Infinite Group Inc.

Posts on Jan 1970

Containment is Key After a Cyber Breach

I came across this Interesting article in GCN which speaks to cyber breaches and the ability to contain the breach. As this author indicates, a major provider of firewalls announced a critical vulnerability with its appliance. It points to continued vigilance around vulnerabilityGCN white management and the need to have a process in place to manage these effectively.

This also highlights that root cause at the OEM level must be taken into account when managing your security platform. While this can be remediated through available patches, it demonstrates that just because the OEM is responsible for addressing problems in their products, they aren’t always quick to identify them. Ultimately, this could lead to complete compromise, which may open a Pandora’s box in authentication control.

The underlying point here is that many organizations may have varied plans in place to ensure they are maintaining security. We could debate whether appropriate measures are being used however, what is becoming clear is that strategies for mitigating loss in a post-breach scenario are not being actively discussed.

Management must look at breaches not as a possibility but a likelihood. As such, mitigation plans must be developed to contain your exposure, remediate, and begin to get back on-line and in business. Just as hackers get creative in breaching security systems, we as protectors must get creative in design, management and mitigation.

Andrew Hsecurity1oyen is a Chief Administrative Officer at IGI which is a firm specializing in products and solutions for cybersecurity and vulnerability management.


Continue Reading

Assessing Cybersecurity is a Necessity for Small Businesses

The threat of hackers and cyber-criminals is very real, not only for large companies but also for small businesses as well.  That means that business owners must accept that a strong cyber-defense system is a must in the modern business world. It is worth noting, while an internal plan may work, external resources particularly those of experts in the field can greatly improve your security measures.

There is an interesting article in Forbes magazine that speaks to this from the small business point of view – How Small Businesses Can Improve Their CybersecurityForbes

This quote says it all. Small businesses are just as vulnerable, if not more so, than business with large IT budgets. There are cost effective ways for SMB’s to pay attention to their Network Security at reasonable prices. A well thought out and well-rounded comprehensive Cybersecurity posture no longer has to be viewed as something only the “big guys do”.  Rather it is an essential aspect in doing business especially in cyberspace.

– James Villa, President and CEO of IGI

Continue Reading

IT firms see higher demand for their security services


Rochester Business Journal
January 22, 2016

Rochester-area firms are turning more and more to cybersecurity services to safeguard their data, customer information and networks.

“We’ve seen exponential growth with our customer base in the Rochester area,” says Trevor Smith, executive vice president of Brite Computers.

Cybersecurity services encompass a host of measures designed to protect computers, computer systems and digital communications networks from unauthorized access or attack. Demands for such services and products have grown over the past few decades and should continue to rise. The research firm MarketsandMarkets projected that the global demand for cybersecurity would reach $106 billion by the end of 2015—and come to $170 billion by 2020.

While the overall market for cybersecurity in the Rochester area is unknown, those working in the industry say business has been on the upswing. The huge thefts of customer credit card information and other data at Target Corp., Home Depot Inc. and Excellus BlueCross BlueShield boosted the market for cybersecurity products and services at firms like Pittsford-based Infinite Group Inc.

“Every time there’s a published issue stemming from some sort of event, it does cause some widespread fear and panic and inquiries as to what to do, how to do it,” says Andrew Hoyen, chief administrative officer of Infinite Group Inc.

Successful attacks can hit even large companies hard—Target recently agreed to pay as much as $67 million to Visa card issuers alone. Small to medium-sized companies can suffer even more.

“We’ve actually seen several companies go out of business as a result of being breached,” says Michael McCartney, president, CEO and co-founder of Buffalo-based Digits LLC, which also has an office in Rochester.

Hackers have also increased in number and proficiency, thereby driving up the need for increased digital safety. Criminals who once sent out millions of bogus emails in order to “phish” for personal information—passwords to online bank accounts and the like—can now “spear phish,” targeting individuals whom they believe have vital corporate information.

“They know an individual is the head of R&D (research and development) at a large organization, so they have access to critical stuff,” Smith explains.

Spear phishing hackers hooked a big one in 2013, when a contractor who had access to Target’s network clicked on a suspect email. As a result, they were able to steal the credit card information of up to 40 million of the retail giant’s customers. Such stories, coupled with increased business use of email, have helped drive up demands for cybersecurity.

“Most businesses use email as their main form of communication, so email spam and protecting people from (fraudulent) links and things like that on email is huge,” says Sitima Fowler, co-CEO of Capstone Information Technologies Inc.

At the same time, more and more employees leave relatively secure offices to conduct business outside over tablets, smartphones and laptops, resulting in a greater need for cybersecurity.

