that protect large businesses, for businesses of any size. Ostra’s solution has active defense that immediately responds to threats. It also provides insurance against human error or opening a phishing scam on accident.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

News source: https://bit.ly/2DiThyJ

Ostra Cybersecurity

Experts Say the Largest Cyberattack in History is Coming Soon

/in /by

Experts are predicting the largest cyberattack ever in the next 6 months. Here’s Why.

When the coronavirus pandemic started, many people were only worried about how to keep working from home. Nobody was thinking about how businesses and their virtual security defenses were about to be exposed. Exposed to many more cyberthreats due to an increased “attack surface”.

 

Businesses are More Vulnerable Than Ever Before

Usually, if a company has their employees doing remote work, they provide them with a secure work laptop. The employees must go through many security measures to access their work material. Usually, a secure wi-fi connection is also required.

However, since the beginning of the pandemic, millions of Americans were forced to quickly switch to remote work. Without time to set up secure systems, many companies were left with only one option. Letting their employees work from their personal laptop, on their unsecured home network.

This is the perfect scenario for cybercriminals. All it takes is one entry point to take over the whole network. Every employee working from home, is one more entry point that cybercriminals can target. This creates a larger attack surface for every business with remote workers.

More remote workers than ever before mean that businesses are more vulnerable than ever before. Therefore, the possibility of a cyberattack bigger than ever seen before is dangerously high.

 

“Hackers broke into the networks of America’s largest defense contractor, Lockheed Martin, by targeting remote workers. If they can infiltrate this system, you best believe remote workers with little security are easy pickings.”

Smaller Attack Surface = Smaller Risk

How can businesses protect against the increased risk of a cyberattack during the pandemic? Decrease the attack surface.

Businesses with remote workers need to protect and secure the networks that their employees are using. It is important to decrease the number of entry points available. Ostra Cyber Security has a solution that will help decrease your attack surface.

The Ostra solution provides 360-degree 24/7 proactive protection to all employees, regardless of where they are located. What that means is that Ostra becomes a secure ISP for remote employees working on a home or public Wi-Fi connections. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/2Ak2aqn

Ostra Cybersecurity

Phishing in a Pandemic

/in /by

Cybercriminals are smart, they are professionals in what they do and know how to take advantage of an opportunity, like a pandemic. The Microsoft Threat Protection Intelligence Team has recently published a report on how scammers have used the COVID-19 pandemic to increase phishing attacks.

According to the report, they observed the biggest spike in pandemic-related attacks in the first two weeks of March. The report found that the timing of the attacks is correlated to major news stories to capitalize on the fear of the public. For example, there have been many attacks in the last few weeks as fears of a second wave of cases grow in the United States.

“Cybercriminals are adaptable and always looking for the best and easiest ways to gain new victims.” the researchers mention.  Updated cybersecurity programs and updated employee training can help protect your business from cybercriminals.

The figure on the right is from the Microsoft report: Exploiting a crisis shows the frequency of pandemic themed attacks in the United States and how they jumped during major events. This chart is very similar to the global trend as well.

With todays increased risk of a phishing scam it is important to have cyber security that will protect your network and information immediately when faced with a threat. Your business has a greater chance now than ever to be targeted for a phishing scam or worse. Ostra Cybersecurity provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting like many anti-viruses do.

Want to find out more? Contact us today!

 

Ostra Cybersecurity

Schools Facing an Increase in Cyberthreats

/in /by

Every year, technology becomes a larger part of the classroom in the U.S. school system. With that comes a greater risk of cyber-threats, especially without the cyber-security training that most schools lack.

There has never been a more important time for school districts to upgrade their cybersecurity program. In 2019 alone there were 3 times as many attacks on US schools and districts than in 2018. That is a scary statistic once you realize that in 2019, only a few schools operated remotely which largely increases the risk of a cyberattack.

Now it is 2020, schools have moved online, many completely unprepared without a full-time cybersecurity program or expert to help defend against cyberthreats.

The FBI has recently published a public service announcement about how cyberattackers are taking advantage of the COVID-19 pandemic to exploit the increased use of remote learning environments.

Many cyberattacks on schools start with a phishing plot deployed by the attackers. Where they attempt to scam employees into either giving them sensitive and private information or installing malware through attachments/downloads. It is important for schools to provide in-depth training to keep their employees prepared

How schools can improve their cyber-security for 2020

Some schools have announced in-person classes for the fall semester; however, many schools and students are still uncertain what their future holds. Without a doubt, there will be a lot of schools continuing their remote learning program.

As long as schools are continuing remote work, the threat of an attack only grows. Schools need a cybersecurity program with active defense that responds immediately to threats. A program that can provide insurance against human error, like falling for a phishing scam.

Ostra Cybersecurity provides active defense for businesses and schools by protecting staff AND student access to the internet whether at home or at school

Want to find out more? Contact us today!

Ostra Cybersecurity

Smaller Companies are Bigger Targets for Cybercriminals

/in /by

It is a common misbelief that cybercriminals primarily pursue high-profile targets like airlines, car manufacturers, or hospitals. However, the media only reports the attacks that will create a lot of attention and make a good headline while ignoring the attacks on smaller operations.

Analysts who have been documenting cybercriminals during the pandemic say that “they are hitting lesser-known targets harder, especially those closely linked with big, influential companies”. By targeting smaller businesses, hackers aim to disrupt the operations of other companies related to where the actual hack took place. Small businesses with many clients are the most vulnerable for ransomware attacks. Because when an attack happens, the victim’s business is under a lot more pressure from its clients. This will increase the odds that the cybercriminals get their money while creating downtime that will cost the victim more than the ransom payment alone.

More than 60% of ransomware attacks in 2019 targeted small/medium-sized businesses

It is more important now than ever for smaller businesses to protect themselves with the same level of cybersecurity as the big businesses. Ostra Cyber Security offers a Fortune 100 caliber solution, that is simple to deploy and use whether you’re 20 people or 2000.

Want to find out more? Contact us today!

 

Ostra Cybersecurity

If you think your business is safe from cyber-attacks, think again. The company that makes your car just fell victim to one.

