InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
How to Prioritize Your Technology Gaps
Today's technology-based businesses must deal with multiple issues, including cyberthreats, head-to-head competition and regulatory compliance. Hence, keeping your technology infrastructure up to date is critical, and a technology audit is the best place to start.
A technology audit can assist you in better understanding and identifying gaps in your organization's security, compliance and backup. A thorough technology audit can assist you in answering the following key questions:
- Is your current IT infrastructure vulnerable or lacking in any areas?
- Are there any unnecessary tools or processes that do not align with your goals and vision?
- Are you in compliance with applicable regulations, prepared to defend against security threats and capable of restoring business capabilities in the event of a system outage or data breach?
- What steps can you take to address the discovered vulnerabilities?
The stoplight approach
The stoplight method is a simple way of categorizing gaps or vulnerabilities into red, yellow and green groupings based on their severity.
RED: Address the highest risks and vulnerabilities first
Always have a clear idea of what to prioritize in order to prevent and deal with mishaps. Since most organizations cannot address all problems at once, it is critical to focus the most attention and resources on the most pressing issues first.
Any technological refresh should prioritize addressing the most severe infrastructure vulnerabilities. For example, if your company is dealing with a ransomware attack, updating or upgrading Microsoft 365 is a lower priority.
High-priority vulnerabilities that must be classified as RED include:
- Backups that do not work
- Unauthorized network users, including ex-employees and third parties
- Login attempts and successful logins by users identified as former employees or third parties
- Unsecured remote connectivity
- A lack of documented operating procedures
Yellow: Then focus on gaps that are not urgent
There will be gaps that must be kept under watch but can wait until the most crucial issues get resolved. Although these medium-priority gaps may be acceptable in the short term, consider them when planning and budgeting for future technology updates.
The following vulnerabilities fall into the YELLOW category and are of medium severity:
- Insufficient multifactor authentication
- Automated patching system failure
- Outdated antivirus software
- Failure to enable account lockout for some computers
Green: If your budget allows, address these non-critical suggestions
These are the lowest-priority vulnerabilities. Implement measures to close them gradually after fixing the high- and medium-priority issues first.
The following are some of the gaps that fall into the GREEN category:
- Accounts with passwords set to "never expire"
- Computers with operating systems that are nearing the end of their extended support period
- Persistent issues with on-premises syncing
- More administrative access than is required to perform essential duties
Importance of prioritizing gaps
You won't have to deal with a situation where money is spent unnecessarily on a less critical issue if you prioritize gaps and close them systematically based on severity. Simply put, prioritization is advantageous for budgets.
Furthermore, you can maintain uptime by prioritizing gaps before refreshing your IT infrastructure because not all components will be down at the same time. This also prevents productivity and customer service from being jeopardized.
Not sure where to begin? A managed service provider (MSP) like us can help you prioritize technology gaps so you can get the most out of your technology investment while also ensuring uptime and productivity. Contact us for a free consultation.
Top 4 Tech Trend Predictions for 2022
Over the last few decades, technology has been a driving force in business transformation and doesn't show any signs of slowing down. The fact that direct digital transformation investments are projected to total $7 trillion between 2020 and 2023 demonstrates this.1 If you want your firm to succeed, you must have the appropriate technologies to help you keep up with the changing business world.
In the present scenario, your technology must enable you to overcome three recent pandemic-induced issues:
- Supply chain disruptions
- The great resignation
- A rise in ransomware attacks
Businesses must keep up with the demands of the evolving technology landscape if they wish to achieve their goals and remain competitive despite the changes brought about by the pandemic.
Track the latest technological trends to know if you are moving in the right direction. Having a managed service provider (MSP) on your side allows your business to stay up to date without you having to do much heavy lifting.
Top 4 tech trend predictions for 20225
- Third-party risks will increase
Proactive businesses will include risk assessment, supply chain mapping, real-time risk intelligence and business continuity management in their IT stack (rather than a single application like Excel).
- One-third of companies will fail at implementing “work from anywhere”
- A precisely designed digital workplace that allows for seamless working from anywhere
- A leadership team capable of leading a virtual team
- An organization with high levels of digital literacy across all departments
- A thorough mastery of work-from-anywhere concepts
However, a third of the companies still lag in these areas.
- Cloud-native takes center stage in enterprise cloud
Also, cloud-native adoption is predicted to reach 50% of enterprise organizations by 2022, spanning all major technology domains such as big data, artificial intelligence and the Internet of Things.
