At Netrix, our security practice sees trends and patterns in the industry that are worth mentioning and monitoring in 2017. If these items aren’t on your mind and you don’t have a strategy in place to solve each of these, please read on.
Careless or uninformed employees can compromise all of the preventative security measures we might put in place. It takes just one click of a link to compromise an entire organization these days. It only takes 20 emails to different people in a company to guarantee someone will open the email and click the link, 100% of the time. A careless employee might forget or lose an unlocked smartphone, and expose sensitive information. Just as risky are employees who might have weak passwords, visit unauthorized websites, or click on links in emails.
Organizations must convey a culture of security awareness, and this tone and message must be communicated from the top down! Every employee in a business or organization must take responsibility for security. The saying goes “culture trumps strategy every time.” Firms should embrace security, and roll out an executive message, security policies, and expectations, and employee security awareness training and reinforcement. This should be coupled with assessment, and can even include internal phishing, to measure the training’s effectiveness. Seeing how many employees are getting phished can allow for remedial training, or as we sometimes call it the “Top 10 Wall of Shame” or “Phishing Derby Trophies.”
It is critically important that top management recognizes the need for security, allocate resources, communicate, support, reinforce, and sometimes enforce this message throughout the organization.
In 2015 the security industry saw a 900% rise in ransomware or advanced malware. That was bad.
In 2016-2017 through Q1, ransomware infection numbers spiked 3500%. This is an epidemic of malware! Cisco reports 40% of its customers have seen a ransomware attack.
Ransomware infects a computer or firm’s network and encrypts all of the data it can access, then the perpetrators ask for a ransom payment to unlock the data, or they delete it forever. Once infected, there are only two choices: pay the bad guys, or recover the data and systems from a backup.
We hear and read stories on a regular basis about the organization that didn’t have a good backup and had to pay the ransom. (You do have a good backup, right?).
The best defense against ransomware is prevention. An important part of prevention is good IT hygiene, practices such as patching, hardening, scanning for vulnerabilities, and backup capabilities, good basic measures, but we often find a problem in one of these basic areas when it’s too late.
Technologies in security have evolved significantly in recent years to fight these threats, and have coined a term called “nextgen.” We see “nextgen” firewalls, endpoint anti-virus, and other solutions emerging into the market to fight the growing tide of this type of advanced threat. Don’t forget to consider and protect the remote and mobile workers in your organization, who can be especially vulnerable.
We hear about massive headline data breaches every day, Target, Yahoo, others. Hackers account for 85% of data breaches, so we should be concerned. There are two motives for this, financial, and espionage. Manufacturers are especially susceptible to espionage, those with credit cards or other valuable data are more likely victim to financial motives.
A single cyber attack against Panamanian law firm Mossack Fonseca turned the legal security world upside down in 2016. Outsiders stole massive volumes of sensitive data, and the implications were severe on the firm and their clients. How did it happen? Simple really, the firm left old, unpatched web servers running. This is a case of negligence. The old servers were so vulnerable even a beginning hacker could have broken in, and simple security measures weren’t in place.
Patches had been around for these systems for years but weren’t installed. Patching means more than just constant windows updates; it includes websites, applications, databases, and other devices like firewalls. Coupled with patching is configuration management, deploying secure systems via standards, and vulnerability scanning, all of which is the security process we refer to as hardening.
We want to make it a lot harder for a bad guy to break into the corporate network.
In the latest 2017 Verizon DBIR report, they found that of 1935 data breaches in the last year, 88% of these were accomplished using an old list of nine well-known security attack vectors. Most of these could have been pretty easily prevented using simple cyber-hygiene measures.
Some basic examples include:
• Don’t reuse password
• Use strong / not weak – crackable passwords
• Ensure systems, servers, software, even network devices are patched
• Use 2-factor identity authentication
• Encrypt sensitive data
• Segment the network to protect sensitive data
• Scan everything with an IP address for security vulnerabilities
Anyone with access to sensitive insider information can be a big potential risk for cyber security. 14% of data breaches are due to an insider threat. Although outsiders may pose a big risk to an organization, those with inside access are often overlooked. Of this population of miscreants, the numbers further break down into an internal employee, external employee/contractor, cases of collusion, and sometimes a partner. Motives primarily include financial gain, but can also include espionage, a grudge, fun, or some ideology or belief.
