abtok101

You set up DMARC. Your business is still fully exposed.

Thu, 23 Apr 2026 15:51:01 GMT

The AI Hacking Threat Your Business Isn't Ready For

Mon, 13 Apr 2026 19:48:41 GMT

Cybersecurity Myths You Still Believe (and Why They're Dangerous)

Tue, 07 Apr 2026 16:02:29 GMT

Shut the Door on Cyber Risk

Tue, 24 Feb 2026 18:01:57 GMT

When an employee leaves your company, whether it is a handshake and well wishes �� or a slammed door on the way out ��, one rule should always apply .

Cut. Off. Access. ��

Immediately. ⏱️

Too many businesses treat offboarding like an afterthought. They collect the keys, maybe grab the laptop, and call it good. Meanwhile, that former employee still has email access, VPN credentials, cloud logins, saved passwords on personal devices, and maybe even administrative rights.

That is not just sloppy.

That is dangerous. ⚠️

Good terms do not equal good security

Let’s start with the comfortable lie.

“He left on good terms.”

Great. That is good for morale. It has absolutely nothing to do with risk.

Even the most professional, kind, and well meaning former employee is no longer bound by the same sense of responsibility once they are outside your walls. Priorities change. Emotions change. Financial pressure changes people.

And sometimes it is not about intent at all.

They may reuse passwords.

They may store credentials in a personal password manager.

They may log in from an unsecured home network.

They may click on something malicious using an account that still belongs to you.

Now you have exposure and they are not even on payroll.

That is a problem. ��

Messy breakups are obvious risks

If the separation was tense, emotional, or disciplinary, the risk increases exponentially.

A disgruntled former employee with active access can:

• Download sensitive data ��

• Delete shared files ��️

• Forward confidential emails ��

• Lock accounts ��

• Alter financial information ��

• Sabotage systems ��

And here is the hard truth. It does not take a sophisticated hacker to cause real damage. It takes one valid login.

Access is power. Remove the access. ��

The part most businesses forget

Here is what keeps attorneys busy. ⚖️

If a former employee’s credentials are used in a breach, whether by them or by someone else who got access to those credentials, you are in trouble.

Why?

Because you failed to follow basic security hygiene.

If their account was still active and used in a data breach, the argument against you becomes simple:

You knew they were no longer employed.

You knew they had access.

You failed to disable it.

The breach happened because of that access.

That is negligence territory.

And in court, that is not a fun place to stand.

You will lose. ❌

It is not personal. It is policy.

The best way to handle offboarding is to remove emotion from the process.

Every departure should trigger a documented checklist:

Disable Microsoft 365 account ��‍��

Revoke VPN access ��

Remove MFA tokens ��

Terminate remote management access ��️

Disable line of business application logins ��

Collect and wipe company devices ��

Rotate shared passwords ��

Remove access from third party vendors and portals ��

No exceptions.

No delays.

No waiting until the end of the week.

The moment employment ends, access ends. ⛔

Compliance and insurance are watching

Cyber insurance carriers expect strict offboarding procedures. Many policies now specifically require prompt revocation of user access upon termination.

Regulators expect it. ��️

Auditors expect it. ��

Insurance expects it. ��️

If you cannot prove you removed access immediately, you are exposed financially and legally.

This is about protecting your business

You work too hard to build your company to let a forgotten login tear it down.

It is not about distrust.

It is not about assuming the worst in people.

It is about understanding reality.

Credentials left active are open doors. ��

Open doors invite problems.

Problems turn into breaches. ��

Breaches turn into lawsuits. ⚖️

And lawsuits are expensive. ��

Shut the door. ��

If you are not confident that your offboarding process immediately and completely removes access across every system, it is time to fix that.

Because the cost of doing it right is tiny compared to the cost of explaining to a judge why you did not.

Learn more about cyber liability insurance here.

TP Link Is in the Crosshairs and Texas Just Fired the First Shot

Tue, 24 Feb 2026 17:44:46 GMT

�� TP Link Is in Legal Trouble and Your Business Should Pay Attention ��

Texas has officially taken action against TP Link. ⚖️

The lawsuit centers around serious cybersecurity concerns tied to networking equipment used in homes and businesses across the country. When a state like Texas steps in, it is not random. It signals risk. It signals scrutiny. And it signals that more may follow.

If one state attorney general moves, others watch closely. ��

If vulnerabilities appear systemic, regulatory pressure spreads fast.

This is how it starts.

�� Why This Matters to Your Business

Your router is not just a box with blinking lights. ��

It is the gateway to your entire company.

If your network equipment has unresolved vulnerabilities or questionable security practices behind it, everything connected to it is exposed.

• Customer data ��

• Financial systems ��

• Email accounts ��

• Cloud platforms ☁️

• Internal documents ��

Cheap networking gear can become the most expensive mistake you ever make. ��

Attackers do not look for the biggest company.

They look for the easiest door. ��

⚠️ If You Have TP Link Equipment

This is not a wait and see moment.

If you have TP Link routers, switches, or access points in your business, you need to evaluate that immediately.

✔️ Inventory every networking device

✔️ Check firmware versions

✔️ Confirm devices are still supported

✔️ Review known vulnerabilities

✔️ Create a replacement plan if necessary

If you do not know how to answer those questions, that is a problem. ��

�� Your IT Provider Should Have Seen This Coming.

A proactive cybersecurity partner monitors:

• Vendor risk

• Firmware update history

• Security advisories

• National security warnings

• Legal and regulatory movement

They do not wait for headlines. ��

They anticipate them.

If this is the first you are hearing about risk tied to your networking hardware, you need to ask some serious questions.

Cybersecurity is not about reacting.

It is about preventing. ��️

�� If You Had No Idea

If you have no clue what brand of router protects your business, that is not a small oversight.

That is exposure.

Businesses are not too small to be targeted. ��

In fact, they are often targeted because they are small.

�� The Bottom Line

Texas made a move. Others may follow.

Your network should never be your weakest link.

If you want clarity on where you stand, now is the time to find out.

Because hackers love confusion.

And we love shutting doors before they ever get opened. ��

The Notepad++ Backdoor Incident | Why Supply Chain Attacks Are Rising | ABT Solutions

Wed, 04 Feb 2026 22:30:36 GMT

Notepad++ has been around forever. It is lightweight trusted open source and installed on millions of systems worldwide. Developers IT admins engineers and power users rely on it daily without a second thought. That is exactly why it became a perfect target.

This was not a vulnerability in the code itself. Notepad++ was not hacked in the traditional sense. Instead attackers went after something far more dangerous. Trust .

What Actually Happened

Attackers compromised infrastructure involved in distributing Notepad++ updates. For users running older versions of the updater the software could be silently redirected to attacker controlled servers. Those users believed they were downloading a legitimate update from a trusted source. In reality they were handed malware.

The payload tied to this incident was linked to a sophisticated threat group known as Lotus Blossom. Researchers identified a custom backdoor called Chrysalis designed for stealth persistence and long term access. This was not smash and grab malware. It was engineered to live quietly inside environments.

Once installed Chrysalis allowed attackers to maintain remote access exfiltrate data and blend in with normal system activity. No pop ups. No obvious signs. Just quiet control.

This is what makes the incident so dangerous. Everything looked normal.

Why This Attack Worked

Supply chain attacks work because they abuse assumptions we all make.

We assume updates are safe
We assume trusted software stays trusted
We assume open-source equals secure
We assume attackers go after big flashy targets

Every one of those assumptions is wrong.

Attackers did not need to exploit Notepad++ users directly. They did not need phishing emails or malicious links. They simply waited for users to do what they are supposed to do. Update their software.

Once attackers control the update path they control the endpoint.

Why This Wont Be The Last

Notepad++ is not special. It is representative.

Every environment relies on dozens or hundreds of third party tools. Updaters agents plugins utilities browser extensions remote tools and open source software are everywhere. Many of them run with elevated permissions. Many of them auto update. Many of them assume trust instead of verifying it.

Attackers know this.

Supply chain attacks scale better than phishing. They bypass user awareness training. They slip past perimeter defenses. They land inside trusted workflows where security tools are less suspicious.

And most organizations do not monitor software integrity closely enough to catch it early.

The uncomfortable truth is this. Another trusted tool will be compromised.

The only unknowns are which one and who gets hit.

What This Means For Businesses

If your security strategy assumes that trusted software equals safe software you already have a blind spot.

Modern security requires more than antivirus and patching. It requires visibility into behavior not just signatures. It requires monitoring endpoints for abnormal activity even when the software appears legitimate. It requires assuming compromise and being ready to detect it quickly.

Because the next attack will not announce itself.

It will arrive quietly through something your team already trusts.

Final Thought

The Notepad++ incident is not about one tool. It is about a shift in how attacks happen.

Attackers are not breaking down doors anymore. They are being invited inside.

And unless organizations adapt their security posture this absolutely will not be the last time we see a trusted name turn into an attack vector.

If you want help understanding where your environment is exposed or what trusted tools could become your weakest link now is the time to look. Not after the next incident makes headlines.

Attacks like this one do not announce themselves.

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.

AI Is Taking All the Chips and Your Computer Prices Are Paying the Price

Wed, 04 Feb 2026 22:17:04 GMT

If you have tried to buy a new computer lately and felt personally attacked by the price tag, you are not imagining things. AI is hungry. And it is eating all the chips. If you haven't noticed this yet, you will.

Artificial intelligence systems and data centers rely on high performance processors. The same chips that power business laptops desktops and servers are now being scooped up in massive quantities by AI companies and data centers. When demand explodes and supply stays tight, prices do exactly what you would expect.

They skyrocket .

Manufacturers prioritize bulk buyers. Supply chains tighten. Retail prices climb. Suddenly a basic business computer costs hundreds more than it did a year ago or even a week ago like it did for me at the time of writing this and delivers little to no improvement for everyday work.

Small and mid-sized businesses feel this the hardest.

You need reliable machines to run your business. You do not need to fund the AI arms race.

Why New Computers Are Getting More Expensive

This is not just inflation. It is a perfect storm.

AI workloads require powerful CPUs GPUs and memory
Chip manufacturers are focusing on high margin AI hardware
Every available component is under increased demand
That demand drives up costs across the entire market

Even standard office computers are affected. You end up paying premium prices for hardware you do not actually need.

Our Solution Smarter Hardware Without the Sticker Shock

We saw this coming. So we built a smarter option for our customers.

We provide lightly used and open box computers that deliver real world performance at a fraction of the cost. These are business grade systems not mystery machines pulled from a closet.

Every device is carefully vetted tested and configured by our team.

Here is the part most people do not expect.

They come with better warranties .

Yes, REALLY .

Because we stand behind the hardware we deploy. Our warranties are designed for business use not consumer headaches. If something fails you are not stuck arguing with a call center or waiting weeks for a replacement.

Why This Actually Makes Sense for Your Business

You save money upfront
You avoid inflated AI driven pricing
You get enterprise quality hardware
You get stronger warranty coverage
You keep your business running smoothly

Most businesses do not need the latest bleeding edge hardware. They need dependable systems that work every day without drama.

That is exactly what we deliver.

AI Can Have the Chips. You Can Have the Savings

AI is not slowing down. Chip shortages and pricing pressure are not going away anytime soon. But that does not mean your business has to overpay for computers.

We help our customers sidestep the chaos with smart hardware choices that protect both performance and budget.

If you are tired of outrageous computer prices and want a practical alternative that actually works, let us talk.

AI can fight over the chips.

We will make sure your business still wins.

Tired of overpaying for hardware?

Our Managed IT Services include smart hardware procurement so your budget goes further - or visit the ABT Blog for more practical advice on running a lean, resilient business.

Why You Should Choose an MSP Over a Printer Company Offering Cybersecurity

Mon, 02 Feb 2026 22:44:03 GMT

Cybersecurity is not a checkbox. It is not an add on. And it is definitely not something that should be bundled in with toner and copier leases.

In recent years, many printer and copier companies have started offering “cybersecurity services.” On the surface, it sounds convenient. One vendor for everything. But when you look closer, there is a big difference between a company that sells cybersecurity and a company that lives it every day .

Cybersecurity Is Our Core Business

For a true Managed Service Provider, cybersecurity is not a side hustle. It is the foundation of what we do.

We wake up every day thinking about how attackers are getting smarter, how threats are evolving, and how to keep our clients protected.

Our tools, training, and processes are built around one goal: keeping your business safe and operational .

Printer companies exist to sell and service hardware. Cybersecurity was added because it created a new revenue stream, not because it was their mission. That difference matters more than most people realize.

Depth of Expertise Matters

Cybersecurity is complex. It involves endpoint protection, email security, identity management, monitoring, backups, disaster recovery, user training, compliance, and incident response.

An MSP has specialists who understand how all of these layer's work together. We test them. We monitor them. We respond when something goes wrong.

