Tag Archive for: extortion

The Hidden Dangers of Insider Threats

Possibly one of the most underrated catalysts for a cyberattack is the insider threat. Take a look at some recent statistics:

  • An article by Identity Management Institute stated that 65-70% of all security incidents arise from insider threats to system and data security.
  • According to IBM Security Intelligence, 40% of insider incidents involve an employee with privileged access to company assets.

Many companies do not account for the damage that an insider threat could do. An insider threat can be anyone with access to an organization’s network, like employees, contractors, business associates, or friends. Insider threats are the biggest contributors to cyberattacks, especially in the last couple of years.

22% of all folders were available to every employee. (Varonis)

What is an insider threat?

An insider threat is anyone who has special access to the organization and can possibly use that access to attack or help hackers target the company. There are a few different types of insider threats to be aware of: malicious insiders, inside agents, emotional employees, reckless employees, and third-party users. Each one of these types of insider threats all could have access to an organization in some way and can use it to their advantage.

Insider threat attacks have only been growing in the past years and experts predict that number to skyrocket as more businesses switch to remote work. The increasing mix of remote, hybrid, and on-site employees means that companies must be extra vigilant about managing network access and permissions. Even the most loyal employees who retire or leave on good terms should no longer have access to company files or systems after their last day. In addition, it is important to ensure that dissatisfied or disgruntled employees—whether they are still there, or were recently laid off—cannot use their access in retaliation against the company.

“The overall cost of insider threats is rapidly rising. There is a 31% increase from $8.76 million in 2018 to $11.45 million in 2020”. (Cost of Insider Threats Global Report)

Online Hygiene

Although cybersecurity has become a loaded concept, it’s important to make cybersecurity a priority. Good online hygiene should be part of any organization’s onboarding or off-boarding process, but if it not, then take it upon yourself to exercise best practices to keep your company safe.

Some basic precautions include performing regular software updates and enabling MFAs. You can also contact Ostra to explore how a cybersecurity assessment can reveal what vulnerabilities you may have, and how you can stay ahead of threats.

Avoiding Apathy

How can companies best protect their data from insider threats? While it is tempting to succumb to either apathy or paranoia, neither of these extremes is the right approach. Rather, awareness that leads to action is the goal. You can read more about this approach in Ostra’s blog about data privacy.

How to protect against insider threats?

  1. Update and maintain the user access/privileges list and be aware of which employees have access and to what—especially as you are onboarding new employees or removing access from departing employees.
  2. Ensure sensitive/confidential information is not accessible by anyone who does not need it.
  3. Educate employees on insider threats and how they can help defend against a possible attack.
  4. Implement a cybersecurity program that can defend immediately against any lurking vulnerabilities.

Ostra Cybersecurity provides active defense protection for your businesses’ data and act immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Contact us today to see how Ostra can help you and your clients minimize risk from insider threats.


Small Business Cybersecurity Tips

Many small businesses are currently struggling because of the pandemic. The last thing any small business needs now is a cyberattack, which could easily put a company out of business. So now more than ever there is a need for strong cybersecurity practices, especially in smaller businesses with less cybersecurity devoted resources.

60 percent of companies that are victims of a cyber-attack go out of business within six months. -NCSA

The average loss of a cyberattack in 2019 was around $200,000, which is a lot of money for a small business to pay. This helps to understand why so many companies struggle to succeed after a cyberattack.

These are some helpful tips to help improve cybersecurity in small business

Train your staff

Employee training is the first and one of the most important steps in maintaining quality cybersecurity. Your employees are the main entry point that hackers try to exploit. Hackers try to gain access through employees by tricking them with phishing and social engineering attacks. They also target employees who are working from home on unsecured personal internet networks. Business owners should train their employees to back up data regularly, avoid any suspicious links, and to report any possible phishing scams. Trained employees will reduce the risk of an attack and should be wary of any future attack.

A 2019 Accenture study found that 43 percent of cyber-attacks are aimed at small businesses but only 14 percent are prepared to defend themselves. This is alarming news especially since small businesses are a top-tier target for most cybercriminals. Shows just how many small businesses lack preparedness and how many need to quickly improve their security.

Find a cybersecurity solution

Perhaps one of the best ways to defend your business against cyber threats is to find and install a solid cybersecurity solution. Small businesses usually are short on cybersecurity resources, to begin with, and usually do not have dedicated IT/Cybersecurity experts. Which is why small businesses need a low-cost solution that is extremely effective.

