WHITE PAPER

CYBER SECURITY vTech Solution, Inc. is a Small, Women owned, and Minority- owned Business providing IT Enterprise Services since 2006. Our senior leadership has over 20 years’ experience in IT physical and logical infrastructure design, cyber-security best practices, cloud technology, FISMA compliance and Fed RAMP governance.

Our team SMEs are PMP, Microsoft, CISSP certified and also posses Microsoft Private Cloud and other highly respected certifications.

©vTech Solution Inc. 2018. All rights reserved. The contents of this publication are protected by international copyright laws, database rights and other intellectual property rights. The owner of these rights is vTech Solution Inc., our affiliates or other third party licensors. All product and company names and logos contained within or appearing on this publication are the trademarks, service marks or trading names of their respective owners, including vTech Solution Inc. This publication may not be:(a)Copied or reproduced; or (b) Lent, resold, hired out or otherwise circulated in any way or form without the prior permission of vTech Solution Inc. Whilst reasonable efforts have been made to ensure that the information and content of this publication was correct as at the date of first publication, neither vTech Solution Inc. Nor any person engaged or employed by vTech Solution Inc. accepts any liability for any errors, omissions or other inaccuracies. Readers should independently verify any facts and figures as no liability can be accepted in this regard-readers assume full responsibility and risk accordingly for their use of such information and content. Any views and/or opinions expressed in this publication by individual author or contributors are their personal views and/or opinions and do not necessarily reflect the views and/or opinions of vTech Solution Inc. Content

01 Introduction to cyber Security ……..… 1 02 Where it all began?...... 2

03 Types of attacks…………...... …………...... 3

04 Small business cybersecurity risk ..….5

05 How to be safe………….…………………….…7

06 Cloud security threats……………………….…….9

07 Current industry trends ………...... 10

08 Future of Cyber security……………………....12 09 Conclusion…………………………..…………………....13 10 References…………………………..…………………....14 vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] INTRODUCTION

Small businesses usually neglect cybersecurity as an essential function making their IT infrastructure vulnerable.

IT security issues often cost companies a lot of money and downtime every year. Even if the IT infrastructure consists of couple laptops and Devices, cybersecurity should always be a top priority.

Most of the Small to medium-sized companies are unaware about the ways in which they’re vulnerable. More than 45% mistakenly believe they’re not a viable victim[1].They are just too small a target in comparison to larger organizations and tend to have a blind eye towards the cyber threats they face, which is in sharp contrast to what attackers think. Small businesses are often considered soft targets they have more comprisable asset than an individual but less security than a larger security firm.

As the volume and complexity of cyberattacks grow, organizations, especially those that process Legal, healthcare, or financial records, need to take major steps to protect their sensitive business and personnel information. Usually, the cyberattack is intended to inflict damage or seize information from an individual, organization or public entity, for the purpose of theft (of payment card data, customer details, company secrets or intellectual property, unauthorized access to networks, compromise of official records or financial and/or reputational damage. A portion of the data can contain delicate information, for which unauthorized access or exposure could have negative consequences.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 1 WHERE IT ALL BEGAN?

Some Key Dates in Cyber History

WannaCry ransomware attack, 12 May 2017, infected more than 230,000 computers in over 150 2017 countries

Tumblr was attacked by hackers, 2013 resulting in 65,469,298 unique emails and passwords being leaked. The White House computer systems were hacked. US blamed 2011 Russia for the Intrusion.

Turkish hacker iSKORPiTX 2006 successfully hacked 21,549 websites in one shot.

Gary McKinnon hacked 97 United States military and NASA 2000 computers.

The ‘ILOVEYOU’ Worm (Red Code 1994 Worm) infects systems across the globe. “Morris worm“ was released. The first ever worm that required no 1988 human intervention to spread.

A German computer hacker ,Marcus Hess, hacked an internet gateway in 1986 Berkeley and used that connection to piggyback on the ARPANET.

