A 20 year pedigree of building enterprise-grade IT infrastructure and networks for Blue-Chip companies and we bring this best-practice approach to clients.
A dream team of well-trained, experienced IT engineers, technicians and high-level IT experts who adhere to best practices and tried and tested standards.
Our in-house skilled team, processes, best-of-breed technology and tier 1 carrier-grade network means we are in control, influencing the best outcome for your business.
Business IT Services and what you need to know about Cyber threats to business…
From the perimeter/ firewalls, the internal network to the Internet, is your business protected?
South Africa has the third highest number of cybercrime victims worldwide and according to the SA Banking Risk Information Centre (SABRIC), South Africans are losing about R2.2 billion a year to cyberattacks. In a new survey from PwC, SA is ranked as the second most targeted country in the world for cyberattacks.
A cyberattack is defined as when a computer system, network or internet-enabled device or application is attacked. The goal of attackers is to expose, alter, disable, steal or gain access to, or make unauthorized use of data, devices and information-related assets.
Cyberattacks today range from installing spyware on a personal device; to malicious code known as malware that is distributed through spam email campaigns or phishing campaigns; to widespread outbreaks like the WannaCry ransomware attack of 2017. And they are increasingly becoming more sophisticated and more dangerous.
Company executives recognise that cyber security is one of the top business risks and are tightening up their security infrastructure. Individuals are becoming victims of identity theft, fraud and virus attack because they are not as vigilant as the corporate world. And the victim list is burgeoning – cyber criminals are targeting government agencies, public infrastructure and medical facilities worldwide.
In May 2017, Check Point products found more than 17 million attacks each week. The impact of these attacks could be catastrophic…they may even destroy our planet: a new report by the US Government Accountability Office found mission-critical vulnerabilities in nearly all weapon systems under development from 2012 to 2017, making them vulnerable to cyberattack. The idea often portrayed in movies, that military weapons could be “intercepted” and used against nations, does not seem so far-fetched today.
Accusations have been levelled at North Korea (for WannaCry), and Russia (for NotPetya) as the dark forces behind global ransomware attacks, while this may or may not be true, it is clear that the cyber “wars” are being battled out right here, right now and your business could be the next target. That is why Internet Service Providers (ISPs), like Zinia are bolstering their security skills and selecting best-of-breed products for their clients.
Connectedness a double-edged sword
As our world expands into the Information age, the proliferation of devices and platforms which connect to the Internet are also exactly what makes us vulnerable to attack. The sheer number of connected devices that upload data and/or communicate with machine to machine every day is astounding. Research from Business Insider predicts that more than 24 billion Internet-connected devices will be installed around the world by 2020. Our ability to share, collaborate and do business with anyone around the world, anywhere and at any time, carries with it an inherent security risk. And the more technology devices and applications that arise, the greater the risk.
Types of cyberattack threats to business
A traditional threat usually involves a direct approach which is malicious and where the website link is the active threat. For example, a user is on a website and clicks a link which takes them to another “site”. Many non-legitimate sites such as porn or torrent sites have this type of threat lurking in the shadows. Legitimate websites can also pose a threat if they are vulnerable to being “hi-jacked” drawing a user’s attention to install an app or download something for free. These adverts are usually too good to be true which makes them irresistible to most people.
On the email side, traditional threats contain embedded macros that are inserted into attachments such as word, excel or ppt files. Threats can also be embedded on an email signature, where the malicious URL link is tagged onto the image.
Attackers are now more sophisticated
The threat that companies now face are via targeted attacks. With a targeted attack the active threat is further down line. Cyber criminals know who the company is – they are visible and on their radar. What they do is assess the organization to seek out vulnerabilities in their security – from the website, email, servers, network, mobility, software, VPN and so on. They have one purpose in mind and that is to exploit information for cash such as ransoming, selling, leaking or using data for financial fraud.
These threats are known as an indirect or passive approach: they seek out vulnerabilities in your IT security first, get what they need and then attack. For example, by gaining user permissions such as admin rights, the criminals can take over your servers and bring your entire network down.
Another strategy that cyber attackers use today is known as social engineering, where attackers trick individuals into clicking a malicious link or entering their passwords and login details on a fake page. The idea behind social engineering is to get the recipient to perceive the incoming communication as legitimate so that they subconsciously accept it without question. These hackers are taking advantage of human nature and engineer the communication so that the recipient does NOT see any red flags.
There are 4 types of Social Engineering Tactics
Vishing (Voice Phishing) is where criminals use the telephone to gain access to personal and financial information for gain. It may also be used to gather more detailed information on the target. One example is, a person will phone saying they are from Microsoft and need remote access to a user’s computer. They will make it sound like they are conducting an audit so you have to comply. Once the attackers have been given the logins by the user, they now have total access to the individual computer, which they can mine for passwords, transfer viruses, conduct a ransomware attack, or even seek vulnerabilities into the individual’s work network.
