How can we be of service to you?

Relationships are everything in life and we've been lucky to have created unique and lasting relationships with people and organizations from all walks of life around the world. This gives us access to sources not readily known or overlooked, much less accessible to most. These relationships generate inordinate amounts of information which is parsed to form the basis of our threat intelligence. 

Kontinuum's ability to gather information and formulate threat intelligence has taught us many lessons, one of which is how to help secure those we serve from what can become insider threats or picking up on the cues of shifting alliances and double dealing which let the bad actors inside the wire. Mind you, no system/solution is infallible, which is why security and vigilance, like a relationship must constantly evolve.

Our end goal is to help you work effectively and securely without being intrusive to you or your processes, preferring to be quiet operators. If on the other...

Continue Reading...

It is better to be a warrior tending to a garden than a gardener in a war?

be prepared security Apr 01, 2020

I use this phrase to enforce why I must stay in shape physically and mentally. If I am able to conquer the harder things, I may be more prepared to deal with the easier.

A battle is not relegated solely to the physical, the "enemy" might not be as obvious as one may assume. How many people do you know, yourself included, battle addiction or a psychological condition? How about more benign battles, like those in the office or at home? And then there’s the obvious question: do you know how to fight?

The hubris of that statement made my head spin. Aren’t we all fighting battles at any given time? Battles others know nothing about? Aren't we all warriors?

Next, we ought to deal with the fact that most of the fights one undertakes throughout a lifetime are rarely physical and/or violent. I say this with the understanding that it only takes one violent encounter to put your life in peril and that you should prepare for those as well. But I will let others tell you how to do...

Continue Reading...

Anatomy of a PHISH.

phishing security Mar 15, 2020

In these uncertain times, we must all be vigilant. Moments ago I received this text message from something purporting to be "Chase".

ARROW 1: The first things that stood out was the the url www[.]mobile05-chase[.]net

This is a fragmented URL, which means they are hoping you focus on the last bit chase dot net and assume its real, in hopes you enter your credentials for them to harvest.

ARROW 2 above shows the actual URL which of course is not

Here you are asked to enter your Username, Password and Phone Number. Once you submit on this page, they now have your credentials and your phone number.

NOTE: the links at the bottom seemingly go to legitimate CHASE pages.

The image above is a screenshot of the next page asking you to enter the MFA code you just got on YOUR phone, because they tried logging in with the credentials you just entered.

By entering the code you received here, you will now allow them to successfully log in to your Chase account.

Once you enter the code...

Continue Reading...

Is tele-medicine secure?

Fear mongering and cautious optimism have likely been the drivers behind IT expenditure in recent weeks. I'd wager few of those dollars were allocated to securing this "new work from home" bug that has bitten everyone. 

Aside from the health risks, COVID-19/Coronavirus has demonstrated and/or revealed the wanton disregard for IT security in the global workplace. No where more prevalent than HIPAA related entities. This lack of importance placed on proper implementation and maintenance of IT systems to support a medical practice has exacerbated security issues over time. 

The usual justifications I hear are merely excuses underpinned by budgetary and time constraints. Does this absolve a practice owner from the inherent responsibility to their patients? My answer to this is, if you can't do it properly, don't do it at all.

Modern cyber threats are quickly changing, complex and difficult to prevent. This problem is compounded by the reality that most...

Continue Reading...

When we do I.T., it's art in motion.

The future is here, are you ready?

I challenge the status quo to disagree that mobility and remote workers don't present the identical security concerns as those working in the confines of the "office".

Oh, you have security in place? That's cute. Have the steps you've taken towards your little version of security been reactive or proactive?
In our travels, we have seen very few organisations being proactive in their efforts to mitigate security breaches. No matter how manual your processes are, you cannot operate without computers and the inherent risks associated. You have to be on top of your game everyday, the hacker just needs to succeed once.

Today's digital user eats, breathes and sleeps via internet connected devices, most of whom are blissfully unaware of how they are being tracked. They have more notifications than the Pentagon (probably not, but you get what I'm saying). Whether you're ready to accept it or not, if your employees are checking email and...