Most printer companies rely on packaged solutions with minimal oversight. If something breaks or an alert triggers, it often gets escalated to a third party. That delay can be the difference between a minor issue and a major breach.

We Are Proactive Not Reactive

True cybersecurity is proactive. It is about preventing problems before they disrupt your business.

We continuously monitor systems, apply patches, review logs, train users, and adjust security controls as threats change. We are not waiting for something to fail so we can open a support ticket. We are actively working to make sure that ticket never exists.

Printer companies are built around break fix service models. That mindset does not translate well to cybersecurity.

We Care Because Your Business Is Our Reputation

When a client gets hit with ransomware or suffers data loss, it is personal to us. We know your business. We know your team. We know what downtime costs you.

Cybersecurity is not just another line item on our invoice. It is a responsibility we take seriously.

Printer companies can move on to the next lease. We build long term partnerships.

Choose a Partner Not a Product

Cybersecurity is not something you buy once and forget about. It is an ongoing relationship that requires trust, transparency, and expertise.

When you choose a real MSP, you are choosing a partner who is invested in your success, not a company that added cybersecurity because it was profitable.

If protecting your business actually matters to you, work with people who do this for a living.

Because real security comes from real experts like our team at ABT Solutions.

OneDrive Is Not a Backup - Here's What You Need Instead | ABT Solutions

Sun, 01 Feb 2026 22:57:18 GMT

Sync Is Not a Backup ��

Most businesses cling to OneDrive or Google Drive like they are some kind of digital life raft.

It feels like a backup.
It feels safe.
It feels convenient.
It absolutely is not.

Sync tools protect productivity and convenience.

They do not protect your business from disaster.

What Sync Really Does ��

Sync mirrors whatever happens on your device without hesitation.

Delete a folder - Gone everywhere.
Employee accidentally drags a client directory into the recycle bin - Gone everywhere.
Ransomware encrypts a mapped folder - You just synchronized the chaos into the cloud at the speed of light.

I see this mistake constantly. Companies betting their survival on something that was never designed to save them when the world goes sideways.

What Real Backups Look Like ��️

Real backups are a different animal.

They live outside your production environment.
They stand apart from the blast zone.
They stay immutable and untouchable.
They remain recoverable even if your entire network is smoking.

These backups don’t care if your file server is crying or your domain controller tapped out.

They exist to bring your business back from the brink.

Business Continuity Starts Before the Disaster ��

Sync tools were built for convenience, not catastrophe.

If you want resilience, you need a clean copy that sits somewhere ransomware cannot dance and employees cannot accidentally delete.

Smart companies assume failure is inevitable.

They plan for the moment when they need something pure, untouched, and ready to restore operations when everything else collapses.

My team builds systems for those moments.

Not for good days
For bad days

For the days you hope never come but absolutely will if your business stays alive long enough.

**So Ask Yourself

Do You Really Have Backups? ��

When someone confidently says
“we have backups”

PUSH BACK

Do they have real resilience or just a synced folder waiting to betray them?

Cybersecurity is not built on hope.

It is built on preparation.

Survival belongs to businesses that prepare before disaster strikes.

AI Can Supercharge Your Business, or Sink It. Here’s Why Employee Use Matters.

Mon, 17 Nov 2025 15:45:27 GMT

Artificial intelligence is everywhere, and it’s not slowing down. From writing emails to analyzing data, AI tools are helping employees work faster, smarter, and more efficiently. But here’s the catch: not everyone is using them wisely, or securely.

We’re seeing a dangerous trend where employees feed sensitive company data into public AI platforms without realizing what’s at stake. When you paste internal documents, customer details, or confidential emails into a chatbot, that information can live on forever in someone else’s system. That’s a compliance nightmare waiting to happen.

Even worse, some AI-generated outputs are being trusted without verification. Employees might use AI to summarize an invoice, write a contract, or draft a customer response, without realizing the tool just fabricated information or missed key details.

The result?

Embarrassing errors, data exposure, and potential legal trouble.

Here’s what smart companies are doing right now:
✅ Creating an AI usage policy that outlines what tools are allowed, how they can be used, and what data is off-limits.
✅ Training employees on both the benefits and the risks of AI. Awareness is the first line of defense.
✅ Implementing data loss prevention (DLP) and monitoring tools to ensure sensitive information isn’t slipping through the cracks.
✅ Partnering with cybersecurity experts (that’s where we come in) to make sure security controls evolve as fast as AI does.

AI can be a game-changer, but only if it’s used responsibly. Without the right guardrails, it can become your company’s biggest security gap.

If you’re unsure how your employees are using AI, or if you even have visibility into it, it’s time to talk. We can help you set boundaries that keep innovation flowing and data locked down.

Why Setting DMARC to Quarantine or Reject Actually Matters

Thu, 13 Nov 2025 15:37:11 GMT

If email security were a neighborhood, DMARC would be the guard dog that never sleeps. But here is the catch. A guard dog only works if you actually let it bite. Too many businesses set up DMARC but leave it in a comfy none or monitoring mode, which is the cybersecurity equivalent of putting your guard dog behind a glass window and hoping the criminals feel guilty.

Setting DMARC to quarantine or reject is where the magic happens. It is the moment your email security stops whispering politely and starts speaking with a voice of authority. When you enforce DMARC, you tell the world that only emails you approve can represent your domain. Everyone else gets tossed aside like spammy junk mail that never deserved your name on it in the first place.

Why does that matter so much? Because hackers love impersonation. If they can trick your customers into thinking a fake email came from you, they win. They steal information. They plant malware. They damage trust. They make your business look sloppy. Enforcing DMARC slams that door shut by giving you total control over what gets delivered, what gets flagged, and what gets stopped cold.

With quarantine, suspicious messages land safely out of view where your users cannot get tricked. With reject, impersonation attempts get obliterated before they ever reach an inbox. Both settings protect your reputation, your clients, and your peace of mind.

In short, DMARC enforcement is not just a technical checkbox. It is a business survival move. It keeps your name clean, your communication credible, and your customers safe. Set it to quarantine or reject, and your email domain becomes a fortress instead of an open invitation.

That is the kind of smart protection that keeps you one step ahead of the hackers. And in this game, one step is everything.

What Happens If Your Microsoft 365 Gets Breached?

Tue, 04 Nov 2025 17:30:16 GMT

Let’s start with the obvious: if your Microsoft 365 account gets breached, it’s not “just” an email problem. It’s a full-blown business crisis.

Microsoft 365 isn’t just where your inbox lives. It’s where your files, contacts, calendars, and even internal communications reside. It’s the digital heartbeat of your business, and when it’s compromised, attackers gain the master key to your kingdom.

Here’s what happens next:

1. The attacker impersonates you.
The moment your credentials or session token are stolen, the attacker can log in as you, sending invoices, asking employees to wire money, or requesting sensitive data. Because it’s coming from your real account, it’s incredibly convincing.

2. They pivot deeper into your organization.
Most modern attacks don’t stop at email. Once inside, hackers search for shared files, OneDrive content, and Teams messages that contain passwords, vendor info, financial data, etc. Then, they expand their reach, often gaining access to other users’ accounts or systems.

3. Your reputation takes a hit.
Imagine your clients getting phishing emails from “you.” Even if you contain the breach, the damage to trust can linger. Many businesses find it harder to recover reputationally than financially.

4. They may plant persistence.
Attackers don’t always vanish after the first breach. They create hidden forwarding rules, drop malicious OAuth apps, or steal refresh tokens to maintain access, even after you reset your password.

5. Compliance and liability come knocking.
If your company handles regulated data (like financial or health information), a breach can trigger mandatory reporting, investigations, and hefty fines. Even small businesses aren’t exempt.

The Harsh Truth:
If you think Microsoft 365 security “comes built-in,” think again. Out of the box, it’s like buying a house with locks, then leaving all the doors open.

True protection means layering:
✅ Advanced email security and encryption
✅ Multi-factor authentication (and yes, it’s still essential)
✅ SOC monitoring to catch intrusions in real time
✅ Security awareness training for your team
✅ Regular penetration testing and vulnerability assessments

If your Microsoft 365 gets breached, it’s not the end of the world, if you act fast and have the right team behind you.

At ABT Solutions, we specialize in protecting businesses from these exact threats. We secure your Microsoft 365 environment, monitor for intrusions, and help you stay ahead of attackers before they strike.

Don’t wait for the wake-up call.

Your Microsoft 365 is the front door to your business. Let’s make sure it’s locked, alarmed, and watched 24/7.

How Much Would One Day of Downtime Cost Your Business?

Wed, 22 Oct 2025 17:09:40 GMT

Let’s play a quick game of math, don’t worry, it’s the kind that makes your stomach drop, not your calculator smoke.

Imagine you wake up tomorrow and your business is dead in the water. No email. No phones. No file access. No customer orders. No billing. No nothing.

How much would that one day of downtime cost you?

If you’re like most businesses, the answer is shocking. Between lost productivity, halted sales, recovery efforts, and the blow to your reputation, downtime can easily rack up thousands, or even tens of thousands, of dollars per day.

According to industry studies, the average cost of IT downtime is between $5,600 and $9,000 per minute . Now, you might not be a Fortune 500 company, but even a small business losing access to systems for a single day could easily see:

$10,000+ in lost revenue
$5,000–$20,000 in labor costs from unproductive staff
Unknown long-term losses from unhappy customers and missed opportunities

And that’s before you even add the cost of recovering your systems, restoring backups, or paying the ransom if a cyberattack was involved.

Here’s the harsh truth: Downtime doesn’t just cost money, it kills trust.

Your clients expect you to be reliable. If they can’t reach you, they’ll find someone they can.

At ABT Solutions, we help businesses eliminate that risk. From proactive monitoring and patch management to data backup and disaster recovery, our goal is simple: keep you up, running, and protected.

Because prevention isn’t expensive, downtime is .

If you don’t know how long your business could survive without access to your systems, it’s time for a conversation. We’ll help you find out before a hacker does.

Why SSL VPNs Put Your Business at Risk

Wed, 08 Oct 2025 16:59:54 GMT

For years, businesses have relied on VPNs (Virtual Private Networks) as the “secure” way to connect remote workers to company systems. But the truth is, VPNs, especially SSL VPNs, have become one of the biggest security liabilities in today’s threat landscape.

Hackers aren’t breaking into businesses by guessing passwords anymore. They’re going straight after the tools you use to connect: VPNs and firewalls.

The Problem with VPNs

VPNs were designed to create a tunnel between a remote user and your company network. Once that tunnel is open, the user (or attacker) has broad access inside your network. It’s like giving someone the keys to the entire building when all they needed was access to one office.

When attackers compromise a VPN, they don’t just get a foot in the door, they’re sitting in your lobby with access to everything.

SSL VPNs and SonicWall Vulnerabilities

In the past few years, we’ve seen a flood of zero-day vulnerabilities targeting SSL VPNs and firewalls. One of the most high-profile examples is the SonicWall SSL VPN vulnerability, which allowed attackers to bypass authentication and gain access directly into company networks. They didn't even need a password!

That wasn’t a one-off event. Almost every firewall vendor, Fortinet, Cisco, Palo Alto, SonicWall, and others, has dealt with critical VPN-related zero-days. Cybercriminals actively scan the internet for exposed VPN portals, waiting to pounce on organizations that haven’t patched within hours of a new exploit being discovered.

Why This Puts Your Business at Risk

Single Point of Entry: VPNs often provide attackers with wide-open access once compromised.
Zero-Day Exploits: Hackers don’t wait, many breaches happen before patches are even available.
Credential Theft: If an employee’s VPN password is stolen, attackers bypass your defenses.
Compliance Risks: Breaches through VPNs can expose sensitive data, leading to fines and legal issues.

The Better Approach: Zero Trust Remote Access

Instead of relying on VPNs, modern businesses are adopting Zero Trust solutions that limit access to only what a user needs, when they need it. This ensures that even if an account is compromised, attackers don’t get the keys to your entire network.

What You Should Do Next

If your business is still using SSL VPNs or traditional VPNs, you’re already at risk. Hackers are actively targeting these systems, and history has proven that more vulnerabilities will continue to surface.

It’s time to move away from outdated VPN technology and adopt modern security practices that keep your business safe.

At ABT Solutions, we help businesses just like yours secure their remote workforce with Zero Trust access, advanced firewall management, and 24/7 monitoring, so you don’t have to worry about whether your VPN is the next door hackers walk through.

�� Contact us today before the next firewall zero-day becomes tomorrow’s breach.

If your business is still relying on an SSL VPN, there is a better path forward.

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.

Identity Threat Detection & Response (ITDR) Explained

Thu, 02 Oct 2025 17:28:53 GMT

What is ITDR?

Identity Threat Detection & Response (ITDR) is a cybersecurity discipline built to detect, investigate, and mitigate identity-based attacks in real time. It continuously monitors user activity, analyses access patterns, and responds to identity threats such as compromised credentials, privilege escalation, and lateral movement.

