"Your Information Technology Leader"

InTegriLogic Blog

  1. You are here:  
  2. Home
  3. Blog
  4. Recent Blog Posts

InTegriLogic Blog

InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x
Bruce Groen

How to Become a Resilient Organization

How to Become a Resilient Organization

 
The last year and a half have taught us that the world can experience a tremendous change in a short time. Whether it’s rapid technological advancements, cyberattacks, stalling economies or even a global pandemic, only resilient organizations can weather these storms.

 
That’s why the concept of organizational resilience is now more relevant than ever before. Organizational resilience is all about how well a company anticipates, plans for and responds to gradual change and unexpected disruptions in its business environment so that it can continue to operate and thrive.

 
Organizations and individuals that discovered meaningful ways to practice resilience in the face of change, from remote and hybrid working to digital acceleration, proved to have an enormous strategic advantage. Cultivate a resilient culture so that you aren’t caught off guard when disruptions occur.

 
Remember, if your people, processes and technologies aren’t resilient, your business will have a tough time recovering from setbacks such as downtime-induced financial loss as well as dissatisfied employees.

 

What Does a Resilient Organization Look Like?

 
Organizations that recover quickly from setbacks typically do the following:

 

Create an environment for innovation

An organization’s employees are among its most valuable assets. You can encourage innovation among your employees by creating a work culture that supports creative thinking and effective communication. This will empower them to contribute their knowledge, abilities and suggestions.

 
An innovative work culture ensures that everyone in the company works towards improving business practices, productivity and overall resilience. An innovative organization can quickly come up with multiple strategies to deal with a crisis.

 

Adapt to meet changing customer needs

Consumer demands and behavior are influenced by global events. With that in mind, if a customer-focused company wants to survive and prepare for the future, it must understand and adapt to changes.

 
Asking these three questions will provide organizations with perspective:
  • What are our customers’ behaviors?
  • Why do our customers behave that way?
  • What do we need to alter to cater to a new set of demands and behaviors?
 

Overcome reputational and organizational setbacks

Almost every firm will face reputational or organizational setbacks at some point during its life span. Some businesses may crumble as a result of their inability to prepare for and recover from change and challenges. However, the resilient ones will do everything in their power to identify the source of the setback, rectify the damage caused and make communication with stakeholders transparent.

 

Rise to the challenge

While it’s impossible to control what challenges your business encounters, you can certainly control how you deal with them. A resilient organization will be better equipped to stand firm in the face of severe adversity and will have the means to recover as quickly as possible.

 

Tactics of Resilient Organizations

 
Prioritize the following tactics to nurture a resilient organization:

 

Proactive cybersecurity planning

This may require implementing guidelines from The International Standards Organization (ISO), The British Standards Institute (BSI) or the National Institute of Standards and Technology's (NIST) Cyber Security Framework, depending on your industry and location.

 

Protection of intellectual property (IP)

This is more of a legal and operational task, and includes having the right employee, contractor and partnership agreements in place to avoid critical organizational IP from being disclosed.

 

Implementation of uptime safeguards

This requires being able to restore service via automatic failover or backup and recovery.

 

Contingency plan mapping

Build a business continuity and disaster recovery plan that lays out contingency plans for events like downtime, evacuations and so on, in order to be prepared for tricky situations.

 
Trying to build a resilient organization on your own is a massive commitment in terms of time and resources, especially while running a business. Partnering with an expert like us takes all the worry and responsibility off your shoulders. Contact us today to schedule a consultation and we’ll do the heavy lifting for you.

 
Continue reading
Bruce Groen

How to Become a Resilient Organization

How to Become a Resilient Organization

 
The last year and a half have taught us that the world can experience a tremendous change in a short time. Whether it’s rapid technological advancements, cyberattacks, stalling economies or even a global pandemic, only resilient organizations can weather these storms.

 
That’s why the concept of organizational resilience is now more relevant than ever before. Organizational resilience is all about how well a company anticipates, plans for and responds to gradual change and unexpected disruptions in its business environment so that it can continue to operate and thrive.

