During a client satisfaction survey conducted last year, we found that respondents were most likely to name security as their top priority for the upcoming year. In our continued effort to bring awareness to trending security topics and news, we will be issuing a security update on a monthly basis.
This update includes our security roundup, featuring information on the Dark Web and what it has to do with your business. You'll also find data on trending security related headlines, and some important notes on recent vendor patches.
We welcome all feedback as we strive to keep our community safe and secure.
Security Roundup: SMB and the Dark Web
Our security roundup is where we take a closer look at one aspect of cyber security to help make the topic of security more approachable for the Lloyd community. This month’s roundup? The Dark Web, and what it means for your business.
The Dark Web may sound like a modern day Star Wars/Batman/Spiderman spin-off, but it actually refers to sites that are not visible on a normal search engine and the identities of who are behind the sites are hidden (i.e. you can’t just google “[insert site on dark web here]”). Those who wish to have their websites run in the Dark Web do so by hiding their web identity via an encryption tool such as Tor. To access these sites, you need to use the same encryption tool that then hides your identity and location.
Since everything is encrypted and hidden, the dark web provides a great place to share information without being tracked. An example of this from recent headlines would be the Ashley Madison data breach – all of that stolen data was stored/found on the Dark Web. Other, more legitimate examples of those who use the Dark Web include individuals who live in societies where you cannot legally share or obtain information from outside countries, or doctors who give medical advice to people who cannot seek public help. On the Dark Web, they are free to ask questions with total anonymity.
So what does the Dark Web have to do with your firm? We recently referenced the dark web in our InfoSec World blog post, where we describe the advances in cyber hunting. Cyber security experts continue to research ways to know about security breaches before a major hack takes place or the “leaks” are used for leverage or ransom. Cyber hunting products proactively go out and search the Dark Web for your company’s domain or other details so they can report back their findings and allow your IT team to eliminate the vulnerability.
While the Dark Web can provide a secure network for those who need it to perform some good, it also creates an environment where attackers can leak information and exploit holes within your network. Lloyd’s security team continues to advocate for a layered approach to security and is always researching new methods and products aimed at security breach education, detection, prevention, reaction, and remediation.
World Security News
In this section, we highlight articles referencing important and facinating updates in security news.
- Microsoft release patches for vulnerabilities from NSA dump. Microsoft has fixed most of the Windows vulnerabilities in a recent Shadow Brokers data dump of purported NSA hacking tools, which showed new techniques for hacking both Windows and certain financial networks. Nine zero-day flaws used in Shadow Brokers' exploits were patched, and three others were not reproducible on supported Microsoft products.
- Dallas emergency sirens were hacked. The Dallas emergency broadcast system was breached, causing all tornado sirens to sound for 90 second durations for a number of hours. This is the latest in hacking attempts at government or state owned infrastructure, and shows that the risk of attack is there for any type of organization.
Lloyd Patch Watch
We want to give our community a "heads up" on some important updates involved in Lloyd's workstation and server patching process.
- This month marks the first month in which there will be no more security patches for Windows Vista. Security patches are important for addressing discovered vulnerabilities in software - without patching, your network is left exposed to potential risk. If you or any of your colleagues are still using Windows Vista, it is important to upgrade the machine at the earliest convenience. Lloyd clients can reach out to their Engagement Team to discuss upgrades.
- Microsoft released a patch for Microsoft Word that left individuals vulnerable to outside exposure. This was a highly anticipated patch, and something Lloyd added to its patching process this month to make sure our clients were protected.
Thank you for reading our update! Please reach out with any comments, questions, or feedback.