In the cat-and-mouse world of ransomware and cybersecurity, with businesses and governments needing to place two steps between them and cybercriminals, comes a new obstacle – Ransomware-as-a-Service. Dharma, a cybercriminal firm, provides, “one of the most popular offerings around, saying [...]
An evolving threat Ransomware now has a frightening new threat: preventing your ability to recover from backups. At Alvaka Networks, we are currently involved in some of the largest ransomware recovery projects, both insured and uninsured. The most sinister trend [...]
DRworx solution is a backup, recovery, and virtualization software developed for the protection of your business. Click here to learn more about DRworx or by reading our responses to questions below.Are Alvaka DRworx cloud backups stored off-site and where?Yes, the [...]
What is Air Gapping? Air gapping is a cyber-defense strategy in which a network’s backups are not accessible by LAN or WIFI, keeping them isolated from the network. In order to retrieve air gapped backups, an individual must physically access [...]
Published in Orange County Business Journal by Kevin Costelloe on Monday, July 13, 2020. Alvaka COO and CISO, Kevin McDonald, is interviewed by Kevin Costelloe about the ever-increasing threat of ransomware and how being a victim can bring companies to [...]
Major news has been revealed this week that Check Point, an Israeli Security Firm, discovered a vulnerability in Microsoft's domain name system protocol (DNS). Most alarming is that the bug has existed for roughly 17 years. It is advised that [...]
The March Cyberspace Solarium Commission report advised that businesses and the U.S government should incorporate layered cybersecurity into their defense strategy. Additionally, the report insists that Congress, “pass a law establishing that final goods assemblers of software, hardware and firmware [...]
Each year the total ransomware cases and money demanded, either through bitcoin or other monetary means, increases. Attacks can cost businesses and governments millions of dollars in recovery fees, and the enormous payout is why the ransomware industry is so [...]
Kevin McDonald, COO, and CISO at Alvaka Networks gives insight to the largest threat that individuals and businesses face in today’s cyberspace. That threat is ransomware. The number of ransomware attacks has been significantly increasing over the past few years [...]
Written by Oli Thordarson, President/CEO of Alvaka Networks Mimi Grant, President of ABL Organization, wrote to me asking if a recent Red Cross plea to cyber-criminals to not attack hospitals with ransomware and extortion will help reduce cybercrime activity. She [...]
Smoke testing is a term used to describe the testing process for servers after patches are applied. The process typically involves making sure servers are rebooted in the right order, making sure they have completely rebooted, restarting applications in the right order, and then testing to be certain everything is working properly when users return to work in the morning.
This typically takes 30 minutes per server, depending upon your environment.
PCs are not typically smoke tested, or if so, not all of them.
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
There are many variables to consider. Some are:
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
For example, someone making $80,000 per year will typically work 52 weeks of 40 hours, or 2080 hours. $80,000 divided by 2080 is $38.46/hour. Multiply that hourly rate by 1.3, and you get $50.00/hour. Of course, rates of pay, taxes and benefits will vary from city, state and company; but 30% is usually a good number to use. Don’t forget to account for time-and-a-half or after-hours rates of pay if patching is being done in the late evening, early morning, or weekends (in order to avoid impacting user productivity).
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
If you are presenting to management for a budget, and using this calculator as the basis for a Return on Investment (ROI), you will need to do more homework. An ROI measures as a ratio of the cost of investment against its expected benefit. For patching, calculating benefit can be very difficult to determine. How do you measure the cost of a system breach you have not yet had? You can estimate what expenses, penalties, and losses a company might incur when a breach occurs; but there is no certainty of a breach event and what those costs actually are. There are also regulatory compliance issues and/or potential fines for not patching, but those, too, can be vague. For calculating these potential risks and costs, it is advisable to enter into a discussion with your management team.