When monitoring the software components of a server, sometimes you may need to find out some additional information about the performance of the metrics you monitor.
Sending additional information in email alerts
This is all about putting data into context, because 25 is not the same if it is 25% of a CPU, or 25% of a CPU with other three more CPUs, all of them at 100%, or 25% of a CPU of a computer about to be blocked by excess of I/O transactions that has been overloaded for hours, which has risen the system’s temperature to the maximum.
Isn’t it true that “25” can mean many things? Let’s dig a little deeper into it
Continuing with the previous case, suppose that you wish to measure the CPU usage in one of the servers you manage, and where you defined thresholds that force notifications by email to computer managers.
This threshold (CRIT for CPU > 80) would be reflected in the module configuration as follows:
The alert is defined using the template “Critical condition” and I use the action of sending custom email to send to a specific mailbox.
Okay, so far it’s kind of basic.
But you may like to be able to send some additional information about the problem, something to collect only when needed, real-time information that is useful for you to find a solution automatically.
But…. Can Pandora FMS do this?
Well, you may include information from other modules in the email using alert macros that reference other modules.
moduledata_X_: It will show the data of the “X” module of the same agent as that of the module that triggers the alert.
That way, if you have a module called LoadAVG, calling the macro _moduledata_LoadAVG_ you may dump the value of the system load.
Likewise, to show a graph of the last 24 hours of that module, you should use the macro _modulegraph_LoadAVG_24_
*This last thing about the graph is still experimental, until version 772 it will not be available to everyone.
Showing procedures
Perhaps you would like to include textual information about what to do in case your module is set into CRITICAL, as some kind of instructions or procedure. To that end the macro _alert_critical_instructions_ will return the text that you configured in said module for this case.
Showing previous data
You may also be interested in showing the previous data on this monitor before the alert was triggered; to that end you may use the macro _prevdata_
Showing agent informational custom fields
Imagine that you have a field in the agent that collects data, which tells you the name of the system administrator and their phone number, as custom agent fields with ID 7 and ID 9.
To that end we would use the macro_agentcustomfield_n_ as macro_agentcustomfield_7_ and macro_agentcustomfield_9_ and thus be able to add to the email the name and phone of the person in charge of the system.
A full example, using macros in an email
Let’s now see an example!
If you wanted to send a somewhat more complete email, edit the email action you are using to add new macros:
Using dynamic information
What if you want to go further?
What if you want to execute a command every time something happens and collect the value to send it in the email?
That way, you do not need to have a constant additional metric when monitoring so as not to fill the database with information that is only useful in critical situations.
In order to submit additional information, it will be necessary to create a previous module in your software agent so that it collects the information only when necessary.
With that purpose in mind, enter the following structure within your module:
module_begin
module_name MODULE_NAME
module_type async_string
module_precondition > X COMMAND_TO_RUN_AS_CONDITION
module_exec FINAL_COMMAND_TO_BE_EXECUTED
module_end
The module will have to be asynchronous and with the type of data that you will collect.
This is due to the need for this module not to go into an unknown state, thus giving a false perception of failure, when it does not meet the module’s precondition.
A condition expression will have to be incorporated so that you may run the module normally.
For that purpose, run a previous command from which to obtain the numerical information to obtain the data. Following the example of the CPU described above (which is higher than 80%) it would be something like:
Once you create the module that will only be executed when necessary, enter this information in your email.
For that purpose use the following macro within the email:
_moduledata_TOP5_CPU_Proc_Usage_ This is only a way of using it to send the additional information, you may use it for other cases such as for example if the disk usage of a server is reaching the limit, you may show the five heaviest files saved on the server using the command “du -Sah/ | sort -rh | head -5”
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
JumpCloud delivers single sign-on (SSO) to everything, including RADIUS authentication and authorization for network devices. Multi-factor authentication (MFA) is environment wide, delivering Push MFA for RADIUS. RADIUS is a core network protocol that’s widely used for Wi-Fi authentication, and it provides authentication, authorization, and accounting (AAA).
JumpCloud Cloud RADIUS simplifies and secures privileged administrative access for network admins. It’s also an option to configure access to LANs for all of your SSL VPN users. JumpCloud eliminates the need to use Fortinet’s FortiTokens for MFA.
This two-part blog series explores two use cases with FortiGate next-generation firewall:
Option 1: Use existing local FortiGate groups that contain FortiGate remote users. This approach is ideal for existing appliances that already have settings and users.
Option 2: Use remote groups (JumpCloud) and attribute mapping to set up access control on a new Fortinet device. This approach spares admins the work of having to establish local groups using ACLs on the Fortinet appliance.
This article focuses on Option 1.
We’ll demonstrate how to bind the local user to the JumpCloud RADIUS server that is configured inside your FortiGate so that JumpCloud becomes the authentication authority without changing anything in the way the appliance is configured for network posture.
Note: It’s also possible to accomplish this using a different brand of network appliance.
Configuring JumpCloud RADIUS and Groups
Follow this guide to get started with JumpCloud groups. You may also refer back to this previous tutorial on how to configure SAML access for Fortinet devices if it better suits your requirements. However, RADIUS has the advantage of also mapping groups and authorizations/permissions.
Establishing Groups and MFA
You may have MFA required for individual users or leverage groups with conditional access. Skip this step if you’ve already configured your access control policies.
To require MFA factors for the User Portal on an individual user account:
In the User Security Settings and Permissions section, select Require Multi-Factor Authentication for User Portal option. Note: The enrollment period only affects TOTP MFA. See Considerations.
Click save user.
To require MFA factors for the User Portal on existing users from the more actions menu:
Select any users you want to require MFA for.
Click more actions, then select Require MFA on User Portal.
Specify the number of days the user has to enroll in MFA before they are required to have MFA at login. You can specify a number of days between 1 and 365. The default value is 7 days.
Click require to add this requirement to the selected users.
To require MFA factors with a Conditional Access Policy:
If you don’t want the policy to take effect right away, toggle the Policy Status to OFF and finish the rest of the configuration. When you’re ready to apply the policy, you can toggle the Policy Status to ON.
For users, choose one of the following options:
Select All Users if you want the policy to apply to all users.
Select Selected User Groups if you want the policy to apply to specific user groups, then search for those user groups and select them. If you need to create user groups, see Getting Started: Groups.
If there are User Groups you want to exclude from the policy, search for the user groups and select them in the search bar under Excluded User Groups.
Optionally, set the conditions a user needs to meet. Note: Conditions is a premium feature available in the Platform Plus plan. Learn more about conditions in Getting Started: Conditional Access Policies.
In Action, select Allow authentication into selected resources, then select the Require MFA option.
Click create policy.
Two JumpCloud groups were created for the purpose of this tutorial:
Enter a name for the server. This value is arbitrary.
Enter a public IP address from which your organization’s traffic will originate.
Provide a shared secret. This value is shared with the device or service endpoint you’re pairing with the RADIUS server.
Select an identity provider.
Now select an authentication method:
To use certificate authentication, select Passwordless.
Once Passwordless has been selected, the Save button will be disabled until a certificate has been successfully uploaded (or the authentication method has been changed back to Password).
If desired, select Allow password authentication as an alternative method.
If this checkbox is selected, admins can enable certificates for some users while allowing others to continue validating by username and password. Users will continue to have the option to validate by username and password, but once they choose to validate with certificates and a valid certificate is found, the password option will no longer be presented.
The MFA Configuration section will be available if using JumpCloud as the identity provider, and Passwordless is selected as the Authentication Method, and the Allow password authentication as an alternative method checkbox is selected.
Configuring multi-factor authentication (MFA).
Toggle the MFA Requirement option to “enabled” for this server. This option is disabled by default.
Select Require MFA on all users or Only require MFA on users enrolled in MFA.
If selecting Require MFA on all users, a sub-bullet allows for excluding users in a TOTP enrollment period, but this does not apply to JumpCloud Protect™ (users in a TOTP enrollment period who are successfully enrolled in Protect will still be required to complete MFA).
If JumpCloud Protect is not yet enabled, users can select the Enable Now link.
Uploading a Certificate Authority (CA).
To upload your certificate, click on the Choose a File button, navigate to the file location, and select it for uploading.
Once the file has uploaded successfully the file name will display on the screen and options will change to replacing or deleting the file. There is also an option to view the full CA chain.
Clicking Save will return the user to the main RADIUS screen, where the Certificate badge will display in the Primary Authentication column. Note: For more information about where and how to find trusted certificates outside of JumpCloud, see RADIUS-CBA Tools for BYO Certificates.
Select Users for Access to the RADIUS Server (User Groups tab):
To grant access to the RADIUS server, click the User Groups tab then select the appropriate groups of users you want to connect to the server.
Every user who is active in that group will be granted access.
Click save.
Note: Users who are being granted access to a RADIUS server and leveraging delegated authentication (with Azure AD as their identity provider) must be imported into JumpCloud and assigned to a User Group.
FortiGate Settings
Follow these instructions to configure the RADIUS server(s) in your FortiGate appliance. Next, we’ll make it possible for your existing users to use JumpCloud’s identity and access management (IAM).
Local Groups with Remote Users
You may enter more than one JumpCloud RADIUS server IP for redundancy. The next section uses the FortiGate command line interface (CLI) to convert your existing local users into RADIUS users. Then, you’ll match the usernames with the respective JumpCloud usernames. Significantly, there will be no changes made from an access control list (ACL) perspective. Yet, you’ll increase your network security and easily meet compliance requirements. The steps are simple, and will spare a small and medium-sized enterprise (SME) the time and expense of allocating/billing blocks of hours with a network technician or MSP partner.
Converting Local Users Into RADIUS Users
The first step is to launch your CLI to convert users that already exist in FortiGate.
An existing user and user group
This may be scripted to streamline the process for a group of users. The steps include:
# config user local (local # edit “USER NAME” # show # set type radius # set radius-server YOUR SERVER # end
Checking Your Work
You may verify these settings by entering:
# config user local (local) # edit USER NAME # show # end
The local user is looking at the remote RADIUS user for authentication
Ensure that the user is a member of the corresponding RADIUS group in JumpCloud with the exact same user name as on your appliance. JumpCloud now controls authentication, including enabling MFA without having to engage with FortiTokens or a third-party MFA solution.
This is an example of an existing FortiGate user:
This RADIUS user belongs to the appropriate JumpCloud Group
Reporting
JumpCloud’s Directory Insights captures and logs RADIUS authentications. It makes it possible to determine which user is attempting to access your resources and whether it was successful. Directory Insights is useful for debugging and testing your RADIUS configuration deployments.
Try JumpCloud RADIUS
JumpCloud’s full platform is free for 10 users and devices with premium chat support for the first 10 days to get your started. The open directory platform provides SSO to everything:
Need a Helping Hand? Reach out to professionalservices@jumpcloud.com for assistance to determine which Professional Service option might be right for you.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About JumpCloud At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.
As described by Gartner, Secure Access Service Edge (SASE) is a combination of networking and security services. Unifying both provides businesses with a streamlined and future-thinking approach to orchestrate their IT infrastructure. However, as a solution, it has its fair share of challenges in terms of deployment, administration, and management.
There are several routes that a business can take to transition to SASE: doing everything themselves or going to a vendor are just some of the options. For this reason, Managed Service Providers (MSPs) can be incredibly useful when making the leap more streamlined and convenient.
How do MSPs help enterprises migrate to SASE?
MSPs can reach out a helping hand to businesses that don’t want or can’t implement SASE by themselves. Enterprise as a client just picks what they need from MSPs, and everything is done for them. Though, it’s not unheard of to have a MSP provider choose the needed components for the organization. This converged approach is more effective and saves client organizations time.
The external experts help businesses that may not have on-site specialists that could help them navigate various specific challenges associated with SASE. Choosing a SASE vendor is one of the most important IT decisions a business can make, so it’s very helpful to have someone to deal with product analysis, narrowing down the needed technologies, and planning network security schemes. It’s one of the most hassle-free methods to ensure optimal user experience when the transition to SASE is completed.
MSP benefits for SASE implementation
Here is the list of principal benefits that MSPs bring to businesses moving to the SASE framework.
1. Experience
As MSPs provide their security and networking services in a very niche field, they have amassed considerable expertise in helping clients overcome various challenges associated with SASE. Dealing with various vendor platforms is something that MSPs deal with daily, so they already have all the necessary knowledge for in-depth consultations.
2. Scalability
One of the most important benefits that MSPs can provide is scale. Simultaneously they can support thousands of clients as their multi-tenant architectures are equipped to do just that. Most MSPs also invest resources to have multiple points of presence across the globe to provide service without interruptions for globally distributed workforces. A broad reach is paramount in ensuring stable connectivity when setting up SD-WAN elements of SASE infrastructure.
3. Time-saving
MSPs are often regarded as the quickest route to implement SASE. Going from the drawing board to operating infrastructure takes little time. As MSP has all bases covered, this means very rapid implementation of SASE services. In turn, this also cuts the time and creates a quick route to instant value.
4. Prioritization
As SASE is a complex service with many critical components, it can be difficult to wrap your head around what should be done first. MSPs can guide organizations through this minefield by clearly defining priorities that should be achieved. Not to mention that some SASE service components can be implemented only after completing some prerequisites. MSPs, therefore, streamline the whole rollout procedure by keeping it on track.
5. Execution
A typical business could be stuck at the proof of concept level when planning its SASE service approach, which can be costly and time-consuming. MSPs have an in-depth understanding of their client’s pain points, which makes them more equipped to tackle various practical issues. This saves the trouble of going the trial-and-error route when implementing SASE without external help.
How to choose the right MSP for SASE implementation
While MSPs help you to create SASE that works for you, you still need to pick an MSP provider that would be the right fit for you.
1. Know which MSP type is right for you
The first decision you’ll have to make is to pick one of the main MSP types.
Build and operate — this type handles full SASE deployment, including software and hardware configurations, monitoring performance, and integrated response to incidents. This involves not only the setup but ongoing maintenance.
Build and transfer — MSP designs, configures, and deploys all needed equipment and transfers it to the client. From the handover, the customer is responsible for its maintenance.
Takeover — after the organization creates and deploys its SASE solution, MSP makes strategic decisions for operations outsourcing.
Note that there still can be varieties and hybrids of these models. The agreements could be time-based, as the provider will maintain everything for a set duration, after which the organization agrees to take over.
2. Do background research on MSP capabilities
The second part of the equation is that MSP should match the organization’s requirements:
Can MSP match the enterprise’s scale?
Are necessary network security services provided?
Does MSP have the required expertise within the customer’s industry?
Are connectivity services provided along with security?
Is MSP providing an integrated product or combining different tools from separate providers?
A good match should align across the board with your setup requirements.
3. Check the price/value ratio
It’s essential to calculate whether relying on MSP makes sense financially. The return on investment can vary greatly depending on the used services, company size, and other agreements. This is a helpful exercise to rethink priorities and get the best solution that makes sense not only securely but money-wise.
4. Look into the SLA agreement
Finally, there is a question about legally binding contracts. MSPs heavily rely on Service Level Agreements to establish expectations with their clients. The document outlines the services that will be provided, the objectives, and any other relevant prerequisites. SLA metrics can vary greatly from one MSP to another, and it’s a client’s responsibility to ensure that their needs are addressed.
How can NordLayer help?
SASE and its network security component, Secure Service Edge, is an essential cornerstone of most enterprises’ digital transition. SSE combines cybersecurity technologies and concepts like ZTNA to deliver internet access security and network access management. This allows the development of a future-focused approach to an organization’s cybersecurity for growing modern businesses.
NordLayer helps to reduce risks associated with hybrid work or globally distributed workforces. As a complimentary addition to your IT infrastructure, it enhances network access control by segmenting the user base through Virtual Private Gateways and filtering out malicious websites from the employees’ browsing.
Get in touch with our experts today, and learn how NordLayer could improve your network security with a click of a button.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
These days, cybercrime is rampant. It’s no longer a matter of “if” you’re going to suffer an attack but “when” it will happen. All companies want to be ready for any crisis. And this is where a business continuity plan comes into play.
But what is a business continuity plan exactly? Why is it important? What should one include? Today, we’re exploring all these questions in-depth.
What is a business continuity plan?
A business continuity plan (BCP) is a document that sets guidelines for how an organization will continue its operations in the event of a disruption, whether it’s a fire, flood, other natural disaster or a cybersecurity incident. A BCP aims to help organizations resume operations without significant downtime.
Unfortunately, according to a 2020 Mercer survey, 51% of businesses across the globe don’t have a business continuity plan in place.
What’s the difference between business continuity and disaster recovery plans?
We often confuse the terms business continuity plan and disaster recovery plan. The two overlap and often work together, but the disaster recovery plan focuses on containing, examining, and restoring operations after a cyber incident. On the other hand, BCP is a broader concept that considers the whole organization. A business continuity plan helps organizations stay prepared for dealing with a potential crisis and usually encompasses a disaster recovery plan.
Importance of business continuity planning
The number of news headlines announcing data breaches has numbed us to the fact that cybercrime is very real and frequent and poses an existential risk to companies of all sizes and industries.
Consider that in 2021, approximately 37% of global organizations fell victim to a ransomware attack. Then consider that business interruption and restoration costs account for 50% of cyberattack-related losses. Finally, take into account that most cyberattacks are financially motivated and the global cost of cybercrime topped $6 trillion last year. The picture is quite clear — cybercrime is a lucrative venture for bad actors and potentially disastrous for those on the receiving end.
To thrive in these unpredictable times, organizations go beyond conventional security measures. Many companies develop a business continuity plan parallel to secure infrastructure and consider the plan a critical part of the security ecosystem. The Purpose of a business continuity plan is to significantly reduce the downtime in an emergency and, in turn, reduce the potential reputational damage and — of course — revenue losses.
The initial stage of developing a business continuity plan starts with a statement of the plan’s purpose, which explains the main objective of the plan, such as ensuring the organization’s ability to continue its operations during and after a disruptive event.
The Scope of the Plan outlines the areas or functions that the plan will cover, including business processes, personnel, equipment, and technology.
The Budget specifies the estimated financial resources required to implement and maintain the BCP. It includes costs related to technology, personnel, equipment, training, and other necessary expenses.
The Timeline provides a detailed schedule for developing, implementing, testing, and updating the BCP.
II. Risk Assessment
Identification of Risks
Prioritization of Risks
Mitigation Strategies
The Risk Assessment section of a Business Continuity Plan (BCP) is an essential part of the plan that identifies potential risks that could disrupt an organization’s critical functions.
The Identification of Risks involves identifying potential threats to the organization, such cybersecurity breaches, supply chain disruptions, power outages, and other potential risks. This step is critical to understand the risks and their potential impact on the organization.
Once the risks have been identified, the Prioritization of Risks follows, which helps determine which risks require the most attention and resources.