/in /by

Honda, one of the top global car manufacturers, has just experienced a cyber attack on its global operations. More specifically a file-encrypting ransomware attack, which was made to encrypt files and demand a ransom. This caused Honda to temporarily shut down production facilities as well as their financial services and customer service operations. However, there was no reported evidence to show a loss or theft of personal identifiable information. This temporary network shut down, which lasted for a couple of days, resulted in the loss of important business and profits in a time where most companies rely on online traffic.

It is not a coincidence that this cyber-attack occurred during this time when most employees are working from home. A CEO of a nationally recognized cybersecurity platform said that “The coronavirus pandemic has created a sizable remote workforce which has increased businesses’ attack surfaces and heightened existing vulnerabilities”. With today’s increased risk of a cyber-attack, it is important to have cybersecurity that will protect your network and information immediately when faced with a threat. Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. If it can happen to Honda, it could happen to you.

https://www.forbes.com/sites/daveywinder/2020/06/10/honda-hacked-japanese-car-giant-confirms-cyber-attack-on-global-operations-snake-ransomware/#164c706853ad

Want to find out more? Contact us today at protection@ostra.net

Ostra Cybersecurity

With cyberattacks up during COVID-19, Ostra offers free cybersecurity solution for local businesses

/in /by

For Immediate Release

Ostra protects vulnerable businesses from cyberthreats while employees work remotely

WAYZATA, Minn. – April 16, 2020 – In response to the more vulnerable remote working situations that businesses are experiencing during the COVID-19 pandemic, Wayzata-based cybersecurity company Ostra today announced that it is offering its proprietary cybersecurity solution free of charge to all Minnesota businesses. The solution can be activated quickly and virtually and is proven to protect data and devices no matter where they are or how they are connecting. Ostra is offering this solution at no cost for two months with no obligations as companies navigate the turbulent economy and their newly remote workforces.

“Companies everywhere are adapting to huge changes during the COVID-19 pandemic and many have launched work-from-home setups with little planning or preparation,” said Ostra Founder Michael Kennedy. “We all have to rally as a community to do our part right now. We want to help protect businesses during this volatile time so that they can focus on the things that matter.”

Today’s environment lends itself to an increase in malicious digital attacks, with remote work environments, personal devices and home routers putting sensitive business data at risk. According to a report from Google, phishing attacks have increased 350% since the coronavirus pandemic began. Experts also report an increase in cyberattacks ranging from credential phishing to fake landing pages to malware, ransomware strains and more. Data breaches can take businesses offline quickly – sometimes for several days – resulting in significant financial and reputational costs that many businesses never recover from.

“Cyber attackers are targeting smaller businesses who may not have the same extensive protection as large corporations,” said Kennedy. “Businesses must enhance their preventative measures because if they are forced to react, it’s already too late.”

Firewalls and antivirus software only cover about 20% of incoming cyberattacks. Ostra utilizes robust technology typically only available to Fortune 100 companies to bring comprehensive, affordable cybersecurity service to businesses of all sizes. The enterprise-grade software is a simple download, paired with remote personal support which immediately protects sensitive information and devices. Ostra provides a 24/7 proactive defense without requiring additional bandwidth or resources.

Contact protection@ostra.net to learn more.

About Ostra

At Ostra, our mission is to provide the world’s best-in-class Internet protection for our customers against known and unknown threats. Ostra is the pre-eminent digital security platform that safeguards your entire business by proactively mitigating threats before they become issues. Find out more about our tools and services at Ostra.net.

###

Contact: Madeleine Rush | 651-214-6937 | madeleine@goffpublic.com

Ostra Cybersecurity

The state of cybersecurity in the time of coronavirus. Important considerations while working remotely.

/in /by

While businesses hustle to migrate their workforce online, cyber attackers seize the moment. 

Now that sheltering in place is commonplace, digital collaboration is the new norm. Cyber security is more important than ever. Remote work environments including personal devices, home routers, and anxious employees put sensitive business data at risk. As we widen the net of devices connected, we are also inadvertently providing more access points for malicious activities.

With the quick rush to set up remote office environments, security has often been deprioritized in favor of moving quickly. We want to help protect your business and your data in a way that won’t slow down your team. 

Phishing attacks have already increased by 350% amid the quarantine.

At least 300,000 suspicious COVID-19 websites were created over two weeks in March.

In a chaotic time with employees operating from an increased sense of fear, they are more susceptible to phishing scams. Bad actors are impersonating trustworthy health organizations and other government agencies to lure people into clicking, downloading, and giving sensitive information. Ransomware and cyber espionage is on the rise with known global cybercriminal groups already infiltrating and exposing sensitive information of businesses and their clients. Many of the companies and hospitals that have been hit are being held liable for these breaches by the clients and patients who have been affected.

The importance of digital security hygiene

While cyber-attackers seize the moment, remote employees may not implement proper security hygiene while working across their devices creating the perfect conditions for infiltration. Now more than ever before it is important to take vigilant steps to safeguard your business and use secure VPNs and WiFi networks, password managers, and have a more critical eye while navigating online.

Business cannot afford the cost or risk of losing their vulnerable data to ransomware attacks. In addition to prevention, early detection is key. With a comprehensive system virus’s and other infections are detected, contained, and remediated quickly, mitigating destructive breaches and costs.

Cyber attacks are on the rise

FireEye reports that 75% of ransomware attacks happen within three days, and often strike during off-hours or weekends, making around the clock monitoring critical. For organizations monitoring from a distance or working on a skeleton crew, detecting attacks within the nick of time may not be possible. Some good news, we can take proactive steps today to mitigate risks to companies, employees, and clients before they become issues. 

Ostra offers a free solution to cover your needs

In response to more vulnerable remote working situations, Ostra is offering our proprietary cybersecurity solution free of charge to new clients to help with the next couple of months, or whenever this blows over. We can help you provide secure VPN access and protection for email, end-points, and against malware and ransomware attacks. Our system can be installed remotely and have you up and running quickly.  If you partner with us during this time, you will receive regular reporting detailing the malicious threats we blocked and we may ask for feedback on our services along the way.

We’re here to provide a sphere of protection around your digital world, so you can focus on your business, employees, clients, and families during these challenging times and year-round.

Contact us today for more information!

Iranian Flag
Ostra Cybersecurity

Iran’s Potential Cyber Threat: What to Know

/in /by

Geopolitical Impacts

Ostra’s threat intelligence partner, FireEye, assesses with high confidence that Iranian cyber espionage presents a high-frequency, serious intensity threat particularly to organizations in the government, oil and gas, telecommunications, and financial services industries located in the United States, Saudi Arabia, and other Middle Eastern countries.  Historically state-sponsored actors have conducted cyber espionage or intentionally destructive attacks as retaliation or revenge for geopolitical or military events.

