Authored by RSM Canada

Despite the obvious advantages of a digital transformation—like creating an efficient, agile and easily scalable organization—many transformations fail.

Especially when it comes to risk management, “measure twice, cut once” is sound advice. Stopping to assess your desired outcomes and mapping a route to get there can help. Whether your organization has undergone a cloud migration that has missed the mark or has not begun that move at all, anticipating the common pitfalls can help you better plan and execute this shift. Here are some of the cases we see most often.

Threat blindness

Middle market companies may feel relatively insulated from cyber threats, but the numbers tell a different story. In the 2023 RSM US Middle Market Business Index Cybersecurity Special Report, 20% of middle market executives claimed their company experienced a data breach within the last year. Cybercriminals may target these organizations looking for systems that are easily exploited partly because they tend to have a less sophisticated cyber security regime.

Misplaced trust

Cloud providers and SaaS solutions suppliers emphasize their security features and take them seriously. But the security they are referencing is within their platform, not for your data. Many organizations misunderstand this distinction, leaving their data exposed.

The other commonly discounted risk is the one coming from inside your organization. Whether knowingly or because of increasingly ingenious phishing and deep fake attempts, your employees pose a real threat. In fact, 35% of cyberattacks come from inside organizations. And 64% of those attacks are successful compared with the success rate of 51% for external attacks.

Misconfigured security

While a do-it-yourself approach can work for some projects, a cloud migration isn’t always one of them. Security tools can be misconfigured and vulnerabilities can go unchecked out of inexperience or because your IT team is stretched too thin. Given the complexity of cloud architecture and the number of cloud environments that need to be managed, you may need an advisor to ensure your risks are mitigated.

Tackling risk based on your installation method

Technology is an essential element of a secure architecture, but the people planning, executing and maintaining your cloud security are just as important. There are three central approaches to moving your business to the cloud, all of which are dependent on the skills, knowledge and experience of your team.

Self-serve installation

As noted earlier, this can be a tall order. Your team will need to have the time and resources to find vendors, plan the migration and then manage security and maintenance. This may seem like the least expensive option at first glance, but the high cost of talent and the complexity of a cloud migration may be more than your team can reasonably handle. Many organizations that embark on a self-serve migration eventually end up calling a third party to complete the task.

Working with a vendor

Technology vendors are skilled at guiding their customers through the installation and usage phases of software implementation, and cloud services providers can assist in your migration. But while they have expertise in their products, they may not be as skilled at customizing the plan and framework for your digital migration. Compliance requirements, for example, might not be part of their process. These blind spots can limit the functionality and flexibility of your framework.

Teaming up with an advisor

Consultants skilled in the various phases of a digital transformation, from cloud assessments through software development, can help guide your team from planning through installation, management and security. After working through multiple cloud migrations, they will have a greater knowledge of what does and doesn’t work as well as tips for success.

Not all consultants are equal, and you should ask plenty of questions before engaging an advisor. Some of these include:

Do you have a standard approach to data migrations or is it customizable for our needs?

Does your team have experience in our industry?

What kind of qualifications does your team have?

Source: RSM Canada
Used with permission as a member of RSM Canada Alliance
https://rsmcanada.com/insights/services/risk-fraud-cybersecurity/paying-attention-to-risks-as-you-shift-your-business-to-the-cloud.html

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

Virtus Group is a proud member of the RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries. Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources. For more information on how the Virtus Group can assist you, please call us at 855-206-5697.

The post Paying attention to risks as you shift your business to the cloud appeared first on Virtus Group.

Authored by RSM Canada

Ransomware is now the most common cybersecurity threat among U.S. businesses, affecting organizations of all sizes. Ransomware attacks have grown during the COVID-19 pandemic, as cybercriminals take advantage of the more vulnerable landscape that has resulted from a drastic shift to widespread remote work strategies.

We are now seeing more opportunistic attacks because cybercriminals no longer need to be very experienced to break into an organization. In fact, threat actors have turned ransomware into a profitable business, with premade ransomware-as-a-service (RaaS) platforms growing in popularity. As ransomware attacks continue to evolve and become more sophisticated, companies must take proactive steps to address the growing risks.

The current state of ransomware attacks

Considering the current ransomware environment, it’s no surprise that many middle market companies said they know a peer who has suffered an attack or have been a target themselves. The RSM US Middle Market Business Index 2022 Cybersecurity Special Report found that 41% of middle market executives know of a company that has been a target of a ransomware attack, and 23% have experienced an attack themselves. Compounding the issues related to a ransomware attack, 7% of executives experienced more than one attack in 2021. This is a common tactic by cybercriminals—once a breach occurs, they will continue to attempt to attack the company until it proves that its network is secure.