Your business technology should be protected with anti-virus and anti-malware software, this will find and identify any threats to your business. These have security features that will make it harder for any information to be stolen. Every business should have a virtual private network (VPN) that hides your IP address, making it almost impossible for hackers to track you. VPNs are very useful and a necessity if you have employees working from home on unsecured networks. Email protection and maintaining a firewall are also highly recommended in the cybersecurity community.

Ostra offers an affordable and quality cybersecurity solution for your business, that incorporates the very best security tools to protect small/medium-sized businesses. We operate behind the scenes to protect businesses and their most valuable asset, their data.

We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Want to find out more? Contact us today!

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, Ostra is proud to take part in helping to create a safer and more trusted cyberspace for everyone.

History of Cybersecurity Awareness Month

Cybersecurity Awareness Month was founded by both government and industry to make sure every American consumer and business has the resources needed to stay safe and secure online. Originally, 17 years ago, cybersecurity month messages were about updating antivirus software and the threat of a “virus”. But as technology advanced, so did the efforts needed to educate people on growing cybersecurity threats.

Today, organizations of every kind, non-profit/for-profit, corporations, universities, small businesses, and other groups all participate in Cybersecurity Awareness Month. These groups all have one goal in mind, to educate their employees/customers/members on the importance of creating a safer, more secure internet for everyone. Awareness efforts today highlight the basics of keeping your technology and information safe. Companies and organizations share tips and tricks throughout October.

Cybersecurity Awareness Month Resources

To get involved and learn more about Cybersecurity Awareness Month, check out these cybersecurity focused partners.

The National Cyber Security Alliance (NCSA) builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work, and school with the information they need to keep themselves, their organizations, their systems, and their sensitive information safe and secure online and encourage a culture of cybersecurity. https://staysafeonline.org/cybersecurity-awareness-month/

Information Systems Security Association (ISSA) is the community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk, and protecting critical information and infrastructure. https://www.issa.org/

The Cyber Security Hub is an online news source for global cybersecurity professionals and business leaders who leverage technology and services to secure the entire perimeter in their enterprise. https://www.cshub.com/

Ostra’s Cybersecurity 101

For those who are new to the world of cybersecurity or just need a refresher, check out our Cybersecurity Terms 101 post. We cover the basic terms that everyone should know to better protect their own devices and to help keep cyberspace safe.

Want to find out more about Ostra and how we can help your business? Visit Ostra.net or contact us today at protection@ostra.net

Cybersecurity Terms 101

October is Cybersecurity Awareness Month and a time to spread the importance of understanding cybersecurity and cybercrime. As cybersecurity evolves, so do the threats that come with it. To stay safe in today’s cyber world it’s important to understand all the different types of threats that could harm you and your business. Everyone is vulnerable to a cyberattack, not just businesses and computers, your personal devices like your phone, watch, and tablet can all be hacked. This is a shortlist of the many different cybersecurity terms that are important to know to increase your cybersecurity awareness.


Cybersecurity is the practice of protecting computer systems and networks from the theft of hardware, software, and data. Cybersecurity works in many ways to defend against all types through hardware, software, and even internal threats. Cybersecurity works as an immediate defense against all types of ways that cybercriminals try to attack.


A hacker is someone who gains access to devices or networks by breaching defenses and exploiting weaknesses. Hackers are usually motivated by personal gain or just because they know how to, for fun.


Malware, short for malicious software, is any type of software that is designed to cause damage and gain access to a computer, network, or database. Examples of malware are computer viruses, ransomware, spyware, adware, and more.


Ransomware is a new and very popular form of malware that locks the users out of their devices and prohibits access to files. After locking the user out, the hackers behind the ransomware then demand an anonymous online payment (ransom) to get their data and device access back.


Spyware is a form of malware that hides on a device or network and steals information discreetly without the user’s knowledge. Spyware is used to steal things like bank details and personal information.


Adware is a form of malware that also hides on your device and annoyingly makes advertisements pop up, usually on web browsers. The adware is meant to gain revenue for the adware developer by monitoring online behavior and spamming the user with targeted ads.


Phishing is the practice of sending malicious emails that appear to be from a reputable company to trick victims into the opening and sharing their sensitive personal information. Usernames/passwords, bank account, and credit card details are the main targets for phishing scams. The elderly are one of the most targeted groups for phishing scams. Educate your parents/grandparents on how to avoid phishing scams!