In recent years the case of Edward Snowden has brought a lot of publicity and awareness to this issue, as troves of sensitive insider information have been leaked online. We often see employees copy large amounts of data to USB drives, email, or cloud storage servers, usually an indicator that person is about to leave an organization.
Does your organization regularly review and limit access to systems and information? Do you regularly review user IDs and permissions? Are employees local administrators on their Windows PCs?
Intentional or unintentional, insider, external, regardless of the course, data leakage is a big problem and a risk many of us face today. Simple measures like encrypting all data, limiting access, and purging old, unneeded data make a big difference. Firms tend to keep data, especially email, around for a long time, and the information in those systems can put them at risk. Advanced measures can include DLP technology, data loss prevention, which allow a firm to “tag” data as sensitive or protected, then stop it from being copied or leaked. Data retention and data disposal policies can go a long ways toward limiting risk exposure should some data leakage occur. It can’t be stolen, compromised, or cause harm if the data simply isn’t there any longer.
Visa and card brands have started enforcing increasingly shorter retention times and periods for card data, for instance. After all, why keep the raw card data around when it can cause a breach and isn’t needed any longer?
The rise of mobile devices, iPhones, Androids, tablets, coupled with the trend towards BYOD (bring your own device), present some difficult challenges for organizations. Typically data on devices isn’t encrypted, and in some cases, a user may not even have a simple pin code on their phone, so a lost or stolen device can lead to a serious data breach. Everyone loves the flexibility of using their own devices, and the device of their choosing and BYOD saves on costs to the firm of issuing and supporting a fleet of mobile phones, but at what risk?
MDM solutions (mobile device management) allow an organization to embrace BYOD but lock down the device, requiring security measures such as encryption and strong PINs on the device. They can further enforce policies that allow a device to wipe itself after a number of incorrect pin entries, encrypt data, locate or track a lost or stolen device, and in the worst case, initiate a remote wipe of all information on the lost device.
BYOD raises an interesting legal issue. If I have an employer’s corporate email on my personally owned BYOD device, the employer doesn’t necessarily have the right to “wipe” the device. It’s not their device after all. What happens if the employee quits in anger, or is fired, and has our corporate email and other information on their device? In this case, an MDM solution can perform a “selective” wipe of the information, in which we wipe only the corporate information we do still legally “own” and don’t wish to have sitting on a remote device outside of our control.
Can your organization detect a security breach? (Most can’t). Is someone monitoring the security of your network and systems 24×7? The mean time for most organizations (even large ones), to detect a breach is at 197 days. Worse, of those companies breached, only 31% found it themselves. Typically a law enforcement, third-party, or other agency is the one notifying a firm about a data breach.
Companies are hiring outside firms to act as their SOC (security operations center), and monitor the security and integrity of their networks for them 24×7. It is becoming a best practice to outsource this MSSP security operations SOC capability, as it is a better solution and more cost effective than building this capability in-house except in the very largest enterprise level organizations. It is too difficult to staff in-house for 24×7 coverage, and finding a team of skilled security professionals to hire to do it in-house is also expensive and difficult. This is exacerbated by the current shortage of IT Security Professionals globally.
Sure, that old machine still works, and it costs money to upgrade it to something newer. Just a few years ago, this wouldn’t have been too much of a concern, but as the pace of technology has increased, so have security threats. Windows XP is not secure, and Microsoft no longer supports it or patches it, and this is also true of other older technology in companies. It was state of the art back in the day, but then so were tube TVs, and fast internet dial-up 56k modems (hint: most of us don’t use those old technologies any longer either).
Anything with an IP address can be a security weakness, from the copier to the system running the door card readers, and even things like smart TVs. It is important to scan your network using security testing software on a regular basis and find these things, and of course, fix them before someone else finds and exploits them!