Mitigation Strategies

Historically malicious attacks originating from Iran have utilized a wide range of tactics.

Current Action

FireEye has all known Iranian malware virus signatures and automatically pushed out to all licenses. FireEye will continuously automatically update all licenses as future malware viruses become known.

 

Potential Tactics & Recommended Mitigations

Tactic:  Password Spraying – the attempt to harvest legitimate login credentials by trying common passwords against a large number of accounts.

Mitigation:  Follow standard password and authentication best practices including;

  • Thorough investigation of anomalous login attempts
  • Multi-factor authentication for remote access
  • Account audits to ensure all are appropriately terminated and have current authentication controls applied

Tactic: VPN Vulnerability Scanning

Mitigation: Ostra ensures our clients’ VPN solution is up to date and patched.   We monitors user login and system event logs. 

Tactic:  DNS Hijacking – Domain name system, is the renaming of IP addresses into human sounding names like google.com.  Hackers alter DNS server records in order to make a malicious site appear legitimate)

Mitigation:

  • Implement multi-factor authentication on domain registrar accounts
  • Audit DNS records
  • Monitor SSL certificate transparency logs and revoke any fraudulently issued certificates. 

Tactic:  Spearphishing – email fraud that is targeted to a particular person or company.

Mitigation:

  • Ensure all device Operating System and applications are up-to-date and fully patched
  • Educate users to
    • Validate links and attachments before opening,
    • Validate the legitimacy of the sender,
    • Request secondary validation of unexpected links or attachments

Tactic:  Social Media – Iranian actors have used complex social engineering tactics on social media to influence opinion and to perpetrate attacks.

Mitigation:

  • Be extra cautious of files and links shared on social media sites.
  • Validate the identity of unexpected contact through secondary means.
Ostra Cybersecurity

Ransomware Shuts Down Tele-Fundraising Company

/in /by

Company closes doors without notice.

A tele-fundraising firm in Arkansas shut down, telling employees they should “search for other employment,” after recovery efforts from a ransomware attack failed. The Heritage Company lost hundreds of thousands of dollars after they paid a ransom to the attackers but still were unable to restore systems. After two months of data recovery efforts, the company was unable to regain control of systems or the situation.

“Once we were hit with this terrible virus we were told time and time again that things would be better each week, and then the next week, and the week after that.”

 

The attack took place at the beginning of October 2019, but was not made public to employees while the company struggled to repair and contain the damage. CEO Sandra Franecke released a letter to employees late in December explaining that over the weeks and months of recovery efforts, leaders didn’t understand the extent of damage. Company executives also did not appreciate the difficulty the company would face to recover key systems, such as accounting or mail processing.

 

 

 

“Even if they call back it would be really hard to trust.”

 

The timing and sudden announcement of the closure, two days before Christmas, and the uncertain future of the company left employees reeling. Former employees were asked to call a hotline to receive an update on their job status. A pre-recorded message informed them on January 2 that recovery efforts were ongoing with “much work that needs to be done.” Employees who spoke to the media said they are looking for employment somewhere else and they don’t think Heritage will open again anytime soon. The company has been in business for 61 years.

The cost of fallout from a ransomware infection may be too much for a small business to bear. Funds to pay a ransom demand, rebuild IT infrastructure, and support struggling operations may not be available. As Franecke stated of the attack on Heritage, “I have been doing my utmost best to keep our doors open, even going as far as paying your wages from my own money to keep us going until we could recoup what we lost due to the cyber attack.” Small businesses facing these circumstances may have no other choice but to shut down for good.

At Ostra, we believe this doesn’t have to happen. We are committed to protecting small businesses without large IT budgets or cyber security expertise with the same top-of-the-line cyber security tools that protect large organizations. Partner with Ostra for Enterprise Grade Security to prevent ransomware and the costly aftermath of an attack.

Ostra Cybersecurity

Cybersecurity: 2020

/in /by

Threat actors have a very real opportunity to make big returns. 

In the cybersecurity world, the bad guys are picking up the pace and the deluge of attacks isn’t likely to let up. Experts predict bolder actions and attacks by threat actors, and stricter regulations and lawsuits by regulators and consumers. Cybercrime will intensify in 2020 and could cost a lot.

 

Collaboration across criminal groups with differing specialities is one of the most significant developments in criminal techniques that will shape cybercrime in 2020. Hackers are now selling access to networks they previously compromised to other threat groups. This type of collaboration among threat actors allows one group of criminals to leverage the work of another group of criminals. By purchasing access to a target’s breached network, a cybercriminal can distribute ransomware without having to do any initial breaching on their own.

Cyber-criminals also refined attack techniques that will become more the norm in 2020. Bad actors began to commonly use precursor infections to find high-value systems and encrypt data on them, making victims more likely to pay. Targets themselves are no longer mass-scale victims of spam, but instead are specifically selected. Many criminals know with whom they are dealing and act accordingly.

“Malware threat actors are increasingly trading their work…”

 

Sophisticated tools developed in 2019 also give a foretaste of what is to come in 2020. Ransomware that uses “kill lists” to try and terminate anti-malware tools, or malware that sets itself up as a service running in Windows’ Safe mode avoids all built-in protection tools and increases the criminals chance of success. Malware can now be automated to quickly profile an infected environment and laterally spread within a targeted network, or trigger simultaneous infections across multiple machines within the same environment.

Government regulations are expected to become more strict as vulnerabilities to cyberattacks increase. In 2019 Juniper Research predicted that annual costs of data breaches will rise 11% per year to over $5 trillion in 2024, driven mainly by higher fines as well as business losses incurred due to a cybersecurity incident.

“Most fines and lost business are not directly related to breach sizes.”

Late in 2019, a proposed class-action lawsuit against a medical services company LifeLabs sought more than $1.13 billion in compensation for LifeLabs’ clients after a database hack compromised personal and health information of up to 15 million customers. While this large-scale suit will grind through the slow legal process, the verdict in the court of public opinion is in. Customers in 2020 will presume their data is protected and will expect companies of all sizes to be punished for failing to protect it.