Middle market executives appear to understand that ransomware is not going away and the threat is only growing. In fact, 62% of respondents in the RSM survey said their organizations are likely targets for ransomware attacks this year, a 5% increase from last year’s report.

Taking protective measures against ransomware

The unfortunate reality is that ransomware will continue to be a threat moving forward, and you may not be able to prevent ransomware from entering your organization. Many threat actors are sophisticated enough that, given enough time, they’ll likely be able to bypass controls and enter your environment. So you must consider two things when developing a response to ransomware risks: how to make your business less of a target and how to limit damage if someone does manage to access your organization.

While nothing can completely protect your organization against ransomware attacks, the following actions can help to reduce the potential or scope of an attack:

Follow a cybersecurity framework

Some helpful guidance has recently been published from respected organizations to help curb the spread of ransomware attacks. For example, last year the National Institute of Standards and Technology (NIST) released a fact sheet and infographic and the NIST IR 8374 (Cybersecurity Framework Profile for Ransomware Risk Management) with tips and tactics to protect against threats and recover from a potential attack.

Develop an incident response ransomware playbook

Your organization can leverage available guidance and advice to develop a strategy that outlines what you should do if you suffer an attack. A ransomware situation is a chaotic event, but every minute matters. The longer it takes you to respond to an attack, the more costly it will be from a forensics perspective and from a disclosure perspective.

The ability to detect an attacker and then respond to the event is the only thing that is preventing a huge financial liability from that specific attack. Therefore, eliminating any potential ambiguity must be a priority.

Make sure your cyber insurance policy is up to date

With the prevalence of cybersecurity threats, an effective cyber insurance policy has never been more important. However, the cyber insurance landscape has changed significantly recently, with reduced coverage limits, rate increases and more underwriting scrutiny as vendors pay out more claims.

However, even with the changes to cyber insurance policies, it is still a necessary part of your cybersecurity posture. You should consult with your insurance provider to ensure that your policy continues to align with your risks and take steps to put yourself in a more advantageous position from a coverage perspective.

Ensure you have strong business continuity and disaster recovery procedures

From a business continuity perspective, your organization should implement thorough segmentation for networks and applications to make it more difficult for an intruder to move around once they get inside.

Following a disruption, how quickly can you recover? An effective disaster recovery strategy is not only helpful during a natural disaster, but it can help transition or restore operations while limiting downtime during a ransomware event.

Consider managed services

A growing number of smaller and mid-sized companies are leveraging third-parties to manage core security functions essential to the mitigation of ransomware risks. Those functions include, but are not limited to, some of the below activities:

• Managed security monitoring
• Managed endpoint detection and response
• Managed patch and vulnerability management

Ransomware risks are evolving so fast, and some companies simply do not have the internal talent and experience to keep up. Rather than put the company at more risk, outsourcing to an organization with more experience and resources often makes the most sense.

Outsourced cybersecurity solutions are increasing in popularity as a practical alternative to managing security in-house. As the frequency and severity of threats continue to escalate, implementing a solution and maintaining it may no longer be feasible for many companies.

Undergo technical testing

A trusted third-party can evaluate your security environment and perform technical testing to determine the likelihood and impact of a ransomware attack. For example, RSM provides a comprehensive ransomware risk assessment that evaluates the potential risk and spread of an infection through penetration testing techniques, analyzes business continuity and incident management programs, performs a ransomware tabletop exercise, and can help remediate any specific issues identified.

Ransomware has always been a concern, but risks are evolving at a rapid pace, and the threat is now very real for companies of all sizes. As with many types of cybersecurity attacks, the criminals are more advanced than many of the controls, and your organization must use available resources to develop a security approach that includes strategies to both prevent and remediate ransomware attacks in order to limit financial exposure and reduce downtime.

This content was originally published on RSMUS.com. 

This article was written by Andrew Weidenhamer and originally appeared on Jun 02, 2022 RSM Canada, and is available online at https://rsmcanada.com/insights/services/risk-fraud-cybersecurity/ransomware-protecting-your-business-against-evolving-risks.html.

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

Virtus Group is a proud member of the RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries. Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources. For more information on how the Virtus Group can assist you, please call us at 855-206-5697.

The post Ransomware: Protecting your business against evolving risks appeared first on Virtus Group.

Authored by RSM Canada

Ransomware has become the most significant cybersecurity threat today, affecting large multinational organizations and the smallest of entities. A ransomware attack represents a low-risk, high-reward opportunity for criminals, as little effort is required to access sensitive information and demand bounties that can cause extensive harm to businesses—especially small- to medium-sized companies.