The final step in the Risk Assessment section is developing Mitigation Strategies to minimize the impact of identified risks. Mitigation strategies may include preventative measures, such as system redundancies, data backups, cybersecurity measures, as well as response and recovery measures, such as emergency protocols and employee training.
III. Emergency Response
Emergency Response Team
Communication Plan
Emergency Procedures
This section of the plan focuses on immediate actions that should be taken to ensure the safety and well-being of employees and minimize the impact of the event on the organization’s operations.
The Emergency Response Team is responsible for managing the response to an emergency or disaster situation. This team should be composed of individuals who are trained in emergency response procedures and can act quickly and decisively during an emergency. The team should also include a designated leader who is responsible for coordinating the emergency response efforts.
The Communication Plan outlines how information will be disseminated during an emergency situation. It includes contact information for employees, stakeholders, and emergency response personnel, as well as protocols for communicating with these individuals.
The Emergency Procedures detail the steps that should be taken during an emergency or disaster situation. The emergency procedures should be developed based on the potential risks identified in the Risk Assessment section and should be tested regularly to ensure that they are effective.
IV. Business Impact Analysis
The Business Impact Analysis (BIA) section of a Business Continuity Plan (BCP) is a critical step in identifying the potential impact of a disruption to an organization’s critical operations.
The Business Impact Analysis is typically conducted by a team of individuals who understand the organization’s critical functions and can assess the potential impact of a disruption to those functions. The team may include representatives from various departments, including finance, operations, IT, and human resources.
V. Recovery and Restoration
Procedures for recovery and restoration of critical processes
Prioritization of recovery efforts
Establishment of recovery time objectives
The Recovery and Restoration section of a Business Continuity Plan (BCP) outlines the procedures for recovering and restoring critical processes and functions following a disruption.
The Procedures for recovery and restoration of critical processes describe the steps required to restore critical processes and functions following a disruption. This may include steps such as relocating to alternate facilities, restoring data and systems, and re-establishing key business relationships.
The Prioritization section of the plan identifies the order in which critical processes will be restored, based on their importance to the organization’s operations and overall mission.
Recovery time objectives (RTOs) define the maximum amount of time that critical processes and functions can be unavailable following a disruption. Establishing RTOs ensures that recovery efforts are focused on restoring critical functions within a specific timeframe.
VI. Plan Activation
Plan Activation Procedures
The Plan Activation section is critical in ensuring that an organization can quickly and effectively activate the plan and respond to a potential emergency.
The Plan Activation Procedures describe the steps required to activate the BCP in response to a disruption. The procedures should be clear and concise, with specific instructions for each step to ensure a prompt and effective response.
VII. Testing and Maintenance
Testing Procedures
Maintenance Procedures
Review and Update Procedures
This section of the plan is critical to ensure that an organization can effectively respond to disruptions and quickly resume its essential functions.
Testing procedures may include scenarios such as natural disasters, cyber-attacks, and other potential risks. The testing procedures should include clear objectives, testing scenarios, roles and responsibilities, and evaluation criteria to assess the effectiveness of the plan.
The Maintenance Procedures detail the steps necessary to keep the BCP up-to-date and relevant.
The Review and Update Procedures describe how the BCP will be reviewed and updated regularly to ensure its continued effectiveness. This may involve conducting a review of the plan on a regular basis or after significant changes to the organization’s operations or threats.
What should a business continuity plan checklist include?
Organizations looking to develop a BCP have more than a few things to think through and consider. Variables such as the size of the organization, its IT infrastructure, personnel, and resources all play a significant role in developing a continuity plan. Remember, each crisis is different, and each organization will have a view on handling it according to all the variables in play. However, all business continuity plans will include a few elements in one way or another.
Clearly defined areas of responsibility
A BCP should define specific roles and responsibilities for cases of emergency. Detail who is responsible for what tasks and clarify what course of action a person in a specific position should take. Clearly defined roles and responsibilities in an emergency event allow you to act quickly and decisively and minimize potential damage.
Crisis communication plan
In an emergency, communication is vital. It is the determining factor when it comes to crisis handling. For communication to be effective, it is critical to establish clear communication pipelines. Furthermore, it is crucial to understand that alternative communication channels should not be overlooked and outlined in a business continuity plan.
Recovery teams
A recovery team is a collective of different professionals who ensure that business operations are restored as soon as possible after the organization confronts a crisis.
Alternative site of operations
Today, when we think of an incident in a business environment, we usually think of something related to cybersecurity. However, as discussed earlier, a BCP covers many possible disasters. In a natural disaster, determine potential alternate sites where the company could continue to operate.
Backup power and data backups
Whether a cyber event or a real-life physical event, ensuring that you have access to power is crucial if you wish to continue operations. In a BCP, you can often come across lists of alternative power sources such as generators, where such tools are located, and who should oversee them. The same applies to data. Regularly scheduled data backups can significantly reduce potential losses incurred by a crisis event.