In 2020 cybersecurity will only become more important for companies doing business in a digital world. Near-constant breaches in 2019 have created a numbness to security risks, while the complexity of technology and sophistication of cyber threats makes IT security feel daunting to businesses. Partner with Ostra in 2020 for an Enterprise Grade Security solution that combines top tier appliances and services for strong cybersecurity protection.

 

Ostra Cybersecurity

Ransomware: 2019 A Gangbuster Year for the Cybercriminals

/in /by

Explosive and sustained growth made ransomware infections the top cyber scourge of 2019 for businesses of all sizes. Ransomware operators swarmed government, healthcare and education targets in unprecedented numbers. A recent report tallies the total number of incidents in 2019 at nearly a thousand.

“It’s Schrödinger’s backup: the state of a backup isn’t known until you have to restore from it…”

While cybercriminals spawned public attacks on cities across the U.S., they were also quietly launching lethal assaults against SMBs. Attackers used new strains of malware to snake their way through networks until they compromised everything possible. Then they unleashed ransomware that took everything down – often including servers and backups. In the first half of 2019 over 50% of MSPs reported this type of attack against SMBs.

Excessive Costs

Some victims who relied on insurance reimbursements to pay ransomware demands discovered that damages exceeded cyber policy limits. The city of Baltimore’s $18.2M loss in May 2019 far outstripped the $102,000 extortion demand. In December, New Orleans mayor announced the city would be increasing its coverage from $3 million to $10 million next year.

On a smaller scale, many SMBs continued to see paying a ransom as the lesser of two evils. Costs to restore systems and loss of business during the time systems were down drove victims to pay up. Businesses in this position were forced to gamble that operators behind the attack would actually release the data, and that payment would not incentivize the criminals to attack them again.

The FBI reported that losses from ransomware attacks increased significantly in 2019 and expects that trend will continue. What cybercriminals learned in 2019 is that ransomware works. As one security expert put it, there’s “really good money in ransomware, not only for the attackers, but recovery experts brought in after that fact and insurance companies that profit from selling coverage against extortion threats.”

Ostra Fights Back

SMB’s need affordable protection against the “unprecedented and unrelenting barrage” of ransomware attacks seen in 2019. We’ve partnered with PaloAlto, FireEye, Cisco, Netskope and Splunk to offer Tier One Enterprise Grade Security to small and medium businesses. The solutions offered by these industry leaders are specifically designed to detect and prevent ransomware attacks.

 

Ostra Cybersecurity

Ignoring a Ransom Demand Just Got Harder

/in /by

[

Attacks and Stolen Data Published By Attackers. Ostra Provides Protection.

Ransomware attackers have turned up the nasty dial by outing victims who refuse to pay and threatening to go public with their stolen data. Several modern ransomware strains capable of collecting and stealing a victim’s data before encrypting files play into a broad new trend in the ransomware scene, where attackers threaten to publish data stolen from victims who refuse to pay up.

Earlier this week, cybercriminals behind one of these ransomware strains created a website and published company information for eight victims of malware that have declined to pay a ransom demand.

“Now that ransomware operators are releasing victim’s data, companies will have to treat these attacks like data breaches.”

Information for each victim includes the initial date of infection, examples of stolen files, the total volume in Gigabytes of files the attackers claim to have stolen, as well as the IP addresses and machine names of the victim’s infected servers. The attacker’s intent to publish the entirety of this stolen data — “wait for their databases and private papers here” — is hardly subtle. It’s probably not an idle threat either. Recently the US security company Allied Universal ignored a similar threat, and the cybercriminals behind the attack released 700MG worth of their data on a hacking forum. Postings by cybercriminals on the dark web also spotlight the use of stolen data as public leverage to get victims to pay.

Theft of data during a ransomware attack should be considered a data breach, even though many victims quietly rebuild systems and hope no interested parties ever find out. This is particularly concerning to companies that are required by law to launch a post-breach investigation and establish legal notification requirements. As cybercriminals go public with their ransomware attacks, victims who refuse to pay could face fines and penalties for failing to report breaches.

The security solution offered by Ostra layers top tier security appliances and services such as PaloAlto, FireEye, Cisco, Netskope and Splunk specifically designed to detect and prevent modern ransomware attacks. Partner with Ostra for Enterprise Grade Security to keep your data and business secure.

 

 

Ostra Cybersecurity

Phishing Attack: The Power of One Email

/in /by

Ostra Delivers Smarter Protection to Minimize Security Risks

All it takes is one unsuspecting employee to click a malicious link in a phishing email and attackers will have all the information they need to compromise a business.

Access is everything – and phishing attacks give attackers access. As an attack method, phishing is easy and it works. All it takes is a believable email to get people to click on, and a fake website to land on.  According to industry research, over one third of phishing messages get opened by targeted users.

It’s not surprising that one of the most prevalent ways attackers are breaching data is via phishing. With no sign of cyber attacks slowing down, it is important that anyone who operates in a digital world — which is nearly everyone — is fully awake to the threat posed by phishing attacks, and the consequences of failing to recognize and respond when an attack occurs.

According to 2019 trends, phishing emails are much more likely to have a malicious link than a malicious attachment. These links lead to impersonated websites designed to harvest credentials, trick the victim into installing malware, or inject drive-by exploits into vulnerabilities in the user’s browser. A majority of these websites appear safe to the victim because they use HTTPS and legitimate certificates.

In an indiscriminate attack, phishing emails contain links leading to fake websites impersonating popular brands such as Facebook, Apple, Amazon, Netflix or Paypal. This “spray and prey” tactic is used against a big list of email addresses with the a goal of successfully luring some of the many recipients.

A targeted attack involves an email that impersonates an organization known to the targeted group. Some common tactics in a targeted attack encourage the recipient to click a malicious link disguised as a holiday bonus from HR, an invoice from vendor, or a resumé matching open jobs. Criminals use the credentials gathered from this type of attack to access protected information — for example a list of bank customer names and email addresses — or to gain illicit network access for reconnaissance and future attack.

A single individual, usually a C-level, is targeted in a spear-phishing attack. The email impersonates someone known to the target and often achieves credibility by using details sourced from the target’s digital identity (social media). Fraud via wire transfer or fake invoice, ransomware injection, and theft of secrets are the high-dollar goals of a personalized attack.

