Cyber Security Awareness Month Survival Guide

What is Cybersecurity?

The days of museum robberies and bank heists are mostly a relic of the past. These days, the most valuable targets are data. Stealing personal and other sensitive data typically exposes the thief to less danger, and data is oftentimes much easier to access. In many cases, a data theft can be automated. But theft isn’t always the goal. A student might compromise a database to change his or her grade. Similarly, cyberbullies might try to vandalize someone else’s profile. In short, cybersecurity helps protect against attacks like these known as cyber threats.

Cybersecurity is a foundational part of any successful IT solution, regardless of the business driver, but success depends on solution providers delivering an integrated approach to security that resolves complex and relentlessly changing security challenges. The Ingram Micro cybersecurity team takes a systematic approach to providing services, solutions and support at every step of the security sales cycle, from Professional Services — including PEN testing and network assessments — to extensive licensing and marketing development groups, right through to the post-sales technical support team. Enhancing those offerings are new ways to pay for and deploy solutions, helping to address financing and staffing issues many providers face. And, because no single vendor can solve for today’s unremitting threat landscape, Ingram Micro has relationships with established as well as emerging vendors, and can help solution providers navigate those partnerships more efficiently. With Ingram Micro, solution providers can be confident knowing Ingram Micro is committed to understanding the business needs driving security investments and has invested into the services and support needed to transform your business into a profitable security services provider, evolving security from a single deployment to an ongoing engagement that provides value across every single client.

What is a Cyber Threat?

A cyber threat is a malicious attempt to damage or disrupt a computer network or system. These threats can come in many forms, and not all of them occur over the internet. Here are five prominent cyberattack vectors:

    1. Brute Force: This method uses software or algorithm which is typically designed to search for vulnerabilities in a system and continually attack it until the vulnerability is overcome. In many cases, the vulnerable point is a password-protection mechanism. Specially designed software will attempt hundreds of thousands of character combinations until it cracks the password. This is why IS professionals will set a minimum level of complexity for passwords, enforce lockouts, and require mandatory scheduled password changes.
    2. Social Engineering: In this age of the Internet of Things, where people are accustomed to working with people they’ve never seen or spoken to before, it’s easy to understand why employees let their guard down regarding potentially compromising information. Imagine the following scenario: You receive an email that looked like it was coming from the IS department or a phone call from IS intern working remotely and calling from an outside line. In either case, they tell you that they’re applying updates to your computer and need your login credentials. This person tells you that they report to a particular manager that you recognize and they mention company events that you’ve attended. You might be inclined to trust this person and give them the information they need even though the details they provided are available publicly on LinkedIn and the corporate site.
    3. Distributed Denial of Service (DDoS): In this scenario, the attacker attempts to overload the network or server with “fake” connections. When the system has to deal with too many connections, the “real” connections have trouble getting through, effectively making the system unusable. In October of 2016, a massive DDoS attack shut down several very popular websites, like Twitter, Spotify, and Netflix for almost half a day. The attackers used a program called Mirai to infect devices that are connected to the internet, like routers, security cameras, cable boxes, and more to create a robot network or botnet. Once these devices were under the attackers’ control, they simply had to point the botnet toward their targets.
    4. Phishing Attacks: These attacks are the most commonly reported and involve sending fraudulent emails to targets, hoping they’ll open an email and click a link. Doing so will typically install some kind of malware that will continue to attack the system in varying ways, like locking the user out, infecting the network, or continuing to breach the system, looking for more valuable data.
    5. Malware, Spyware, and Ransomware: These attacks all originate from some kind of malicious software invited into a system and allowed to run. Common ways to get malware installed is by clicking a link or opening an attachment from a suspicious email. Depending on the type of malware, the malicious program may just spy on the user’s activity, logging keystrokes, and reporting user credentials back to the attacker. In more recent cases, the malicious program will lock the user out, encrypt important files, and demand a ransom in exchange for a key that will unlock the files.In May of 2017, the WannaCry ransomware infected many organizations, including several European hospitals. The ransomware encrypted files and demanded US$300 in Bitcoin as ransom. The ransom doubled after three days of non-payment. The ransomware also threatened to delete the files permanently after seven days of non-payment.

Ingram Micro Security Services to Add to Your Portfolio

Ingram Micro offers a systematic approach to provide cybersecurity services and solutions throughout the entire sales cycle, which enables our solution provider partners to transform their business and become more profitable, highly trusted security advisors. With Cyber Security Awareness Month as top of mind for all of October, there’s no better time to think about the security services:

Ransomware Preparation Services

Some of the largest hacks in recent news events have occurred at the hands of Ransomware, a type of malware that holds files hostage in exchange for payment. Check out this one-pager outlining some of the Assessment, Consultative, and Training services available to help your customers get ahead of the ransomware threat. (Download the PDF)

Social Engineering Assessment

Employees represent a possible weak link in security for many organizations. The Social Engineering Test Assessment is designed to complement Ingram Micro’s Network Penetration Test and Web Application Vulnerability Assessment by attempting to convince your employees to divulge sensitive information through the use of emails and phone call scripts customized to your company. (Download the PDF)

Network Threat Assessment

Both small and mid-sized businesses as well as distributed enterprises have advanced threat protection needs. Cisco ASA with FirePOWER Services combines the proven security benefits of the ASA 5500-X firewall with the industry-leading FirePOWER next-generation intrusion protection system and advanced malware prevention system from Sourcefire in a single device. (Download the PDF)

Penetration Test Assessment

A Penetration Test Assessment can be used to address evaluate the effectiveness of an existing security network. Technical Architects from Ingram Micro Expert Services use a mix of manual and automated testing techniques in an attempt to gain access to information without the knowledge or permission of its owner. (Download the PDF)

Wireless Network Assessment

A Wireless Network Assessment starts well before a site survey is performed. Understanding the business need, existing environment, performance concerns and growth plans are all part of the process. (Download the PDF)

Don’t let a lapse in cybersecurity threaten your business or your customers. Contact Ingram Micro Professional Services today and let us help you build a cybersecurity suite of services: