Notice

This link will direct you to a website outside of pacxa.com. The external site will open in a new tab.

skip to main content
Pacxa logo
skip to content

Protecting Your Data with Multi-Factor Authentication

By Jeff Schroeder, Vice President, Microsoft Services

Usernames and passwords have become increasingly easy to breach. Verizon’s 2021 Data Breach Investigation Report revealed that 61% of all data breaches in 2021 involved stolen credentials. As security threats continue to mount universally, individuals and businesses are turning to multi-factor authentication (MFA) for a layered approach to securing account identities and the data for which they have authorization. MFA is one of the best defenses against initial access to a user account.

With MFA, your data is protected by more than just your username and password. Even if a login credential is compromised, MFA requires additional forms of authentication, which presents a roadblock for unauthorized users and cybercriminals.

How MFA works

MFA comes in many forms, but is characterized by, at a minimum, a two-step process—typically something you know (username and password) and something you have (phone, hardware token, key, etc.) A common example: you log into your financial account using a username and password, and you are then prompted to retrieve a code via verification app or text message on your phone. You enter that code into the interface and only then do you have access to your account. This simple additional “factor” can, in most cases, prevent attempted security threats in which your account credential has been compromised.

MFA can also be more sophisticated, incorporating biometrics such as a fingerprint, palm print, or voice recognition. Regardless of which type of MFA is employed, it’s an effective way to add an important layer of protection to your user accounts.

Stay vigilant, implement MFA

In both enterprise and personal technology environments, MFA has become increasingly easier to implement and straightforward to navigate. While it’s easy to feel a false sense of security with the same users entering the same systems every day, it’s important to implement MFA to maintain a Zero Trust environment, which is based on the principle of “never trust, always verify.”

For individuals. Many online services offer MFA, although you may have to proactively opt in by adjusting your account settings. Individuals should use MFA on as many accounts as possible, starting with those housing their most sensitive data such as email and financial accounts. For detailed instructions, the 2FA Directory provides specific MFA steps to the most highly trafficked websites.

For organizations. Organizations, regardless of size or industry, should implement mandatory MFA for all online accounts, including those of employees and anyone else accessing company data. A 2021 Microsoft study revealed that only 22% of Azure Active Directory leverages “strong” authentication. The same study warned that despite slow adoption rates, “the need to enforce MFA adoption or go passwordless cannot be overstated.” Those who have already implemented MFA across their organizations can continue to strengthen authentication and authorization by exploring single sign-on (SSO), which allows users to use one set of credentials for multiple services. By utilizing MFA for the SSO process, this enforces MFA challenges for any services accessed by the account. Along with implementing MFA and SSO, monitoring and alerting for potentially compromised accounts, continuous evaluation of policies and procedures, and regular user training are important pieces of the identity protection framework.

By leveraging MFA, organizations are in a much stronger position to prevent attempted breaches and protect their most sensitive data. Wherever you are in your MFA journey, your managed services provider (MSP) can help navigate you through the process and help you steadily reinforce your overall cybersecurity posture.

2022 SonicWall Cyber Threat Report: The industry takes stock of cyber attacks

Cybersecurity is front of mind for enterprises right now, with everyone on high alert trying to manage potential threats that carry major reputational and financial risks. Each year, the SonicWall Cyber Threat Report uncovers insights extracted from global cyber threat data collected and analyzed by expert researchers. As “the world’s most quoted ransomware threat intelligence,” the report is relied on as an annual snapshot of the threat landscape, helping business and government leaders make informed decisions about cybersecurity.

Below, we share some of this fascinating and relevant data, with our perspective on what it all means for Hawaiʻi businesses.