Unlike traditional security tools that focus primarily on endpoints or networks, ITDR adds that identity-specific visibility and enforcement layer designed to stop adversaries that exploit credentials or identity infrastructure.

Why ITDR is critical: the growing threat of identity-based attacks

Today’s cyberattack landscape has shifted. Identities are now the new battlefield. Consider:

Attackers are using MFA-bypass techniques, stolen session cookies, credential stuffing, and other identity-centric tactics to breach organizations in minutes.
The environment has grown more complex: cloud adoption, hybrid infrastructures, and remote work have expanded the identity attack surface.
Even where traditional tools (IAM, PAM, EDR) exist, gaps remain because once an attacker is operating under valid credentials, many protections simply don’t trigger.

In short: if you’re managing email, customer data, or any access to systems, you are a target. As I often say: preventing identity compromise isn’t optional, it’s business insurance.

ITDR vs EDR (and where they work together)

While EDR (Endpoint Detection & Response) monitors devices, laptops, servers, workstations, ITDR focuses on the identities behind the access.

Here’s how they differ and overlap:

EDR

Looks at endpoints for malware, exploits, device-based attacks
Detects anomalies on machines, monitors system logs and network traffic

ITDR

Monitors logins, access rights, privilege changes, identity behaviour across on-premises, cloud and hybrid identity stores
Focuses on credential abuse, privilege misuse, lateral movement via identity pathways such as Microsoft 365.

Together

When EDR logs show suspicious activity on an endpoint, ITDR can help determine whether that activity originated from credential compromise or identity misuse. This combined view helps your security team understand not just the “what” but the “why” and “how” of the attack chain.

What to look for in an ITDR solution

When evaluating an ITDR platform or service, make sure it supports these key capabilities:

1. Continuous visibility

You need real-time insight into all identity-related activity: authentication attempts, privilege escalations, new service accounts, directory changes across on-premises and cloud. Behavioral analytics, machine learning and anomaly detection must play a part.

2. Proactive enforcement

Detection alone is not enough. Once suspicious identity behaviour is identified, you need options like: step-up authentication, session termination, account revocation, blocking lateral movement. Automated enforcement gives you response speed and containment.

3. Risk-based prioritization

Security teams are overwhelmed by alerts. The ITDR solution must help prioritize real threats over noise by correlating identity behavior with risk context such as user role, asset value, behavior baseline, environment.

How we at ABT bring ITDR to life

At ABT, we believe identity security is foundational. Here’s how we implement ITDR for our clients:

We map the identity landscape: human users, service accounts, API keys, machine identities.
We implement continuous monitoring across identity stores (on-premises directory, cloud IAM, hybrid accounts) to feed the direct identity telemetry.
We overlay behavioural analytics and anomaly detection to identify high-risk identity events (e.g., unusual login time/location, privilege escalation after inactive period, access from untrusted devices).
We integrate with incident response workflows to quickly isolate compromised identities, trigger MFA challenge, revoke access, and block lateral movement.
We tie identity events into our broader security ecosystem (endpoint, network, SIEM) so we can trace the attack path: from compromised identity to endpoint to payload.
We deliver actionable intelligence and playbooks so your internal team understands how to respond, adapt and evolve continually.

Getting started with ITDR: three steps to build your identity protection strategy

Assess your identity attack surface
Identify all identities in your environment: employee logins, privileged accounts, third-party/service accounts, machine identities. Evaluate where gaps exist: outdated credentials, stale service accounts, excessive privileges.
Deploy continuous monitoring and detection
Roll out identity-telemetry collection across all identity systems. Enable behavioural analytics, set baselines for normal identity activity, configure alerts for deviations (MFA bypass attempts, privilege creep, unusual access).
Automate response and enforce least privilege
Build workflows that trigger when identity threats are detected: isolate accounts, force password reset, require step-up authentication, audit privileges and revoke excess rights. Tie this into your turnaround playbooks and ensure your team knows their responsibilities.

Final Word

Identity is the newer control plane. If an attacker steals credentials, bypasses MFA, or elevates privileges, they can operate undetected and achieve devastating results. By adopting ITDR, backed by a trusted cybersecurity advisor, you don’t just “hope” for protection, you enforce it, with visibility, response and control.

If your organization isn’t sure where it stands with identity threat protection, let's talk.

You don’t have to navigate this alone.

MFA Isn’t a Silver Bullet Anymore

Wed, 24 Sep 2025 16:53:44 GMT

We always recommend multi-factor authentication (MFA). It’s an important layer of protection. But here’s the truth: MFA alone is no longer enough.

Attackers are getting smarter and sneakier. One of the fastest growing threats right now is the Adversary-in-the-Middle (AiTM) attack, and it’s especially targeting Microsoft 365.

These attacks bypass MFA. They don’t drop malware. Instead, they use legitimate tools and stolen session tokens to “live off the land.” That means they can look just like normal users inside your environment, making them extremely hard to detect.

Real-World Example: A Small Plumbing Company Nearly Shut Down

A friend of mine owns an MSP, and just recently he got a call from a plumbing company with 10 employees. They were in a panic because they couldn’t send emails, everything just sat in the sent folder.

After investigating, my friend found that one of their staff had clicked on what looked like a DocuSign email. No password was entered. No credentials were typed in. Yet attackers still managed to slip inside their Microsoft 365 environment.

Once in, the attackers configured a separate domain and started sending malicious emails on behalf of the company. Operations came to a grinding halt.

Within an hour, my friend’s team had:

Removed the attackers from the environment
Rolled out their security monitoring software
Reset all passwords and MFA with stronger rules
Started the staff on their first cybersecurity training session

Here’s the kicker: this plumbing company had no cybersecurity in place before this incident. Now, they’ve got the protections, training, and monitoring needed to prevent this from ever happening again.

You Can’t Do This Alone

The bad guys are no longer just brute-forcing passwords or sending obvious spam. They’re using advanced, stealthy methods that go around your defenses instead of through them.

MFA is a must, but it’s not enough on its own. You need a cybersecurity partner to continuously monitor, detect, and respond to these evolving threats. The cost of doing nothing is a business that can grind to a halt in minutes. The cost of being protected? For small businesses, it can sometimes be less than what you’re already paying for phone or internet service.

If you’re not sure where your business stands, let’s talk.

Don’t wait until you’re the next victim of an AiTM attack.

Why Organizations Should Choose a Managed Services Provider in 2025 Instead of Soley Relying on Staff IT

Tue, 02 Sep 2025 17:22:25 GMT

Every organization in 2025 faces the same challenge: doing more with less. Budgets are tight, cyber threats are escalating, and customers, members, and employees all expect fast, reliable services. Many organizations still rely on a single in-house IT employee, or a small IT staff, to handle everything from resetting passwords to defending against ransomware.

The reality is, that model simply isn’t enough anymore.

Here’s why organizations should look to a Managed Services Provider (MSP) in 2025 instead of relying solely on staff IT:

1. Cybersecurity Has Become Too Complex

Cyberattacks against organizations of all sizes are on the rise. Hackers no longer just target large corporations, they increasingly go after small and mid-sized businesses, nonprofits, schools, and professional practices because defenses are often weaker. A single IT staffer cannot monitor systems around the clock, implement enterprise-grade protections, or keep up with evolving threats. An MSP brings an entire team equipped with Security Operations Center (SOC) monitoring, endpoint detection, intrusion prevention, and advanced security tools. These are resources most organizations could never afford on their own, nor would they know how to assemble into a security stack strong enough to defend against modern threat actors.

2. 24/7 Support and Monitoring

A staff IT person clocks out at 5 PM. Hackers don’t. MSPs provide round-the-clock monitoring and response. That means ransomware attacks at midnight get caught early, servers that crash over the weekend get worked on before monday, and your operations don’t suffer long outages that damage your reputation.

3. Scalable Expertise

IT staff often wear too many hats: networking, cybersecurity, backups, compliance, user support, and more. No one person can be an expert in all areas. With an MSP, organizations gain access to a team of specialists in different areas of technology. That expertise scales as you grow, without the cost of recruiting, training, and retaining multiple full-time employees.

4. Budget Predictability

Budgets are often set years in advance. Unexpected IT costs, like replacing servers after a failure or paying for emergency breach recovery, can wreck financial stability. MSPs provide predictable, fixed monthly pricing that covers proactive maintenance, monitoring, and support. This helps organizations plan more effectively while avoiding expensive surprises.

5. Compliance and Data Protection

Organizations of all kinds handle sensitive data: financial records, health information, member databases, or intellectual property. Regulations around data handling and privacy are becoming stricter every year. An MSP ensures that data is encrypted, backups are tested, and compliance requirements are met, protecting both your organization and the people who trust you.

6. Focus on Your Mission

When IT issues consume staff attention, leaders and employees can’t focus on what matters most: serving customers, members, or the community. By outsourcing IT management to a trusted MSP, organizations free up time and resources to grow, innovate, and serve more effectively.

7. Future-Proofing Technology

Technology is advancing quickly: cloud solutions, AI-driven services, remote collaboration, and industry-specific applications are becoming essential. An MSP helps organizations adopt new technologies smoothly and securely, ensuring they don’t fall behind while competitors modernize.

Who Needs an MSP?

The truth is, every type of organization is a target for cyberattacks and can benefit from professional IT management. Whether you are in:

Municipalities and Local Government
Financial Services (banks, credit unions, investment advisors, insurance firms)
Healthcare and Medical Practices
Education (K-12 schools, colleges, training centers)
Nonprofits and Community Organizations
Manufacturing and Industrial Companies
Professional Services (law firms, accounting, CPA, engineering, etc.)

…a Managed Services Provider can deliver the protection, reliability, and expertise you need.

Final Thought

IT is no longer just about fixing computers. It’s about defending against cyberattacks, keeping essential services running 24/7, and planning for the future of digital operations. In 2025, a single staff IT person simply cannot carry that responsibility alone.

By partnering with a Managed Services Provider, your organization gains the expertise, protection, and scalability it needs to safeguard data, maintain uptime, and grow with confidence, without blowing the budget. We can help take care of this for you when you sign up for our managed IT services .

Your Business Is Now Hackable With a $20 AI Subscription

Fri, 29 Aug 2025 15:53:17 GMT

Anthropic’s latest threat report confirmed what cybersecurity professionals have feared: the barrier to launching ransomware attacks has collapsed.

Who is Anthropic and why should we believe them?

Anthropic is one of the world’s leading AI companies, founded by former OpenAI researchers and backed by Amazon and Google. Their AI, Claude, is a direct competitor to ChatGPT. When Anthropic issues a threat report, it’s not hype, it’s insider intelligence from a company building the very technology now being weaponized.

In one documented case, a single individual with no coding skills used Claude Pro to:

Research and select targets
Develop custom malware
Automate extortion campaigns

The attacker successfully executed 17 ransomware incidents , demanding ransoms between $75,000 and $500,000 .

Why This Matters

Until now, ransomware required specialized technical knowledge, underground criminal networks, and months of preparation. That barrier to entry is GONE .

Today, all it takes is an AI subscription and basic English skills .

Artificial intelligence has compressed the learning curve from years to weeks. That means:

Attacks will multiply — What one unskilled attacker pulled off, thousands more can replicate.
Small businesses are in the crosshairs — Automation makes “smaller targets” profitable at scale.
Cyber insurance costs will spike — Actuarial models are based on yesterday’s risks, not today’s reality.

The Dangerous Window We’re In

The defense industry will adapt, but there’s always a lag between new attack methods and effective countermeasures. Right now, we’re in that gap. This is the most dangerous time for unprepared organizations.

What Businesses Should Do Immediately

If you’ve been putting off security upgrades, the clock just ran out. Here are urgent steps every organization should take:

Audit your current security posture — Identify vulnerabilities before attackers do.
Upgrade your incident response plan — Assume a breach is possible and plan accordingly.
Harden email and endpoint security — Most ransomware campaigns begin with phishing or weak endpoint protection.
Invest in employee training — Humans remain the easiest entry point for attackers.
Review your cyber insurance coverage — Premiums and exclusions are about to shift dramatically.

The Bottom Line

Cybersecurity risk has changed permanently. If one person with no technical background can launch automated ransomware campaigns, the floodgates are open.

Doing nothing is no longer an option.

The question isn’t if attackers will find your business, it’s whether you’ll be ready when they do.

When a Chatbot Cracked the Castle: Lessons from the Salesloft Drift Breach

Wed, 27 Aug 2025 16:42:05 GMT

The recent Drift by Salesloft breach is a reminder that even tools we think of as harmless, like chatbots or small integrations, can open the door for hackers. In this case, attackers got into Drift and used that connection to steal data from big companies through Salesforce. While the headlines are about large organizations, the real lesson is that every business is at risk if they don’t stay on top of third-party apps and connections. This is why regular security assessments and having a trusted cybersecurity partner are so important.