Data Breach

A data breach is an incident that exposes sensitive and protected information, intentionally or unintentionally. A data breach is usually the result of a successful cyberattack, where the hacker then steals information to sell back for a ransom, sell on the dark web, or any other personal gain. Data breaches can force business operations to completely stop, which can cost a lot of money and lost profits.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net



Largest Medical Cyberattack in US History?

Universal Health Systems is a major US hospital and healthcare provider that has more than 400 different locations throughout the country. The hospital system was hit with one of the largest medicals cyberattacks ever in the United States. Experts believe it could be the biggest ever.

The attack, that left the IT network offline across the 400 healthcare facilities, was reported as a security incident. The facilities had to resort to their back-up plan which includes offline documentation methods. Nurses had to work with pen and paper and could not access their medication system. Many reported that their computers either shut off on their own or slowly stopped working.

The way the entire system was compromised at once and many computers seemed to be taken over, makes this seem like a ransomware attack. Many experts are speculating that this is the case. We know that cybercriminals like to target healthcare systems because the probability of a ransom payment is higher. Hospitals would rather pay than have a patient become more injured, sick, or die due to a security incident.

Protect your business

To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms. Ostra Cyber Security is the professionally managed security team for your business. Managing everything from desktops and laptops, to tablets and BYODs, Ostra’s technology keeps everyone safe.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net



House Passes Legislation To Set Internet Of Things Security Standards

A new bill that was just passed will require that all Internet of Things devices purchased by the US government must meet set security requirements. Internet of Things devices is any everyday objects that connect via the internet to send/receive data. Things like smartwatches, smart home security devices, and wireless inventory trackers are all IoT devices.

This bill, called the IoT Cybersecurity Improvement Act, instructs the National Institute of Standards and Technology to enforce security standards that any government agency needs to follow when buying IoT devices.

“These devices must be secure in order to protect Americans’ personal data.” Rep. Kelly (IL)

Even though this bill doesn’t directly improve the security of millions of consumer Internet of Things devices that are already being used by Americans. Such as home voice assistants, smart TVs, and smartwatches. It is still a huge deal for long-term IoT security. Because government agencies are big customers, IoT manufacturers will have to adjust to meet the new standard if they want to keep their business. Most IoT manufacturers sell to the government and consumers, so it should encourage them to only follow one set of standards. Resulting in improved security standards for all future IoT devices.

Stay protected

This bill gives manufacturers 2 years to update their security standards. Some say this is too long of a wait considering there are currently millions of devices in the US that could be vulnerable to unknown or known exploits.

Ostra Cyber Security provides active network defense protection for your home or businesses’ Internet of Things devices and acts immediately instead of monitoring and alerting as many antiviruses do.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net


Companies are Looking for Affordable Cybersecurity Solutions

It is estimated that more than half of the US workforce has transitioned to remote working. With more people working from home businesses are way more vulnerable. This has really increased overall cybersecurity spending for companies.

58% of companies represented in a recent Microsoft survey have increased their cybersecurity budgets in response to the pandemic.

Companies have spent the last months working overtime to meet business goals while also protecting the business from new and dangerous threats. Even though many companies are spending more to play defense, many are still being impacted by social engineering attacks, like phishing scams. Phishing scams have only become more popular as employees are now working on personal networks and devices.

Companies are Struggling with Complex Cybersecurity Programs

The COVID situation has made companies rethink their cybersecurity approach. Now companies are finding ways to increase the efficiency of their cybersecurity while also simplifying them.

“Companies are looking for simplicity, to date, security is too complicated.” – Andrew Conway, GM for Microsoft’s security marketing

Companies are struggling with complex and hard to use/install cybersecurity programs that use many different security tools from different vendors. Many programs require too much set-up or maintenance work. Companies and cybersecurity managers are looking for an affordable cybersecurity program that simplifies cyber defense and protects what matters.

Businesses NEED a simple and affordable cybersecurity program in place

Ostra is your cyber-security-solution that offers a 360 degree, 24/7 protection that works seamlessly in the background, protecting sensitive data and communications at every access point. Ostra Cyber Security is a software solution that knits together the top security solutions in the industry. We leverage known platforms such as FireEye and Palo Alto, to create a sphere of protection for your business and employees, no matter where they are located or what machine they are on.

Want to find out more? Contact us today!