Hawaiʻi’s malware risks climb

It may surprise people to know that Hawaiʻi was ranked as the 4th riskiest state for malware just behind Kansas, South Dakota, and Iowa. Our 14 million malware hits look relatively trivial compared to states in the 50, 60, and nearly 90 millions, but looking at our 19% “spread,” which accounts for size, population, and other variables, you can see that Hawaiʻi is an extremely high-risk state for malware. As explained in the report, “If we think of malware volume as being similar to the total amount of rainfall in a given region, then malware spread percentage could be compared to the probability of precipitation, or ‘chance of rain,” meaning that any given Hawaiʻi organization has a 19% of being a malware victim. While the report doesn’t pinpoint underlying causes of these malware vulnerabilities, delayed technology adoption and legacy infrastructure in our state may be potential risk factors.

This startling finding may allude to our state’s collectively under-developed cybersecurity posture. Cybersecurity has been top of mind for organizations nationally and globally, but Hawaiʻi has been slow to adopt advanced practices and solutions, leaving our organizations vulnerable to increasingly resourceful cyber attackers. Armed with these hard facts, Hawaiʻi leaders should recognize the looming risk of malware and make cybersecurity a priority.

Record-breaking ransomware

SonicWall recorded 623.3 million global ransomware attacks in 2021, up 105% from 2020 and 231.7% from 2019. The 2021 statistic translates to nearly 20 ransomware attempts every second.

Two of the year’s most infamous attacks hit in May of 2021, involving the U.S.’s largest fuel pipeline, Colonial Pipeline, and the world’s largest meat producer, JBS Foods. Attackers stole nearly 100 GB of data from Colonial Pipeline, triggering a six-day outage and consequent fuel shortages and public panic. In the JBS Foods attack, the company was forced to disrupt operations in the U.S., Canada, and Australia before paying out $11 million in ransom.

The Colonial Pipeline attack originated from a single compromised password, and the JBS attack stemmed from a weak password on an old administrator account. The most painful part of these devastating attacks is that experts suggest they could’ve been prevented with simple password hygiene and multi-factor authentication.

Ransomware strategies persist and evolve

The report notes that business email compromise attacks or “BECs” persist as an increasingly common and effective form of attack. This is when an attacker “impersonates” an executive by mimicking their email address and then emails requests to junior staff, such as wiring money or purchasing gift cards. These attacks are not sophisticated, but they are highly lucrative. The FBI reported losses of roughly $1.8 billion in 2020. Keeping in mind that most of these individual losses, likely happening at small companies for $50 or $100 a pop, go unreported, this number is staggering and is expected to only rise in 2022.

SonicWall’s researchers also identified a new ransomware strategy that they refer to as “triple extortion, an evolution of the “double extortion” attack. Triple extortion occurs when attackers compromise data and threaten to release it, while also sifting through the data, figuring out which entities are most vulnerable, and demanding ransom from them individually, in addition to the original target company.

Hawaiʻi: Pacxa and SonicWall

The perception that Hawaiʻi is safely insulated from cybercrime given our remote geography is, unfortunately, untrue. Of course, Hawaiʻi businesses are also national and global businesses. Cybercrime impacts local businesses daily and poses catastrophic threats to our economy. Cyberattacks are only becoming more common and more advanced. Hawaiʻi organizations must proactively protect themselves with the latest technologies and best practices.

As a SecureFirst Silver Partner, Pacxa holds in-depth expertise in SonicWall’s various cybersecurity products and solutions. Find more information here about steps your company can take to be as proactive as possible.

Read the full 2022 Cyber Threat Report here.

Why Cybersecurity Matters for Distributed Enterprises

By Amanda LaCasse, Vice President, Cyber Security Services and Managed Services Delivery

As enterprises grow, so do their location counts. This results in a distributed enterprise, where a single organization is made up of several locations or branches, both physical and/or remote. These organizations rely heavily on cloud services, high-speed WANs, POS systems, telecommunications platforms, and various endpoints to communicate and share data.