- Tech execs leap from digital to human-centered technology transformations
Collaborate for success
If you want to get your technology infrastructure ready for a successful year, you'll need the help of a dependable managed service provider (MSP).
Feel free to send us an email or give us a call to set up a free consultation. Our expertise and skillsets may be precisely what your company needs to help remote workers thrive.
Sources:
- Statista (worldwide-digital-transformation-market-size)
- Statista (cost-supply-chain-disruption-country)
- Job Openings and Labor Turnover Survey, 2021
- Statista (businesses-ransomware-attack-rate)
- Predictions 2022, Forrester
Top 4 Tech Trend Predictions for 2022
Over the last few decades, technology has been a driving force in business transformation and doesn't show any signs of slowing down. The fact that direct digital transformation investments are projected to total $7 trillion between 2020 and 2023 demonstrates this.1 If you want your firm to succeed, you must have the appropriate technologies to help you keep up with the changing business world.
In the present scenario, your technology must enable you to overcome three recent pandemic-induced issues:
- Supply chain disruptions
- The great resignation
- A rise in ransomware attacks
Track the latest technological trends to know if you are moving in the right direction. Having a managed service provider (MSP) on your side allows your business to stay up to date without you having to do much heavy lifting.
Top 4 tech trend predictions for 20225
- Third-party risks will increase
Proactive businesses will include risk assessment, supply chain mapping, real-time risk intelligence and business continuity management in their IT stack (rather than a single application like Excel).
- One-third of companies will fail at implementing “work from anywhere”
- A precisely designed digital workplace that allows for seamless working from anywhere
- A leadership team capable of leading a virtual team
- An organization with high levels of digital literacy across all departments
- A thorough mastery of work-from-anywhere concepts
- Cloud-native takes center stage in enterprise cloud
Also, cloud-native adoption is predicted to reach 50% of enterprise organizations by 2022, spanning all major technology domains such as big data, artificial intelligence and the Internet of Things.
- Tech execs leap from digital to human-centered technology transformations
Collaborate for success
If you want to get your technology infrastructure ready for a successful year, you'll need the help of a dependable managed service provider (MSP).
Feel free to send us an email or give us a call to set up a free consultation. Our expertise and skillsets may be precisely what your company needs to help remote workers thrive.
Sources:
- Statista (worldwide-digital-transformation-market-size)
- Statista (cost-supply-chain-disruption-country)
- Job Openings and Labor Turnover Survey, 2021
- Statista (businesses-ransomware-attack-rate)
- Predictions 2022, Forrester
Medical Review Institute of America (MRIoA)
https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-peopleExploit: Ransomware
Medical Review Institute of America (MRIoA): Medical Analytics
Risk to Business: 1.227= Severe
Utah-based medical information and analysis company Medical Review Institute of America (MRIoA) announced that it has experienced a data breach. The incident was discovered on November 9, 2021, and officials were able to confirm that data had been stolen by November 16, 2021. In a data breach filing, the company said that over 134,000 individuals were impacted by the incident which is still under investigation. The company did say that it “retrieved and subsequently confirmed the deletion of” stolen data, but no information was released about a ransom amount or if they paid the ransom.
Risk to Business: 1.801= Severe
Protected health information was snatched including patients’ names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results) and financial information (such as health insurance policy and group plan number).
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
The Metropolitan Detention Center (MDC)
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Ransomware
The Metropolitan Detention Center (MDC): Prison
Risk to Business: 2.223 =Severe
New Mexico prison officials had a problem on their hands as a ransomware attack impacted county computer systems resulting in a lockdown of the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico. The prison was not directly targeted. Inmates were forced to stay in their cells since the attack impacted the facility’s security camera networks, automated doors and internet service. Inmates and jailors were also unable to videoconference for trials. Reports say that a number of databases are suspected of being compromised or corrupted including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Ransomware can cause serious operational problems in unexpected places in today’s connected world.
Illuminate Education
https://nypost.com/2022/01/15/nyc-schools-crippled-by-illuminate-educations-data-outage/Exploit: Hacking
Illuminate Education: Education Platform
Risk to Business: 1.717= Severe
Illuminate Education, a digital education platform used by 5,200 schools and districts in the US, is still struggling to resume services after a cyberattack. The company owns popular school management platforms Skedula and PupilPath. Illuminate Education says it has continued experiencing a service interruption affecting all IO Classroom applications for nearly 10 days following an unspecified security incident. Investigation and recovery are underway, but the platform has not provided a recent update on the expected timeline.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals have been all over targets in the education sector including companies that serve it. Companies should use caution.