“Laptops need to be encrypted,” Fowler explains. “That means that if a laptop is ever stolen, people won’t be able to make sense of what is on it.”

Finally, local businesses’ and organizations’ computer systems and communications networks need to meet increasingly rigorous government and industry standards regarding data security and privacy. By doing so, they limit the risks of breaches and the legal and financial ramifications of those that occur.

Local firms meet their customers’ cybersecurity needs by a variety of means. Though some include them as part of general IT services, others specialize in helping their clients safeguard their systems and data.

Digits LLC offers proactive and reactive cybersecurity and Internet response services. As part of its proactive services, the company will assess the effectiveness of a firm’s security measures and take action to safeguard its data.

“We’ll look at their current infrastructure and their current security posture around the data they create, save and store … and make recommendations to increase or improve that security both from an outsider threat as well as from an insider threat,” McCartney says.

As part of that package, the firm provides software that can monitor a client’s systems in real time and signal when a breach occurs.

When hackers do strike, the reactive side of Digits comes to the fore. Company investigators use computer and digital forensics to try to discover what the hackers did, who they were and the kind and amount of data they stole—if any.

McCartney says the market for both types of services has greatly increased at Digits since 2012.

“It’s grown at least 60 percent, and no end in sight,” he says.

Responding to breaches of clients’ systems and similar incidents makes up about a third of GreyCastle Security’s business.

“Companies call us 4:30 on a Friday afternoon because there’s a couple hundred grand missing from a payroll account,” says CEO Reg Harnish. “We have teams of people who respond to those kinds of cyberbreaches and intrusions and theft and hacking.”

On the proactive side, the Troy, Rensselaer County-based firm identifies client’s security risks, builds programs or plans that reduce or eliminate them, and takes such measures as “penetration testing.”

“An organization engages us to essentially act like hackers—to break in and steal something of importance to that organization,” Harnish explains.

Business has grown by as much as 220 percent a year since GreyCastle was founded five years ago, according to Harnish. The firm’s employees used to commute to service Rochester-area clients, but GreyCastle recently hired someone in the area to do so. It is also in the process of opening a local office.

Brite Computers offers a broad range of cybersecurity services, including security assessments, data protection and assistance with meeting government risk-compliance standards. Business is on the upswing.

“We are seeing a huge growth in small and medium businesses because of the need for and the efficiency of the cybersecurity solutions,” he explains.

Small and medium-sized companies also make up a growing part of Capstone’s cybersecurity clientele.

“People are finding out that just doing things on their own is not enough,” Fowler says.

Capstone’s cybersecurity offerings include software, hardware and the technical assistance that companies need to protect their data and systems, both in the office and out in the field.

“We do the daily blocking and tackling to keep our clients safe,” Fowler explains.

Capstone’s ability to block-and-tackle has helped it double the amount of business it takes in via cybersecurity services over the past five years, according to Fowler. Nowadays, the provision of such services makes up over 50 percent of the firm’s business.

Cybersecurity also constitutes a major growth area at IGI, according to Hoyen.

“We’ve seen year-on-year growth probably in the 10 to 15 percent” range, he says.

One particular element of cybersecurity for which demand has grown in recent years is that of vulnerability assessment, which involves determining the security failings of internal and external Web and Wi-Fi systems. While companies generally conduct such assessments annually, ÜberGuard, a technology that IGI rolled out last December, allows them to do so in real time—and much more efficiently.

“It’s a vulnerability management solution that enables a customer to automate certain aspects of vulnerability management and the scanning of potential issues in their network, and then have canned reporting and dashboards, etc., at their beck and call,” Hoyen explains.

Hoyen, and others in the local cybersecurity industry, view the coming years with optimism.

“We are hoping to see 25 to 30 percent growth (year-over-year),” Smith says of his firm.

Mike Costanza is a Rochester-area freelancer.

Continue Reading

Could the Future of Cloud Computing be Underwater?

Wow!  Could the future of cloud computing be underwater?  It appears that may be the case if Microsoft sees their ideas come to fruition.  In an example of “refactoring,” or completely rethinking the way something has traditionally been accomplished, Microsoft is investigating the possibility of housing data centers underwater.

This is an interesting article from the New York Times – Microsoft Plumbs Ocean’s Depths to Test Underwater Data Center .  New-York-Times-LogoThe company is investigating the possibility of utilizing the ocean as a data center farm.  They have actually tested an underwater self-contained data center.   This could be an exciting possibility.

Jim Kegelmeyer is Director of Virtualization Sales at IGI

Continue Reading