Traditionally, distributed enterprises have been retailers, banks, hospitals, and other physically dispersed organizations. However, the pandemic era of remote work has ushered in a whole new distributed enterprise scenario where employees collaborate from far off locales, operating in office spaces, apartments, and corner cafés. It’s wise to approach cybersecurity for remote and hybrid workforces in a similar way to distributed enterprises because protecting distributed enterprises merits extra care and a thoughtful approach to IT.

A distributed enterprise = more risk

Cybersecurity risks are steadily increasing as attacks become more sophisticated, more personalized, and, when successful, more debilitating. Distributed enterprises are especially vulnerable because of their large “attack surfaces” with many points of vulnerability. An enterprise’s attack surface comprises both the physical (actual devices or files that can be compromised in-person) and the digital (software, hardware, and applications that users use daily). The larger the attack surface, the more challenging it is to protect.

Distributed enterprises are also at higher risk because IT resources are typically centralized in one location, such as the headquarters, leaving other locations with few or no onsite IT resources. This can result in inconsistently enforced protocols, lapsed software updates, and an undisciplined approach to asset protection.

Remote work environments have proven to be even more challenging because employees may use personal devices not configured by IT, and they may work in vulnerable environments, such as public spaces with shared internet access. Complicating matters further, these employees are often on the move, presenting new challenges with every location.

Proactive protection

When it comes to choosing suitable cybersecurity solutions, scalability and flexibility are key. Any enterprise location could ramp up, scale back, open, or close unexpectedly—extreme weather events and the shifting pandemic landscape are recent examples. Having flexible and scalable solutions helps companies to expect the unexpected, navigate a dynamic environment, and mitigate impacts.

At Pacxa we integrate the following solutions and strategies to ensure that risks are proactively managed and won’t hinder growth:

  • Next-generation firewalls (NGFW). NGFWs take traditional firewalls to the next level with added, security-boosting features such as application-level inspection and intrusion prevention.
  • Centralized management. Centralized management is the practice of using central sets of tools, processes, and resources to manage cybersecurity. With this type of management, businesses gain visibility and ensure compliance.
  • Zero Trust model. Simply put, with a Zero Trust model, no user or device is trusted. Every user and device must be verified before gaining access to the resources on the network.

Pacxa has employed these and other cybersecurity strategies for our distributed enterprise clients to proactively protect against cyberthreats and enable them to successfully scale in the future. As organizations highly vulnerable to cyberattacks, distributed enterprises must utilize modern, scalable cybersecurity measures. Contact Pacxa today to ensure that your organization is protected.

The Importance of the Managed Service Provider in IT Consolidation

Authored by Doug Shimokawa, Senior Vice President

We’ve seen a growing need for IT consolidation, or the simplification of the technology environment (software, hardware, and services). Most enterprise IT departments aim to create a seamless, integrated environment that avoids waste and strives for optimum utilization. This creates a more streamlined process of managing, updating, and tracking tools within the enterprise, while leveraging resources more effectively, reducing IT costs, and ultimately adding value to the organization.

What is IT consolidation?

IT consolidation is generally part of an overall strategy to reduce the IT footprint in the enterprise environment. This trend makes sense for enterprises given the IT tools that are available and the dynamic nature of the businesses environment where flexibility and agility will continue to be key.

That said, while IT must be as unobtrusive as possible, organizations will want data access management tools that give them a holistic view across devices and geographies given the shift to hybrid work and constant looming specter of cybersecurity threats. This approach also helps to improve security posture with fewer tools to monitor and fewer vulnerabilities to address and patch.

The benefits of IT consolidation are many: increased efficiency, boosted cost savings, improved flexibility, and enhanced security, to name a few.

MSPs and IT consolidation

Like any major project, IT consolidation must happen through well-planned phases, from developing a strategy to measuring results. The process is complicated, requiring both expertise and manpower, resources that remain sparse in many organizations.

Enterprises are increasingly turning to managed service providers (MSPs) or third parties to support their consolidation efforts and manage their overall IT environments. Internal teams are already overburdened with remote work and cybersecurity challenges and don’t have time to focus on new or additional “surge” initiatives.