Recovery guidelines
If a crisis is significant, a comprehensive business continuity plan usually includes detailed guidelines on how the recovery process will be carried out.
Business continuity planning steps
Here are some general guidelines that an organization looking to develop a BCP should consider:
Analysis
A business continuity plan should include an in-depth analysis of everything that could negatively affect the overall organizational infrastructure and operations. Assessing different levels of risk should also be a part of the analysis phase.
Design and development
Once you have a clear overview of potential risks your company could face, start developing a plan. Create a draft and reassess it to see if it takes into account even the smallest of details.
Implementation
Implement BCP within the organization by providing training sessions for the staff to get familiar with the plan. Getting everyone on the same page regarding crisis management is critical.
Testing
Rigorously test the plan. Play out a variety of scenarios in training sessions to learn the overall effectiveness of the continuity plan. By doing so, everyone on the team will be closely familiar with the business continuity plan’s guidelines.
Maintenance and updating
Because the threat landscape constantly changes and evolves, you should regularly reassess your BCP and take steps to update it. By making your continuity plan in tune with the times, you will be able to stay a step ahead of a crisis.
Level up your company’s security with NordPass Business
A comprehensive business continuity plan is vital for the entire organization’s security posture. However, in a perfect world, you wouldn’t have to use it. This is where NordPass Business can help.
Remember, weak, reused, or compromised passwords are often cited as one of the top contributing factors in data breaches. It’s not surprising, considering that an average user has around 100 passwords. Password fatigue is real and significantly affects how people treat their credentials. NordPass Business counters these issues.
With NordPass Business, your team will have a single secure place to store all work-related passwords, credit cards, and other sensitive information. Accessing all the data stored in NordPass is quick and easy, which allows your employees not to be distracted by the task of finding the correct passwords for the correct account.
In cyber incidents, NordPass Business ensures that company credentials remain secure at all times. Everything stored in the NordPass vault is secured with advanced encryption algorithms, which would take hundreds of years to brute force.
If you are interested in learning more about NordPass Business and how it can fortify corporate security, do not hesitate to book a demo with our representative.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About NordPass NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.
Companies of all sizes and industries should be concerned about the impacts of a data breach, since, according to the IBM Cost of a Data Breach 2022 report, its average cost is $4.35 million, and 83% of companies had more than one breach.
With this in mind, we prepared an article exploring the main information collected by this document. To facilitate your reading, we divided our text into topics. These are:
What Is the IBM Cost of a Data Breach Report?
IBM Cost of a Data Breach 2022 report: What’s New
Main Data Collected in the IBM Cost of a Data Breach 2022 Report
Topics with Detailed Results
Suggested Security Recommendations in the Report
About senhasegura
Enjoy the read!
What Is the IBM Cost of a Data Breach Report?
The IBM Cost of a Data Breach report is an annual survey of data breaches, which provides insights into hundreds of breaches so that the public can understand current cyber threats. With nearly 20 editions, this document provides IT professionals with tools to deal with security risks, showing which factors can favor or help prevent cyberattacks.
IBM Cost of a Data Breach 2022 report: What’s New
In its latest edition, the IBM Cost of a Data Breach report has conducted more than 3,600 interviews with professionals from 550 companies that suffered violations between March 2021 and March 2022. The questions made during the interviews aimed to evaluate the costs of organizations to respond to data breaches in the short and long term.
What’s more: the report has assessed the causes and consequences of the violations that occurred in 17 industries located in different countries and regions, and addressed the impact of certain factors and technologies to reduce losses.
Here are some new things from the IBM Cost of a Data Breach report:
The 2022 edition has brought analyses related to extended detection and response, the use of risk quantification techniques, and the impacts of individual technologies on zero-trust security structures;
It analyzed what contributes to higher data breach costs and the effects of supply chain commitments and the gap in security skills;
It examined areas of cloud security vulnerability to critical infrastructure;
It assessed, in greater depth than in previous years, the impacts of ransomware and destructive attacks; and
It studied the phenomenon of remote work, which many companies adopted due to the covid-19 pandemic.