 
Organizations and individuals that discovered meaningful ways to practice resilience in the face of change, from remote and hybrid working to digital acceleration, proved to have an enormous strategic advantage. Cultivate a resilient culture so that you aren’t caught off guard when disruptions occur.

 
Remember, if your people, processes and technologies aren’t resilient, your business will have a tough time recovering from setbacks such as downtime-induced financial loss as well as dissatisfied employees.

 

What Does a Resilient Organization Look Like?

 
Organizations that recover quickly from setbacks typically do the following:

 

Create an environment for innovation

An organization’s employees are among its most valuable assets. You can encourage innovation among your employees by creating a work culture that supports creative thinking and effective communication. This will empower them to contribute their knowledge, abilities and suggestions.

 
An innovative work culture ensures that everyone in the company works towards improving business practices, productivity and overall resilience. An innovative organization can quickly come up with multiple strategies to deal with a crisis.

 

Adapt to meet changing customer needs

Consumer demands and behavior are influenced by global events. With that in mind, if a customer-focused company wants to survive and prepare for the future, it must understand and adapt to changes.

 
Asking these three questions will provide organizations with perspective:
  • What are our customers’ behaviors?
  • Why do our customers behave that way?
  • What do we need to alter to cater to a new set of demands and behaviors?
 

Overcome reputational and organizational setbacks

Almost every firm will face reputational or organizational setbacks at some point during its life span. Some businesses may crumble as a result of their inability to prepare for and recover from change and challenges. However, the resilient ones will do everything in their power to identify the source of the setback, rectify the damage caused and make communication with stakeholders transparent.

 

Rise to the challenge

While it’s impossible to control what challenges your business encounters, you can certainly control how you deal with them. A resilient organization will be better equipped to stand firm in the face of severe adversity and will have the means to recover as quickly as possible.

 

Tactics of Resilient Organizations

 
Prioritize the following tactics to nurture a resilient organization:

 

Proactive cybersecurity planning

This may require implementing guidelines from The International Standards Organization (ISO), The British Standards Institute (BSI) or the National Institute of Standards and Technology's (NIST) Cyber Security Framework, depending on your industry and location.

 

Protection of intellectual property (IP)

This is more of a legal and operational task, and includes having the right employee, contractor and partnership agreements in place to avoid critical organizational IP from being disclosed.

 

Implementation of uptime safeguards

This requires being able to restore service via automatic failover or backup and recovery.

 

Contingency plan mapping

Build a business continuity and disaster recovery plan that lays out contingency plans for events like downtime, evacuations and so on, in order to be prepared for tricky situations.

 
Trying to build a resilient organization on your own is a massive commitment in terms of time and resources, especially while running a business. Partnering with an expert like us takes all the worry and responsibility off your shoulders. Contact us today to schedule a consultation and we’ll do the heavy lifting for you.

 
Continue reading
Bruce Groen

Password Danger is Escalating with No Ceiling in Sight

A Combo of Bad Employee Behavior and Dark Web Data Spells Trouble for Businesses




The struggle to get users to make good, strong, unique passwords and actually keep them secret is real for IT professionals. It can be hard to demonstrate to users just how dangerous their bad password can be to the entire company, even though an estimated 60% of data breaches involved the improper use of credentials in 2020. There’s no rhyme or reason to why employees create and handle passwords unsafely, no profile that IT teams can quickly look at to determine that someone might be an accidental credential compromise risk. Employees of every stripe are unfortunately drawn to making awful passwords and playing fast and loose with them – and that predilection doesn’t look like it’s going away anytime soon.

Everyone is Managing Too Many Passwords

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. About 300 billion passwords are currently in use by humans and machines worldwide. The global pandemic helped put even more passwords into circulation as people on stay-at-home orders created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt businesses. The average organization is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy. That number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak.

 

Employees Are Dedicated to Making Bad Passwords

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favorite sports team as their password. That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.

US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviors at work anyway.