This post is a bit more technical and detailed than usual. I just wanted to make sure all the information was clear and available, so thanks for bearing with me.

1. The Anatomy of the Breach: How It Happened

Origin in GitHub Access
Threat actors associated with the group tracked as UNC6395 gained access to Salesloft’s GitHub account between March and June 2025 . This foothold allowed them to extract sensitive credentials including AWS keys, passwords, Snowflake tokens, and more

Token Theft and Lateral Movement
Between approximately August 8 and August 18, 2025, attackers exploited the SalesDrift integration, which connects Drift’s AI chat features to Salesforce, to steal OAuth (Authentication) and refresh tokens. These tokens were then used to access customer Salesforce environments and exfiltrate data.

Scope of Impact
Hundreds of organizations were affected, including cybersecurity giants such as Palo Alto Networks, Cloudflare, Zscaler, Proofpoint, CyberArk, Tenable, and Workiva. Notably, exfiltrated data typically included business contact names, support case metadata, job titles, and occasionally credentials like AWS keys and Snowflake tokens.

Broader Credential Harvesting
Beyond Salesforce, the “Drift Email” integration may have compromised small numbers of Google Workspace accounts , though core Google systems remained untouched.

Sophisticated Attack Tactics
The attackers displayed operational stealth, deleting query jobs to erase evidence and avoid triggering alerts.

2. Why Primarily Larger Enterprises Got Hit

Heavy Reliance on SaaS Integrations
Organizations like Salesforce customers often rely on complex ecosystems of integrated tools, SalesDrift and Drift for CRM automation included. These dependencies expand attack surfaces.

High-Value Targets
Big companies tend to store extensive customer data and internal sales intelligence, making them lucrative targets for supply chain attacks.

Broad Token Privileges
OAuth tokens used in integrations can grant broad access. If not properly scoped or monitored, they act like skeleton keys, especially in environments with weak visibility.

3. A Wake-Up Call: Why Every Business Needs Third-Party Security Assessments

Even if you're not in enterprise-level security, the Drift incident spotlights universal threats:

Hidden Vulnerabilities
A breach in a small third-party app, like a chatbot, can bypass traditional perimeter defenses, especially in SaaS-oriented workflows.

Inadequate Monitoring and Logging
The breach revealed lagging detection systems and weak audit trails. Proactive logging and anomaly detection could have spotted unusual OAuth token behaviors sooner.

Token Persistence and Privilege Creep
Stale or overly broad tokens, particularly in integrations with powerful tools like Salesforce, become a liability if not effectively revoked or rotated.

4. Why a Strong Cybersecurity Partner Matters

A trusted cybersecurity partner can bring in forensic readiness, real-time monitoring , and incident response maturity to detect, contain, and mitigate breaches quickly.

Third-Party Risk Management (TPRM) frameworks help organizations:
Visualize interconnected integrations (not just direct but also fourth-party risk).
Tag high-risk integrations and enforce strict privileges.
Monitor OAuth/API activity patterns for anomalies.

In the Salesloft case, external assistance from Mandiant and Google’s GTIG was critical to containment; without such partners, the breach could have wreaked even more havoc.

5. Key Takeaways and Actionable Advice

Audit all third-party integrations - Detect unknown or outdated integrations that carry token privileges.
Revoke and rotate credentials promptly - Blocks persistence if a channel is compromised.
Enforce least privilege - Limit what each integration can access.
Implement robust logging & monitoring - Detect stealthy behaviors like deleted query jobs.
Engage in continuous TPRM - Visualize both direct and indirect risk across your tech stack.
Partner with cybersecurity experts - Be ready for rapid response, forensic investigation, and containment.

Conclusion: A Silent Breach, A Loud Reminder

The Salesloft Drift breach u nderscores a harsh reality: even integrations perceived as innocuous, like AI chatbots, can become entry points for high-impact supply chain attacks. While major firms bore the brunt, the same vulnerabilities apply to organizations of every size.

Now is the time to deeply evaluate third-party risk and increase defenses via continuous assessment, strong oversight, and reliable cybersecurity collaboration.

We live In a world where trust is transacted through tokens, being vigilant is your best safeguard.

What is the Salt Typhoon Hack and Why Small Businesses Should Be Concerned

Sat, 02 Aug 2025 15:36:35 GMT

Cybersecurity headlines have been buzzing about the Salt Typhoon hack, but many small and medium businesses (SMBs) are still asking: what does this mean for me?

What is Salt Typhoon?

Salt Typhoon is a name used to identify a Chinese state-sponsored hacking group. Unlike random hackers who spread malware for quick profit, Salt Typhoon is strategic and deliberate. Their operations often involve breaking into telecommunications networks, which is obviously a critical backbone for global communication.

Once they compromise telecom providers, they can:

Monitor phone calls, texts, and data traffic.
Identify high-value targets.
Stealthily move into other connected businesses.

This isn’t a smash-and-grab cybercrime. It’s a patient, methodical infiltration designed to give attackers deep access to communication systems and the organizations that rely on them.

Why This Impacts Small and Medium Businesses

At first glance, it may sound like only large telecom companies or government agencies need to worry. But here’s the reality:

If your business relies on phone systems, internet connectivity, or cloud-based communications, you’re indirectly connected to these networks. If telecom carriers are breached, attackers may pivot to businesses downstream.
SMBs are stepping stones. Salt Typhoon and groups like them often use smaller organizations as an entry point into larger ecosystems.
Data is data. Even if you’re not handling classified information, customer records, billing data, and employee communications all have value on the black market.

Think of it this way: if attackers can intercept communications through a compromised telecom provider, they don’t need to target your business directly, THEY ARE ALREADY LISTENING!

The Risks for Your Business

The danger isn’t just about stolen data. A breach through telecommunications networks can mean:

Intercepted customer calls and emails leading to fraud or impersonation.
Loss of privacy as sensitive business discussions are monitored.
Targeted spear-phishing attacks that appear even more convincing because attackers have inside information.
Business disruption if your communications are tampered with or taken offline.

For a small business, these outcomes can be devastating both financially and reputationally.

How We Can Help

At ABT Solutions, we take threats like Salt Typhoon seriously. Protecting SMBs against advanced cyberattacks requires layered defenses, including:

Advanced threat detection to spot unusual behavior that could signal an attacker is in your network.
Regular patching and updates to close off the vulnerabilities these attackers exploit.
Penetration testing and assessments to identify weaknesses before hackers do.
Employee training to ensure your team knows how to recognize and report suspicious activity.
And much more!

Cyber threats are evolving, and if attackers are patient enough to go after global telecom networks, they won’t hesitate to target smaller businesses that depend on those networks every day.

�� Don’t wait until your communications are compromised. Reach out today for a complimentary security assessment and let’s make sure your business is prepared.

Is Your Email Setup Putting Your Business at Risk?

Wed, 30 Jul 2025 16:33:51 GMT

Email is the backbone of business communication, yet it’s also one of the most common ways attackers exploit organizations. If your email domain isn’t set up correctly, you could be leaving the door wide open for cybercriminals, and you might not even know it.

Let’s break down a few of the most common issues we see:

1. DMARC Set to “None” (or Missing Entirely)

DMARC is a critical email authentication protocol that tells receiving mail servers what to do if someone tries to send an email pretending to be you.

If your DMARC policy is set to none , your domain isn’t protected at all, it’s just reporting, and that is only if you have a valid email address in the record. Attackers can still send phishing emails that look like they’re from you.
If you don’t have a DMARC record at all , the problem is even worse: your domain is vulnerable to spoofing, and your customers could easily be tricked.

2. No SPF Record

SPF (Sender Policy Framework) defines which mail servers are authorized to send emails on behalf of your domain.

If you don’t have an SPF record , anyone can send messages pretending to be you, and most receiving servers won’t know the difference.
A bad or incomplete SPF setup can cause legitimate messages to fail authentication or land in spam.
SPF also needs to align properly with DKIM and DMARC for full protection. Without all three, your domain can still be spoofed.

3. No DKIM Record

DKIM (DomainKeys Identified Mail) is another essential piece of email authentication. It uses cryptographic signatures to prove that an email actually came from your domain and hasn’t been tampered with.

If you don’t have a DKIM record , your emails are far more likely to be flagged as spam or rejected entirely.
Without DKIM, even legitimate messages can fail authentication, hurting your deliverability and your reputation .
Worse, without DKIM combined with DMARC, attackers have a much easier time spoofing your domain.

4. No MTA-STS (SMTP TLS Reporting)

MTA-STS ensures that your email is always sent over encrypted connections. Without it, attackers can intercept or tamper with your messages during transit. In industries like finance, healthcare, and insurance, this can lead to serious compliance violations and data leaks.

5. Cheap or Insecure Email Hosting

We often see businesses using low-cost email providers instead of Microsoft 365 or other enterprise-grade solutions. While it may save a few dollars each month, it comes with major downsides:

Poor spam and phishing filtering
Weak or non-existent security controls
Higher risk of downtime and data loss

Email is not the place to cut corners, your entire reputation and customer trust ride on it.

6. Deliverability Matters Too

Even if attackers aren’t spoofing your domain, a misconfigured email setup can still hurt your business. Emails without proper SPF, DKIM, and DMARC alignment often get flagged as spam or never reach the inbox at all. That means missed client communication, failed proposals, and lost revenue.

Check Your Domain Health

We’ve built a domain scanner below that will check your SPF, DKIM, and DMARC setup. If your score isn’t 10/10 , your domain is not only vulnerable to impersonation, but you’re also at risk of poor email deliverability.

�� Don’t wait until your customers receive a fake email “from you.” Take two minutes to scan your domain and see where you stand.

Critical New SharePoint Server Vulnerability: What You Need to Know

Mon, 21 Jul 2025 17:55:03 GMT

�� What Just Happened

On July 21, 2025, Microsoft confirmed widespread active exploitation of a critical zero-day vulnerability in on-premises SharePoint Server (not affecting SharePoint Online/Microsoft 365). Hackers have leveraged this under-the-radar flaw, CVE‑2025‑53770 (and related CVE‑2025‑53771), to compromise approximately 75 servers, including those at U.S. government agencies and leading companies.

⚠️ Why It Matters

Remote Code Execution & Spoofing : The attackers gain deep access by impersonating trusted sources, potentially enabling full server takeover.
High Stakes : Exploits targeting mission-critical infrastructure mean that once accessed, attackers can exfiltrate data, deploy malware, or disrupt services.
Not Just Theory, It’s Happening : With at least 75 servers confirmed breached, this is no drill.

�� What Microsoft Is Doing

Emergency Patches Issued (July 8, 2025): Security updates released fo r SharePoint Server 2019 and Subscription Edition u nder KB5002741, KB5002751, and related KBs.
Fixes Still Pending : Patches fo r SharePoint Server 2016 exp ected soon, as of now, they're unavailable.
Recommended Defensive Actions :
Apply patches immediately.
If patching isn't pos sible, disconnect vulnerable servers from the internet or enable advanced malware protection.

�� Timeline of Key Events

January–May 2025 : Microsoft patched several SharePoint vulnerabilities (CVE‑2025‑21344, CVE‑2025‑30382, CVE‑2025‑49701, and others). These included remote code execution (RCE) and spoofing flaws that hinted at deeper risks within on-prem environments.
July 8, 2025 : As part of Patch Tuesday, Microsoft rele ased emergency security updates for SharePoint Server 2019 and Subscription Edition (KB5002741, KB5002751). These updates addressed a newly discovered zero-day vulnerability, CVE‑2025‑53770, be ing actively exploited in the wild.
July 21, 2025 : Microsoft publicly conf irmed that at least 75 servers had been breached using this f law. The attackers leveraged spoofing to gain deep access, triggering widespread concern in both government and private sectors. A patch for SharePoint Server 2016 is still pending at this time.

✅ Immediate Mitigation Steps

Patch Immediately :
On ‑prem SharePoint 2019: Install KB 5002741.
Subscription Edition: In stall KB5002751.
Isolate If You Can’t Patch : Remove public access or enable robust malware scanning.
Monitor & Audit : Keep an eye on logs for unusual activity or spoofed traffic.
Plan 2016 Update : Track Microsoft’s upcoming 2016 patch and be ready to deploy once available.

�� Broader Patch Landscape

July 2025’s Patch Tuesday tackle d 132–137 security flaws across Wind ows, Office, SQL Server, and SharePoint, including another publicly disclosed zero-day in SQL Server (CVE‑2025‑49719). While only one zero-day involved SharePoint this month, the sheer volume and severity of bugs underline the importance of timely patch management.

��‍�� Final Take

This isn’t a drill, an actively exploited zero-day in SharePoint Server dema nds urgent action.

Your top priorities:

Patch immediately if you're running on-prem SharePoint 2019 or Subscription Edition.
Isolate vulnerable systems if patching isn’t yet possible.
Stay alert for forthcoming patches for 2016.