MSPs play the role of expert, filling in resource and knowledge gaps as needed. No organization, particularly those that are small with limited in-house resources, can possibly stay up to date on every facet of the evolving IT environment.

MSPs are available to companies of all sizes, regardless of industry, for all IT needs. Always at the cutting edge of available technology because they are constantly helping clients improve their environments, MSPs can serve as a gateway to and single point of contact for a wide range of partners (e.g., Microsoft, Oracle, etc.) that offer a variety of solutions. By working with an MSP on an ongoing basis, businesses receive best-in-class evaluation, recommendations, implementation, and management for IT consolidation and beyond.

Establishing a relationship with an MSP positions an enterprise for growth and flexibility. Enterprises that are now being proactive will reap the future benefits, ready to scale up or down without overhauling their systems.

Final thoughts

While worthwhile, IT consolidation is daunting, but MSPs help organizations demystify and decipher. Working with an MSP will ensure that enterprises can focus on what they do best for their clients, without having to worry about internal and external technology issues. A dynamic business environment coupled with uncertainty and untold opportunity makes this the ideal time for businesses of all sizes to prepare for the future and partner with an MSP.

Hawaiʻi’s Path Forward Via Hybrid Cloud

Authored by Kelly J. Ueoka, President

Hybrid cloud has emerged as the default technology infrastructure strategy for the world’s leading companies with its ability to leverage the benefits of multiple industry-leading cloud providers. “60.9% of organizations globally are already using or are in the process of piloting a hybrid cloud solution, and a further 32.7% plan to implement a hybrid solution within the next 12-24 months,” NTT reported this year.

Many Hawaiʻi companies, regardless of size, have hesitations about moving to “the cloud,” even if they have experienced the benefits of migrating a specific workload, like email, for example, to a cloud service such as Microsoft Office 365. According to IDG, most organizations report legacy systems as the #1 barrier to the cloud. With hybrid cloud, those organizations can continue to digitally transform while still supporting their legacy infrastructure. Hybrid cloud also extends the life of legacy systems by adding layers of built-in data storage and advanced cyber-security protection to existing environments. By embracing the hybrid cloud, paths to pursue innovation and nurture a formidable workforce emerge.

Why now?

The pandemic skyrocketed demands for remote work and other ways of working, along with education and training capabilities across the globe. Hawaiʻi was no exception. While the abrupt changes brought on challenges, they also accelerated digital transformation by driving rapid adoption of new tools, platforms, and other technologies. While we see more aspects of “normal life” returning, technologically, the demand for these and other new capabilities continues to grow. Hybrid cloud can provide the best environment for these technologies, with collaboration, security, and storage at its foundation.

Pursue Innovation

Hybrid cloud is flexible, customizable, and scalable and provides an environment to easily add new capabilities. It also respects the significant investments organizations have made in still critical, on-premise systems. Businesses can keep workloads that should remain on-premise in a hybrid infrastructure and leverage the public cloud to test new technologies or resources as needed, when needed, with immediate scalability. Do you need to expand quickly or for a limited time? Retailers for instance may need to significantly expand just for the holidays. The public cloud provides the agility to scale quickly and for whatever timeframe is required.

Hawaiʻi’s Workforce

Along with the rest of the world, our local workforce faced unprecedented challenges last year. Despite all the hardships, shifted landscapes, and subsequent pivots, they proved how quickly people can learn and adapt to new tools and scenarios. Imagine the possibilities if we prepared people to leverage these new technologies.

Conclusion

Amidst the challenges of 2021, opportunities for growth have emerged and more are yet to be uncovered. Now is the time for Hawaiʻi organizations to change their mindsets and embrace hybrid cloud to safeguard their operations, compete worldwide, and foster a thriving workforce.

Newsletter log

Stay Informed

Get alerts on tech news and announcements