Bob Thomas a researcher for BBN Technologies in Cambridge, Massachusetts created the first 1970 computer “worm” named “Creeper”.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 2 TYPES OF CYBER ATTACKS Viruses Computer viruses infect your applications and files, alters the way your computer operates or stop it from working altogether, designed to relentlessly replicate. Infected computer programs, data files, or the boot sector of a hard drive.

Malwares Malwares are malicious programs capable of performing variety of functions, including stealing, encrypting or deleting sensitive data and it can also monitor users' computer activity without their permission.

Trojan Horse Trojans do not replicate by infecting other files or computers, unlike a virus or malware. They may sit quietly at your computer, collecting sensitive information or setting up or destroying your system security, or they may just take over your computer and lock you out.. Spywares Spyware is software which secretly collects the information about a person or organizations data through Internet and may send information to another entity, also in the absence of their consent. It may increase number of processes in the background resulting system crash. Browser Hijackers A malware program which modify the browser’s setting and redirects you to the unintended sites. It may even replace the existing homepage, search engine with its own or error page Phishing It is the attempt to obtain critical information like usernames, passwords, and credit card details. The attacker mostly disguises as a trustworthy entity in an electronic communication.

Cross-Site Scripting(XSS) Cross-Site Scripting (XSS) is a code injection attack where an attacker can execute malicious scripts – referred as malicious payload into a genuine website or application

Denial of services(DDoS) A denial-of-service attack is a cyber-attack where the attacker seeks to make a machine or network resource unavailable to its designated users by temporarily or briefly disrupting services of a host connected to the Internet. Therefore, denying them from using general services of the targeted resource. vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 3 SMALL BUISNESS CYBER SECURITY RISK 2018

2 0 % 2 0 % 15 % 1 3 % 1 0 %

BROWSER BRUTE FORCE DENIAL OF SERVICE WORM MALWARE

4 % 4 % 1 4 % Percentage. of Cyber Attacks 2017[2] WEB SCAN OTHERS .

Phishing attacks The primary, and probably the most common problem that can be seen in small businesses, is seeing them falling for phishing scams. The types of scams that can be as old as the internet, and can be avoided becoming a victim by educating employees about the dangers on the internet, and by restricting their rights accordingly.

Internet of Things(IoT) Leaks

Real-time data collection is an important part of IoT. It ranges from monitoring traffic to collecting real-time patient information so that it can optimize the uptime of industrial equipment. IoT comprises of many devices hidden in plain sights. However, these devices aren’t always secure which creates a possible backdoor into the organization, its even very hard to guess which devices are even connected to the web in the first place. But since IoT devices lack built-in security, they are often easy targets by hackers.

Attacks affecting websites

Web-based attacks will continue to plague small businesses in 2018. Most often small business websites do not have multiple layers of security which leads hackers to make their way in so they can execute malicious activities right from the company website. This could have a destructive influence on your branding as such websites get quickly penalized by search engines such as Google and Bing. On not changing passwords or not updating company website WordPress plugins may cost you a lot. vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 4 SMALL BUISNESS CYBER SECURITY RISK IN 2018

Compromised and stolen devices

All the devices like laptop, cell phones and data drives may contain company information that can be utilized by cybercriminals. In the event the device is lost or stolen, It should be brought to the attention of the concerned person(s), and if possible remotely the contents should be purged immediately, company information should only be stored and accessed by verified secured company devices. The information on stolen or compromised machines could be used against the interests of the company and can also be a downfall for the same.

Ransomware

Companies big or small, can become victim of ransomware attacks. Ransomware attacks can avoided if all company systems are kept updated and they have quality anti-virus software installed. It is paramount that you constantly take backups of mission critical data and be very cautious with the files that you open on your computer, it is advised that you scan all files you receive with anti-virus software to confirm that they are not malicious. Small business should educate their staff on cyber security best-practices.

Ransomware Epidemic By numbers, 2017 *Source: bitdefender.com,ransomware-report-2017

7 5 % 5 9 % 73%73%

75% of the organizations 50% of the organizations Being common point of have experienced up to five are either ‘Not at all failure, 73% of employees ransomware attack in last confident’ or only ‘slightly have opened malicious email year & 25% experienced 6 or to moderately confident’ in attachments, infecting their more attacks. their ransomware defense. network with ransomware. vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 5 SMALL BUISNESS CYBER SECURITY RISK 2018

Of small and mid– Of impacted small sized business business are left have experienced severely impaired 55% a data breach or 60% with high recovery cyberattack cost.