Phishing is where cyber criminals attempt to retrieve sensitive information from a person by replicating electronic communication from a trusted company such as their bank. The attacker creates a fake website that looks exactly the same as the bank and sends an email to the customer of the bank to trick them into clicking on the URL. The customer is redirected to the fake website and prompted to enter confidential information. Usually it seems legitimate for example saying that there are security concerns and the bank wants to issue a new password. The criminals then use this bank information to make purchases.
Spoofing is when attackers use someone else’s email address in an attempt to imitate/impersonate the original owner of that email address – leading to various levels of malicious goals including financial fraud.
Besides the social engineering tactics above, cyber criminals have many attack tools to carry out a targeted attack to gain access to a computer or a network:
A brute force attack is where the cyber criminals use trial and error to decode encrypted data and take control of an organisation’s servers. Today these attacks are mostly about stealing information, however cyber criminals are “for hire”, so they could have a more sinister agenda such as to force systems offline, do reputational damage or conduct espionage.
Distributed Denial of Service (DDoS)
DDoS attacks involve overwhelming an online service with excessive traffic from many locations and sources. The aim is to slow the website down and prevent access. These attacks often are a diversionary tactic while other types of fraud or cyber intrusion is attempted by the criminals.
Removable media / flash drives
Removable media can hold a lot of data which may be sensitive or confidential. These devices could be lost, stolen or infected with malware – all of which pose a threat to your company. The impact could be massive, whether it is reputational damage, financial penalties or legal impacts.
Unauthorised use of your company’s system privileges
A cyber security threat that is often ignored is one coming from inside your company. Your own employees (not outsource IT individuals), who have privileged access to key systems, are in the best position to steal sensitive information. The biggest risk is from individuals who are working with valuable data and critical system configuration files daily including ; systems administrators, network engineers, database administrators, security engineers and executive-level employees. Because these individuals have high privileges they can perform malicious actions such as; stealing data which they can profit from or leak online, creating backdoors to exploit the system, or compromising your systems entirely by bringing them down.
Malware – the weapon of choice for targeted attacks
Malware is malicious code or software that is introduced into a computer, server or network with the objective of infiltrating a company secretly and doing damage. The most common threat is to target employees who may open a malicious website, PDF document or infected flash drive, by doing this the malware gains entry into an employees’ PC and then the spreads through the infrastructure. This makes the entire network open to cyber criminals: by controlling one user on the network they are able to steal data or transfer money from corporate accounts.
For example, Spyware, is a malware that violates privacy and tracks a person’s activity on their computer with the aim of conducting financial fraud.
Ransomware is a type of malicious software that uses malware to encrypt documents on a PC or even across a network. Victims can only regain access to their files (which have been encrypted) and PCs by paying a fee/ransom to the criminals behind the attack.
For example, the WannaCry Ransomware works like this: it sends a command to encrypt the hard drive on a Microsoft Windows server, it then sets up the encryption key and holds it. The Ransomware then deletes whatever is related to recovery, essentially removing the ability to go back and get shadow copies of data and backups from the machine.
After the 2017 WannaCry ransomware attack, security companies stated that the attacks were preventable if companies had the technology in place to catch the threat prior to entering the network. Relying on post-intrusion detection alone, is a big mistake. Basically, this means stopping the threat so it cannot infiltrate and spread through your computer network.
In addition, all the companies affected were running unsupported versions of MS Windows including Windows XP, Windows 8 and Windows Server 2003. The reason WannaCry was so powerful is that it exploited a vulnerability in the software – a Windows flaw called EternalBlue which was leaked by the Shadow Brokers hacking collective.
The most disturbing finding is that two months prior to the Ransomware outbreak, Microsoft released a patch to protect systems from EternalBlue and other exploits released by the hacking group. However, it seems that companies had simply failed to apply it.
Sam Sam is also a type of targeted Ransomware attack, except that access is gained to a computer on the network via a weakness in remote desktop protocols. The attack happens laterally across the company network; when as many devices as possible are infiltrated, only then does the trigger on the encryption process begin.
Since 2017, there hasn’t been an attack like WannaCry and Petya/NotPetya 2017, but what industry experts like Zinia do know is that Ransomware and other tools used by these criminals will keep evolving – as vendors develop ways to anticipate and block these threats, cyber criminals have already found another way to get through. Your best defense against Ransomware is a good backup and recovery strategy to enable your company to get back online and trading as quickly as possible.
Security & Defense strategy
You should always strive to have the best products in place to adequately protect your environment. As security and threat management experts, Zinia recommends:
What protection does a business need?
Traffic flow is the biggest risk area for a business; Zinia recommends companies view the threat flow as a compass. Vertical traffic (north-south) is network traffic that flows into and out of the network via the router/firewall (to and from the internet). Horizontal traffic (East-West) is network traffic that flows inside a network between devices. A combination of perimeter security and endpoint security usually works hand in hand to secure the compass.
Secure the vertical – Regularly update and test the perimeter of your network, that is any device connected with the outside world such as firewalls, switches and routers. For example, intelligent firewalls placed on the network can protect your company against DDoS attacks before traffic reaches the servers. If your business has a lot of remote workers, securing the remote access protocols is critical. A business-grade firewall which will provide increased protection against hacking, malware, spyware, viruses as well as block internal users from going to risky websites. In addition, these devices have to be checked and updated; when firmware or software is out of date your business is vulnerable.
