Blog

The security products offered by GamaSec are so good, they convinced a leading insurance company to offer an insurance policy against data breaches along with GamaSec products. This is something of which Avi Bartov, co-founder and CEO of GamaSec is particularly proud. He is also proud to be providing affordable, but top-quality security products to small and medium sized businesses.

Read More
Website Vulnerability Remediation Services: A Key Survival Tool for SMBs
By Robert Zimmer

There is a growing consensus among security professionals that traditional security measures are losing their effectiveness, and therefore those small businesses that are security-conscious may not be investing in the most effective security solutions for their needs. With nearly half of the 28 million small businesses in the United States experiencing a breach within the last 12 months (2016 State of SMB Cybersecurity Report), owners must adopt their mindset and strategies to this new reality and proactively engage with website vulnerability remediation specialists before a dire day comes their way. Just as no one wants to have to worry about appointing a medical representative from the back of an ambulance on the way to the hospital, no company should find itself dumbfounded and scramblingafter a data breach.

Big corporations routinely spend hundreds of thousands, even millions, of dollars on cybersecurity, but when it comes to small businesses, many owners aren't spending enough to secure their website – a vital part of their livelihood. While many SMB owners think they are too small to be targeted, the fact that a business is small usually translates into less spending on cybersecurity. This inherently makes them an attractive target for hackers.

A data breach isn’t just a small hiccup in daily operations – instead it can cause unshakable damage to a business’s reputation. In fact, the damage it causes to a small business can be much worse than the effects it would have on a large corporation. The public relations nightmare that inevitably follows a data breach is often irreconcilable, with unforgiving customers fleeing amidst revelations that more could have been done to protect their personal information.

Small businesses, in particular, often haven’t built up a sufficient enough reputation to fall back on. Spillover effects often include the unwillingness of other organizations to partner with a company that sustains a major breach. These consequences often extend beyond merely sales, as companies are forced to invest hefty sums on improving information security in the wake of a breach.

Businesses large and small usually sustain permanent financial damages as they spend to “clean up” after a website attack, which often involves hiring security consultants, “brand loyalty” specialists, and legal and public relations professionals.

The average cost of a small business that can reactively detect and contain a breach is roughly $30,000. In contrast, those that take a proactive approach by investing in security monitoring, response plans, financial protection and engage vulnerability remediation specialists in advance of an adverse event can likely avoid the premium fees and hassle of finding these specialized services in the midst of a crisis, and can emerge virtually unscathed.

“Today’s cyber environment proves that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies, or even presidential candidates,” said PC Magazine editor Juan Martinez. “Perhaps it’s time that we changed our perceptions and strategies.”

Today, SMBs must start with the assumption that a breach is will occur, and then develop ways to reduce their risk and exposure based on that assumption. By establishing allies both within and outside of the SMB community and remaining on the offensive, small businesses can vastly improve their chances of survival.

Robert Zimmer is vice president of strategy at GamaSec (www.gamasec.com), a global provider of website security solutions for small and medium-sized businesses.

Read More
How to Proactively Build Resilience into Your Business

Small business owners have a savvy, entrepreneurial spirit that emboldens them to take risks and a unique courage to turn their vision into a reality. They are uniquely qualified to be experts about whatever product they choose to sell, however, all too often they fail to recognize the unseen dangers that quietly surrounds their products, customer information, and their very survival on the internet. While they are likely to have planned for almost every contingency imaginable in their physical environment, they often fail to see that they have become targets of online predators.

The alarming fact is that up to 60% of small businesses have to shutter their doors within six months of a cyberattack, but they can take steps now to mitigate the chances of becoming part of that statistic – and it doesn’t require a huge investment of time or financial resources. Owning a small business keeps you on your toes and while you may not think you have time to spare now, the crippling effects of a cyber attack will leave you wishing that you had taken these steps beforehand.

You have probably invested in some type of antivirus software for your company’s devices. However, this won’t protect your companyfrom DDoS and SQL Injection attacks that are focused exclusively on your website. Website scanners, Web Application Firewalls and cloud-based DDoS protection can be purchased as a monthly subscription, and protect you from new hacking techniques that your antivirus solution does not address.