A phishing response strategy is a modern necessity. Security awareness is a part of that response, but users are not a strong last line of defense in cybersecurity. Modern day attacks spawned by phishing emails often go undetected by traditional security solutions. Ostra’s Enterprise Grade Security solution provides the technical security controls necessary when the bad guys find a way to trick someone into clicking something malicious.

 

 

Ostra Cybersecurity

Major US Managed Service Provider Attacked

/in /by

Ostra Offers Access to Best-In-Class Security Products

One of the largest data center providers in the US, CyrusOne, was infected with ransomware yesterday which encrypted customer devices and network data. The same ransomware family was used in a rash of attacks earlier this summer, which included several managed service providers, local governments in Texas, and over 400 US dentist offices.

The attack caused a cloud service outage for at least one major CyrusOne customer, the financial and brokerage firm FIA Tech. At least five other large customers of their New York data center have also experienced availability issues due to encryption of their data and devices. A CyrusOne spokesperson said they are currently performing forensics to investigate the attack and help customers restore impacted systems. CyrusOne owns 45 data centers globally and has more than 1,000 customers. 

The data center provider does not intend to pay the ransom demand, “barring any future unforeseen developments.”

The ransom note indicated this was a targeted attack against CyrusOne’s network. Targeted attacks rely on single-use strains of malware specifically designed to avoid detection by signature-based antivirus solutions. Successful defense against this type of attack requires integrated prevention, detection and response tools that recognize and halt advanced threats. 

Managed Service Providers have increasingly become targets of cyberattacks. Even a relatively small MSP may offer attackers as many endpoints as a major corporation, and an MSP may not have the robust security capabilities that a large corporation has to prevent sophisticated cyberattacks. Earlier this year CyrusOne explicitly listed ransomware in an SEC Filing as a risk factor for its business.

To face the rising tide of targeted attacks, Managed Service Providers need to improve their security posture. Ostra’s Enterprise Grade Security solution gives MSPs access to best-in-class security services, such as FireEye and PaloAlto, which large corporations use to combat targeted attacks. Contact Ostra to learn how to protect your clients and MSP business.

 

 

Ostra Cybersecurity

2,400 Nursing Homes Immobilized in Ransomware Attack

/in /by

Ostra’s Intrusion Detection Layers Prevent Advanced Persistent Attacks

Cyber criminals found a vulnerable target when they attacked Virtual Care Provider Inc (VCPI). This classic advanced persistent threat began with a breach over a year ago, and in the 14 months after VCPI was first compromised, the groundwork was laid for a full-fledged ransomware infestation. Businesses that don’t have intrusion detection as a part of their cybersecurity strategy are particularly vulnerable to this type of attack.

VCPI faces the long road to recovery when (and if) the attack is brought under control.

The Wisconsin-based company that provides cloud data hosting, security and access management to more than 100 nursing home management companies across the United States is currently crippled by an infection of a ransomware strain known as Ryuk. All data the company hosts for its clients was encrypted on November 17, and core offerings such as Internet service and email, access to patient records, client billing and phone systems across the 2,400 facilities served have all been impacted. VCPI is unable to pay the nearly $14 million ransom demand, and is focused on restoring services to the 80,000 computers and servers that assist those facilities.

While an advanced persistent attack typically stems from an email attachment that is used to download malware, it differs from a traditional attack in a number of ways. Targeted attacks such as these may go undetected because they are specifically designed to avoid detection by signature-based antivirus solutions. The malware in these types of attacks is designed to keep installing itself, establishing persistence and furthering its ability to spread. This type of sophisticated malware also stays in contact with its “command center” (the cyber-criminal masterminding the attack) to receive instructions. This ongoing undetected contact with the infected system allows cybercriminals to slowly compromise the entire network, map out the target’s internal networks, undermine key resources and data backup systems, disable antivirus, run customized scripts, and deploy ransomware. Because the infection is persistent, if the criminals don’t succeed on the first they can just keep trying.

An effective cybersecurity solution can combat an advanced persistent threat because it combines layers of intrusion prevention and intrusion detection. Partner with Ostra’s to protect your business with an Enterprise Grade security solution that detects and halts reconnaissance activity associated with a ransomeware infestation.

 

Ostra Cybersecurity

Disney+ Accounts Hacked Within Hours of Launch

/in /by

Ostra Prevents Info-Stealing Malware

Disney+ streaming service launched last week, and only hours later thousands of stolen account credentials were up for sale. Disney customer complaints flooded popular social media networks like Twitter and Reddit, reporting that hackers accessed their accounts, changed email and passwords to take over the account, locking the rightful owner out. This crime of opportunity was possible in part because users tend to reuse passwords which were leaked and used by hackers to gain access to the new Disney+ accounts. In many instances, however, passwords unique to the Disney+ streaming service were obtained through the use of “keylogging” malware.

As the name implies, this type of malware works behind the scenes of an infected computer, sniffing out the keystrokes while the system continues to operate normally. The software can steal passwords, take screen shots, record viewed web pages, grab sent emails and instant messages, as well as sensitive financial information such as credit card numbers, PIN codes, and bank accounts. All of this data is sent over the network to a remote computer or web server where the person operating the logging program can retrieve and sell it to third parties for criminal purposes.

Malware creators know that most people use popular antivirus or anti-keyloggers so they create sophisticated malware to bypass it — much like if everybody used the same door lock, the criminals would only need to learn how to pick one lock. Ostra’s security platform is different from popular anti-virus programs because it tests the intention of keylogging malware before it can install and start spying; and detects when stolen data is being transmitted.

Thousands of hacked Disney+ account illustrate how easy keylogging malware can be used for credential theft. Protect yourself from info-stealing malware with Ostra’s Enterprise Grade security solution.

Ostra Cybersecurity

Simple Mistake, High Price Tag

/in /by

Ostra Prevents Business Email Compromise Scams 

Social engineering has propelled Business Email Compromise (BEC) to new heights of scammer success. Cyber-criminals can construct well crafted and highly detailed emails due to the wealth of information they can collect from social media and also purchase on the dark web. In an increasingly digital age of banking, more businesses are falling victim to Business Email Compromise billion-dollar industry scams.

A three-pronged approach of training, process, and technology can stop a Business Email Compromise attack before it succeeds. Ostra’s security solution has the capability to use advanced analytics to evaluate and capture BEC emails based on attributes, and authenticate partner, vendor and customer emails to verify they don’t originate from a fraudster.