�� Thinking Ahead

Ensure robust change control, backup validation, and incident response readiness.
Consider internal segmenting of SharePoint servers and stricter access policies.
Stay informed: This may not be the last critical vulnerability in SharePoint this year.

Why You Shouldn’t Use a Gmail Account for Your Business (Especially if You Have Compliance Requirements)

Thu, 10 Jul 2025 21:49:13 GMT

When you’re running a business, every decision you make should reflect professionalism, security, and compliance. Yet one of the most common mistakes we see, especially among small businesses, is using a free Gmail account (like yourbusiness@gmail.com ) for business communications. It might seem harmless, but if you care about protecting your data, building trust, and staying compliant with industry regulations, it’s a risky move.

Here’s why using a Gmail account for business is a bad idea and why it could actually cost you.

1. It’s Not Professional

Perception matters. Customers, vendors, and partners take you more seriously when your email address matches your domain name (e.g., you@yourcompany.com ). A free Gmail address comes across as amateurish or temporary, and that’s not the message you want to send if you’re handling sensitive data, insurance, healthcare, or financial services.

2. It’s Not Secure Enough for Business Use

While Gmail includes decent security for personal users, it lacks critical business-grade protections unless you're using Google Workspace or another secure platform designed for business such as Microsoft 365.

With a standard Gmail account, you don’t get:

Administrative control over who can access what,
Security policies like enforced 2FA or device management,
Advanced threat protection tailored for business environments,
Activity logging and audit trails.

If an employee’s Gmail account is compromised, there’s no central control to shut it down or revoke access. That’s a huge risk.

3. It’s a Compliance Nightmare

If you operate in a regulated industry, like finance, insurance, healthcare, or legal, you’re likely subject to regulations like HIPAA, FINRA, GLBA, or others. A personal Gmail account isn’t compliant with those standards.

Here’s why:

No signed Business Associate Agreement (BAA) from Google unless you use a paid Workspace account with the right plan,
No data loss prevention (DLP) or archiving controls,
No eDiscovery or retention policies,
No centralized user management or access revocation,
No encryption assurances for compliance-grade protection.

Even if you think you’re just emailing “simple stuff,” the law may still consider it protected or sensitive data. And ignorance is no excuse in the event of a breach, audit, or class action lawsuit.

4. You Don’t Own the Account

If an employee creates a Gmail account like yourbusiness@gmail.com , they control it, not you. If they leave, they could walk away with all your customer emails, files, and contacts.

There’s no way to reclaim or shut down the account unless you’re using a business-grade email system with proper user controls.

5. You Need a Business-Grade Email Platform, Set Up and Secured by Professionals

Business email isn't just about sending and receiving messages, it’s about protecting your organization from threats, maintaining compliance, and presenting a trustworthy image to clients. That’s why you need a business-grade email solution that’s not just purchased but also properly configured, secured, and monitored.

When you partner with us, you get far more than just email:

Professionally hardened Microsoft 365 environment,
Ongoing security monitoring and proactive threat response,
Phishing protection and anti-malware filtering,
User access controls and compliance-ready policies,
Ongoing support from a team that specializes in securing business communications.

This isn’t something you “set and forget.” It takes expertise and continuous oversight to ensure your email system isn’t the weakest link in your cybersecurity posture.

Final Thoughts: Free Email Isn’t Free, It’s a Liability

Using a personal Gmail account may seem easy, but it leaves your business exposed on all fronts, security, compliance, and reputation.

If you rely on email for business (and who doesn’t?), then it’s time to treat it like the mission-critical asset it is. That means using a secure, business-class email platform and trusting professionals to manage and monitor it the right way.

Let’s get your email system secured, compliant, and working for you, not against you.

Reach out today and we’ll help you do it right from day one.

Ready to make the switch?

This is paragraph text. Click it or hit the Manage Text button to change the font, color, size, format, and more. To set up site-wide paragraph and title styles, go to Site Theme.

CVE‑2025‑49719: SQL Server Information Disclosure (Improper Input Validation)

Tue, 08 Jul 2025 18:32:11 GMT

�� Disclosure & Patch Status

Publicly disclosed on July 8, 2025, as part of Microsoft’s July Patch Tuesday.
Affects SQL Server 2016, 2017, 2019, and 2022 (various x64 builds prior to the July 8, 2025 cumulative updates).
Fixed in the July 2025 cumulative security updates, such as KB5058713 for SQL Server 2019 and KB5058721 for SQL Server 2022.

�� Vulnerability Description
This vulnerability is categorized as Improper Input Validation (CWE‑20). A flaw in how SQL Server handles crafted network input can allow an attacker to retrieve uninitialized memory, which may contain sensitive information such as connection strings, login credentials, or internal schema data.

�� Attack Characteristics

Access Vector: Remote (network)
Authentication Required: No
User Interaction Required: No
Privileges Required: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CVSS v3.1 Score: 7.5 (High)
Exploitability: Less likely (per Microsoft), but proof-of-concept code is already public

⚠️ Risk & Impact
An unauthenticated remote attacker can exploit this vulnerability to extract sensitive data from memory. While the attack is passive (it doesn't directly alter or destroy data), the leakage of credentials or internal configurations can lead to significant compromise, including further lateral movement within the environment or targeting of dependent applications.

✅ Mitigation & Remediation

Apply the July 2025 security updates:
SQL Server 2022: KB5058721
SQL Server 2019: KB5058713
SQL Server 2017: KB5058714
SQL Server 2016: Apply the latest GDR or CU from July 2025
Update OLE DB drivers to version 18 or 19
Restrict SQL Server network exposure to only trusted hosts and segments
Monitor logs for unusual login attempts or memory-related errors (e.g., error 701, 17803)
Rotate any credentials or connection strings potentially exposed
Enforce network segmentation and least-privilege access to minimize impact

�� Summary
CVE‑2025‑49719 is a high-severity vulnerability in Microsoft SQL Server that allows unauthenticated attackers to extract memory content remotely. While classified as “less likely” to be exploited, the availability of public proof-of-concept code means organizations should prioritize patching, restrict access to database servers, and monitor for suspicious activity.

HIPAA Isn’t Enough — Why Healthcare Organizations Need Proactive Cybersecurity Protection

Mon, 07 Jul 2025 22:20:42 GMT

In today’s digital world, healthcare organizations like dental offices, chiropractic clinics, and small medical practices are prime targets for cybercriminals. While many believe that using HIPAA-compliant software is enough to keep patient data secure, the truth is that compliance does not equal security.

At ABT Solutions, we help healthcare providers go beyond basic compliance and implement real-world protection against the growing threats facing the industry.

Here’s why that matters now more than ever:

1. HIPAA Is Only the Starting Point

HIPAA sets important rules for safeguarding patient data, but it was never designed to stop modern ransomware, phishing, or nation-state-level threats. Compliance ensures that you meet a baseline requirement, but that does not mean your systems are secure.

Cybercriminals do not care if your software meets HIPAA standards. They are looking for weaknesses they can exploit. If they find one, they will not hesitate to lock your systems, steal your records, or disrupt your entire practice.

2. Small Healthcare Practices Are a Big Target

Many small healthcare providers think they are too small to be attacked. Unfortunately, that is exactly what makes them appealing to hackers. You store valuable data such as patient records, insurance details, and billing information, and attackers know that small clinics often have weaker defenses.

ABT Solutions provides the kind of cybersecurity protection that is typically reserved for large enterprises, but customized to meet the needs and budget of smaller offices.

3. Downtime Can Be Disastrous

If your systems were locked down today, how long could your practice operate without access to your scheduling, billing, or patient records? A cyberattack can halt operations for days or even weeks. The cost of recovery, legal liability, and lost patient trust can be overwhelming.

It is far more affordable to prevent a breach than to recover from one.

4. Cyber Insurance Now Requires More Than HIPAA Compliance

Insurance providers have raised their standards. To qualify for cyber insurance or even to maintain your policy, you now need more than HIPAA compliance.

Many providers now require:

Multi-factor authentication (MFA)
Endpoint detection and response (EDR)
Email encryption
Around-the-clock monitoring
Timely system updates and patches
Security training for employees

If you are missing any of these, your insurance may not cover you in the event of an attack.

5. We Make Cybersecurity Simple and Affordable

At ABT Solutions, we are passionate about helping healthcare practices stay safe from cyber threats.

Our services include:

✔️ Secure email and encryption
✔️ Managed endpoint protection
✔️ 24/7 monitoring by real cybersecurity experts
✔️ Firewall and network security
✔️ Employee security training
✔️ Safe remote access for telehealth
✔️ Reliable backup and recovery solutions

We do more than just meet compliance requirements. We help build confidence and true resilience for your organization.

Final Thoughts: Don’t Wait Until It’s Too Late

If your practice uses digital records, email, or internet-connected tools, you are already a potential target. HIPAA compliance is a good starting point, but it will not protect you from the wide range of threats that exist today.

Let’s build a cybersecurity plan that fits your clinic. We even offer a free introductory risk assessment to help you understand your current security posture.

Reach out to ABT Solutions and let us help you stay ahead of the threats that could put your practice at risk with our cyber liability insurance guidance.

Windows 10 End of Life: Why Businesses MUST Act Now

Thu, 03 Jul 2025 22:27:27 GMT

If your business still runs on Windows 10, time is running out. Ignoring this deadline could cost you more than just a few updates.

What’s Happening?
Microsoft has announced that Windows 10 will reach its official End of Life (EOL) on October 14, 2025. This means there will be no more security patches, no bug fixes, and no support. For businesses, this is more than a routine update. It is a major compliance and cybersecurity concern.

Why It Matters for Business Owners

If your company is still using Windows 10, here is what you need to know:

�� No More Security U pdates Means Increased Risk

Once Microsoft stops releasing security updates, Windows 10 machines become easy targets for hackers. Even with antivirus and firewalls in place, outdated systems leave doors wide open for cybercriminals.

⚖️ Compliance Violations
Businesses that fall under regulations like HIPAA, PCI-DSS, or FINRA must stay compliant. Running unsupported operating systems often breaks those standards, potentially resulting in fines, legal action, or loss of certifications.

�� Higher Costs in the Future
Delaying the upgrade might feel convenient now, but it will likely cost more later. Older hardware may need to be replaced, software could break, and emergency IT fixes are often more expensive than a planned upgrade.

�� Software Compatibility Issues
As developers move on from Windows 10, your critical business software may stop working or lose support. This could create serious disruptions to your operations.

What You Need to Do Now

Audit Your Devices
Create an inventory of all systems still using Windows 10. Identify which ones are eligible for upgrade and which need to be replaced.
Plan and Budget Accordingly
You do not need to upgrade everything at once, but you do need a clear plan. Spreading the cost over the coming months can reduce the financial impact.
Partner with a Trusted IT Provider
A knowledgeable IT partner (like us) can help manage the upgrade process, ensure compliance, and keep your business secure throughout the transition.

The Bottom Line
Continuing to use Windows 10 after support ends is not just a technical risk. It is a serious business liability. As a responsible business owner, protecting your data, your customers, and your operations should be a top priority.

This is more than an IT update. It is a matter of protecting your business future.

Don’t wait until a cyberattack or audit forces your hand.

The Dangerous Gamble: Why Running Exchange Server After EOL Is a Business Risk You Can’t Afford

Tue, 01 Jul 2025 16:27:28 GMT

Whether you're a small business, a municipality, or a large enterprise, if you're still running Microsoft Exchange Server 2016 or 2019 , there's a major deadline looming:

October 14, 2025 - End of Life.

After this date, Exchange 2016 and 2019 will no longer receive security updates, patches, or support from Microsoft. And if you're on something older? You're already living dangerously.

Let’s break down why continuing to use Exchange after EOL (end of life) is one of the riskiest moves ANY business can make .

�� 1. No Security Patches = You’re a Sitting Duck

Once Microsoft ends support, any new vulnerabilities in Exchange will go unpatched, FOREVER .

That means:

Hackers can exploit known and unknown bugs without resistance.
Your business email becomes an easy target for ransomware, phishing, and data theft.
Past Exchange vulnerabilities like ProxyLogon and ProxyShell were exploited within hours, a nd these were while still under support.

Imagine what happens when nobody’s watching your back.

�� 2. You’re Likely Violating Compliance, Even If You Don’t Know It

Running outdated, unsupported software often puts you out of compliance with:

Cyber liability insurance policies
Industry standards (like HIPAA , CJIS , PCI-DSS, FTC Safeguards, etc. )
State and federal cybersecurity laws

Most businesses don't realize that insurance claims can and WILL be denied if you're running unsupported systems. One missed update could be the difference between protection and a six to seven figure recovery bill.

�� 3. You’re a Target, Even If You’re Small

There’s a dangerous myth that only big companies get hacked. This is simply NOT true.