Continue Reading...

We're just different.

So, you signed a contract that includes proactive monitoring. Great, you're now one step ahead than the rest, or are you?

To most Managed Services Providers, this proactive monitoring is limited to canned "sensors" that look at your hardware for low disk space, fans spinning too much and checking what features may be installed.

What does all this do for you? Not much other than cost you money.

What if I told you there is another type of proactive monitoring?

Imagine if all your logs were stored in a Security Information & Event Management System (SIEM) and those logs were then analysed and parsed against each-other and other global intelligence records in a Security Operations Center (SOC).

As a Kontinuum client you already have this functionality and security in place.

Kontinuum's threat intelligence changes the game.

Threat intelligence sources are now available with wide ranges of cost and quality; we believe you should be free to benefit and use it effectively....

Continue Reading...

Ransomware is progress.

From the beginning of time, money, gold, diamonds and anything we place a monetary value on is merely a construct created to trade. The object of that trade is steeped in data.

Just so happens Ransomware is today’s construct.

I’m a firm believer Ransomware is a derivative of data theft. The object is to get your data and sell it for Bitcoin to you AND others using Ransomware to cover their tracks.

What happens when your data has been ex-filtrated from your systems?

  1. It’s parsed and categorized for sale and or release.
  2. your customers and business partners are compromised. 
  3. It's only a matter of time to blackmail.

Will your business survive?

Do you understand the value of your data? Data is your most valuable commodity, when taken what will you have left? Customers, a steadily decreasing bank balance, acquaintances who were once your employees?

I know, it’s not our business, but it is yours or at least it was before you got taken for a ride. 


Continue Reading...

Don't be lazy: Never trust, always verify.

Everything we can want is at our fingertips and ripe for the picking. But, should you really take all that you can?

After-all some of it may just me downright rotten. Yes I'm still speaking about technology.

Border walls don't keep anyone out.

That next gen firewall your provider sold you at 50% margin is useless to a degree. Let's remember a firewall is a detection device for the perimeter. As long as there are tunnels and your firewall is letting something through (like Facebook or Google) then anything can get in.

Data is the new border and it can be housed anywhere.

 How many devices do you interact with on a day to day basis?

  1. Mobile phone
  2. Desktop/Laptop
  3. Tablet
  4. Smart something or the other tracking you
  5. VoIP handset
  6. Printer/Copier

Now chew on this. How many employees in your office, each with at least half of the above plus personal devices all connected to the work network?

The problem.

That pit in your stomach, is the realization your business is and has always been...

Continue Reading...

How’s that SPAM & PHISH?

email security Feb 29, 2020

Harden your email systems

You have the greatest firewall and A/V your current provider could sell you to make killer margin. Now what?

Email is the easiest way to get in to your systems legitimately or not. It’s direct and likely not set up correctly, users are trained to open ever email as soon as possible. 

Layering additional security with more advanced functionalities, such as URL scanning and attachment sandboxing onto Office 365 is critical.

Are you set up to filter malicious file types and extensions, or non-business-related IP addresses.

Additionally, configuring SPF, DKIM, and DMARC records can combat spoofing techniques used against your organization.
Ever wonder why email threats sound like food? Or why all our clients are compliant for various standards like FINRA, HIPAA and more?
For the latter, all client data is important and should be secured. 
Don’t have the time or your current I.T. lacks the expertise to do what...
Continue Reading...

Incident response plan?

You do have an incident response plan don’t you?

You or your provider should have a formally defined action plan for security incidents.

  • Start by examining current assets and evaluating your potential risk.
  • Establish clear guidelines to analyze, contain, and remediate a threat.
  • Additionally, a post-breach inquiry should be conducted to confirm the attack isn’t repeatable.

Consider forming an Incident Response Team, as well as formalizing a communications plan to inform clients and business partners when an incident occurs.

Don’t want to handle this or don’t think your existing IT provider can?

Continue Reading...
1 2

75% Complete

Two Step

Enter your name and email address below to receive updates from us.