The Challenge of Cybersecurity Education at Colleges

Colleges around the nation have dealt with an increase in pandemic-related cyberattacks. Colleges have always been a target for many cybercriminals as they hold a lot of sensitive information and research, which are valuable on the dark web. With the increase in attacks, many college security chiefs say the real challenge is educating professors and students on cybersecurity training and data protection.

Many of the attacks have been targeted towards medicine schools that conduct COVID-19 related research. The academic community has always worked together and relied on shared information, which is what makes training difficult.

“In an environment where it is intrinsic for our people to say, ‘Give away the information,’ there’s also a national interest in keeping it protected, too. It’s a super delicate balance,” -Erik Decker, CISO at University of Chicago Medicine

Mr. Decker says that the overall solution includes educating the students and any faculty on cyberattacks and how they work. As well as what the best security practices are even though they might add more time to the research process. Emphasizing the idea of data protection is necessary.

Importance of data protection

Most organizations are experiencing an increase in pandemic related cyberattacks currently. However, many companies fail to properly train their employees or install a cybersecurity program, which creates a huge vulnerability for the company. This is why a cybersecurity solution is necessary no matter the size of the company, big or small.

Ostra Cybersecurity prevents problems before they happen. Ostra operates behind the scenes to protect businesses and their most valuable asset, their data.

Want to find out more? Contact us today!

Cybersecurity Challenges and Concerns of Remote Working

A new report by Malwarebytes wanted to investigate the new normal of working from home (WFH). They measured the immediate reaction to the pandemic and also businesses’ future cybersecurity strategy. The cybersecurity company surveyed more than 200 executives and managers in IT and cybersecurity roles at US companies.

Organizations’ challenges to remote working

Switching to working from home created a new set of challenges for companies. The biggest challenge for most was maintaining efficient cybersecurity, especially those who had already been facing cybersecurity threats before the pandemic.

55% of the respondents said their biggest challenge was training employees how to work from home securely and compliantly.

Image: Malwarebytes

Biggest cybersecurity concerns

There are a lot of concerns for IT and cybersecurity managers/executives with the switch to remote work. Many of the concerns involve the inevitable increase of ransomware and malware attacks overall. Many employees do not have proper cybersecurity training and don’t know how to avoid common cyberthreats, like phishing scams. Employees also lack cybersecurity protections for their home devices and ISP.

45% of respondents say their biggest concern is other individuals who have access to an employees device and may inadvertently compromise it.

Image: Malwarebytes

Protect your business, keep your employees secured

Human mistakes are inevitable and its what cybercriminals depend on to exploit and hack a business. These mistakes are much more likely to happen when employees are working from home. It is important for your business to manage and secure the scattered endpoints, which are your employees. Working from home could be the new normal for a long time, consider using an affordable and effective cyber-security program.

Ostra specializes in protecting business data for remote workers with elite security using Fortune 100 caliber tools. Managing everything from desktops and laptops, to tablets and BYODs Ostra’s technology keeps everyone safe.

Want to find out more? Contact us today!

Ransomware Gang Attacks Billion-Dollar U.S. Liquor Maker

The hacking group called REvil ransomware, who have hacked numerous million-dollar companies, have hacked and encrypted Brown-Forman. Brown-Forman is a top U.S. based liquor maker with brands like Jack Daniels, Finlandia Vodka, Early Times, and Old Forester.

The REvil gang reportedly had access to Brown-Forman’s systems for over a month. They were able to completely explore any system/device they had access too. Even the company’s cloud services were exposed. A Brown-Forman representative has claimed that they detected the attack early enough that no data could have been encrypted.

Even though the Liquor company stopped the attack before any encryption took place, the hackers claim to have stolen a terabyte of data. The REvil gang is using this data to hopefully extort Brown-Forman and get paid.

“Screenshots posted by REvil provide a glimpse into the full scope of the breach. Internal communications, financial documents, contracts and personnel data all appear to been accessed”.

A Brown-Forman representative has said some information included employee data. Employees at Brown-Forman now have a huge increase in risk for identity theft or attacks on personal accounts. This is a big reliability for the company. REvil hackers believe that the company will end up paying. The hackers could be right, especially if they start to leak files to force payment, as they have done before.

REvil Ransomware

REvil ransomware has been a threat to many smaller companies in the past. Recently, however, this ransomware group and others alike have been targeting governments and billion-dollar corporations. These ransomware attacks are growing worse by day as hackers develop increasingly more sophisticated ransomware strains. REvil has recently started to auction off stolen data on the dark web and is one of the first hacking groups to popularize it.

Protect your company from ransomware

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net