SMBs operating in a digital environment need strong protection against modern day threats. Partner with Ostra for Enterprise Grade Security that provides best-in-class security services to avoid sophisticated Business Email Compromise attacks.

Ostra Cybersecurity

ConnectWise: Hackers Target Remote Management Tools

/in /by

Ostra’s Best-In-Class Security Prevents Management System Attacks

Remote IT management systems provide what cyber-cyber-criminals want the most — access to potential victims and infrastructure designed to make that access easy and direct. Florida-based ConnectWise publicly acknowledged last Thursday that malicious actors were targeting open ports of ConnectWise in an active and ongoing campaign with the purpose of introducing ransomware to on-premise application customers. The specific ports, type of ransomware and targeted ConnectWise customers were not disclosed.

This is undoubtedly a worst-nightmare scenario for businesses who use ConnectWise to remotely manage computer networks. Such an obvious and lucrative entry point — an approved, privileged, understood, knowledgeable and centralized system used to manage a company’s computer systems — allows an attacker to “rapidly inflict as much pain as possible, bringing the company to its knees and maximizing the attacker’s reward.”

 

Exposing vulnerable RDP endpoints, preventing removal of anti-virus, and detecting unusual network activity are all functions that a comprehensive enterprise-grade security solution provides. Partner with Ostra for Enterprise Grade Security that provides best-in-class security services to integrate prevention, detection and response tools that recognize and halt attacks such as the one facing ConnectWise customers.

Ostra Cybersecurity

High Stakes for Small and Medium Business

/in /by

88% of Small Businesses Feel Vulnerable to Cyberthreats. Ostra Changes the Math.

Eileen Mannings Minneapolis-based event group was attacked a few years ago on the eve a a Cyber Security conference she stages every fall. By current standards, the attack against Manning’s firm was relatively tame and manageable. Much has changed in recent years as attack tools and methods have become much more sophisticated and SMBs across the board are increasingly the targets. Ostra has responded to the evolving threats against SMBs with an affordable solution that leverages the same enterprise-grade cyber-security protection against modern day attacks that large corporations use to protect their business.

The attack against Eileen Mannings SMB Event Group resulted in a $5000 ransomware demand, which would be modest by today’s standards. The average ransom paid increased from $6,733 in 2018 to $12,672 in 2019. 

Attacks during the same timeframe increased by 118% with “code innovations and a new, much more targeted approach” which greatly increases the damage potential and recovery costs for the intended victim. The majority of targeted ransomware attacks also wipe or encrypt backups, making infections more debilitating and recovery more costly. In a modern day ransom attack, almost half of small to midsize businesses experience at least 8 hours of downtime with the average ransomware incident lasting 6 days. Costs to restore access to critical systems, replace damaged or stolen assets and mitigate brand damage, public relations, legal fees and fines have also sharply increased in recent years. The “attack vector” against Mannings’ company was an email attachment, which is still the source of over 90% of malware delivery. But it is very likely that a modern day attack would be undetectable to traditional signature virus identification because protection is limited to threats with known signatures. Recent industry research found that 80% of observed malware is single use, meaning it is undetectable by traditional signature-based anti-virus solutions.

Ostra’s security layers are built using top tier security appliances and services. We’ve partnered with PaloAlto, FireEye, Cisco, Netskope and Splunk to offer Tier One Enterprise Grade Security to small and medium businesses. The solutions offered by these industry leaders are specifically designed to detect and prevent modern day threats. Ostra is the SMB security partner for today’s digital world.

 

Ostra Cybersecurity

CPA Phishing Season

/in /by

Fall accounting madness is the perfect time for a cyber-criminal to strike.

The IRS, states and tax industry partners continue to warn tax professionals to beware of the continuing threat of phishing emails, which remain the most common tactic used by cybercriminals to steal sensitive data. Particularly during the fall logjam triggered by the flood of corporate filers and six-month extensions, cyber-criminals can count on less email scrutiny as CPA’s rush to meet deadlines.

Today, when we talk about phishing, it’s no longer misspelled spam messages sent out en masse. Cyber-criminals understand that CPA firms have valuable data, and will spend time passively acquiring intelligence to craft malicious messages intended to trick someone at a targeted firm. The attack begins with digital reconnaissance across social media networks; email address tracing to find online accounts of interest; and scanning groups and public profiles to piece together a CPA Firm dossier. Hackers can then build a map of the target firm’s members and their connections, friends, family, personal details, and history to identify what those individuals may consider trusted sources. 

Spoofed email addresses, faking names, and using company logos, signatures, and personal details are all easily included in a phishing email to enhance credibility and “bait” the recipient into opening an embedded link or an attachment.

A spear-phishing email may create a sense of urgency for a CPA firm member to update account information associated with tax software or data storage providers. A link may seem to go to a website associated with the account, but it’s actually a website controlled by the thief. The thieves’ goal is to trick tax professionals into entering their usernames and passwords into these fake sites, which the crooks then steal.

Cyber-criminals may also pose as prospective CPA clients, and send an attachment disguised as tax information that contains malicious software called keylogging. This malware secretly infects computers and provides the thief with the ability to see every keystroke. Thieves can steal passwords to various accounts or even take remote control of computers, enabling them to steal taxpayer data.

Hackers can take their time analyzing the stolen data because most often the CPA firm is unaware of the breach. They may launch attacks on CPA clients, or they may sell the stolen data. After stealing CPA data, some thieves may encrypt it and demand a ransom in return for a code to un-encrypt it. Alternatively, hackers may leave an infected system intact to return later and steal more data or attack again.

Ostra’s Enterprise Grade Security Solution provides deep layers of defense to ward off attacks on targeted CPA firms. Phishing email sent to targeted CPA employees are handled with industry leaders FireEye and Palo Alto enterprise-grade advanced threat detection and response technology, so the threat never reaches the firm. Partner with Ostra for cyber-security so hackers can’t use your heavy CPA workload to their advantage.

Ostra Cybersecurity

Focused Ransomware Attacks

/in /by

Costs Rise for Vulnerable Businesses

Ostra can prevent cyber-criminals from cashing in on SMB targets.