Many small businesses can’t afford an IT staff and must usually rely on their own limited expertise. Thankfully, there are cloud-based security packages that not only alert you to suspicious activity, but also step in after an attack to provide remediation services. This process can be very time-consuming as compromised files and devices must be repaired, your business reputation maintained, and customers notified and protected after a data breach. These headaches can cause your business to grind to a halt and ruin your brand forever.

Thankfully, business owners of all shapes and sizes can gain website security, remediation as a service, and financial protection for up to $50,000 in the case of a data breach – and it is available now in an affordable bundle – which saves you the hassle of having to find all of these separate, specialized services on your own. True peace of mind and the resilience to carry on with your business is a priceless commodity that can be attained with a few keyboard strokes. Just ask one of the victims who tragically closed their business last year after a cyber attack hit their company’s website.

Read More
Take a Stand: Prevent Attackson Your Small Business Website by Protecting the Weakest Links
By Robert Zimmer

Small business owners are beginning to realize that their website will at some point be in the crosshairs ofhackers. Doing nothing is simply no longer an option – after all, it’s not worth the embarrassment, loss of customer trust, the risk to their brand’s reputation or even their very survival. While most small firms have a limited budget for protecting their website and associated data, they can no longer afford the luxury of “rolling the dice” on security. It’s now time to employ tools that provide comprehensive protection by searching and closing vulnerabilities that hackers look for when targeting their next victim.

With roughly 30,000 new websites hacked every day and a clear gap in security funding and expertise, small businesses are facing an existential threat that’s climbed 300% over last year’s stats.It is becoming imperative that SMBs recognize the new reality that they are now the most common target of cybercrime. Integrating security into their daily operations is now just as important as paying employees and ordering enough product to meet demand.

Certain small businesses segments are targeted for specific attacks because they constantlyinteract with their client’s data (doctor offices, healthcare providers, ambulance services, even small police departments).Another common reason that businesses are specifically targeted is the use of outdated computers and operating systems. Microsoft stopped releasing security patches for Its XP system (developed in 2001) in the fall of 2014. There is simply no way to upgrade security on older machines or software, yet 7% of businesses worldwide still use XP for everyday client interactions despite the risks.

Despite non-stop media coverage of high-profile breaches, small business owners still lag behind their larger counterparts in shifting to become part of a better protected internet for all. Many of the breaches that occurred at Fortune 500 companies actually started with someone hacking into a small business vendor or client to use as an access point into the larger corporate network. Yet, a glaring lack of awareness about the value of personally identifying information and security best practices still leaves some SMBs dangerously perched on the slippery slope of risk, and despite growing frustration among customers.

Businesses that transmit any sensitive data (such as credit card numbers, billing addresses, etc.) should encrypt all data traffic using SSL or TSL protocols. Even though hackers have adopted SSL encryption, this still adds a necessary layer of protection that can prove vital to protection.

Hackers are turning increasingly to web applications which allow them to circumvent firewalls and network security tools to surreptitiously access your company’s “crown jewels.” Just as hackers utilize sophisticated scanners to pinpoint weaknesses, firms must adopt some form of vulnerability probe that scans for vulnerabilities that could invite unwanted interest.

Once you’ve implemented the best security barriers that you can afford, including cloud-based firewalls and application scanners, then it’s time to patch an even bigger vulnerability – your employees. Educating your workforce about the need for smarter passwords, being vigilant against phishing emails, and thinking before they click will add immense value to your overall security investment.

Read More
Convenience and protection for SMB websites best delivered through cloud-based security
By Avi Bartov

Website security may seem of little concern to your small air conditioning maintenance and repair business – after all, you may only have a few computers connected to the internet and conduct some of your business communications through your mobile phone. This ambivalence toward security vulnerabilities is exactly why hackers have shifted to specifically targeting small businesses websites – which accounted for a large percentage of attacks last year.