Main Data Collected in the IBM Cost of a Data Breach 2022 Report
Check the key findings from the IBM Cost of a Data Breach 2022 report:
The average cost of a data breach was $4.35 million in 2022, an increase of 2.6% over the previous year, when the average cost was $4.24 million; 83% of the companies studied suffered more than one data breach and only 17% said this was their first breach;
60% of organizations had to increase the price of their services or products because of a data breach; The average cost of a data breach for the critical infrastructure organizations surveyed was $4.82 million – $1 million more than the cost for companies from other segments;
28% of critical infrastructure organizations have suffered a destructive or ransomware attack, and 17% have been violated because of a compromised business partner;
Cyberattacks on companies with deployed security and automation AI cost $3.05 million less than violations on organizations that do not invest in these resources;
The average cost of a ransomware attack fell from $4.62 million in 2021 to $4.54 million in 2022; Stolen or compromised credentials remain a leading cause of data breaches, accounting for 19% of breaches in the 2022 study;
Leaks involving credentials are the ones that take the longest to be detected. On average, 327 days are required for identification and remediation;
Only 41% of the organizations in the study have deployed zero-trust security architecture; Violations related to remote work cost, on average, about $600,000 more if compared to the global average;
45% of violations in the study occurred in the cloud;
The average cost of health-related violations has increased by almost $1 million, reaching $10.10 million;
The top five countries and regions with the highest average cost of a data breach were the United States, the Middle East, Canada, the United Kingdom, and Germany.
Topics with Detailed Results
The IBM Cost of a Data Breach 2022 report analysis 16 topics. These are:
Global Highlights;
Data Breach Lifecycle;
Initial Attack Vectors;
Key Cost Factors;
Security and Automation AI;
XDR Technologies;
Incident Response (IR);
Quantification of Risk;
Zero Trust;
Ransomware and Destructive Attacks;
Attacks on the Supply Chain;
Critical Infrastructure;
Cloud Violations and Cloud Model;
Remote Work;
Skills Gap; and
Mega Violations.
The following are five of these topics in detail:
Data Breach Lifecycle
We call the lifecycle of a data breach the time elapsed between the discovery of the breach and its containment.
According to the IBM Cost of a Data Breach 2022 report, the average time to identify and contain a data breach is currently 277 days. In 2017, the average time was 287 days, that is, 3.5% more.
In 2021, it took an average of 212 days to detect a violation and 75 days to contain it. In 2022, it took 207 days to identify the violation and 70 days to contain it.
The report has also shown that the less time an organization takes to identify and contain a data breach, the less its financial impact is.
However, the cost difference between a lifecycle of more than 200 days and a lifecycle of less than 200 days was lower in 2022 than in 2021: in 2021, the difference was $1.26 million, the largest in seven years and, in 2022, it was $1.12 million.
Incident Response
Relying on an incident response team reduces the average cost of a data breach and, according to the IBM Cost of a Data Breach 2022 report, 73% of the companies that participated in the survey claimed to have an incident response plan.
The report also pointed out that the average cost of a violation in these companies in 2022 was $3.26 million versus $5.92 million spent by companies without incident response resources, a difference of $2.66 million. In the previous year, this difference was $2.46 million, and in 2020, $1.77 million.
Zero Trust
The implementation of a zero-trust security architecture was performed by 41% of the companies that participated in the IBM Cost of a Data Breach 2022 report. In 2021, this number was lower: 35%.
The study also revealed companies that deployed zero trusts saved almost $1 million with data breaches when compared to those that did not invest in this concept.
This is because the average cost of a violation was $4.15 million in organizations with zero trust deployed and $5.10 million in companies that did not use the same approach.
When we talk about implementing zero trust in a mature stage, the economy is even greater, reaching more than $1.5 million. Companies with early-stage zero trust practices spent an average of $4.96 million on data breaches, while for those that had these practices consolidated, the average cost was $3.45 million.
Cloud Violations and Cloud Model
The Covid-19 pandemic has accelerated the mass adoption of remote work by organizations and, consequently, the use of technologies such as cloud computing, impacting cybersecurity.
However, the IBM Cost of a Data Breach 2022 report brings interesting data on the subject, which was analyzed for the second year: according to the document, 45% of violations occurred in the cloud. Moreover, the costs of breaches in private clouds are significantly higher than in hybrid clouds.
Another revealing fact is that 43% of companies claimed they were still in the early stages of their practices protecting cloud environments, showing that, in general, organizations still need to evolve a lot.
Nevertheless, the most worrying fact is that 17% of companies have yet to take any action to protect their cloud environments.
Remote Work
Since the beginning of the pandemic, the IBM Cost of a Data Breach report analyzes the impacts of remote work on data breaches. In its 2022 edition, the survey has shown data breach costs were higher for companies that have more employees working remotely.
In practice, companies that have between 81% and 100% of employees working outside the corporate environment had an average cost of $5.10 million. Companies with less than 20% of their team working remotely had to bear an average cost of $3.99 million, a difference of $1.11 million (24.4%).
In addition, the average cost of a data breach was $4.99 million for companies that had remote work as the cause of the breach, while this loss was $4.02 million when remote work was not the cause.
Suggested Security Recommendations in the Report
The IBM Cost of a Data Breach 2022 report also contains important security recommendations on its pages, which can help prevent problems with data breaches. Check them out:
Adopting a Zero Trust Security Model
According to the results of the study, organizations that implemented a zero-trust approach in their security at a mature stage have saved $1.5 million. Therefore, it is convenient to adopt this security model in your company to reduce the financial impacts of a data breach.