Please upgrade your technology; there truly is a major security difference in later versions of Windows such as Windows 10 and Server 2016. This is true across the board, as “nextgen” firewalls, “nextgen” endpoint av, and other security solutions have emerged and evolved to try and keep pace with new threats.
Written by: George Quinlan, Security Consultant
@2023 | All Rights Reserved
Terms of Use | Privacy Policy | Cookies Policy
Ashish has been part of the organization since 2000, starting with Structure Technologies which merged with Netrix in 2012. During the 20+ years, Ashish has worked in various areas of the organization, from Engineering, Project Management, Sales Engineering, and Technical Architect and Team Management to Product Management and Product Development. Ashish has expertise in Unified Communications and Contact Center and started the development of TetraVX Products at Netrix. As a Technical Fellow,
Ashish brings deep technical expertise, an understanding of business operations, and a customer perspective to help Netrix implement new systems, products, and services. Currently, Ashish leads the Product Development organization to develop secure, scalable and easy-to-use products.
Ashish has a Computer Science degree from the University of Illinois at Chicago and has Product Manager, Product Leader, and Product Executive certificates from The Product School.
Ashish lives in the Dallas, TX area with his wife and two children. He and his family enjoy vacations involving nature, learning about different cultures, watching movies, and going to the Dallas Mavs games.
Don is the SVP, Global Professional Services (Delivery) at Netrix Global. He has more than 20 years of experience building, managing, and growing professional and managed services businesses.
Don joined Netrix Global in 2013 as a Partner, driving significant growth in the Microsoft Alliance nationally and professional services delivery business. In 2020, Don led the M&A growth strategy and execution, which included the acquisition of five businesses and one divesture. In 2022, Don was asked by the board to take a leadership position over the global professional services business and lead growth, transformation and development of the teams and services while completing the integrations and value delivery of all acquired companies into one global organization.
Don’s earlier career included working as a technical consultant with specializations in infrastructure, collaboration, and messaging platforms. In 2001, Don joined Project Leadership Associates as a consultant and over twelve years focused on growing the Microsoft Strategic Alliance and professional services organization. While growing and leading in his various roles at Netrix, Don returned to school as an avid continuous learner to complete his bachelor’s degree in data Analytics in 2018 from Rasmussen University.
Creativity and focused action drive results.
Sarah has over 25 years of experience in marketing and strategy consulting, primarily in the B2B SaaS data protection and cybersecurity domains. Her experience ranges from working with companies as small as 4 employees to large enterprises. She specializes in building and scaling marketing and channel teams for growth and integrating acquired companies for rapid impact.
Prior to Netrix, Sarah derived success from her expertise with multichannel go-to-market strategies across complex global markets for companies including Sungard Availability Services, RSA, FireMon, and Dell EMC. Through leadership roles in product marketing, channel marketing, demand generation, market intelligence, and strategic communications, Sarah has honed a multidisciplinary marketing approach that enables her to consistently exceed KPI objectives and growth targets.
Sarah has also established an industry-focused perspective through consulting work in the areas of healthcare tech, database services, and career assessment tools. Sarah holds a Master of Science in Marketing with a concentration in Market Analytics, an MBA, and a Bachelor of Science in Marketing from Bentley University. She is an ICCS® certified career consultant, guest lecturer, and certified personal trainer.
Take care of your employees and they will take care of your customers.
Jay brings more than 25 years of client-facing consulting experience to Netrix. Jay started in information technology with two manufacturing companies before moving into consulting in 1997. Jay began consulting as a delivery engineer covering all aspects of integration and design around desktop operating systems starting with Windows 95 to Windows 10. Jay also focuses on working with law firms to help them with their digital transformation.
Jay joined Netrix in 2015 to start the End User Compute practice as Windows 10 was about to be released. Within two years of starting that practice, Netrix became Microsoft’s Windows 10 Partner of the Year. Jay now has moved from engineering to a sales leadership role overseeing all aspects of the Microsoft relationship. Jay holds a Bachelor of Computer Information Systems Degree from Devry University. He is happy to be a proud parent of a young son and has married his wife, Manali, for over 20 years. Jay and his family like to travel, cook, and watch basketball and movies.