Unfortunately, this tendency to underestimate the threat landscape not only affects their own operations, but also other SMBs and large companies that purchase goods or services from them. SMBs almost always lack the robust security tools of large enterprises, and have thus become a path of least resistance for hackers seeking private data, proprietary information, or a route to larger organizations somehow connected to them.

The problem is multifaceted, partially due to innocence and a lack of education, not too mention a huge gap in security funding and personnel compared to their larger counterparts. The lack of awareness surrounding cyber vulnerability is a huge issue for SMBs which, paradoxically, have the most to lose in the event of a breach. Large corporations suffer huge consequences from these attacks, but can often continue operations. Small businesses can have a much more difficult time during the recovery phase. following a breach. The loss of consumer confidence, regular customers, and reputational damage can plague a small business owner.

According to a vulnerability assessment issued by the Small Business Administration, small to medium sized firms face the same threats and adversaries as large corporations. These include attacks from Advanced Persistent Threats (APTs), phishing attacks, DDoS, malware, ransomware, and other threats that continue to evolve. Those organizations that are already (or quickly become) security conscious often find themselves overwhelmed and underprepared to choose a website security solution that fits their needs, since there is very rarely a one-size-fits-all solution.

Small businesses, in particular, often lack the time and energy to learn how multiple security products interact, and how to respond to different alerts. While most large organizations have developed the capability to monitor, detect, and attempt to respond to incidents, this usually requires at least a minimum level of expertise. A post-incident plan generally involves customer notifications, remediation, and public relations specialists, while financial protection is a crucial element to assist companies with recovery.

One of the most economically sound options for SMBs is to use cloud-based website security in addition to specialized DDoS protection, along with remediation, consulting, and insurance solutions in specialized bundles that are designed specifically to meet the needs of SMB clients.
To learn about GamaSec’s monthly website security service plans, visit http://gamasec.com/Plan.aspx.

Avi Bartov is CEO of GamaSec, a global provider of website security solutions for small and medium-sized businesses. The company offers cloud-based website vulnerability identification, remediation-as-service, web attack prevention as well as a Data Breach Limited Warranty. Founded in 2006, GamaSec is headquartered in Israel with offices in New York City. Visit www.gamasec.com.

Read More
Planning proves crucial to rebounding after a DDoS Attack
By Avi Bartov

Distributed Denial of Service (DDoS) hardly sounds like a phrase that should blanket airwaves. Sadly, it has become an all too common phrase heard in both technical and consumer news media today. Despite it being used as an attack technique for many years, far too many organizations remain unprepared for it to occur on their watch.

A business of any size that relies on the internet for sales, marketing, logistics, or common web applications now faces an increasingly complex and virulent threat through evolving DDoS mechanisms that have the capacity to render your website, data, and devices at least temporarily useless without a well-rehearsed mitigation plan.

According to a few recent reports, the first quarter of 2017 saw a gigantic uptick in DDoS attacks, with a marked increase in their tenacity and sophistication. However, researchers at the said this is clearly just the beginning, as they believe the worst is yet to come.

With an ever-growing percentage of organizations worldwide experiencing some form of online attack at least once in the past 12 months, this time-tested form of attack struck many headline-grabbing targets over the past few months. Universities of varying sizes, traffic light control systems, and even the Microsoft voice service Skype fell victim. The need to plan for DDoS-specific attacks is here.

For purposes of common understanding, U.S. CERT provides the following description: “a DDoS attack is intended to take an organization or a service offline, or otherwise render resources unusable, which originates from (or appears to originate from) multiple hosts. The ‘multiple hosts’ part of the attack is what is ‘distributed’ and is what makes the attack more difficult to defend against.”

With organizations being attacked on a much more frequent basis, all businesses should reexamine the effectiveness of their overall security strategies regularly, and implement or revise their DDoS mitigation plans. While it is nearly impossible to entirely prevent a DDoS attack, those organizations that do preemptively plan in advance will find it much easier to respond, and limit the technical and business disruptions that are frequently the aim of the attackers.