Reality of Cyber attacks and breaches[3]

Of all spear- Is the average cost phishing attacks for a small business 43% are targeted at to overcome a data small businesses. $38K breach.

43% of Employees often use Why focus company devices for personal activity or when on they work on personal employee /insecure devices, these devices become a single 43% device point of failure. security?[4] Employees must be trained with a greater appreciation for security and safety.

57% of employees report storing company data on their own notebooks, 57% storage devices personal smartphones, or tablets.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 6 HOW TO BE SAFE?

HOW DO CYBER ATTACKS HAPPEN

EMAIL SOCIAL MEDIA EMPLOYEES MOBILE DEVICE 1 in every 244 email Nearly 160,000 50% of all the There are more than contain malware Facebook accounts employees steal 1,000,000 malicious are compromised company data when apps in existence every day they leave the company today

Update your computer with the latest patches and updates. Updating your computer regularly will block attackers from taking advantage of software vulnerabilities, which they could otherwise use to exploit the system.

Configure your system security. During the configuration of the new computer, it is wise to make both the Hardware and its software secure.

Be safe, use strong passwords. Passwords give life and strength to accounts when it comes to Internet which preserves Online banking, shopping, surfing, interacting in the social media and so on.

Protect your computer with security software. Antivirus software is necessary for basic online security which includes firewall and antivirus programs. It acts like a “policeman” at the gate of you system.

Back up Important Data. Computers can fail to protect the data and hard drives can become corrupt which leads to endless data lost.

Configure firewall. Firewalls are the guard against any undesired communications from any source. Firewalls are a vital second layer of protection against cyber- attacks, deciding who and what can communicate with your computer.

Boost Your Network Security. Use a password-protected router that encrypts vulnerable data or consider investing in a Virtual Private Network (VPN), it enables you to connect securely over the internet, anonymously.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 7 HOW TO BE SAFE?

Avoid Public Wi-Fi Public Wi-Fi connections could dangerous, as various other unknown devices are connected over the same network.. Considering unsafe nature of public Wi-Fi, one suggestion would be to use only when necessary.

Avoiding Peer-to-Peer (P2P) Downloads P2P is when one user decides to upload a file to file sharing websites for other users to find and download. The files uploaded by other users are not inspected for infections by anyone before uploading which can lead to home users easily downloading malware and corrupting the computer.

Be a careful clicker. Careless clicking can be dangerous because numerous online threats are based on phishing or social engineering. Spam emails, click-bait, online phony discounts are major tricks to lure you to click on unsafe links or give up your private information.

Secure your Mobile devices. Often Ignored while securing, mobile devices are extremely vulnerable. Mobile devices face unique risks like risky apps and critical links sent by text message and are easily lost or stolen. It is important to secure all mobile devices that contain or have access to business data.

Make sure you have recovery contact When you cant log into your account you can make sure that companies have other options to can confirm your identity, it can always be a phone number or an alternate e-mail. Recovery e-mails serve as a bridge in case your account has been compromised.

✓ Hold a company-wide cyber For Enterprise security training. ✓ Enterprise level antivirus Security protection. ✓ Invest in 24/7 monitoring and Follow This support. ✓ Develop a cyber security plan Practices. with a trusted IT partner.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 8 CLOUD SECURITY THREATS

Top 3 Cloud Computing Concerns of 2017[5]

81% of organizations are not managing host vulnerabilities in cloud.

Poor Security practices leading to network breaches. 37% 37% of database accepted inbound requests from the internet that should not be allowed

Account compromising are increasing due to risky users 38% 38% of the organization had potential cloud account compromised.