Hackers don’t discriminate; they automate . They scan the internet looking for:

Open ports
Known vulnerabilities
Outdated systems (like unsupported Exchange servers)

And when they find one? They don’t knock, they walk right in .

In fact, 60% of small businesses go out of business within six months of a major cyberattack. Don’t assume you’re too small to be on someone’s radar.

�� 4. No Microsoft Support = You're On Your Own

After EOL (end of life):

Microsoft won't help you, even if your mail server crashes.
Third-party tools (antivirus, backup, monitoring) may stop supporting your version.
If something breaks, there’s no one to call.

Your email is too mission-critical to rely on hope.

✅ What Should You Do?

You have two responsible paths forward:

�� Migrate to Exchange Online (Microsoft 365)

Cloud-hosted, secure, and always updated
Reduces your maintenance and infrastructure costs
Adds built-in resilience

�� Upgrade to Exchange Server Subscription Edition (SE)

Released in July 2025
Subscription-based model (no more perpetual licenses)
In-place upgrade possible from Exchange 2019 CU15
Keeps email on-prem for businesses with strict compliance needs

⚠️ If You Must Delay, Do This Immediately

If you're not ready to migrate or upgrade yet:

Remove internet access to your Exchange server
Implement advanced threat protection and endpoint detection (EDR)
Enforce multi-factor authentication
Test your backups and disaster recovery plans
Schedule a penetration test to find your weak spots

But be clear: these are short-term bandaids, not solutions.

�� Final Thoughts

Email is the gateway to your business. It's where invoices go out, credentials are stored, contracts are sent, and operations are coordinated. Leaving it running on unsupported software is a disaster waiting to happen .

Are you getting the gist? Every business needs to take cybersecurity seriously—now.

Whether you're a city government, school district, hospital, insurance firm, manufacturing plant, CPA firm, law office, healthcare provider, construction company, retail chain, nonprofit, financial institution, and the list goes on, the need for cybersecurity applies to you.

If your organization uses email, stores sensitive data, or simply wants to stay in business, cybersecurity isn't optional.

The clock is ticking.

The longer you wait, the higher the risk, and the fewer options you’ll have when something goes wrong.

Don't be the next breach headline. Be the one who acted early.

If you're not sure where to begin, we can help you evaluate your options and move toward a secure, supported future, whether that’s cloud or on-prem.

Reach out today. Before a hacker does.

Why Nonprofits Must Have Cybersecurity, and the Legal Ramifications of Neglecting It

Sun, 29 Jun 2025 17:25:39 GMT

At ABT Solutions, we’re passionate about protecting organizations from cyber threats. And while many nonprofits assume hackers wouldn’t bother with them, the truth is sobering: cybercriminals don’t care if you’re a Fortune 500 company or a local nonprofit. They look for vulnerabilities, and unfortunately, nonprofits are often viewed as easy targets, especially the small ones because they have nothing.

Many nonprofits still rely on free email accounts to run their organizations, and that’s a major mistake. Why? For the same reason a doctor’s office wouldn’t or shouldn't. You’re handling sensitive information every day: employee records, donor details, financial data, and customer information. You have both a legal and ethical responsibility to keep that data secure. Failing to do so doesn’t just put your mission at risk, it puts directors, board members, and even staff in the crosshairs of potential class action lawsuits.

Why Cybersecurity Is Non-Negotiable for Nonprofits

You handle sensitive data.
Donor names, employee information, addresses, payment card information, Social Security numbers, and even healthcare-related records in some cases, this is gold on the black market.
Trust is your greatest asset.
Donors give because they trust you. A single breach can shatter that trust, putting your mission and funding at risk.
Cybercrime has evolved.
Today’s cybercriminals use AI-driven phishing, ransomware-as-a-service, and advanced attack methods. No organization is too small or too charitable to be a target.

The Legal Ramifications of Not Protecting Donor, Employee and Customer Data

Ignoring cybersecurity isn’t just risky, it can be legally costly.

Oklahoma State Law

Oklahoma has a data breach notification law (Oklahoma Statutes §24-161) that requires organizations, including nonprofits, to notify affected individuals of a data breach “in the most expedient time possible.” Failing to comply can trigger state investigations, fines, and lawsuits.

Broader Data Protection Laws

Even if you’re based in Oklahoma, your donors and members may live across the country, or even abroad. That means other data protection laws may apply:

California Consumer Privacy Act (CCPA/CPRA): If you collect data from California residents and meet certain thresholds, you must provide clear privacy disclosures and safeguard that data. Civil penalties can reach up to $7,500 per violation.
General Data Protection Regulation (GDPR): Accept donations or interact with anyone in the European Union? GDPR applies. It requires strict data protections, 72-hour breach notifications, and clear consent processes. Fines can reach millions of dollars, even for nonprofits.
Other State Laws: States like Colorado, Virginia, and Connecticut now have their own privacy laws. Depending on where your donors live, your nonprofit may have to follow several sets of rules.

FTC Enforcement

The Federal Trade Commission (FTC) is also active in holding nonprofits accountable. Under Section 5 of the FTC Act, it can take action if your organization makes promises about protecting donor data but fails to take “reasonable” steps to secure it. That means if your website claims you safeguard donor privacy but you’re not encrypting records or patching systems, the FTC can treat that as a deceptive practice.

Donor Litigation and Class Actions

Data breaches often spark lawsuits from donors, employees, members, or beneficiaries w ho believe their personal information was mishandled. Many of these become class actions, leading to large settlements or legal defense costs that nonprofits simply can’t afford.

IRS and Financial Scrutiny

Nonprofits are required to maintain accountability to preserve their tax-exempt status. A cyber incident that compromises financial records or donor contributions can lead to IRS audits, compliance costs, and in severe cases, questions about the organization’s ability to responsibly manage funds.

Myth vs. Reality: Who’s Really at Risk?

Myth: If a nonprofit suffers a cyberattack, only the organization itself can be sued; directors, board members, and employees aren’t personally at risk.

Reality: While most class action lawsuits target the nonprofit as an entity, leadership isn’t completely shielded. Directors and board members have a fiduciary duty to exercise reasonable oversight. If it’s shown that leadership ignored known cybersecurity risks or failed to act responsibly, regulators or donors could pursue personal liability claims.

This means nonprofit leaders must treat cybersecurity as part of their governance responsibility. Choosing to do nothing, or to rely on “free” tools like Gmail or Yahoo for sensitive communications, doesn’t just endanger the mission, it may expose decision-makers to legal and reputational consequences.

What’s the Price Tag on a Data Breach for a Small Nonprofit?

Average Cost for Nonprofits (~$200,000)

For nonprofits specifically, the average cost of a data breach is estimated at around $200,000, a figure that directly represents money diverted from mission-driven work like helping communities and supporting beneficiaries.

Small Business Benchmark ($120,000–$1.24 million)

Looking at small businesses more broadly, the Verizon 2024 Data Breach Investigations Report estimates breach costs between $120,000 and $1.24 million, depending on severity. Many small organizations simply can’t weather those damages.

Why the Gap—And Why It Matters

Scale & Complexity : Small nonprofits typically hold fewer records, handle simpler systems, and may not face costly regulatory fines, so their breach cost tends to be lower than large corporate averages.
Real Costs vs. Averages : The $200,000 nonprofit average is a realistic reflection of operational interruptions, legal fees, public relations, donor fallout, and recovery support, not just raw data theft.
Uninsured Vulnerability : Many nonprofits lack cyber insurance or robust incident response plans, so even a moderate breach can divert vital funds or destabilize operations.

The Bottom Line

Cybersecurity is not optional for nonprofits, it’s a safeguard for your mission, your donors, your employees, and your future. A single breach can bring devastating financial, legal, and reputational consequences.

At ABT Solutions, we believe protecting organizations isn’t just about technology, it’s about protecting trust. We help nonprofits secure their systems with the same level of defense used by major businesses, but tailored to your size and needs. That includes email security, endpoint protection, staff training, penetration testing, and more.

Your mission deserves protection. Don’t wait until a hacker forces the issue!

 let’s talk today about securing your nonprofit.

The Hidden Dangers of 'Set It and Forget It' IT: Why Maintenance Matters More Than Ever

Tue, 13 May 2025 14:10:52 GMT

Too many businesses still treat IT like a one-time setup. They install antivirus software, put in a firewall, and assume they’re good to go. But cybersecurity doesn’t work like that and neither does technology. Tools left unattended become outdated fast, and what once protected you can turn into a wide-open door for hackers.

Take a look at some of the biggest breaches in recent years. Many of them weren’t the result of sophisticated attacks, they happened because of missed software updates or forgotten systems. In fact, a study by the Ponemon Institute found that 60% of breaches could have been avoided with timely patching alone.

If you don’t have a dedicated IT team keeping everything maintained and monitored, you’re taking a risk every day. Unpatched vulnerabilities, expired antivirus, old user accounts, misconfigured firewall rules, and backups that no one’s tested. These are the cracks that attackers look for.

Not sure if your IT is on autopilot? If you can’t remember the last time your systems were updated, if your antivirus says “up to date” but hasn’t been checked since 2022, or if your backups have never been tested, it’s time for a reality check.

Proper IT maintenance includes regular security patching, ongoing monitoring, monthly health reports, vulnerability scanning, and routine access reviews. It’s not flashy, but it’s what keeps your business safe and running.

That’s exactly what we do. At ABT Solutions, we provide fully managed IT and cybersecurity services, taking the burden off your shoulders and making sure your business is protected around the clock. We start with a free vulnerability assessment, where we’ll uncover exactly what’s going on behind the scenes.

Cybersecurity isn’t something you can “set and forget.” If it’s been a while since you had a real look under the hood, now’s the time.

 Reach out today and let’s make sure your defenses are where they need to be — before a hacker decides to find out for you.

Social Engineering Attack You Need to be Aware of

Fri, 21 Mar 2025 15:22:48 GMT

Hackers are now exploiting a social engineering tactic called “ClickFix” to trick users into downloading malware right onto their machine. These fake alerts appear credible and convince users to bypass security measures, putting your accounts and data at serious risk.

If you are a current customer and we provide you with cybersecurity services:

We’re actively improving your security defenses and looking for any indication of attack in your network. We also want to take this time to educate your team to recognize these fake alerts. If you receive a suspicious message urging you to “fix” your account or system, please contact us before taking action. below is an example of what you might see on your screen in this kind of attack.

If you are not an ABT Solutions customer or do not purchase cybersecurity from us, here’s how we can help:

Our team can help implement enhanced security measures, provide user awareness training, and ensure your team can recognize these increasingly convincing social engineering attacks.

I’d like you to click the link below to receive a free vulnerability assessment showing how we can improve your security and reduce the risk of social engineering attacks like ClickFix .

Here is a link to schedule a vulnerability risk assessment .

Let’s work together to ensure your organization is protected from this rising threat.

Dedicated to keeping you secure,

Braden A. Lampe

Critical SonicWall SonicOS Vulnerability Actively Being Exploited

Wed, 19 Feb 2025 18:35:39 GMT

Critical SonicWall Vulnerability (CVE-2024-53704)

A newly disclosed zero-day vulnerability (CVE-2024-53704) in SonicWall’s SonicOS is actively being exploited in the wild, allowing attackers to hijack SSL VPN sessions without credentials. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch by March 11, 2025.

Read the Technical Analysis HERE .

Why This Matters

Unauthenticated Access: Attackers can bypass authentication and gain full control over VPN sessions.
High-Risk Target: Organizations using SonicWall firewalls, especially those in critical sectors like healthcare and finance, are at increased risk.
Potential Ransomware Connection: Previous SonicWall vulnerabilities have been exploited to deliver ransomware, and similar tactics are being observed here.

Immediate Actions to Take

✅ Apply Vendor Patches – Update to the latest SonicOS versions immediately.

✅ Enforce Multi-Factor Authentication (MFA) – Prevent unauthorized access to VPN sessions.

✅ Restrict SSL VPN Access – Allow connections only from trusted IP ranges.

✅ Reset Credentials & Strengthen Password Policies – Secure locally managed SSLVPN accounts.

✅ Monitor VPN Activity – Watch for unusual login behavior and unauthorized access attempts.

How ABT Solutions Helps

ABT Solutions provides 24/7 security monitoring, Enterprise Grade Endpoint and Email Security, real-time threat intelligence, and compliance-driven vulnerability management to protect your network from active exploits. Our solutions include:

Managed Detection & Response (MDR) – Continuous monitoring to detect and mitigate threats in real-time.
Endpoint/Network Security - Enterprise grade multi-tier endpoint and network security solution built to keep organizations secure.
Email Security - Multi-stage email security solution designed with keeping organizations secure.
Vulnerability Management – Identifying and patching vulnerabilities before they can be exploited.
SIEM & Log Management – Ensuring all security events are captured and analyzed to prevent breaches.
Compliance Guidance – Helping your organization stay compliant with industry regulations and cybersecurity best practices.
So much More! - Click the " Vulnerability Risk Assessment " button to get started learning how we can secure your organization.