Secure the horizontal – Make sure you have multilayer security for your internal LAN or network on your premises. This includes the ability to scan network traffic all the way to the end device (known as endpoint security) as well as removable media; updating security patches for software and hardware; Wifi security; user access permissions; policies including rules for personal devices. Application security, including mobile application security, is critical and must be reviewed for any vulnerabilities as attackers exploit these weaknesses, as was seen in the global WannaCry Ransomware attack of 2016
We provide a complete audit of your entire IT infrastructure by scanning the entire network for weaknesses including examining servers, desktops and other devices, switches, routers, cables, software, anti-virus, hard drives, memory and so on. We assess your requirements and recommend any changes required to bring your IT infrastructure up to best-practices standards, creating a list of high priority items and a roadmap to follow.
IT architecture and design
The proliferation of cloud computing, big data and mobility has placed pressure on IT infrastructure and has created challenges with integration, security and information management. Businesses need a structured approach to deal with the new modern landscape. Our experienced IT architects will create a successful Infrastructure Architecture based on best-practice methodology and analysing the functionality required by your business. We design your infrastructure to meet your specific business needs, taking into account future growth.
Inferior hardware can cause constant problems which impact not only user performance, but also has cost implications due to loss of productivity, downtime and the cost of IT resources required to fix these problems. We only recommend and implement best-of breed products at affordable pricing with once-off or monthly payment options. We supply servers, routers, switches, desktops, laptops, mice, printers and any other hardware required by your business.
We provide unlimited onsite and remote IT support at an affordable monthly fee for businesses. We maintain and support your network, software, as well as all your hardware and devices, ensuring they are properly updated and remain in warranty.
All new hardware is setup properly with files transferred and setup completed, making life effortless for your users.
Our large team provide first, second and third line support through a helpdesk manned by well-trained, experienced technicians. Our professional systems such as helpdesk software, remote monitoring and diagnostics tools, ensure your IT systems are properly supported.
We build and install an effective network, connecting your computers, mobile phones and peripherals to your LAN and/or the Internet. We ensure all cabling, trunking, conduits and trenching are meticulously labelled and tagged to provide quick diagnosis of problems. We also ensure switches, routers and wireless access points are correctly configured and setup for optimum connectivity.
Our specialist Microsoft skills and 20 years of expertise will help you leverage the increasing range of Microsoft solutions, both on premise and in the cloud. From server solutions, productivity and communications, cloud services and online meeting tools, we deploy, maintain and manage them to ensure your business stays on track.
Our services include:
We supply, configure and maintain your IT software from anti-virus, email archiving, storage software, backup software, offsite storage, CRM and document management. Besides our expertise in Microsoft we are also a trusted reseller of Trend Micro, Adobe and Smarsh solutions. Bundled with our support contracts we ensure that licenses do not go out of date and you remain covered.
We outsource IT skills and are leading security experts in threat analysis and security management. We have the skills and knowledge to protect your business inside and out.
We are accredited to advise configure, install, maintain and upgrade secure firewalls and anti-virus software. Our backups are impenetrable to attacks because of how we setup them up using host “vaults”. We remain abreast of new threats as they arise, evolving our methodology to combat malicious attacks which corrupt or hold company’s data hostage. This means we get you back up and running in a matter of hours ensuring you are not held captive from viruses and attacks.
We have a very solid methodology and knowledge base ensuring you get the most from your Wi-Fi. When deciding on connectivity, having the right wireless Access Points (APs) are vital to providing the best connectivity to your people and their devices. Your choice of AP and how it is setup is critical to how your users experience Internet at your office.
We conduct a professional heat map of your office environment, people and possible interference. We then recommend and setup a proper wireless network using carrier grade equipment running through a central controller either onsite or in the cloud.
All our equipment – Firewall, security and APs – are made by the same company to ensure seamless routing of traffic in and out. The quality of processors and antenna’s means more packets can be transmitted and received, improving performance dramatically.
Our central Wi-Fi controller is the “brain” of your wireless network and provides the following features:
It knows what is going on with all your wireless devices and can manage internet traffic based on setup preferences.
It dynamically searches your environment and resolves interference and does not have to be managed by a person.
Allows you to view statistics about users connected, their average speeds and behavior patterns to better manage the environment.
You can set the AP up to block access to bandwidth draining sites like Facebook or YouTube, allocate speeds per user and view what is happening with all your APs even if they are located at different geographical offices.
By outsourcing to us, we help you focus on your core business. We provide total accountability and day-to-day management of your network, firewall, PBXs and wireless network. With technology constantly evolving, we have specialists who can advise you of pertinent changes and implement them for you.
We provided monthly reports and advise you how to get the best performance, whether it’s optimising bandwidth, usage patterns or abuse of the network. We manage your telephone call records and unified communications, which can be IT intensive and require expensive resources.