 

Password Sharing Is Rampant

Worse yet, employees are also sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.
  • 43% of survey respondents have shared their password with someone in their home
  • 22% of employees surveyed have shared their email password for a streaming site
  • 17% of employees surveyed have shared their email password for a social media platform
  • 17% of employees surveyed have shared their email password for an online shopping account
Based on our analysis of the top 250 passwords that we found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 were: Names, Sports, Food, Places, Animals and Famous People/Characters. Here’s a breakdown of people’s dreadful passwords.

 
The Most Common Passwords Spotted by Dark Web ID by Category

  • Names: maggie
  • Sports: baseball
  • Food: cookie
  • Places: Newyork
  • Animals: lemonfish
  • Famous People/Characters: Tigger
 
Top 20 Most Common Passwords That Dark Web ID Found on The Dark Web in 2020
  1. 123456
  2. password
  3. 12345678
  4. 12341234
  5. 1asdasdasdasd
  6. Qwerty123
  7. Password1
  8. 123456789
  9. Qwerty1
  10. :12345678secret
  11. Abc123
  12. 111111
  13. stratfor
  14. lemonfish
  15. sunshine
  16. 123123123
  17. 1234567890
  18. Password123
  19. 123123
  20. 1234567

Every Organization in Every Industry is in Password Trouble

No industry is immune to the powerful lure of terrible password habits, especially that perennial favorite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).Security firms stacked with IT professionals don’t get off the hook any more easily than any other business – a staggering 97% of cybersecurity companies have had their passwords leaked on the dark web.

From SMBs to giant multinationals, it doesn’t matter how high-flying a company is either. Password problems will still plague them. A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020.

 

Busted Credentials Are Plentiful on the Dark Web

If data is a currency on the dark web, then credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills.

An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of of data is estimated to contain 8.4 billion passwords. Bad actors make use of that bounty quickly and effectively. In the aftermath an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.

 
Continue reading
Bruce Groen

Password Danger is Escalating with No Ceiling in Sight

A Combo of Bad Employee Behavior and Dark Web Data Spells Trouble for Businesses

The struggle to get users to make good, strong, unique passwords and actually keep them secret is real for IT professionals. It can be hard to demonstrate to users just how dangerous their bad password can be to the entire company, even though an estimated 60% of data breaches involved the improper use of credentials in 2020. There’s no rhyme or reason to why employees create and handle passwords unsafely, no profile that IT teams can quickly look at to determine that someone might be an accidental credential compromise risk. Employees of every stripe are unfortunately drawn to making awful passwords and playing fast and loose with them – and that predilection doesn’t look like it’s going away anytime soon.

Everyone is Managing Too Many Passwords

The average adult has an estimated 100 passwords floating around that they’re using. That’s a bewildering tangle of passwords to manage. About 300 billion passwords are currently in use by humans and machines worldwide. The global pandemic helped put even more passwords into circulation as people on stay-at-home orders created an abundance of new online accounts. According to the conclusions of a global study conducted by Morning Consult for IBM, people worldwide created an average of 15 new online accounts per person during the main thrust of the pandemic.

Many of those logins were compromised from the start thanks to abundant dark web data. An estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That dramatic increase in risk per user comes back to haunt businesses. The average organization is now likely to have about 17 sets of login details available on the dark web for malicious actors to enjoy. That number is only going to continue to grow thanks to events like this year’s giant influx of fresh passwords from the RockYou 2021 leak.

 

Employees Are Dedicated to Making Bad Passwords

Research by the UK’s National Cyber Security Centre (NCSC) shows that employees will choose memorability over security when making a password every time. Their analysts found that 15% of people have used their pet’s name as their password at some point, 14% have used the name of a family member,13% have used a significant date, such as a birthday or anniversary and another 6% have used information about their favorite sports team as their password. That makes cybercriminals’ jobs easy even if they’re trying to directly crack a single password. After all, those users have probably told them everything that they’d need to know to do the job in their social media profiles.