For assistance securing your organization, contact ABT Solutions, LLC today.

Dedicated to Your Security,

Braden A. Lampe - CEO @ ABT Solutions, LLC

ProxyLogon & ProxyShell: The Microsoft Exchange Vulnerabilities That Should Have Been Your Wake-Up Call

Thu, 06 Feb 2025 17:10:19 GMT

If your business still runs Microsoft Exchange Server on-premises, there's a good chance you've heard the terms ProxyLogon and ProxyShell . Maybe you've even been affected. If you haven't taken action yet, this article is your warning.

These two exploit chains have been responsible for massive breaches, ransomware infections, data theft, and operational shutdowns in organizations of all sizes, from small businesses to government entities and hospitals.

Let’s break down what they are, how they work, and what you need to do right now to avoid becoming the next victim.

�� What Is ProxyLogon?

Discovered in early 2021, ProxyLogon is a set of critical vulnerabilities in Microsoft Exchange Server (2013, 2016, and 2019) that allow attackers to:

Bypass authentication (they don't need valid credentials)
Execute commands on the server remotely
Steal emails, drop malware, and move laterally thro ugh your network

The scariest part? This exploit chain requir ed no user interaction and was being used by threat actors like Hafnium t o breach thousands of organizations around the world.

Microsoft released emergency patches in March 2021, but many servers weren’t updated in time, and many still aren’t today.

�� What Is ProxyShell?

Just a few months later, in August 2021, the world was hit again, this time with ProxyShell .

ProxyShell is actually a chain of three separate Exchange vulnerabilities that, when combined, allow attackers to:

Remotely access your Exchange server
Bypass authentication
Gain full control of your system

Like ProxyLogon, ProxyShell also requires no passwords, no logins, no user clicks. Once exploited, attackers can install ransomware, create backdoors, and exfiltrate sensitive data.

After ProxyShell was demonstrated publicly at a cybersecurity conference, mass exploitation began almost immediately, t argeting businesses, municipalities, schools, and more.

�� Real-World Impact

These vulnerabilities were not “theoretical risks.” They were actively exploited in the wild, and they still are on unpatched systems.

Victims included:

Hospitals whose email systems went down during active patient care
Cities that had 911 dispatch and police systems disabled by ransomware
Law firms and CPA offices whose confidential data was stolen or encrypted
Small businesses that were shut down for weeks, if they survived at all

If your organization handles email, customer data, health records, financial info, or critical infrastructure, yo u cannot afford to ignore this.

�� Why You’re Still at Risk

If you're running Exchange 2013, 2016, or 2019, and yo u haven’t patched for these vulnerabilities, or worse, you're running Exchange past its End of Life (EOL), you're WIDE open and it is just a matter of time.

Even if you've patched, if you’ve never checked f or web shells or backdoors left behind, attackers could still have access to your environment.

�� Are You Getting the Gist?

Every business needs to take cybersecurity seriously, NOW.

Whether you're a city government, school, hospital, insurance firm, manufacturing plant, CPA firm, law office, healthcare provider, construction company, retail chain, nonprofit, or financial institution, this applies to you.

If your business uses email, stores sensitive data, or simply wants to stay in business, cybersecurity is not optional.

The clock is ticking.

The longer you wait, the higher the risk, and the fewer options you’ll have when something goes wrong.

✅ What You Should Do Now

Here’s your action plan:

1. Patch Immediately

If you're still on an affected version of Exchange and haven’t installed the updates from 2021, do that NOW .

2. Scan for Compromise

Use Microsoft’s Exchange Health Checker or third-party tools to check for signs of past or active breaches.

3. Upgrade or Migrate

Move t o Exchange Online (Microsoft 365) for ongoin g security and simplicity.
Or, if you must stay on-prem, prepa re for Exchange Server Subscription Edition (SE), M icrosoft’s modern, supported version released in 2025.

4. Harden and Monitor

Lock down remote access
Enable our multi-factor authentication (MFA) solution
Implement our advanced threat detection (EDR/SOC)
Schedul e penetration testing with us to validate your defenses

�� Final Thoughts

ProxyLogon and ProxyShell were wake-up calls. Unfortunately, many organizations hit snooze, and they’re still running outdated, exposed Exchange servers today.

Cybercriminals are counting on inaction. Don’t give them the upper hand.

If you're unsure about your exposure, or need help patching, upgrading, or migrating, we’re here to help. We assist organizations across all industries with securing their environments and building cyber resilience.

Don't wait for the next exploit. Take action today. Click the link below to take our vulnerability risk assessment.

2024's Biggest Data Breaches and What They Mean for Your Business

Tue, 24 Sep 2024 22:24:56 GMT

2024's Biggest Data Breaches and What They Mean for Your Business

Data breaches are always lurking as a potential threat, and when they happen, the fallout can be devastating for your business and customers. In today’s post, we’re taking a look at some of the biggest breaches of 2024 to put the growing cybersecurity concern into perspective.

According to Cybersecurity Magazine , the total cost of cybercrime is projected to hit a staggering $9 trillion in 2024 and climb to over $10 trillion in 2025. To put that in context, that’s more than the GDP of almost every country in the world—except for two. It’s safe to say cybersecurity is not something you want to take lightly.

Before diving into the list, it’s worth mentioning that 2024 also saw the most expensive tech outage in history. A CrowdStrike update that affected Microsoft systems ended up costing companies over $5 billion . While this wasn’t a data breach, it’s a powerful reminder of how damaging tech issues can be.

Now, let’s get into the biggest data breaches of 2024.

National Public Data Breach — 2.7 Billion Records

This one’s a monster. Just a few weeks ago, a hacking group claimed to have stolen 2.7 billion personal records —including the information of virtually every person in the U.S., Canada, and the U.K. The stolen data includes social security numbers, and while experts are still verifying how accurate and complete the breach is, it’s safe to assume most of this sensitive data has been compromised.

The good news? Well, we’re all in the same boat. Everyone will need to keep a close eye on their accounts and credit, and freezing your credit is a great step toward protecting your identity. It’s also a good idea to get in the habit of unfreezing it only when applying for loans or credit cards.

Ticketmaster — 560 Million Records

In April and May of 2024, cybercriminals gained access to Ticketmaster’s database , exposing the personal and financial details of 560 million customers . The breach revealed names, emails, phone numbers, and payment info. The fallout was immediate, with customers reporting identity theft and unauthorized transactions. On top of that, this breach came right before the U.S. Justice Department sued Ticketmaster’s parent company, Live Nation, for anti-competitive behavior. Tough year for them.

Change Healthcare — 145 Million Records

In February 2024, Change Healthcare was hit by a major ransomware attack, compromising 145 million records . This breach exposed personal info, including names, addresses, social security numbers, and medical records. Given the sensitive nature of healthcare data, this was one of the largest and most damaging breaches in history. It has forced healthcare providers and insurers to rethink their security strategies moving forward.

Dell — 49 Million Records

In May 2024, Dell became the victim of a brute force attack when a hacker gained access through one of their resellers' portals. This breach exposed the data of 49 million customers, including names, emails, payment info, and account details. Dell has faced heavy criticism and is working to improve their cybersecurity protocols in response to the breach, while regulators are watching closely.

AT&T — 73 Million Records

AT&T suffered a significant breach in March 2024, affecting 73 million customers . This breach exposed personal information like social security numbers, account details, and passcodes. What makes this even worse is that the data had been compromised since 2019 . AT&T is now facing potential class action lawsuits as they work to contain the damage and protect their current customers.

Why This Matters for You

You might not have millions of customers like these giants, but that doesn’t mean you’re safe from cyberattacks. Businesses of all sizes are vulnerable. The key is to get ahead of the threat by implementing strong security measures. That includes training your team on password best practices, educating them about phishing attacks, and making sure you have a cybersecurity strategy in place.

At ABT Solutions, we specialize in keeping businesses like yours safe from cyber threats. Want to learn more about how we can help? Give us a call today to receive a free cybersecurity risk assessment !

Your Team Could Be Your Biggest Cybersecurity Risk—Or Your Strongest Defense

Wed, 18 Sep 2024 16:33:37 GMT

Your Team Could Be Your Biggest Cybersecurity Risk—Or Your Strongest Defense

When it comes to your business’ cybersecurity, one vulnerability stands out above the rest. This one can either cripple your organization or, if handled correctly, become one of your greatest assets.

What’s this vulnerability? Your team.

Human error is one of the easiest ways for hackers to slip through your defenses, but with the right training and mindset, your employees can become a strong line of defense. Let’s talk about how you can encourage your team to adopt cybersecurity best practices both at work and at home, reducing the chance of phishing and other cyber threats.

These recommendations are based on guidance from the Cybersecurity and Infrastructure Security Agency (CISA). While they’re designed for home users, they’re equally valuable in the workplace.

How Your Team Can Strengthen Your Cybersecurity

They Know How to Spot Phishing Scams

Phishing remains one of the most common and dangerous cybersecurity threats. These scams trick employees into sharing sensitive information or granting access to resources that should stay locked down. It only takes one successful phishing attack to open the door to larger breaches or even a full-scale cyberattack.

But if your team is trained to recognize phishing attempts and knows how to respond when they encounter one, they’re far less likely to fall for these tricks. Make sure everyone is up to date on your company’s protocols for handling suspected phishing emails and other threats.

They Use Strong, Unique Passwords

We all know the temptation to reuse passwords across accounts or to create simple, easy-to-remember credentials. But let’s be clear: this is unacceptable.

Your team needs to understand that strong, unique passwords are a non-negotiable part of your security strategy. Password management software can help simplify the process, ensuring that your employees don’t take shortcuts when it comes to protecting their accounts.

They Use Multi-Factor Authentication (MFA)

Think of multi-factor authentication (MFA) as adding an extra lock to your data. It enhances security by requiring an additional verification step, such as a code from an app or a fingerprint scan, on top of the usual username and password.

By implementing MFA wherever possible, you make it significantly harder for unauthorized users to access your data, even if they somehow get hold of a password. It’s a simple but effective way to boost security across the board.

They Keep Software Updated

We all know software updates can be a pain, but they’re critical for security. Most updates address vulnerabilities and close security gaps that cybercriminals might otherwise exploit. Plus, updates often improve performance, helping your business stay productive.

While keeping software up-to-date is mainly your IT team’s responsibility, it helps if your employees understand the importance of these updates. The more they appreciate why updates matter, the fewer headaches you’ll face in the long run.

We’re Here to Help Keep Your Business Secure

At ABT Solutions, we’re dedicated to helping businesses like yours implement practical cybersecurity measures and providing the training your team needs to stay vigilant. Ready to take your security to the next level? Give us a call today to receive a free cybersecurity risk assessment or learn more about how we can help with our cybersecurity training and support .

Why You Should Never Send Sensitive Information Without Email Encryption

Tue, 20 Aug 2024 14:12:24 GMT

In today's digital age, email remains a vital tool for communication. However, its convenience can also make it a risky medium, especially when it comes to sharing sensitive information. Whether it's personal data, financial details, or confidential business documents, sending unencrypted emails can expose you to significant security threats. Here’s why you should never send sensitive information through email without encryption and how we can help secure your communications.

The Risks of Unencrypted Emails

Interception by Hackers: Unencrypted emails are like postcards—they can be intercepted and read by anyone during transmission. Cybercriminals often target emails to steal sensitive information, leading to identity theft, financial loss, or worse. Without encryption, your data is left vulnerable to these malicious actors.
Data Breaches: Organizations are increasingly becoming targets of data breaches, where massive amounts of sensitive information are exposed. If your unencrypted email is caught up in a breach, it could lead to severe consequences, including legal ramifications and damage to your reputation.
Lack of Privacy: Unencrypted emails can be accessed not only by hackers but also by unauthorized individuals within your organization or email service providers. This lack of privacy can result in confidential information being misused or shared without your consent.
Compliance Violations: Many industries are governed by strict regulations regarding the handling of sensitive information. Sending unencrypted emails can result in non-compliance with laws like GDPR, HIPAA, or PCI-DSS, leading to hefty fines and legal actions against your business.

The Importance of Email Encryption

Email encryption is the process of converting your message into an unreadable format that can only be deciphered by the intended recipient. It ensures that even if your email is intercepted, the contents remain protected and inaccessible to unauthorized parties.

Protect Your Data: Encryption safeguards your information, ensuring that only authorized recipients can access it.
Maintain Compliance: By using encryption, you stay compliant with industry regulations, avoiding costly penalties.
Build Trust: Securing your emails demonstrates your commitment to protecting your clients' information, helping to build trust and confidence in your business.