The best way to attract top talent is to learn how to retain top talent.
Michael has over 20 years of experience in talent acquisition working with both start-up companies and Fortune 500 corporations. Throughout his career, Michael has demonstrated a strong commitment to finding and attracting top talent and has a proven track record of delivering outstanding results in a variety of roles and industries.
Michael started his career in Talent Acquisition as a headhunter with an external recruiting agency. He brought those skills to the corporate side working with IBM, HP/HPE, Nutanix and OVH US. He is known for his ability to create and maintain strong relationships with hiring managers, HR teams, and other key stakeholders, and is committed to delivering a seamless and positive candidate experience.
Michael has a B.S. in Finance and Business Administration from the University of South Florida. He is a devoted Washington Capitals’ fan. He loves entertaining guests on his patio with his craft cocktails, wine, charcuterie, and cheese boards.
Jim joins Netrix Global with over 20 years of experience in B2B technology marketing. Jim’s success in delivering revenue growth and measurable outcomes through strategic development, customer journey orchestration, brand management, and revenue marketing is credited to his fervor for ensuring both his customers and his team’s success.
Before joining Netrix, Jim held various marketing and strategy positions at start-ups and global 500 companies, most recently leading marketing and strategy initiatives at Entrust and Thales. He is a strong advocate of using cybersecurity and cloud computing technologies to create a competitive edge and enhance business outcomes. His goal is to help clients maximize the benefits of these technologies. Jim is often invited to speak at industry events where he shares his expertise and insights.
Jim has a Bachelor of Science degree in Computer Engineering from the University of California and a Master of Business Administration from the University of Southern California.
Vladimir Gotsev has over 25 years of experience in Information Technology, serving in various roles since joining the team in 2005. As a leader he championed several professional services practices throughout the years. He led the managed services practice and security practice from the ground up and launched many service offerings and partnerships at Netrix.
Vlad led the transition to the Netrix Professional Services practice in 2021. Throughout his career Vlad’s passion and focus has been to help customers define and execute their digital transformation strategy while maximizing business value.
Vlad currently leads the professional services delivery organization focusing on Security, Cloud, Applications, Data and AI/ML, Collaboration, and everything in between.
Vlad holds a Masters’s degree in telecommunications and holds several expert-level IT certifications. He is a proud father of two boys. In his spare time, he is enthusiastic about traveling the world.
Grow people to grow revenue, not the other way around.
Joshua Hoffman joins Netrix as Chief Revenue Officer, where he is focused on growth, sales, partner channels and customer experience in order to further extend Netrix Global as a trusted technical partner. Josh brings a wealth of global experiences from various revenue-focused executive leadership positions at companies that include Dell, Avaya, Palo Alto Networks, Poly, and Datto. Josh has been widely recognized for delivering exceptional growth in results, company culture and professional development.
Josh holds a BBA magna cum laude from St. Edward’s University and has participated as a mentor and program leader in the MBA program at the University of Texas McCombs School of Business. He has had multiple engagements with the state and federal government, as well as charitable organizations, as a presenter and influencer for key legislative initiatives and has served with distinction as a volunteer First Responder across the state of Texas.
Work hard, play hard, enjoy the journey.
Russ’ 28 year background in technology spans from early-stage startups to Fortune 500 giants such as Oracle. He has a wealth of experience leading teams, delivering value to shareholders, driving technological advancement, and scaling organizations—and he has been invited to speak on these topics by major news media outlets and at leading industry conferences.
Prior to being appointed CEO at Netrix Global, Russ was a member of the company’s Board of Directors in conjunction with a successful run as CEO of Infrascale, a cloud-based data protection, backup, and disaster recovery solution provider. Russ served as President and CEO of the U.S. business of OVHcloud, a cloud computing company based in France, where he oversaw the acquisition and integration of vCloud Air from VMware in 2017. Before OVHcloud, Russ was a member of the Executive Leadership Team at GoDaddy, following the company’s 2013 acquisition of Media Temple , where he had served as President and COO. He is currently on the Board of Directors of the Children’s Science Center of Northern Virginia and the Advisory Board at Virtru.