Ransom demands nearly doubled in 2019 and recovery time from a ransomware incident also rose sharply. This record-setting trend is something SMB’s need to pay particular attention to. The dramatic increase in ransomware costs stem from the new powerful strains of sophisticated ransomware. High-resource businesses targeted by Ryuk in early 2019 are beginning to resist egregious ransom demands, so criminals will be looking for other businesses to attack. SMBs with less sophisticated security solutions are the perfect target.

The average ransom demand paid during the first quarter of this year was up 89% from $12,762 compared to $6,733 at the end of last year. However, that is just a fraction of the actual cost of an attack. New variants of ransomware effectively disable or destroy backups, and use encryption methods that make it extremely difficult to decrypt. This resulted in increased downtime after an attack by 47% over late 2018, translating to an average recovery cost of $64,645. Rising ransom demands that were absorbed by mid-market and large enterprises could cripple SMB targets.

Smaller operations with limited resources and staff are focused on their craft, and rely on security products that criminals know how to circumvent. Investing in IT security and backup policies can also be difficult for SMBs. Criminals know that many SMBs have a low tolerance for data loss and downtime, which makes them vulnerable ransomware targets.

Ostra’s Enterprise Grade Security Solution was designed to solve this problem. Our multi-tenant platform gives SMB’s access to layers of security solutions used to protect large corporations. Contact Ostra to learn how to protect your data and your business.

Ostra Cybersecurity

MSP Ransomware Infections

/in /by

Cybercriminals hit the jackpot with MSP Ransomware Infections:

Tools and capabilities MSPs use to serve customers were used against them. Ostra has a solution for that.

MSPs have what cyber-cyber-criminals want the most — access to potential victims and infrastructure designed to make that access easy and direct. A ransomware gang got just that type of easy access this week through several MSPs, whose clients became the infected victims. In an MSP worst-nightmare scenario, attackers gained access to the MSP network via exposed RDP and elevated privileges to uninstall anti-virus software on their clients’ systems. Adding insult to injury, the attackers distributed and installed ransomware undetected because they were using the MSP’s own software to do it.

Attacks targeting MSPs are on the rise because even a relatively small MSP may offer attackers as many endpoints as a major corporation. Earlier this year a wave of GandCrab attacks against a mid-sized MSP faced a $2.6 ransom when all 80 of its clients were infected, encrypting an estimated 1,500-2,000 endpoints.

Security is paramount to client trust, so when an MSP entrusted in keeping client networks functioning securely is breached, trust quickly erodes. MSPs often deal in the currency of trust, so loss of trust directly affects the bottom line.

Attackers target MSPs because they are often relatively small operations with specialized knowledge and tools but limited staff and resources. MSP security systems may not have the robust capabilities required to prevent a sophisticated attack. In the attacks this week, prevention measures such as exposing vulnerable RDP endpoints, preventing removal of anti-virus, and detecting unusual network activity were not in place. To face rising attacks targeted at their business and customers, MSPs need to have a comprehensive enterprise-grade security solution that provides integrated prevention, detection and response tools to recognize and halt advanced threats.

 

Ostra Cybersecurity

Breach and Bankruptcy

/in /by

Breach puts top debt collection supplier out of business.

Ostra can help make sure SMB suppliers are not the weak link.

American Medical Collection agency (AMCA) was a supplier of medical debt collection services to large clinical laboratories, hospitals and physicians groups until a data breach put them out of business last week. The breach exposed personally identifiable information (PII), healthcare and financial data belonging to enterprise customers, and almost immediately after it was discovered four of AMCA’s largest clients  — Quest, LabCorp, Conduent Inc. and CareCentrix Inc. — stopped doing business with the company. In early attempts to reverse the situation, CEO Russell H. Fuchs personally lent the company $2.5 million, but loss of revenue along with an estimated $4.2 million in remediation costs ultimately drove the company out of business.

Third party SMBs like AMCA are integral to the enterprise business ecosystem, and SMB’s lacking strong security increasingly find they are targets of attack. Many SMBs rely on entry level commodity security products such as traditional anti-virus and firewall defenses that only address one risk. While some larger SMB’s may utilize more comprehensive products, these are non-enterprise grade solutions that hackers understand and can exploit. According to recent cybersecurity statistics over the past 12 months SMB’s accounted for over 58% of all data breaches. At an average cost of $3M the impact is enormous and possibly devastating for SMB’s. 

As AMC discovered in the wake of their breach, large enterprise customers are quick to decide ongoing business is too risky and terminate the business relationship. Costly forensics to determine what data was stolen may not provide a definitive answer, escalating remediation costs to include notification of all potential victims and incurring legal fees if the breach leads to a lawsuit. All of this can be too much for an SMB to absorb, as was the case for AMCA who filed for bankruptcy early last week. How can SMBs avoid being targeted, breached and ultimately ruined by an attack? SMB’s who supply services to large enterprise customers need to understand that security solutions reliant on traditional methods have holes that hackers know about. Bad actors can enter and remain undetected inside networks that are protected by non-enterprise grade solutions, and use intelligence gathering software to carry out planned sophisticated attacks that maximize damage and theft.  To avoid an attack that could lead to the dire outcome faced by AMCA this week, SMBs need to have an enterprise-grade comprehensive security solution that provides integrated prevention, detection and quarantine tools based on threat behavior characteristics.

Ostra Enterprise Grade Security solution gives SMB’s access to the best-in-class security services used by their enterprise partners. Ostra not only protects the SMB IT environment, but more importantly protects the SMB’s ability to stay in business.

 

Ostra Cybersecurity

Can SMBs Break the Microsoft XP Chains that Bind?

/in /by

Stuck with old technology?

Microsoft offers zero-day exploit patches for an 18 year old operating system. Ostra can do better.

The majority of businesses, industrial control centers, and hospitals don’t use Microsoft XP by choice, but a lot of them still do. Old systems are particularly vulnerable because known exploits still work, and unsupported operating systems such as Windows XP are virtually unprotected from new exploits. That was the message from Microsoft last week after a patch was released to protect Microsoft XP and Server 2012 R2 systems from yet another global attack.

XP was released in 2001 and gained an unprecedented foothold in the market. This was an era when companies didn’t update their machines for years on end, so for nearly a decade XP was not just an operating system. It was the operating system. During this same time, technology was starting to intertwine with every aspect of how businesses operated.