Another troubling related trend is the use of DDoS attacks to mask other cybercrime, such as installing ransomware and malware concurrently. In 2017, we saw that DDoS victims also experienced increased malware activation, customer data breaches, ransomware and intellectual property theft compared to the year prior.

While the landscape may appear bleak, website owners should find fitting tools to protect their financial assets and corporate image as they proactively plan how to respond to these scenarios in advance. Companies should consider seeking input or direction from their internet service provider, technology companies (particularly those with experience in DDoS mitigation) – and even law enforcement depending on the size and scope of your business. Sensitive and proprietary data should be copied and stored in a separate, secure location, with backup copies not accessible from local networks. Additionally, security services such as Web Application Firewalls should be used to monitor and protect network, transport and application layers.

Finally, a DDoS plan should be well-rehearsed. After all, a plan that has not been exercised or rehearsed has no real legitimacy to withstand and whether an event. Too often the small business community waits until a disaster happens to start calling in the cavalry. It seems that, once again, the best defense is achieved by advanced planning and addressing the security basics as best you can. Just ask one of the of recent victims.

Avi Bartov is CEO of GamaSec, a global provider of website security solutions for small and medium-sized businesses. The company offers cloud-based website vulnerability identification, remediation-as-service, web attack prevention as well as a Data Breach Limited Warranty. Founded in 2006, GamaSec is headquartered in Israel with offices in New York City. Visit www.gamasec.com.

Read More
AI & ML Help Address One of SMB’s Weakest Links: Your Website
By Avi Bartov

The dirty little secret of the cybersecurity industry is the increasing threat faced by small business. It’s a sector that has been targeted by hackers precisely because it doesn’t have the big budgets or legions of security analysts to defend it, unlike its larger counterpart.

In fact, many of the headline-grabbing website attacks against private industry behemoths were achieved by using small businesses as entry points for hackers. Cutting-edge technology firms are combining Artificial Intelligence (AI) and Machine Learning (ML) to bridge the digital divide between true business needs and security vulnerabilities to achieve accuracy levels that can consistently outperform human analysts, and it never requires a lunch break.

GamaSec’s AI-powered Virtual Hacker is based on prototypes that were originally designed to detect vulnerabilities in highly-sensitive military and government environments. By implementing continuous website monitoring procedures, it diligently scans your website and web application flows for any anomalies that could signal a security breach. This dynamic scanning process is put through its paces by periodically simulating common methods of attack to ensure that coverage remains in a constant state of vigilance.

The innovative technology that GamaSec has employed is designed to retain and learn from past intrusion attempts, all to provide a streamlined and intelligent response to future website breaches. These solutions have been rigorously tested to ensure the monitoring and detection process are both compliant with industry standards and meet the needs of even the most demanding clients.

By exceeding the capabilities of traditional security products, GamaSec provides protection from malware while continuing to learn new attack methods on a real-time basis. It scans each application system on a daily basis for new vulnerabilities and automatically updates these systems with new patches, so that your protection remains constant and effortless for both you and your customers.

Reducing the volume of false positive alerts is also a necessity for best cybersecurity practices because these can easily drown out legitimate alerts. Frequently, the rules that cause repeated false positives are eventually ignored or disabled, which renders an organization blind to the attack that this problematic rule was searching for in the first place. By employing a unique hashing system and automatically filtering false positive rules, GamaSec takes this process to the extreme, protecting customers from the related headaches and added expense that these generate.

Until recently, this level of security technology has only been available to large enterprises with massive budgets to throw at the problem. Now GamaSec offers top-of-the-line protection to small business owners without requiring them to become security experts in their spare time. For more information on GamaSec’s monthly plans, visit http://gamasec.com/Plan.aspx.

Avi Bartov is CEO of GamaSec, a global provider of website security solutions for small and medium-sized businesses. The company offers cloud-based website vulnerability identification, remediation-as-service, web attack prevention as well as a Data Breach Limited Warranty. Founded in 2006, GamaSec is headquartered in Israel with offices in New York City. Visit www.gamasec.com.

Read More