US companies aren’t any better off. In fact, their bad password problems are just a little bit worse. 59% of Americans use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. We can’t chalk that blizzard of bad passwords up to ignorance of good password habits, because even employees who know better are slacking on password safety. Over 90% of participants in a password habits survey understood the risk of poor password hygiene, but 59% admitted to still engaging in unsafe password behaviors at work anyway.

 

Password Sharing Is Rampant

Worse yet, employees are also sharing their passwords with other people at an alarming rate, even if the people they’re sharing a password with don’t work at the same company. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.

  • 43% of survey respondents have shared their password with someone in their home
  • 22% of employees surveyed have shared their email password for a streaming site
  • 17% of employees surveyed have shared their email password for a social media platform
  • 17% of employees surveyed have shared their email password for an online shopping account
Based on our analysis of the top 250 passwords that we found through the application of Dark Web ID’s dark web search function that uncovers exposed credentials, these categories of information were used to generate the weakest passwords in 2020 were: Names, Sports, Food, Places, Animals and Famous People/Characters. Here’s a breakdown of people’s dreadful passwords.

  The Most Common Passwords Spotted by Dark Web ID by Category

  • Names: maggie
  • Sports: baseball
  • Food: cookie
  • Places: Newyork
  • Animals: lemonfish
  • Famous People/Characters: Tigger
  Top 20 Most Common Passwords That Dark Web ID Found on The Dark Web in 2020
  1. 123456
  2. password
  3. 12345678
  4. 12341234
  5. 1asdasdasdasd
  6. Qwerty123
  7. Password1
  8. 123456789
  9. Qwerty1
  10. :12345678secret
  11. Abc123
  12. 111111
  13. stratfor
  14. lemonfish
  15. sunshine
  16. 123123123
  17. 1234567890
  18. Password123
  19. 123123
  20. 1234567

Every Organization in Every Industry is in Password Trouble

No industry is immune to the powerful lure of terrible password habits, especially that perennial favorite password recycling and iteration. In a study of password proclivities, researchers determined that some sectors did have a little more trouble with passwords than others though. The telecommunications sector had the highest average number of leaked employee credentials at 552,601 per company. The media industry had the highest password reuse rates at 85%, followed by household products (82%), hotels, restaurants & leisure (80%), and healthcare (79%).Security firms stacked with IT professionals don’t get off the hook any more easily than any other business – a staggering 97% of cybersecurity companies have had their passwords leaked on the dark web.

From SMBs to giant multinationals, it doesn’t matter how high-flying a company is either. Password problems will still plague them. A trove of exposed data about Fortune 1000 companies on the dark web was uncovered by researchers earlier this year, including passwords for 25.9 million Fortune 1000 corporate user accounts. Digging deeper, they also unearthed an estimated 543 million employee credentials from Fortune 1000 companies circulating on commonly used underground hacking forums, a 29% increase from 2020. Altogether, they were able to determine that 25,927,476 passwords that belong to employees at Fortune 1000 companies are hanging out on the dark web. That’s an estimated 25,927 exposed passwords per Fortune 1000 company, marking a 12% increase in password leaks from 2020.

 

Busted Credentials Are Plentiful on the Dark Web

If data is a currency on the dark web, then credentials are solid gold. Credentials were the top type of information stolen in data breaches worldwide in 2020, (personal information took second place just over financial data in third), and bad actors didn’t hesitate to grab batches of credentials from all over the world. Cybercriminals snatched them up in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches. Researchers disclosed that the average company experiences 5.3 credential compromises that originate from a common source like phishing every year, a number that should give every IT professional chills.

An abundance of records on the dark web has spawned an abundance of passwords for cybercriminals to harvest, and that’s bad news. Giant password dumps on the dark web like the 100GB text file dubbed RockYou2021 have ratcheted up risk too. That giant dump of of data is estimated to contain 8.4 billion passwords. Bad actors make use of that bounty quickly and effectively. In the aftermath an enormous 2020 hack, ShinyHunters breached the security of ten companies in the Asian region and brought more than 73 million user records to market on the dark web. A group like ShinyHunters will of course try to profit by selling that stolen data at first, but when the data has aged or there are no interested buyers, cybercriminals will just offload it in the vast data dumps of the dark web making it available for anyone to sift through.