TransCredit
https://www.websiteplanet.com/blog/transcredit-leak-report/Exploit: Misconfiguration
TransCredit: Credit Analysis & Reporting
Risk to Business: 1.719 = Severe
Over half a million credit reports and other financial documents held by Florida-based financial analysis firm TransCredit have been exposed. The Website Planet research team reported discovering a non-password-protected database that contained 822,789 records. Researchers cautioned that this dataset appears to be concentrated on clients in the transportation sector.
Risk to Business: 1.719 = Severe
The exposed data includes detailed information on trucking, transport companies and individual drivers. Also included in this data was information about credit accounts, loans, repayment and debt collections as well as financial data like banking information, tax ID numbers and Social Security Numbers.
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
United Kingdom – Parasol Group
https://www.theregister.com/2022/01/17/umbrella_company_parasol_group_confirms/Exploit: Hacking
Parasol Group: Business Services
Risk to Business: 1.727= Severe
UK umbrella company Parasol Group was forced to shut down some of its IT systems last week after an intrusion was detected. The outage impacted the company’s MyParasol payment portal for contractors and freelancers, leading to payroll issues that caused some folks to not get paid. The company is also having invoicing problems as a result of the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Germany – Hensoldt
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Hensoldt: Defense Contractor
Risk to Business: 1.677 = Severe
Multinational defense contractor Hensoldt was hit with a ransomware attack by the Lorenz ransomware group. The company’s products include radar arrays, avionics, and laser rangefinders used by the US military. The Lorenz ransomware group claims to have stolen an undisclosed number of files from Hensholdt’s network during the attack. The gang says that they have published 95% of all stolen files on their leak website. No ransom demand has been announced.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals don’t just steal personal and financial data, they also love trade secrets, research, formulas and other proprietary data.
The Philippines – Commission on Elections (Comelec)
Exploit: HackingCommission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Customers Impacted: Unknown
How it Could Affect Your Business: Government agencies have become juicy targets for cybercriminals looking to score a boatload ofsensitive information fast.
Thailand – Siriraj Hospital
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
Siriraj Hospital: Medical Center
Risk to Business: 2.721 = Moderate
An estimated 39 million patient records from Siriraj Hospital in Thailand, including VIP patients, has turned up for sale on the dark web. Threat actors offered samples from the 38.9 million patient records they claimed to have. This is the second attack on a major Thai hospital in 6 months.
Risk to Business: 2.605 = Moderate
The treasure trove of data supposedly includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other patient personal information.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.
Medical Review Institute of America (MRIoA)
https://www.securityweek.com/mrioa-discloses-data-breach-affecting-134000-peopleExploit: Ransomware
Medical Review Institute of America (MRIoA): Medical Analytics
Risk to Business: 1.227= Severe
Utah-based medical information and analysis company Medical Review Institute of America (MRIoA) announced that it has experienced a data breach. The incident was discovered on November 9, 2021, and officials were able to confirm that data had been stolen by November 16, 2021. In a data breach filing, the company said that over 134,000 individuals were impacted by the incident which is still under investigation. The company did say that it “retrieved and subsequently confirmed the deletion of” stolen data, but no information was released about a ransom amount or if they paid the ransom.
Risk to Business: 1.801= Severe
Protected health information was snatched including patients’ names, gender, physical and email addresses, phone numbers, birth dates, Social Security numbers, full clinical information (including diagnosis, treatment, medical history, and lab test results) and financial information (such as health insurance policy and group plan number).
How It Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.
The Metropolitan Detention Center (MDC)
https://www.techtimes.com/articles/270004/20220103/hospital-data-breach-personal-info-1-3-million-patients-staff-data-breach.htmExploit: Ransomware
The Metropolitan Detention Center (MDC): Prison
Risk to Business: 2.223 =Severe
New Mexico prison officials had a problem on their hands as a ransomware attack impacted county computer systems resulting in a lockdown of the Metropolitan Detention Center (MDC) in Bernalillo County, New Mexico. The prison was not directly targeted. Inmates were forced to stay in their cells since the attack impacted the facility’s security camera networks, automated doors and internet service. Inmates and jailors were also unable to videoconference for trials. Reports say that a number of databases are suspected of being compromised or corrupted including an incident tracker which records inmate fights, attacks, as well as allegations of prison rape and sexual assault.