Russ graduated with a B.S. in Computer Information Systems from James Madison University, where he remains an active alumnus and Chairman of the Advisory Council for the Madison Center for Civic Engagement.
Embrace change, new ideas, and reward performance.
Dean Gels brings over 20 years of corporate finance and leadership experience as CFO to Netrix Global. He joins the team from his most recent role as CFO for LRN. His work history extends to several high-growth tech companies, including MSA Security, OVHcloud, Borderfree, and RBC Capital Markets.
Earlier in his career, Dean was the VP of Corporate Development at Borderfree (NASDAQ: BRDR) managing the sale of the business to Pitney Bowes for $489 million. Prior to that, he was a Technology Investment Banker at RBC Capital Markets completed more than 40 deals, amounting to $17 billion in aggregate transaction value.
Dean proudly served as an infantry officer in the United States Army in the Pacific theater during his 5-year commitment. Dean holds an MBA from Boston University and a BS from the United States Military Academy at West Point.
Lindsay Haun has over 18 years of proven achievements providing big picture leadership and strategic planning and innovation in customer support and operations within global, customer-focused technology organizations. As a support focused professional with hands-on experience, she brings strong leadership and business process improvements.
Prior to joining Netrix, Lindsay was a key player, holding various roles, at technical companies including MySpace, Media Temple, Uber, OVHCloud US, and Infrascale. Lindsay specializes in, and has had proven success with, improving the experience for customers and those that work directly with customers. At Netrix, Lindsay is responsible for spearheading support operations within our MSP organization to ensure our processes are streamlined, customer-centric, and scalable.
Lindsay is a proud Mom to a spirited toddler, a pop culture trivia enthusiast, and a self-described Star Wars nerd.
Greg Price is an executive with 25 years of experience serving the healthcare and information technology spaces. He has in-depth expertise in Executive Leadership, IT strategy, solution assessment, enterprise integration, application development, business intelligence, revenue cycle management, and electronic medical records in behavioral health, pain management and addiction settings. Greg has extensive knowledge in US and International business operations, with a specific focus on the India and the Philippines markets. In these specific regions, he has managed entities from inception to operations with more than 200 people.
Prior to leading the Healthcare Practice at Netrix, Greg was the CEO of Price Consulting, Inc., the creator of the Substance Abuse and Medication Management System (SAMMS). SAMMS is an EMR for behavioral health, pain management and addiction clinics. SAMMS is in use in 250+ clinics in 37 states and serves over 60,000 patients each day. SAMMS clients include clinics, hospitals, county health departments, correctional facilities, large clinic groups, and both state and federal government agencies.
Eric has over 20 years of experience in IT operations and managed support industry. He provides operational leadership over all Netrix Managed IT Services businesses. Eric is ITIL Foundation certified and focuses on delivering an industry-leading customer support experience, driving process improvement, and implementing best practices. His most meaningful accomplishment has been the ability to foster an environment of continuous improvement, learning, and career growth for the employees he leads at Netrix.
Before joining Netrix, Eric managed an internal IT service desk and NOC support operation for a large Fortune 500 company headquartered in Philadelphia. He oversaw the daily operations of a high-performing support team that managed over 75,000 contacts per month.
Eric attended Kutztown University, where he studied Business Administration and Management. He holds certifications in ITIL Version 3 Foundation Certification (EXIN), Management & Leadership (Dale Carnegie), and Gartner Customer Relationship Management (Gartner). Eric resides outside of Philadelphia, PA, with his wife, Maren, two children, Will and Sam, and Dublin, the family dog. He comes from a large family, and they all make it a point to unite always to celebrate their birthdays and major holidays together.
James has been a part of Netrix since 2006. During that time James has worked in different facets of the organization that includes, Direct selling, Sales leadership, Channel and Strategic Partnerships. James has been part of the Operating Committee for the Netrix Collaboration group known as TetraVX. James is a graduate of Arizona State University.
James is the proud father of two sons. In his downtime, he enjoys adventure traveling, golf, and fishing.