Protecting Cloud Environments with Policies and Encryption
Companies that have adopted mature cloud security practices have saved $720,000 compared to those that did not care about the subject. Thus, it is recommended to invest in security policies, data encryption, and homomorphic encryption to prevent data breaches.
Using Incident Response Manuals
Another highly recommended practice is to create and test incident response manuals, as companies that regularly test their plan have saved $2.66 million in violations over those that do not rely on an IR plan team or test.
Improving Incident Detection and Response Times
Added to security and automation AI, Extended Detection and Response (XDR) capabilities contribute to reducing the average costs of a data breach as well as its lifecycle. The study pointed out that companies with XDR deployed have reduced the lifecycle of a violation by 29 days, on average, when compared to organizations that did not implement XDR, saving $400,000.
Monitoring Endpoints and Remote Employees
Finally, the IBM Cost of a Data Breach 2022 report reinforces the need to monitor endpoints and remote workers, showing that violations caused by this modality cost almost $1 million more than violations in which remote work was not a factor.
About senhasegura
We, from senhasegura, are a company specializing in cybersecurity. Our mission is to provide our clients with sovereignty over their actions and privileged information. To do this, we offer our PAM solution, which helps companies protect themselves from all the threats presented in the IBM Cost of a Data Breach 2022 report.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Segura® Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
As the great migration from physical servers to the Cloud continues, tenant-to-tenant migrations are fast becoming the most common type of migration performed. In this post, we break down how to prepare for them, and what it takes for a successful migration.
Tenant to tenant migrations are typically required when a company has rebranded, an organization is subject to divestiture, a merger and acquisition has taken place or an organization is looking to move to the cloud. Here’s some steps to help you prepare for a tenant-to-tenant migration.
How to prepare for a tenant-to-tenant migration
During a tenant-to-tenant migration, both parties might be using Microsoft, however, there are still a large number of technical components to the project. Any migration brings pitfalls and challenges, which is why the most important part is planning. Knowing exactly what you’re doing, how you’re going to do it, and when to do it is essential for a successful tenant-to-tenant migration.Here are a few tips to get you started.
Know where your data is coming from
The first thing to do is perform an extensive discovery of the source tenant and data usage. Take note of things such as:
What workloads and M365 licenses are in use?
How many of each workload type are in scope of migration e.g. User mailboxes, SharePoint document libraries, Teams etc.
Is there any legal hold or archived data that needs to be migrated?
Are there any workflows that are critical to the business to be mindful of?
What external sharing is required post-migration (if any)?
Understand what additional projects are scheduled that may impact the migration of data.
Set boundaries and expectations
Before a tenant-to-tenant migration begins, everyone needs to be on the same page. It’s important to understand what is and is not possible during the process, where priorities lie, and who is responsible for what.
Agree on what project metrics are important. Is it the speed of the migration or the user experience that will define project success?
Understand which data can and cannot be migrated using available tools e.g. CloudM Migrate
Understand the cost, time, and effort required to complete the migration in agreed timeframes
Design the migration approach with business stakeholder buy-in. Will you perform a phased or ‘big-bang’ cutover?
Build-in project time to perform a Pilot phase to ensure the migration approach and experience is as expected
Think about the user experience and plan communications accordingly.
Prepare the destination tenant
Where your data is going to is the final piece of the puzzle. Make sure your destination is prepared for the new data arriving.
Provision of necessary destination objects and associated licenses
Compare policy settings (e.g. retention policies) and plan accordingly
Check for user name conflicts or similar Teams/SharePoint sites and decide to merge or keep the data separate
Plan for contingency. Migrations are complex, make sure additional time is added to timelines for unexpected events and clean-up at the end of the migration.
Tenant-to-tenant migrations are a specialized area
Tenant-to-tenant migrations bring with them their own unique challenges and solutions.
Even though the migration is from Microsoft to Microsoft, it’s still a technical feat and you need a tried-and-tested third party tool to make it happen. CloudM has performed over 70 million migrations with an astonishing 99.8% success rate. We work with huge brands like Netflix, Spotify and Uber, and we’re proud to be a Gold Microsoft Partner.
Alongside our powerful tool, we can also provide a Managed Migration Service which takes the stress out of the project. Our team of migration experts can take control of the project and perform the migration for you, handling everything so you don’t have to.
If you sign up for a Managed migration, you are assigned a project manager that will constantly keep you up to date with everything, reporting back regularly so you never have to ask how things are going. All our clients are also assigned a deployment specialist – a migration expert that can fix issues before they become a problem. Being able to spot a bump in the road ahead of time means it can be resolved before you are even aware there was anything to worry about.
Don’t take risks with your data. Tenant-to-tenant migrations are our domain. Let us handle it for you.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About CloudM CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.
Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.
By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.
With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.