The RSM US Middle Market Business Index 2022 Cybersecurity Special Report found that 41% of middle market executives know of a company targeted by a ransomware attack, and 23% of executives experienced an attack themselves in 2021. In the current environment, inaction is not an option, and companies must take proactive steps to address expanding and evolving ransomware risks.

To add to the evolving threat landscape, cybercriminals have taken advantage of the exponential growth of ransomware-as-a-service (RaaS), a service model where sophisticated threat actors develop and sell ransomware platforms to other threat actors. Now, cybercriminals no longer need to be highly technical to launch a cyberattack on an organization, so potentially lucrative ransomware attacks are rapidly increasing.

How does the RaaS model work?

The RaaS model provides the purchaser with extensive training, reference materials and malicious code that can be used to launch a ransomware attack. Here are some key takeaways for understanding how RaaS works.

RaaS providers typically use several different purchase models

• Subscription: The RaaS provider receives a predetermined cryptocurrency payment for a finite period of usage.
• Affiliate: The RaaS provider receives a recurring fee plus a percentage of the ransom payment.
• Purchase: The RaaS provider sells a kit to the purchaser.

The attacks leverage well-established hacking tools (i.e., Mimikatz), while employing current vulnerability and penetration testing tools (i.e., Cobalt Strike). These attacks are designed to not only exploit well-known, existing vulnerabilities but also take advantage of new zero-day vulnerabilities. Threat actors have developed elaborate social engineering and intelligence-gathering methods to cause significant devastation for a victim when a ransomware attack is launched.

How to protect your organization from ransomware attacks

The reality is that ransomware will continue to be an ongoing threat to organizations, and there is no way to completely remove the risks. However, the following actions can help reduce the potential success of an attack.

Stay informed about new vulnerabilities

The National Institute of Standards and Technology (NIST) published information to help protect against threats and recover from a potential ransomware attack. In addition, the US-CERT—CISA regularly posts updates on new vulnerabilities and attacker tactics, techniques and procedure (TTP) trends.

Make sure you have backups

It is important to have backups not just for business continuity and disaster recovery, but also to be able to restore critical data if a ransomware attack occurs. The trusted, age-old 3-2-1 backup rule will help protect backups from attackers. Don’t forget that attackers also work nights, weekends and holidays, so you should have regular and frequent backups.

Implement advanced endpoint detection and antivirus protection

While attackers use established TTPs, they are also attacking new vulnerabilities and constantly updating their tool sets. Have a robust and properly configured defense system in place to identify and minimize potential attacks before they gain traction and affect your environment.

Have an incident response plan

Develop a strategy that outlines how your organization will respond if you suffer an attack. A ransomware situation is a chaotic event; the longer it takes you to respond to an attack, the more costly it will be. Ransomware has always been a concern, but the rapidly changing threat landscape is increasingly affecting companies of all types and sizes. Every organization should create a security approach that includes strategies to both prevent and remediate ransomware attacks. A strong security plan can limit financial exposure and reduce downtime.

This content was originally published on RSMUS.com.

Source: RSM Canada
Used with permission as a member of RSM Canada Alliance
https://rsmcanada.com/insights/services/global/ransomware-as-a-service-a-new-business-model-for-cybercriminals.html

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

Virtus Group is a proud member of the RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries. Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources. For more information on how the Virtus Group can assist you, please call us at 855-206-5697.

The post Ransomware-as-a-service: A new business model for cybercriminals appeared first on Virtus Group.

Authored by RSM Canada

Source: RSM Canada
Used with permission as a member of RSM Canada Alliance
https://rsmcanada.com/what-we-do/services/consulting/risk-advisory/10-steps-to-reduce-the-impact-of-cyberattacks.html

RSM Canada Alliance provides its members with access to resources of RSM Canada Operations ULC, RSM Canada LLP and certain of their affiliates (“RSM Canada”). RSM Canada Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM Canada. RSM Canada LLP is the Canadian member firm of RSM International, a global network of independent audit, tax and consulting firms. Members of RSM Canada Alliance have access to RSM International resources through RSM Canada but are not member firms of RSM International. Visit rsmcanada.com/aboutus for more information regarding RSM Canada and RSM International. The RSM trademark is used under license by RSM Canada. RSM Canada Alliance products and services are proprietary to RSM Canada.

Virtus Group is a proud member of the RSM Canada Alliance, a premier affiliation of independent accounting and consulting firms across North America. RSM Canada Alliance provides our firm with access to resources of RSM, the leading provider of audit, tax and consulting services focused on the middle market. RSM Canada LLP is a licensed CPA firm and the Canadian member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries. Our membership in RSM Canada Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources. For more information on how the Virtus Group can assist you, please call us at 855-206-5697.

The post 10 steps to reduce the impact of cyberattacks appeared first on Virtus Group.