The net result was a generation of critical control systems and infrastructure in industrial operations, transportation and healthcare built on the bedrock of Windows XP. Keep in mind that in 2001, cyber warfare was not necessarily on everyone’s minds, so nearly two decades later we might be in for a perfect storm. The World Economic Forum’s 2018 Global Risks Report named cyber attacks as a top cause of disruption in the next five years, coming only after natural disasters and extreme weather events.

If facing the future with a zero-day XP exploit patch in hand makes you feel squeamish, turn to Ostra. Ostra’s Enterprise Grade Security Solution provides protection for the  ball-and-chain antiquated operating systems inherited from the past and the growing risks they present. Microsoft XP might be our decades old Hobson’s choice, but conventional security solutions are not. Ostra is the security solution when the future must include the past

Ostra Cybersecurity

Unpatched and Vulnerable

/in /by

Windows XP and Server 2012:

Ostra’s solution keeps unpatched systems safe.

 

Two years after WannaCry crippled computer systems across the globe there are still nearly 1.7 million unpatched exposed endpoints. More than 400,000 of these vulnerable devices are in businesses, industrial control networks and hospitals across the United States. Stolen NSA hacking tools used to propagate the WannaCry attack pose an ongoing threat to these vulnerable systems, and the potentially millions of devices connected to those systems. Ostra’s Security Systems prevents this threat exposure.

Reasons these systems have gone unpatched for two years involve logistics, risk, and platform dependency. Many industrial control settings run large scale physical processes 24/7 so interrupting operations to test and install patches is difficult or impossible. In healthcare settings the unknown effects patching on complex systems introduces risk to patient care. And many proprietary systems across all sectors may not be compatible with newer Windows products, forcing the ongoing use of vulnerable legacy operating systems such as Windows XP and Windows Server 2012 R2.

The NSA hacking tools are still at large and continue to deliver damage to unprotected systems. The cryptocurrency “WannaMine” attack and the Atlanta ransomware attack are high profile cases of cybercrime which used NSA exploits on systems that remained vulnerable long after the WannaCry wake up call.

In the post-WannaCry era, business, industry and healthcare entities knew their systems were vulnerable but had limited options to protect them. Ostra has changed that. Unpatched systems can be protected without the accompanying logistical, risk, and platform dependency struggles. Ostra’s Enterprise Grade Security Solution protects exposed endpoints without patching, allowing older systems to safely operate in peace.

 

Ostra Cybersecurity

When Hospitals Need Bandaids

/in /by

Infection Prevention:

Hospitals are vulnerable to cybercrime. Ostra is the solution.

 

For the past two days, IT teams in hospitals across the country have gathered in command centers to secure older devices from a security vulnerability. This came at the urging of the Microsoft Security Response Center, which discovered the “zero day” threat on Tuesday.

When vulnerabilities are detected in newer operating systems, patches are applied through Microsoft’s automatic updates. But in many cases, hospital equipment runs on older versions of Microsoft Windows operating systems that are no longer supported with new patches. And while the obvious answer may be to update those systems, often it is a difficult problem for hospitals to keep current with technology. Sometimes continuously updating equipment is highly risky or cost prohibitive. In other instances, the long approval and installation process of medical equipment and implantable devices results in implementation of technology that is already old “out of the box.”

The net result leaves hospitals vulnerable to threats such as the one that surfaced this week targeting an older operating system feature called RDP (remote desktop protocol). According to Microsoft, this threat is highly likely to be incorporated in malware in the near future. Like its very damaging predecessor “WannaCry,” malware exploiting this vulnerability will be particularly dangerous because it won’t require access to the computer it is infecting.

While many hospitals handle vulnerability countermeasures as a part of the normal security workload, the margin for error is thin. It only takes one affected computer in a network for a “wormable” infection to spread. Ostra’s cybersecurity solution can prevent outside threats from getting in, and can provide configuration support to isolate older devices to further reduce risk. While it maybe strategically impossible to eliminate older devices from a hospital setting, Ostra can make sure older devices in hospitals don’t become the cyber equivalent of Typhoid Mary.

Ostra Cybersecurity

Is Anti-Virus Enough Security For Small Business?

/in /by

It’s Not Me, Anti-Virus, It’s you:

Why an imminent break-up with anti-virus as a security solution is a good idea.

 

Small and medium business owners may want to re-think their belief that anti-virus gives them the protection they need after three major AV companies were breached by a high profile Russian hacking group. 30 terabytes of stolen internal corporate documents and anti-virus source code are for sale in criminal marketplaces, and this isn’t the first time reputed security companies have failed to keep criminal hackers out of their networks. Consider this the bold exclamation point to a long-overdue conclusion that traditional AV security is far from the protection small and medium business owners need.

This all played out in March 2019 when a Russian hacking group, Fxmsp stated they “could provide exclusive information stolen from three top antivirus companies located in the United States.” This group of cyber-criminals has a long-standing reputation for selling sensitive information stolen from high profile government and corporate entities. Over the last two years they have sold verifiable corporate breaches for a profit of nearly $1 million. A threat research firm, AdvIntel, verified that the group had source code related to the companies anti-virus software development and notified “the potential victim entities” which were Symantec, Trend Micro, and McAfee.

What happens next is something anti-virus consumers should pay close attention to. Symantec performed a self-assessment and downplayed any potential damage. Similarly Trend Micro also claimed this was a low risk breach. McAfee neither confirmed nor denied the breach and only commented they are aware of the threat claim and are taking steps to monitor and investigate. So the three major AV vendors that were breached all promised transparency during a self assessment of impact and downplayed the damage. This type of response is straight out of the Breach 101 playbook, so as the truth comes out overtime it will be “old news” that doesn’t need to be covered and everyone will return to business as usual. Except these are the guys selling cyber-crime consumer protection.

So what does that protection look like in the future? It’s hard to say how these three vendors will prevent the stolen source code from being exploited. Third party endpoint security is a sizable attack surface because systems have to trust and empower it to keep them safe. Maybe it’s time for small and medium business consumers to re-evaluate that trust and their relationship with anti-virus, and move on to enterprise-grade solutions like Ostra.

Ostra Cybersecurity, Inc.
7500 Flying Cloud Drive, Suite 640
Eden Prairie, MN 55344
contact@ostra.net
(866) 336-7872

Access our Partner Portal
Subscribe to Our Newsletter