Biggest Cloud Security Threats

61% 52% 43%

Hijacking of Unauthorized Insecure account services access interfaces or traffic /API vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 9 CURRENT INDUSTRY TRENDS

$28B In 2007, the U.S government spent $7.5 billion to combat malicious cyber-attacks. That is nothing in 373% comparison of 2016 cybersecurity expense of $28 billion (a massive $7.5B BUDGET INCREASE 373% increase from that of 2007). [6]

It was revealed by Symantec Internet Security Threat Report 2017, that 36% Ransomware attacks worldwide have 100+ increased by 36%, with more than 100 new malware families introduced in NEW MALWARE 2017.

64 % of Americans were ready to pay a ransom after becoming 64% V 36% victims of ransomware attacks, in S comparison to 34% of people globally. [7] AMERICANS THE WORLD

In 2017, 6.5% of people in the world were victims of identity fraud, resulting in a loss of $16 billion. [7] $16B DEFRAUDED 10 k In Feb 2017, cybercriminals reportedly got angry about US ties with Israel and breached the DOJ’s database. FBI EMPLOYEES CNN reported the attackers released data of 10,000 Department of Homeland Security employees, and 20 k 20,000 FBI employees. [8] DHS EMPLOYEES

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 10 CURRENT INDUSTRY TRENDS

In June, a hacker named ‘Peace’ came to the public-eye, after millions of passwords were made online of LinkedIn, Tumbler and MySpace users. He had those details for sale on a Dark Web. According to the Wired, his hack has compromised 167 million user accounts from LinkedIn, 360 million from MySpace, 68 million from Tumblr, 100 million from the Russian social media site VK.com, and another 71 million are from Twitter, which makes the sum around 800 million accounts and growing. This also includes social media takeovers of Facebook CEO Mark Zuckerberg, popstars Katy Perry and Drake, Twitter cofounder Biz Stone, and so on.

INVESTIGATE 70% believe that their tools are effective ADDRESS. at detecting unknown threats. & DEFEND. 44% of security 58% believe that that infrastructure is alerts are never up-date. investigated by organizations. 74% believe that their tools are effective against unknown threats *based on Cisco Annual report 2017

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 11 FUTURE OF CYBERSECURITY

By the year 2021, cybercrime damages will cost us $6 trillion annually. The cybersecurity community and major media $6 TRILLION have largely coincided with the prediction that cybercrime depreciation will cost the GLOBAL LOSS ANNUALY world $6 trillion annually by 2021, up from $3 trillion in 2015. [9]

Global expenditure on cybersecurity products and services are predicted to $1 surpass $1 trillion over five years, TRILLION+ which is from 2017 to 2021. [10] OF SECURITY PRODUCTS & SERVICES ]

Cybersecurity jobs are predicted to reach 3.5 million by 2021. [11] 3.5MILLION+ CYBER SECURITY JOBS

Currently there are over 3.8 billion internet users which is over 51% of world 6 BILLION population, Cybersecurity Ventures predicted these figure to hike by 6 billion INTERNET USERS internet user by the 2022 and 8.5 billion by the 2030. [12]

A 2017 report confirms that the world 300 BILLION will need to cyber protect 300 billion [13] PASSWORDS passwords globally by 2020.

Predicted ransomware damages will rise to $11.5 billion in 2019 and $11 .5 BILLION that a business will fall victim to ransomware attack every 14 RANSOMWARE DAMAGE second by 2019. [14]

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 12 CONCLUSION

Cyberspace is unusually difficult to secure due to many unrewarding factors. The ability of malicious characters to operate from anywhere in the world, the connection between cyberspace and physical systems, and the challenge of reducing vulnerabilities and consequences in complicated cyber networks. The biggest concern is the cyber threat to critical infrastructure, which is increasingly subjected to sophisticated cyber invasions that pose new risks. In today's digital age we have frequently integrated information technology with its physical infrastructure operations, which can lead to outspread the risk for wide-scale or high-consequence situations that could disturb services or cause harm upon which our economy and the daily lives of millions. Due to some circumstances of peril and possible outcomes of cyber events, confirming the security and resilience of cyberspace has become an indispensable security mission.

Cyber security is a growing concern for businesses all around the world. Small businesses have started laying greater emphasis to train employees in do’s and don’ts, outsourcing network security and have begun to invest in various resources for disaster recovery planning and cloud migration; Cloud computing offers excellent surveillance for intrusion, restrictive access and strong perimeters for security. It is important be prepared and develop a plan, instead of simply staying in the dark.