Ryan brings over 20 years in the professional and managed services field focused on Microsoft solution selling. Ryan joined Netrix in 2013 from Project Leadership Associates. Today he leads a team of sales engineers working with customers so they understand how transforming to the cloud can be effective in helping them meet business goals and resolve pain points.
Ryan holds a Bachelor of Science Degree in Computer Science from Purdue University.
Ryan and his wife Lee are proud parents of three children, a Great Dane dog named Moose and are avid boaters.
Mike has 25 plus years of client-facing IT consulting experience with Netrix. Mike has been with Netrix for ten years in multiple sales leadership roles and leverages his knowledge in developing, deploying, and executing sales models and Go-to-Market for Mid-Market and Enterprise segments. Mike has extensive experience working with clients to understand their current state, future state, hurdles to success, and ultimately how to bridge the divide to exceed their goals. Mike leads the Account Management Mid-Market team working with existing clients to execute their digital transformation.
Mike holds a degree in Political Science and Business Communications from the University of Kansas. Mike is a proud father of two. He is actively involved with endurance racing, from 17 Ironman total distance finishes to summiting Mt. Kilimanjaro.
Justin Rapacz has over 25 years of experience in Information Technology, with many of those years spent at Netrix serving in various roles since joining the team in 1998. Leading several professional services practices throughout the years, Justin made the transition to leading the Netrix Managed Services practice in 2016.
With a deep technical foundation, Justin’s focus in managed services has been on delivering both technical and business value to his customers. Today Justin leads the recurring services delivery organization servicing the end-user to the hybrid data center and everything in between.
Justin has a Bachelor of Science in Computer Information Systems from DeVry Institute of Technology and a Master of Business Administration from Kellogg School of Management at Northwestern University. He is the father of two boys and enjoys travel, technology, pinball, and cooking.
Adam brings over 17 years of experience in IT operations, cloud infrastructure, security, and compliance management to Netrix. As a leader, he has established, scaled, and run global IT teams that excel in providing world-class service to the organizations they serve. Experienced in both startups and established companies, Adam has a demonstrated track record for transforming IT teams to deliver and exceed mission-critical business objectives.
Prior to Netrix, Adam managed global IT operations organizations at VMWare, OVHcloud US, and AWS.
Adam is a proud husband and father of two boys. In his downtime, he enjoys personal fitness, cooking, and fishing.
Brian joins Netrix with 27 years of experience in strategy, vision-setting, planning, and execution. He has built brand experiences for millions of users and managed critical Fortune 100 customer relationships by scaling product, marketing, and operational organizations that put customers first. Before Netrix, Brian served as the COO at Infrascale, Head of R&D for Virtru, and General Manager for OVHcloud US.
Brian’s success stems from working for technology industry giants, including HP, Palm, eBay, AT&T, YP, and GoDaddy – as well as startups. As the Chief Operating Officer at Netrix, he strives to meet customer needs and achieve company goals. He manages both the customer-product interaction functions — including product management, product development, infrastructure operations – as well as internal functions of enterprise systems and IT. Brian is an advocate for efficient processes, effective use of resources, delighted customers, happy employees, exceptional results, and unrestrained creativity.
Brian holds a Bachelor of Science in Computer Science from the University of Michigan and a Master of Business Administration from the Anderson School of Management at UCLA. He is a proud pug owner, a Peloton enthusiast, a home-improvement junkie, and sings with the Gay Men’s Chorus of Washington.
Carolyn has over 20 years of experience driving employee engagement and aligning talent strategies to meet business objectives. Her collaborative approach has built cultures of initiative, ownership, and results for organizations undergoing rapid change and growth.
Before joining Netrix, Carolyn led people strategy at technology companies such as Infrascale and OVH US. She also spent several years with CGI, a global technology and services provider, leading a team of 20 HR professionals supporting 6,500 employees worldwide, responsible for talent strategies, workforce development, and employee engagement.
Carolyn has a BA in Psychology from the University of Western Ontario and holds her SHRM-SCP and SPHR certifications. She is an avid hockey fan and loves anything chocolate!