How We Can Help

At ABT Solutions, we offer robust email encryption services tailored to meet your security needs. Our solutions are designed to seamlessly integrate with your existing email platform, providing end-to-end encryption without complicating your workflow. By partnering with us, you can ensure that your sensitive information remains confidential and secure, no matter where it’s sent.

The Growing Importance of Third-Party Assessments in Cybersecurity

Tue, 13 Aug 2024 15:19:35 GMT

The Growing Importance of Third-Party Assessments in Cybersecurity

In today’s rapidly evolving digital landscape, cybersecurity has become a critical concern for businesses of all sizes. The threat of cyberattacks is ever-present, and the consequences of a breach can be devastating. As organizations strive to protect their sensitive data and maintain customer trust, many are turning to third-party assessments to ensure their security measures are up to par. In fact, insurance companies are now increasingly requiring these assessments as a prerequisite for coverage. But why are third-party assessments so important, and what can they do for your business?

Why Third-Party Assessments Matter

Objective Evaluation: A third-party assessment provides an objective evaluation of your current security posture. Unlike internal audits, which can be influenced by biases or a lack of comprehensive knowledge, a third-party brings a fresh, unbiased perspective. This ensures that any vulnerabilities or weaknesses are identified accurately and addressed effectively.
Meeting Insurance Requirements: Cyber insurance is becoming a crucial part of business risk management, offering protection against the financial fallout of a cyberattack. However, insurance companies are tightening their requirements, with many now mandating third-party assessments as a condition for coverage. These assessments help insurers gauge your level of risk, ensuring that you meet the necessary criteria to qualify for coverage and potentially lowering your premiums.
Staying Ahead of Threats: Cyber threats are constantly evolving, with new vulnerabilities emerging daily. A third-party assessment helps you stay ahead of these threats by providing up-to-date insights into the latest risks and how they apply to your specific environment. This proactive approach allows you to implement the necessary defenses before an attack occurs.
Building Customer Trust: Customers are increasingly aware of the risks associated with data breaches and expect the businesses they interact with to prioritize cybersecurity. By undergoing a third-party assessment, you demonstrate your commitment to protecting their information, which can significantly boost their confidence in your brand.
Regulatory Compliance: Many industries are subject to strict regulatory requirements concerning data protection. A third-party assessment can help ensure that your business remains compliant with these regulations, avoiding costly fines and legal issues. It also provides documentation that can be used to prove compliance to regulators, auditors, and other stakeholders.
Guidance on Best Practices: Third-party assessors are typically experts in the field of cybersecurity, with a deep understanding of industry best practices. They can provide valuable guidance on how to improve your security measures, from implementing advanced technologies to refining your internal processes. This expert advice can be instrumental in elevating your security posture and reducing your risk of a breach.

The Role of Insurance in Cybersecurity

As cyber insurance becomes more prevalent, insurers are placing greater emphasis on ensuring that their clients are taking adequate precautions to protect themselves. This shift is driven by the increasing frequency and severity of cyberattacks, which have led to significant payouts by insurance companies. To mitigate their risk, insurers are now requiring businesses to undergo third-party assessments as part of the underwriting process.

These assessments provide insurers with a clearer picture of your organization’s risk level, allowing them to offer tailored coverage that reflects your specific needs. Moreover, businesses that invest in third-party assessments and demonstrate a strong security posture may benefit from lower premiums and better coverage terms.

Don’t Wait Until It’s Too Late

The reality is that no organization is immune to cyber threats. Whether you’re a small business or a large enterprise, the risk of a cyberattack is real—and the consequences can be severe. By investing in a third-party assessment, you’re taking a crucial step in protecting your business, meeting insurance requirements, and building a stronger, more resilient security posture.

Take Action Now

If your business hasn’t undergone a third-party cybersecurity assessment, now is the time to act. Not only will it help you meet the evolving requirements of your cyber insurance policy, but it will also provide peace of mind knowing that your organization is better protected against the ever-growing threat of cyberattacks.

How We Can Help

At ABT Solutions, we specialize in providing comprehensive third-party assessments that are tailored to your business's unique needs. Our team of experts will thoroughly evaluate your security posture, identify vulnerabilities, and offer actionable recommendations to strengthen your defenses. Whether you’re looking to meet insurance requirements, achieve regulatory compliance, or simply enhance your cybersecurity, we’re here to help. Contact us today to schedule your assessment and take the first step toward a more secure future.

Hackers Are Using Clever Techniques To Trick Windows Users Into Opening Malicious Websites

b328cabadd620e9eeb96502345549129_cc_2214@findfridaysites — Tue, 06 Aug 2024 17:50:17 GMT

As a savvy business owner and Microsoft Windows user, you always update your browser and only visit secure websites. But do your employees exercise the same level of caution? If not, your data could be at serious risk. This is especially true now that hackers are using clever techniques to trick Windows users into opening malicious websites in unique ways.

What Is Malware and How Does It Usually Spread?

Malware is software that cybercriminals use to jeopardize company devices, from cell phones to desktops. While some online threats originate from competing companies that want to drive another business by destroying customer trust or locking them out of their account, others steal data, funds, and identities.

Whatever the reason behind an attack, malware comes in many different types. For instance, viruses and worms make copies of themselves to infect one computer or multiple in a network, respectively. Others, like adware and Trojan horses, pretend to be something they’re not, so employees let down their guard and interact with them.

Malware also spreads in unique ways, such as when downloading faux software or legitimate programs that hackers have tampered with. Clicking suspicious links in emails and on websites also causes malware to spread. Since January 2023, this has become a major cause for concern. Check Point Research (CPR) has announced that hackers use clever techniques to trick Windows users into opening malicious websites.

Window’s New Zero-Day Flaw

Check Point Research said a new malware campaign surfaced in January 2023. In it, hackers use .URL files that act as shortcuts to lure Windows users to affected website pages. These shortcuts appear in .PDF book files and may seem innocuous, but nothing could be further from the truth.

Suppose you or one of your employees click on the file. In that case, it opens an outdated version of Internet Explorer with many zero-day flaws. While updated versions have patches for these issues, older ones remain vulnerable, making them perfect for phishing and other cyberattacks. The browser leads users to a faux website page where hackers can deploy malware and steal information.

Microsoft’s Remediation of This Flaw

During July Patch Tuesday, researchers at CPR explained that hackers are using clever techniques to trick Windows users into opening malicious websites, then using exploit kits and info-stealers to grab credentials and financial data.

While it’s one of the biggest Windows threats in recent months, it’s far from the only one. Another flaw, CVE-2024-38080, grants attackers Microsoft virtual machine hypervisor privileges. Microsoft now has patches available for these two active flaws alongside 140 others.

If you want to reduce your chances of falling victim to social engineering, especially in cases where hackers are using clever techniques to trick Windows users into opening malicious websites, be sure to keep your browser and your Windows machine updated.

How We Can Help

At ABT Solutions, we understand the critical importance of keeping your software and systems up to date to protect your business from evolving cyber threats. Our comprehensive IT services include proactive monitoring and regular updates to ensure that your Windows machines, browsers, and other software are always running the latest security patches. We also offer employee training to help your team recognize and avoid the latest social engineering tactics that hackers use. Don’t leave your business vulnerable—partner with us to safeguard your data and maintain a secure, resilient IT environment. Contact us today to learn more about how we can help protect your organization from the latest threats.

Four Things You Can Do to Help Ward Against Phishing Attacks

Wed, 31 Jul 2024 20:48:43 GMT

Potential data breaches pose a growing threat to organizations, with phishing attacks being the most prevalent method hackers use to steal sensitive information. It has become one of the most widespread online dangers, and understanding how it works is crucial to protecting your users. Let's go into what phishing attacks are and explore some best practices to safeguard your network.

What is a Phishing Attack?

Phishing is a deceptive tactic where scammers attempt to trick you into revealing confidential information by masquerading as a trustworthy entity. This often involves misleading emails, messages, or websites that appear to be from reliable sources such as banks or well-known companies. The aim is to phish for information like passwords or financial details, which can then be exploited for identity theft, fraud, and malware deployment.

Four Practices to Help Protect Your Network

Here are some strategies to prevent phishing attacks from compromising your network:

Exercise caution with links and attachments - Avoid clicking on links or downloading attachments from unfamiliar or suspicious sources. Phishing emails often contain links that appear legitimate but lead to malicious sites. Always hover over a link to verify the URL before clicking.
Verify the sender’s identity - Carefully check the sender's email address, especially if the message is unexpected or requests sensitive information. Phishers often use email addresses that closely resemble legitimate ones, with subtle differences.
Be alert to phishing signs - Watch out for generic greetings, spelling or grammar errors, and urgent requests for personal or financial information. Reputable companies typically address you by name and do not pressure you to take immediate action.
Enable Multi-Factor Authentication - Activate MFA wherever possible to add an extra layer of security. Even if a phisher obtains your password, MFA can significantly reduce or prevent unauthorized access.

Understanding phishing, and taking proactive steps to defend against it, are essential for protecting your business. Implementing comprehensive training, including simulated phishing exercises, can raise awareness among employees who may not naturally prioritize security.

How We Can Help Protect Your Organization

At ABT Solutions, we are committed to safeguarding your organization from the growing threat of phishing attacks and other cyber threats. Our comprehensive cybersecurity services include advanced email security solutions, regular network monitoring, and multi-factor authentication implementation to provide robust protection for your sensitive information. We also offer tailored employee training programs, including simulated phishing exercises, to ensure your team is well-prepared to recognize and respond to phishing attempts. Don’t leave your organization vulnerable—partner with us to create a secure, resilient defense against cyberattacks. Contact us today to learn how we can help protect your business from the dangers of phishing and other online threats.

abtok101

You set up DMARC. Your business is still fully exposed.

The AI Hacking Threat Your Business Isn't Ready For

Cybersecurity Myths You Still Believe (and Why They're Dangerous)

Shut the Door on Cyber Risk

Good terms do not equal good security

Messy breakups are obvious risks

The part most businesses forget

It is not personal. It is policy.

Compliance and insurance are watching

This is about protecting your business

TP Link Is in the Crosshairs and Texas Just Fired the First Shot

�� TP Link Is in Legal Trouble and Your Business Should Pay Attention ��

�� Why This Matters to Your Business

⚠️ If You Have TP Link Equipment

�� Your IT Provider Should Have Seen This Coming.

�� If You Had No Idea

�� The Bottom Line

And we love shutting doors before they ever get opened. ��

The Notepad++ Backdoor Incident | Why Supply Chain Attacks Are Rising | ABT Solutions

What Actually Happened

Why This Attack Worked

Why This Wont Be The Last

What This Means For Businesses

Final Thought

Attacks like this one do not announce themselves.

AI Is Taking All the Chips and Your Computer Prices Are Paying the Price

Tired of overpaying for hardware?

Why You Should Choose an MSP Over a Printer Company Offering Cybersecurity

Cybersecurity Is Our Core Business

Depth of Expertise Matters

We Are Proactive Not Reactive

We Care Because Your Business Is Our Reputation

Choose a Partner Not a Product

OneDrive Is Not a Backup - Here's What You Need Instead | ABT Solutions

Sync Is Not a Backup ����

What Sync Really Does ��

What Real Backups Look Like ��️

Business Continuity Starts Before the Disaster ��

**So Ask Yourself

AI Can Supercharge Your Business, or Sink It. Here’s Why Employee Use Matters.

Why Setting DMARC to Quarantine or Reject Actually Matters

What Happens If Your Microsoft 365 Gets Breached?

Here’s what happens next:

Don’t wait for the wake-up call.

How Much Would One Day of Downtime Cost Your Business?

Why SSL VPNs Put Your Business at Risk

The Problem with VPNs

SSL VPNs and SonicWall Vulnerabilities

Why This Puts Your Business at Risk

The Better Approach: Zero Trust Remote Access

What You Should Do Next

If your business is still relying on an SSL VPN, there is a better path forward.

Identity Threat Detection & Response (ITDR) Explained

Why ITDR is critical: the growing threat of identity-based attacks

ITDR vs EDR (and where they work together)

Together

What to look for in an ITDR solution

How we at ABT bring ITDR to life

Getting started with ITDR: three steps to build your identity protection strategy

Final Word

MFA Isn’t a Silver Bullet Anymore

Real-World Example: A Small Plumbing Company Nearly Shut Down

You Can’t Do This Alone

Why Organizations Should Choose a Managed Services Provider in 2025 Instead of Soley Relying on Staff IT

1. Cybersecurity Has Become Too Complex

2. 24/7 Support and Monitoring

3. Scalable Expertise

4. Budget Predictability

5. Compliance and Data Protection

6. Focus on Your Mission

7. Future-Proofing Technology

Who Needs an MSP?

Final Thought

Your Business Is Now Hackable With a $20 AI Subscription

Who is Anthropic and why should we believe them?

Why This Matters

The Dangerous Window We’re In

What Businesses Should Do Immediately

The Bottom Line

Sync Is Not a Backup ��