Risk to Business: 2.419=Severe
The exposed personal data for patients and former patients at Broward health may include Social Security numbers, bank or financial account information, driver’s license numbers, names, addresses, telephone numbers and hospital payment account information. Protected health information including medical information like care history, condition, treatment and diagnosis records may also have been exposed.
How It Could Affect Your Business: Ransomware can cause serious operational problems in unexpected places in today’s connected world.
Illuminate Education
https://nypost.com/2022/01/15/nyc-schools-crippled-by-illuminate-educations-data-outage/Exploit: Hacking
Illuminate Education: Education Platform
Risk to Business: 1.717= Severe
Illuminate Education, a digital education platform used by 5,200 schools and districts in the US, is still struggling to resume services after a cyberattack. The company owns popular school management platforms Skedula and PupilPath. Illuminate Education says it has continued experiencing a service interruption affecting all IO Classroom applications for nearly 10 days following an unspecified security incident. Investigation and recovery are underway, but the platform has not provided a recent update on the expected timeline.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals have been all over targets in the education sector including companies that serve it. Companies should use caution.
TransCredit
https://www.websiteplanet.com/blog/transcredit-leak-report/Exploit: Misconfiguration
TransCredit: Credit Analysis & Reporting
Risk to Business: 1.719 = Severe
Over half a million credit reports and other financial documents held by Florida-based financial analysis firm TransCredit have been exposed. The Website Planet research team reported discovering a non-password-protected database that contained 822,789 records. Researchers cautioned that this dataset appears to be concentrated on clients in the transportation sector.
Risk to Business: 1.719 = Severe
The exposed data includes detailed information on trucking, transport companies and individual drivers. Also included in this data was information about credit accounts, loans, repayment and debt collections as well as financial data like banking information, tax ID numbers and Social Security Numbers.
How it Could Affect Your Business: Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.
United Kingdom – Parasol Group
https://www.theregister.com/2022/01/17/umbrella_company_parasol_group_confirms/Exploit: Hacking
Parasol Group: Business Services
Risk to Business: 1.727= Severe
UK umbrella company Parasol Group was forced to shut down some of its IT systems last week after an intrusion was detected. The outage impacted the company’s MyParasol payment portal for contractors and freelancers, leading to payroll issues that caused some folks to not get paid. The company is also having invoicing problems as a result of the incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.
Germany – Hensoldt
https://www.bleepingcomputer.com/news/security/global-it-services-provider-inetum-hit-by-ransomware-attack/Exploit: Ransomware
Hensoldt: Defense Contractor
Risk to Business: 1.677 = Severe
Multinational defense contractor Hensoldt was hit with a ransomware attack by the Lorenz ransomware group. The company’s products include radar arrays, avionics, and laser rangefinders used by the US military. The Lorenz ransomware group claims to have stolen an undisclosed number of files from Hensholdt’s network during the attack. The gang says that they have published 95% of all stolen files on their leak website. No ransom demand has been announced.
Customers Impacted: Unknown
How it Could Affect Your Business: Cybercriminals don’t just steal personal and financial data, they also love trade secrets, research, formulas and other proprietary data.
The Philippines – Commission on Elections (Comelec)
Exploit: HackingCommission on Elections (Comelec): Government Agency
Risk to Business: 1.806 = Severe
Concerns are mounting about the possibility that sensitive voter data has been exposed after an audacious attack on the Commission on Elections (Comelec) of The Philippines. Bad actors breached the system of the Comelec on January 8 and downloaded files that included sensitive information including the usernames and PINS of vote-counting machines (VCM). The cybercriminals made off with an estimated 60 gigabytes of data. Reports say that the stolen data included network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard and QR code captures of the bureau of canvassers with login and password. The exposure of this data may impact upcoming elections in The Philippines in May.
Customers Impacted: Unknown
How it Could Affect Your Business: Government agencies have become juicy targets for cybercriminals looking to score a boatload ofsensitive information fast.
Thailand – Siriraj Hospital
https://www.straitstimes.com/singapore/consumer/personal-data-of-og-department-store-customers-leakedExploit: Hacking
Siriraj Hospital: Medical Center
Risk to Business: 2.721 = Moderate
An estimated 39 million patient records from Siriraj Hospital in Thailand, including VIP patients, has turned up for sale on the dark web. Threat actors offered samples from the 38.9 million patient records they claimed to have. This is the second attack on a major Thai hospital in 6 months.
Risk to Business: 2.605 = Moderate
The treasure trove of data supposedly includes names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other patient personal information.
How it Could Affect Your Business: Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.