Ultimately, the best thing you can do is to have a “security-first” mentality. Just because a firm is small it does not mean it would not fall victim to breaches. Being aware about current trends in cyber security can be extremely beneficial for small businesses and can help save precious resources like, time and money.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 13 In the words of Stewart Brand, "once a new technology rolls over you, if you’re not part of the steamroller, you will be part of the road”. In this era of constantly changing technologies, one needs to be progressive. Thus, here at vTech, we make sure that you stay ahead of the curve by being pro active and dynamic.

Founded in 2006, vTech Solution, Inc. (vTech) has several years of experience in providing Cloud-based solutions and services to our clients. We have the knowledge, resources and expertise to provide mission critical solutions that help organizations to adopt a headship pattern that focuses both on IT systems and people.

vTech has experienced consistent growth over the years and lays strong emphasis on quickly applying new and emerging technology and platforms in its implementations. The company is financially sound and owns offices in Virginia and Washington, DC. It has direct and remote support services available across the U.S. sub-continent to deliver and implement projects on time.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 15 WHY VTECH?

We have highly qualified Professionals, certified Engineers and Cloud experts to provide you with an end-to-end managed hosting solution to match your mission-critical needs. We combine our state-of-art technologies with vast knowledge & experience of our managed hosting team to give you a complete & unparalleled full-service offering. Our managed hosting solutions are Designed for large, multi-face ten deployments, vTech managed hosting provides dedicated, virtual, or seamlessly integrated environments with the 24x7 management of core services including database, security, monitoring, and backup.

We provide managed hosting solutions that are backed by industry-leading Service Level Agreements (SLAs) assuring maximum uptime and can be accessed and monitored through our Web portal, complete with an easy-to-use Managed Hosting Executive Dashboard. We are capable of providing cloud solutions on demand with instant deployment, higher flexibility, expert management by 24x7 support from superior IT staff, regular TAM reviews, and customized, detailed reporting and escalation process.

What sets us apart is our willingness to go the extra mile and add personal touch in all our client engagements. We provide a dedicated account manager that makes sure our clients are not just satisfied, but delighted with our services.

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 16 partners

Clients

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 17 REFERENCES

1) https://www.symantec.com/content/dam/symantec/docs/about/2017-ncsir- global-results-en.pdf

2) https://www.calyptix.com/top-threats/top-8-network-attacks-type-2017/

3) https://smallbiztrends.com/2017/01/cyber-security-statistics-small- business.html

4) https://www.securable.io/blog/personal-device-security-infographic/cyber- awareness-education/digital-footprint

5)https://info.redlock.io/hubfs/WebsiteResources/RL_Cloud_Security_Trends_Oct_ 2107.pdf?t=1507325492499

6) https://thebestvpn.com/cyber-security-statistics-2018/

7) https://www.nbcnews.com/business/consumer/identity-fraud-hits-record- number-americans-2016-n715756

8) https://www.welivesecurity.com/2016/12/30/biggest-security-incidents-2016

9) https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

10) https://www.csoonline.com/article/3153707/security/top-5-cybersecurity- facts-figures-and-statistics.html

11)https://www.csoonline.com/article/3200024/security/cybersecurity-labor- crunch-to-hit-35-million-unfilled-jobs-by-2021.html

12) http://www.techcentral.ie/cyber-attack-surface-facts-figures-statistics-2017- 2022/

13) https://thycotic.com/resources/cybersecurity-ventures-protect-300-billion- passwords-worldwide-2020/

14) https://cybersecurityventures.com/ransomware-damage-report-2017-part-2/

vTech Solution, Inc. +1-202-644-9774 1100 H Street N.W., Suite 450 Washington, DC 20005 [email protected] 14 An ISO 9001: 2015 Certified Company

vTech Solution, Inc.

1100 H street NW Suite 450 Washington DC 20005 (O) 202 644 9774 (F) 866 733 4974

www.vTechsolution.com

Connect with us