 

Continue reading
Bruce Groen

What to Include in Your Incident Response Plan

What to Include in Your Incident Response Plan

 
A security incident can topple an organization's reputation and revenue in a short amount of time. As billionaire Warren Buffet once said, "it takes 20 years to develop a reputation and five minutes to ruin it." Keeping that in mind, it’s ideal to have an incident response plan in place before a security breach occurs.

 
An incident response plan is a set of instructions intended to facilitate an organization in detecting, responding to and recovering from network security incidents such as cybercrime, data loss and service disruptions. Having a plan in place contributes to the development of cybersecurity as well as overall organizational resilience.

 
Since most small and medium-sized businesses (SMBs) have limited resources and funds, incident response is usually given less attention. However, failing to respond swiftly and effectively when a cyberattack occurs can cost far more than putting an incident response plan in place.

 

Essential Elements of an Incident Response Plan

 
Every incident response plan should include the following five key elements in order to successfully address the wide range of security issues that an organization can face:

 

Incident Identification and Rapid Response

It’s critical to evaluate the threat effectively and decide whether to implement the incident response plan. This requires two prerequisites:
 
  • An authorized person to initiate the plan
  • An online/offline place for the incident response team to meet and discuss
 
The sooner the incident is detected and addressed, the less severe the impact.

 

Resources

 
In case of a cyber event, an incident response team will usually have emergency kits on hand and have the following resources to help navigate through the event:

 
  • Tools to take all machines offline after forensic analysis
  • Solutions to regulate access to the organization’s IT environment and keep hackers out of the network
  • Measures to employ standby machines to ensure operational continuity
 

Roles and Responsibilities

 
An incident could occur in the middle of the night or at an unexpected time. That’s why it’s critical to establish the roles and responsibilities of your incident response team members. They could be called in at any time. You must also have a reserve team in case any of the primary contacts are unavailable.

 
In the event of a cyber incident, time is critical and everyone must know what to do.

 

Detection and Analysis

 
This is, without a doubt, one of the most crucial elements of an incident response plan. It emphasizes documenting everything, from how an incident is detected to how to report, analyze and contain the threat. The aim is to create a playbook that includes approaches for detecting and analyzing a wide range of risks.

 

Containment, Eradication and Recovery

 
  • Containment specifies the methods for restricting the incident's scope. A ransomware attack, for example, must be tackled very differently compared to an insider threat.
  • Eradication is all about techniques to eliminate a threat from all affected systems.
  • Because incidents cannot always be prevented, recovery efforts concentrate on reducing potential harm and resuming operations as quickly as possible.
 

Considerations for an Incident Response Plan

 
An incident response plan must address any concerns that arise from an evolving threat landscape. Before you start crafting your plan, there are several considerations to be made, including:

 
  • Building an incident response plan should not be a one-off exercise. It should be reviewed on a regular basis to ensure that it considers the most recent technical and environmental changes that may influence your organization.
  • Your incident response plan and the team working on it must be supported and guided by top management.
  • It's critical to document the contact information of key personnel for emergency communication.
  • Every person in the incident response team must maintain accountability.
  • Deploy the appropriate tools and procedures to improve the effectiveness of the incident response.
  • Your security, backup and compliance postures must all be given the same attention.
 
We live in an era where only resilient organizations can navigate through all the complexities created by technological advancements and other unexpected external influences. That’s why having an incident response plan is essential.

 
Trying to develop and deploy an incident response plan on your own might be more than you can handle while running an organization. Partnering with a specialist like us can take the load off your shoulders and give you the advantage of having an expert on your side. Contact us today to schedule a no-obligation consultation.
Continue reading

News & Updates

InTegriLogic launches new website!
InTegriLogic is proud to announce the launch of our new website at www.integrilogic.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...
Read More

Contact Us

Learn more about what InTegriLogic can do for your business.

InTegriLogic
1931 W Grant Road Suite 310
Tucson, Arizona 85745